Security researchers and reporters have something in common: both hold the powerful accountable. But doing so has painted a target on their backs — and looming threats of legal action and lawsuits have many concerned.
Scrapping PKI certificates in favour of PRODA is one of 14 recommendations the Australian government has accepted following a review into health providers' access to Medicare card numbers.
Special Counsel Robert Mueller's office said Friday that a grand jury has indicted 13 Russian nationals and three Russian entities accused of election meddling.
Microsoft misses Google's 90-day deadline, so Google has published details of an exploit mitigation bypass.
Intel and AMD may need to revisit their microcode fixes for Meltdown and Spectre.
The million-dollar contract is for the development of a cryptography solution for the Australian Defence Force.
The Australian government has joined the United Kingdom and the United States in blaming the Kremlin for NotPetya attacks.
GDPR requires companies to protect EU citizens' personal information and know where data flows at any time.
SamSam ransomware moves laterally across networks after compromising internet-facing systems, and is making its hands-on operators hundreds of thousands of dollars.
The technology behind the cryptocurrency bitcoin is one of the internet's most promising new developments. Here's how businesses can use it to streamline operations and create new opportunities.
After blaming North Korea for WannaCry, UK now officially pins crippling NotPetya attacks on Russia.
Telstra CEO Andy Penn has announced the launch this year of a security operations centre in London, with the chief exec also discussing the USO, 5G backhaul, media services, IoT, and smart cities.
Hijacking a flaw in diodes to harness quantum physics, Australia's QuintessenceLabs has built a full-entropy quantum random number generator with a 1Gbps output.
Security researchers can earn up to $250,000 for finding side channel vulnerabilities.
Forrester breaks down how Zero Trust eXtended can impact your organization.
This simple advice will help to protect you against hackers and government surveillance.
Bug hunters can expect to be paid for their efforts now the Fitbit public and private programs have merged.
Want to make sure you have a local or backup copy of all that mission-critical business and personal history in your Gmail archives? David Gewirtz takes you through an array of options.
Microsoft's February patches include its mitigations for Meltdown-Spectre CPU attacks in its Security Only update.
Microsoft protected Windows users from suspected North Korean exploitation of an Adobe zero-day bug earlier this month.
Carbonite also reported mixed Q4 and full year earnings.
You no longer have a choice about locking down your website. Google will mark all non-HTTPS sites as insecure this July. It's time to lock your site down, and Let's Encrypt gives you a free and easy way to do it.
Protecting an organization from attacks based on two widespread and potentially deadly security vulnerabilities requires monitoring software, firmware, and antivirus updates. New capabilities in Microsoft's Windows Analytics service display that status on a single dashboard.
Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
Attacks first took place in March 2017 and are being carried out by Russian cybercrime gangs, says Kaspersky Lab.
Okta and SailPoint are often pitted as rivals, but the companies offer different solutions to the online identity management problem.
Microsoft reveals its plans for a new type of identity system that gives more control to end-users.
The startup's last ICO was the finale of a scammer's performance.
Jamil Farshchi has been named as the new chief information security officer of Equifax.
The bug grants a low-level user access to every corner of the operating system.
Microsoft is adding Windows 7 SP1 and Windows 8.1 to the list of protected end-points covered by Windows Defender ATP, starting this summer.
Researchers say that at least 60 million visits have been forcibly made to malicious Monero sites in what represents the first large-scale cryptocurrency campaign targeting mobile.
David Gewirtz shares a real-world example of how a cloud-based disaster recovery strategy can help sustain business continuity, even for small businesses and families.
Amazon downplayed the attack as "not a real-life delivery scenario," but it was serious enough to fix anyway.
The performance impact of Meltdown patches makes it essential to move systems to Linux 4.14.
Every other week, we will be rounding up some of the most thoughtful comments from the ZDNet community. Here are some of our Community Manager's top picks.
Jay Weatherill's Labor government has said it will invest almost AU$7 million to better prepare the state's school children for technology-related jobs if it is re-elected next month.
Vodafone NZ has boosted its telecommunications-as-a-service offerings for the New Zealand government, adding more managed security services along with a new fixed connectivity service.
