The British government continues to delay deciding whether it will ban Chinese networking gear from its national 5G rollout, as the Trump administration demands. But with future trade deals on the line as the U.K. navigates its "Brexit" from the EU, Britain cannot afford to anger either Beijing or Washington.
Not even George Orwell could have predicted nation-state surveillance in the 21st century. Give us free instant messaging for our smartphones, and faster than you can say "viral kitten video," we're collectively part of a mass surveillance nightmare. Case in point: The ToTok social messaging app.
Protecting enterprise networks from attackers boils down to the same thing: Unless organizations get the basics right, they're sitting ducks. That's a top takeaway from experts warning that Iran will likely retaliate with cyberattacks after one of its senior military leaders was killed by a U.S. drone strike.
Wanted: A new chief executive to assume command of Britain's growing National Cyber Security Center, part of GCHQ. As Ciaran Martin departs, the successful NCSC model he helped create is being widely emulated in many countries. But the U.S. remains a notable holdout.
Warning: Attackers wielding LockerGoga and MegaCortex ransomware have been hitting large corporate networks, sometimes first lingering for months. That's according to a new FBI flash alert, as reported by Bleeping Computer, which essentially tells would-be victims: Please, get your defenses in order now.
The gang behind Maze ransomware has begun publicly identifying its victims and listing data that it exfiltrated from systems before leaving them crypto-locked. The intent is clear: By naming and shaming victims, the Maze gang is trying to compel them to pay.
Black Hat Europe returned to London last week, featuring two days of briefings covering topics from cryptography and breach response to exploit development and application security. Plus, a packed business hall offered technical demonstrations. Here are visual highlights of the event.
The U.S. Federal Trade Commission has sanctioned data analytics firm Cambridge Analytica for misusing Facebook users' personal details as part of voter-targeting campaigns. Just one problem: The firm declared bankruptcy in May 2018. Meanwhile, voter microtargeting continues unchecked.
This year's Black Hat Europe conference in London features dozens of briefings touching on a wide variety of topics, including exploiting contactless payment and Bluetooth vulnerabilities, identifying vulnerable OEM IoT devices at scale and running false-flag cyberattacks.
South Korean cryptocurrency exchange Upbit says hackers have stolen $49 million worth of ethereum, in what is the year's seventh major cryptocurrency heist. Much of the $158 million stolen so far this year is likely fueling the North Korean regime's appetite for luxury goods and weapons of mass destruction.
What's the best way to spring your citizens from foreign jail if they've been detained on U.S. hacking charges? That's a question that continues to plague Russia, including in the ongoing case against Aleksey Burkov, who's been charged with being part of a $20 million payment fraud scheme.
Russian attack group Turla has been named and shamed for hijacking Iranian nation-state attackers' infrastructure. The aim of GCHQ and NSA's attribution is, in part, to make Turla's future cyber espionage efforts more costly and time-consuming.
The U.S. National Security Agency is the latest intelligence agency to warn that unpatched flaws in three vendors' VPN servers are being actively exploited by nation-state attackers. Security experts say such alerts, which are rare, are a clear sign that serious damage is being caused.
Code reuse kills - software quality, that is, according to a new study of C++ code snippets shared on Stack Overflow that were reused in more than 2,800 GitHub projects. But there's help for organizations that want to support their developers' urge to cut and paste prewritten code snippets.
"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.