Securing the Edge
PKfail: 800+ Major PC Models have Insecure ‘Secure Boot’
Big BIOS bother: Hundreds of PC models from vendors such as HP, Lenovo, Dell, Intel, Acer and Gigabyte shipped with useless boot protection—using private keys that aren’t private ...
CrowdStrike Admits it Doesn’t ‘Canary’ Test all Updates
Corporate incompetence: Beleaguered security firm issues initial post-mortem on Friday’s faux pas ...
EFF Angry as Google Keeps 3rd-Party Cookies in Chrome
Regulatory capture by stealth? Google changes its mind about third-party tracking cookies—we’re stuck with them for the foreseeable ...
Global Outage Outrage: CrowdStrike Security Tool Blamed
BSODs beyond belief: A buggy update to CrowdStrike Falcon made Windows PCs and servers crash—worldwide ...
Disney 1.2 TB Slack Hack: NullBulge Claims Leak is its Own
Steamboat bloat: Hacktivist group wields infostealer Trojan, leaks 1,200 GB of mouse droppings ...
Hard Truths about Remote Access Hardware VPNs
Hardware VPNs are the primary method the enterprise uses to connect remote, or what we now call the hybrid workforce, to the IT tools that power our digital economy ...
‘Blast-RADIUS’ Critical Bug Blows Up IT Vacation Plans
MD5 MITM Muddle: Ancient, widely used protocol has CVSS 9.0 vulnerability ...
‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought
Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...
Survey Surfaces Growing Lack of Cybersecurity Confidence
A survey of 706 IT and security professionals finds half are not very confident that they can stop a damaging security incident in the next 12 months, with 30% admitting they are ...
‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE
Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ...