The 2018 Winter Olympics opening ceremonies were briefly impacted when servers belonging to Olympic organisers were hacked.
The credit rating agency said it didn't originally announce "potential" data points, like tax identification numbers, that "may have been accessed" by hackers.
A painful lesson in how not to do social media.
Microsoft and Fujitsu team up to enable palm-vein authentication on Windows 10 as part of Windows Hello.
The leak of Apple's iBoot source code onto GitHub is likely to turn older devices into a toxic hellstew of vulnerabilities.
Proof-of-concept exploit for Cisco's 10-out-of-10 severity bug surfaces days after researcher details his attack.
Addition by Belgian National Police and Kaspersky Lab brings number of decryption tools on the No More Ransom portal up to 52.
The private exploit seller is expanding its reach to acquire bugs in popular Linux builds.
Law and order surveillance enthusiast George 'Metadata' Brandis is off to London. His replacement, Christian Porter, is a Star Wars tragic who avoided taking responsibility for Centrelink's robo-debt debacle.
In a statement, Apple confirms the leak and downplays its significance due to it being older source code.
Thanks to a bug, you must manually patch WordPress 4.9.3. Unless you do, you'll be stuck on WordPress 4.9.3 and vulnerable to the next WordPress attacks.
Starting in Chrome 68 -- scheduled for July -- all sites and pages without encryption will be flagged by Chrome.
Jive is a player in the Unified Communications-as-a-Service (UCaaS) space.
A new ransomware-as-service scheme offers tools and tutorials for getting started with GandCrab, in return for a cut of the profits -- and a promise not to attack Russia.
Opera 51 brings speed improvements, Spectre mitigations, and a host of time-saving features.
Source code leak could spell security troubles for iOS in future.
And offers patching tips from US CERT, which it failed to brief on the bugs.
A new strain of unusual malware disguises itself as a LogMeIn service pack to hide suspicious traffic.
The 2017 incident took place due to a sales partner security failure.
Researchers have noticed a sudden spike in a phishing attack thats sends malware-ridden attachments as replies to real email conversations.
Cybersecurity, digital transformation, market competition, and the changing needs of the customer is the focus for AMP as it delivers AU$848 million in after-tax profit for FY17.
Google has awarded close to $12 million to security researchers since November 2010.
Prosecutors said the case is "one of the largest cyber fraud enterprise prosecutions ever undertaken" by the Justice Department.
Get an ad-blocker if you want to dodge tech-support scammers' latest rapid-download ruse.
The privacy feature is meant to mask a person's home or work location with a privacy radius, but researchers show it's easy to calculate that midpoint.
Microsoft protects Windows users from a Flash Player flaw used by suspected North Korean hackers.
After a wave of denial-of-service attacks stretching back to September, Netherlands police have made an arrest.
Cisco warns that its original fix for the 10/10-severity ASA VPN flaw was "incomplete".
Lack of budget and the right skills leave businesses vulnerable to attack.
OpenVMS bug affects systems running on VAX and Alpha processors, and could impact Intel Itanium systems in mixed-architecture clusters.
The 33-year-old previously said he feared dying in prison overseas.
The grammar-correcting browser extension is used by about 22 million users.
The partnership, which also includes insurer Allianz and risk evaluator Aon, will offer discounts on cyber insurance to joint business customers.
A new approach to phishing URLs and scam emails is helping to reduce the window of opportunity for cyber-attackers -- but the fight isn't over yet.
Buyers of the nasty LuminosityLink remote-access trojan will no longer be able to use their spying tool.
The country's southern counterpart says state-sponsored teams are still hacking into exchanges.
Excel spreadsheet, Active X, Adobe Flash -- this exploit is a blast from the past with one of everything.
Internet-connected devices pose a similar threat to the enterprise as shadow IT, with Akamai noting many devices are used on the company network without security in place.
While LTE-connected products like Verizon's Hum have focused on tracking where your car is and how fast it's going, the new connected 360-degree dashcam focuses on documenting its threats.
You'd be surprised at how many people do it daily.
