More stories

  • in

    Jit and ZAP: Improving programming security

    iStockphoto/Getty Images Jit, a startup programming security company, dreams of being a top security power. To help make those dreams a reality, Jit recently hired Simon Bennetts, the founder of the world’s most popular web app security scanner, Open Web Application Security Project (OWASP) Zed Attack Proxy (ZAP). Simon Bennetts At Jit, Bennetts will continue […] More

  • in

    Is Amazon about to ruin Alexa answers with ads?

    Amazon Echo Dot (third-gen) Amazon I’m a product guy. Way back in the day I was actually a product marketing executive for a big tech company. I’ve shipped hundreds of products over the years. You always try to marry a need with a solution. Meet enough folks’ needs, and they’ll buy your product. Generally, though, […] More

  • in

    NSA and CISA: Here's how hackers are going after critical systems, and what you need to do about it

    Getty Images The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an advisory explaining how to thwart cyberattacks on operational technology (OT) and industrial control system (ICS) assets.  The new joint advisory outlines what critical infrastructure operators should know about their opponents, citing recent cyber attacks on Ukraine’s energy […] More

  • in

    Why MFA matters: These attackers cracked admin accounts then used Exchange to send spam

    Image: Getty Images/iStockphoto Microsoft has exposed a crafty case of OAuth app abuse that allowed the attackers to reconfigure the victim’s Exchange server to send spam.      The point of the elaborate attack was to make mass spam – promoting a fake sweepstake – look like it originated from the compromised Exchange domain rather […] More

  • in

    Chainguard releases Wolfi, a Linux 'undistribution'

    Wright Studio/Shutterstock There are many Linux distributions designed expressly for containers. Even Microsoft has one, Common Base Linux (CBL)-Mariner. Others include Alpine Linux, Flatcar Container Linux, Red Hat Enterprise Linux CoreOS (RHCOS), and RancherOS. Now Chainguard, a cloud-native software security company, has a new take on this popular cloud-friendly kind of Linux: Wolfi, an “undistribution.”  […] More

  • in

    This Windows 11 security feature makes your PC 'very unattractive' to password hackers

    Image: Getty Images/Maskot Microsoft has introduced a new default to shield Windows 11 machines against password attacks which ought to make them “a very unattractive target” for hackers trying to steal credentials. The latest preview of Windows 11 ships with the SMB server authentication rate limiter on by default, making it much more time-consuming for […] More

  • in

    Programming languages: It's time to stop using C and C++ for new projects, says Microsoft Azure CTO

    Image: Deagreez/GETTY Mark Russinovich, the chief technology office (CTO) of Microsoft Azure, says developers should avoid using C or C++ programming languages in new projects and instead use Rust because of security and reliability concerns. Rust, which hit version 1.0 in 2020 and was born at Mozilla, is now being used within the Android Open […] More

  • in

    Optus security breach compromises customers' passport details

    Optus has suffered a security breach that it says may have compromised various customer data, including dates of birth, email addresses, and passport numbers. Information belonging to both current and former customers of the Australian mobile operator are impacted in the security incident. Optus said Thursday it was looking into “possible unauthorised access” of customer data following a cyber attack, but did not reveal details of what systems were affected, when the breach was discovered, or how many customers mights be impacted. Its CEO Kelly Bayer Rosmarin, though, said: “We have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it. As soon as we knew, we took action to block the attack and began an immediate investigation.”Rosmarin noted that while not all customers might be affected, investigations still were ongoing. According to Optus, the security breach could have compromised various customer data, including dates of birth, phone numbers, and email addresses, as well as additional information such as addresses and identification document details that included driver’s licence and passport numbers for a specific group of customers. Financial details and account passwords were not affected by the breach, the Australian operator said. However, it said major financial institutions were notified about the breach. It also urged customers to keep watch on unusual or potential fraudulent activities.Optus said it had notified the relevant authorities, including the Australian Federal Police, and was working with the Australian Cyber Security Centre on the incident. A wholly-owned subsidiary of Singtel, Optus is Australia’s second-largest telco. In 2019, it had some 10.2 million mobile subscribers. The carrier was involved in previous data privacy incidents, including a 2013 breach in which the operator accidentally published the names, addresses, and mobile phone numbers of 122,000 customers without their consent. In a 2008 incident, Optus left open the management ports of Netgear and Cisco Systems modems to facilitate remote access, leaving customers who did not change the default administrative passwords on the appliances vulnerable to potential hacks. RELATED COVERAGE More