Latest Articles

US Nuclear Regulatory Commission hacked 3 times in 3 years

US Nuclear Regulatory Commission hacked 3 times in 3 years

According to documents obtained under an open-records request, two of the hacks, perpetrated via phishing emails, are believed to have originated in foreign countries, while the source of the third remains unknown because incident logs have been destroyed. The report does not say when the attacks occurred, nor does it divulge what, if any, data was compromised.

US won't release Russian MP's son being held on PoS hacking charges

US won't release Russian MP's son being held on PoS hacking charges

A US federal court has refused to release Roman Seleznev, arrested in the Maldives under suspicion of rigging retail PoS systems to rip off credit card details. Prosecutors say he was caught with over 2 million stolen cards on his laptop and that he'd been searching the US federal court electronic filing system for charges against him.

Supervalu says it was breached - is it the next Target?

supermarket-credit-card-250

US retailer Supervalu is warning customers that an intrusion of its network may have resulted in the theft of credit and debit card account numbers from up to 200 of its stores.

Meanwhile, a related data breach affected another 800 stores for which Supervalu provides IT services. Could this be the next Target?

Twitter injects favourites into newsfeeds, but is it an 'invasion of privacy'?

Twitter injects people's favourites into newsfeeds, annoying many

Twitter is taking people's favourites - what many (mistakenly) have assumed were private - and sticking them into people's newsfeeds, along with follow notifications.

Shark attack! Google wraps underwater cables in Kevlar-like vests

Shark attack! Google wraps broadband cables in Kevlar vests

Google has to wrap its underwater sea cables in a Kevlar-like material, it says, because sharks like to bite them.

How will you pay for the internet of the future?

How will you pay for the internet of the future?

In this, the 25th year anniversary of the invention of the World Wide Web, the man who claims to have invented the pop-up ad and gave rise to an economy of surveillance has apologized, said that the consequences were unforeseen, and invited the world's citizens to re-imagine a different web.

Monday review - the hot 19 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Microsoft pulls Patch Tuesday kernel update - MS14-045 can cause Blue Screen of Death

bsod-8-250

MS14-045, which fixes various security holes in the Windows kernel, can cause a BSoD and leave you stuck in a reboot loop.

Here's how to escape...

The EPIC edition - 60 Sec Security [VIDEO]

60ss-video-250

One less opt-in app, one more Android virus, and a bunch of EPIC failures...

All in this week's 60 Second Security.

Google adds deceptive software warnings to Safe Browsing service

Warning sing. Image courtesy of Shutterstock.

The days of having your homepage switched or suddenly discovering a mysterious toolbar in your browser may be set to come to an end following an announcement from Google yesterday. From next week, Chrome will display a message whenever a piece of software attempts to do anything sneaky or unexpected with your browser or computer.

Thousands of computers open to eavesdropping and hijacking

Thousands of computers open to eavesdropping and hijacking

Many, many people and businesses are running a remote access tool, Virtual Network Computing, without a password. The tool lets people see everything we do online or reach through and take over our systems. The list of exposed sites is astonishing: everything from power stations to pharmacies to people watching porn.

Snowden: NSA working on 'MonsterMind' cyberwar bot

Snowden: NSA working on 'MonsterMind' cyberwar bot

The cyber defense system would instantly and autonomously neutralize foreign cyberattacks against the US and could also be used to launch retaliatory strikes. To do so, it would have to control and analyze all traffic entering the US - a chilling prospect that was the last straw, the whistleblower says.

The top 5 privacy failures - what's the most epic fail of all? [POLL]

Epic privacy fails

The list of culprits in our eroding privacy is long, but some privacy fails stand out above the rest. So we're calling out five privacy killers that deserve an extra level of shaming.

Take our poll, and help us crown the most epic privacy fail of all ...

Apple Safari for OS X gets "click-to-own" security holes patched

safari-250

The 6th Safari security update in 10 months is out.

With fixes for 7 potential remote code execution holes, get it while it's hot...

Good bot, bad bot? 23 million Twitter accounts are automated

Good bot, bad bot? 23 million Twitter accounts may be automated

Its latest SEC filing says that 8.5% of active monthly users are automatons, which could mean there are a boatload of bots on the service. Some are spam, some are useful, some are just publications' own, automated Twitter feeds.

Facial recognition software leads to arrest after 14-year manhunt

Facial recognition software leads to FBI success in 14-year manhunt

A former US resident from New Mexico was captured in Nepal after 14 years on the run. The fugitive's passport photo matched up with a newly issued wanted poster. Does the capture of a suspected child abuser justify the use of a technology that hasn't yet had privacy implications ironed out?

SSCC 160 - That's not just any old malware - that's a TRUE VIRUS! [PODCAST]

chet-chat-logo-featured-250

Ready for listening...

Here's this week's Sophos Security Chet Chat podcast.

Gmail introduces filters for non-Latin characters, weeding out more phishing emails

Gmail introduces filters for non-Latin characters, weeding out more phishing emails

Using non-Latin characters that look very similar to their ASCII counterparts helps scammers, spammers and phishing crooks send emails from legitimate-looking addresses. Now Google's putting a stop to that with a set of new spam filters.

Patch Tuesday wrap-up, August 2014: RCE + ASLR bypass + EoP == patch early, patch all!

pt-250

Patch Tuesday is here again.

Paul Ducklin explains how this month's vulnerabilities can work together for harm, and why *all* the updates matter, not just the ones that ended up with a "critical" or "severe" tag...

DEA paid out $854,460 for free Amtrak passenger data

Amtrak secretary cons $854,460 out of the DEA by selling 'free' passenger data

Since 1995, a former Amtrak employee has been selling passenger data to the US Drug Enforcement Administration - information that cost the DEA $854,460, but which it could have gotten for free.