Cisco should do more to help companies secure their network gear, says one customer.
Bad extension developers are testing new session-replay technique to record and replay victims' online sessions.
From the next version of Firefox onward private browsing mode will cut back details websites can share about the last site visited.
The patches, as expected, brought Linux's performance down, but their impact has not been as bad as feared.
As many as 100,000 users' had their private sexual activities exposed by a related data leak.
New Windows 10 build includes fixes for unbootable AMD CPUs for those who didn't patch them manually.
The attackers and their motives for concerted attacks on Netherlands finance institutions remain unknown.
The self-proclaimed hacker has been denied access to the internet by a NSW court as a condition of his bail, after being accused of accessing the car-sharing company's systems.
Australia has performed an amazing act of self-leakage, selling a pair of locked filing cabinets of its own secret Cabinet documents.
Long time executive Michael Mayberry has been named SVP and CTO effective immediately.
From today's rock stars of innovation to tomorrow's hidden gems, these 18 technologies have the greatest potential to transform the world over the next decade.
Technology decision makers in the private sector remain confident, says research.
Attackers are turning away from ransomware in favor of fraudulent cryptocurrency mining -- and your IoT devices might be their future cash cows.
iPhones, Android phones, computers, and instant messengers all come with encryption. But cameras lag behind the times, putting sources at risk.
An IBM study of The Future of Identity has found that whether people use passwords or biometrics is influenced by how old they are, where they live, and the value of the service involved. Choices are not purely technical....
Cybersecurity researchers claim this critical medical equipment is at the most risk of being targeted.
Forthcoming Zen 2 processors will include changes to deal with Spectre-like exploits, says chip giant.
A new form of ransomware has emerged which is being distributed via two separate exploit kits.
Exploit could allow hackers to run code thanks to "insufficient sanitization" of HTML fragments.
Cleaners and optimizers that try to scare PC users into paying for upgrades will be detected and removed.
A web form lets anyone change the address on a Victorian driver's licence without authentication. The state's licensing authority knows this, they know it's been abused, but the form is still online.
A man has been charged after allegedly stealing the personal information such as name, address, and driver licence details, from the car-sharing company's database.
The flaw is classified as an 8.1 out of 10 for its severity.
Did Google score a complete victory against Android malware last year? No. Did it win? Yes.
Court of appeal ruling could mean parts of the controversial Snoopers' Charter will have to be rethought.
The researcher who found the flaw will be telling the world how to exploit it this weekend.
Millions of people mount wearables on their wrist daily and share data collected with the public, friends, and family. With the recent Strava heatmap news, it's time to check your privacy settings and confirm how and where that data gets shared.
Security for digital infrastructure and cloud services in the spotlight thanks to new cybersecurity regulations.
Analysis: Strava may "anonymize" the user, but that isn't helpful when that user inadvertently reveals the location of sensitive government facilities.
Out-of-band update disables Intel's mitigation for Spectre Variant 2 attack, which Microsoft says can cause data loss on top of unexpected reboots.
The cyberattacker targeted ICO participants through a fraudulent "pre-ICO sale" scheme.
Coincheck has been ordered by Japan's financial regulator to get its act together after hackers stole $530 million worth of digital money from its exchange.
Data61's Gernot Heiser says the traditional instruction set architecture (ISA) model is past its use-by date. Meanwhile, the seL4 microkernel team he leads is now conquering time as well as space.
Saying China is poised to become the global leader in 5G and AI, the US government has suggested mandating 5G standards to protect its physical and virtual borders, as well as working with allies to deploy 5G in developing nations, according to documents Axios reported as being prepared by a senior US government official.
Linus Torvalds released the next version of the Linux kernel and, while are things are better with the chip security problems Meltdown and Spectre, more work needs to be done.
The Chinese government has ordered the social media site to move portals offline for a week after spreading 'obscene and wrongly oriented content'.
Storage is the hardest problem in computer systems because it is the only part that is persistent. Without storage, your computer could be anyone's computer. Here's the cool storage I saw at CES 2018.
With a touch of a button, the user can mask out their display to anyone sitting next to them.
A leading senator isn't happy, and is demanding answers.
A senior police officer says IoT manufacturers must be held to account when their products are opening doors to new ways of conducting crimes for cyber criminals and hackers.
Great work on patching your own products, but why were smaller tech companies kept in the dark?
The notion that the Chinese government would spy on corporations and our agencies with electronic devices manufactured by Chinese companies is not only absurd but would be catastrophic to furthering their ambitions in world trade.
UK government warns organisations that they must prepare for new data protection laws now - or potentially face the consequences when it comes into force.
Chrome 64 gets a stronger pop-up blocker ahead Google's new ad-blocking system that begins on February 15.
It has taken some time, but the website is finally offering enhanced security for Reddit accounts.
Open-source community leaders have slammed the 'absolute sh*t show' of an embargo process that left many key constituencies just days to develop complex software patches.
As of next year, TAFEs across the country will be offering skills-based cybersecurity certificate and diploma level qualifications.
Fixing the chip security holes Meltdown and Spectre will take a long, long time, but Linus Torvalds and Intel developers are slowly moving to answers for Linux.
Attacks generated losses of $22 billion in the country, according to a report.
Product details are thin, but Chronicle says it's already working with Fortune 500 companies.
Where do you draw the line on personal privacy? The right options are different for everyone. In this guide, I show you which privacy settings help you create the right balance of privacy and convenience in Windows 10.
Beginning with the April 2018 feature update, Microsoft will release a tool that allows Windows 10 users to inspect diagnostic data collected and sent to Microsoft's telemetry servers. Windows Insider Program members can test the app starting today.
Hide 'N Seek botnet has gone from 12 devices to 16,000 devices in just days.
And yet there's been nothing but silence from the companies.
I skip most of the high-end exhibits at CES in favor of Eureka Park, where little startups are getting their - often - first exposure. Here's some of the cool stuff I found on the show floor, in the first of a series.
Google will not robocall you unless you specifically requested a call. While it's difficult to fight phone spam, we have some suggestions that may help make things a bit less annoying.
A major disaster at one of the big cloud computing suppliers could hit customers and the wider economy very hard.
Dell and HP have pulled Intel's firmware patches for the Spectre attack.
E-state Estonia hit a big ID-card problem last year, but reckons it's actually benefited from the crisis.
The quantum cybersecurity firm has scored an additional AU$528,000 to develop a 'resilient' encryption method that could protect sensitive data on mobile assets.
The fix, previously reserved for newer Macs, is now available on older versions of macOS.
Bug fixes, new Siri tricks, and support for the upcoming release of the HomePod smartspeaker.
Security company says it has uncovered a weakness which could let hackers snoop on photos and user actions.
The most common Trojan found on today's networks is also, unfortunately, one that script kiddies delight in.
The microphone, the camera, the clipboard, all of your files; now that the browser is close to an OS, what controls should there be for security and privacy?
The chip giant believes it has found the root cause of the issue forcing Haswell and Broadwell chips to unexpectedly reboot.
Do you think no one's going to bother with trying to hack your small business website? Think again and start defending your site.
The games publisher has promised swift justice if any third party is found to be responsible for the claimed leaks.
Linux guru complains about approach to patching the chip flaw.
For years, privacy advocates have been pushing Microsoft to offer more transparency over the telemetry data it collects in Windows 10. The latest Insider Preview builds suggest that new tools to manage this data are in the works.
The National Cyber Security Centre issues a warning over updated Neuron malware attacks by the Turla hacking group.
The 21-year-old has been jailed for running a botnet and selling malware in the Dark Web.
The US agency alleges that The Entrepreneurs Headquarters defrauded customers out of $1.1 million in Bitcoin.
The majority of file dumps include both emails and passwords for corporate accounts.
A 12-week turnaround before a double dissolution election with a new method to allocate preferences, forced the AEC to accept an increased level of risk. Thanks Malcolm.
The popularity of bitcoin is creating problems for criminals dealing in ransomware -- and some are already casting their gaze towards a less volatile cryptocurrency.
Schneider Electric has revealed how the Trojan managed to disrupt core industrial systems in the Middle East.
The Trojan is back with a new technique to avoid detection by email gateways.
Australia's Notifiable Data Breaches scheme will come into force next month. Here is what it means and how it will affect organisations, and individuals, in Australia.
Both the House and Senate reauthorized the controversial surveillance powers, without any meaningful debate, amendments, or privacy reforms.
The security flaw made the securities market an easy target and was only fixed after a security researcher sent more than half-a-dozen warning emails.
AMD PCs can now install Microsoft's Windows update with fixes for Meltdown and Spectre and the bug that caused boot problems.
Researchers find 53 apps distributing malware for stealing Facebook credentials - some of which have been active since April 2017 and have been downloaded over 100,000 times.
Intel's firmware fix for Spectre is also causing higher reboots on Kaby Lake and Skylake CPUs.
Megaport has clocked AU$4.68 million in quarterly revenue, saying its IBM Cloud partnership will allow it to provide scalable connectivity to support blockchain, artificial intelligence, analytics, and IoT.
Security center aims to bring together analytics, insights and recommendations about an organization's data security.
The economic costs of a large cyber-attack could be as large as the impact of a major natural disaster.
ProtonVPN comes to Android, promising no malware, no ads, and no selling of user data.
Broken authentication and privileged access without cause are among the most common security concerns.
The enterprise software giant is working on Spectre fixes for Solaris on Sparc V9.
A variant of the botnet targets rigs to covertly replace their wallet addresses.
The closure of the controversial service follows warnings from US regulators and has raised the ire of lenders which consider the move an exit scam.
Hancock Health paid up despite having backups available.
A report has warned that ransomware, Internet of Things hacks, and industrial attacks could be almost as big a problem as natural disasters and extreme weather.
The retail, cloud, and device giant stands as the least transparent of transparent tech companies.
Criminals have yet to exploit Meltdown and Spectre, but they're playing on users' uncertainties about the CPU flaws in their malware and phishing schemes.
Mobile malware can steal WhatsApp messages, eavesdrop on targets based on GPS coordinates of a specific location and more.
The centre's chair has called for an overarching capability that supports federal, state, and territory-based cybercrime-countering efforts, labelling current capacities 'relatively weak'.
Jarvis functions as static binary code scanning software that detects vulnerabilities in automotive systems.
Industrial companies are being told to avoid some Meltdown and Spectre fixes after reports of problems.
Privacy is a human right, and businesses need to remember that. So do governments.
The headlines are all about how the Meltdown and Spectre security vulnerabilities will affect Windows PCs, but the real problems are how these bugs will impact servers and the cloud.
By combining big data and machine learning with its security tools, FireEye is looking to thwart more next-gen threats.
With all the hub-bub about Meltdown and Spectre, AMD CPUs are widely regarded as being perfectly safe. Well AMD chips may be safer, but they're not invulnerable.
Google wants the whole industry to adopt its Retpoline fixes for Variant 2 of the Meltdown-Spectre bugs.
Latin America head Masazumi Takata takes over as interim leader for operations in the country.
Researchers at F-Secure have warned that laptops can potentially be vulnerable to an attack that can be carried out in under a minute.
Older Broadwell and Haswell chips have been taking a hit from Intel's CPU patch.
Instead of focusing on single-digit percentage increases in performance, a bigger question needs to be asked: Is it safe?
Four UK companies have been slapped with fines for nuisance marketing.
The time between an attacker compromising a secured network and the breach being detected is the highest in the APAC region, with the median 'dwell' time 73 days above the global median of 99 days.
And nearly all of them are up for re-election later this year.
Should you be concerned about how much of a performance hit that your PC will take after applying the Spectre-Meltdown patch? It depends.
'Shocking' flaws show apps for industrial control systems are being built without enough thought for security, according to researchers.
Skype Insider testers on Windows Desktops, iOS, Android, Linux, and Mac can start testing Microsoft's end-to-end encrypted Private Conversations feature.
Chat apps and common cloud file-sharing software are being used in cyber-espionage attacks that target individuals involved with aiding North Korean defectors.
Now Linux distributions get hit by Meltdown patch issues.