Author Archives: Shaun Nichols

No RESTful the wicked: If your website runs Drupal, you need to check for security updates – unless you enjoy being hacked

PUT, PATCH, POST, PWNED!

Website admins are today urged to update their Drupal installations following the disclosure of a potentially serious vulnerability in the web publishing software. And when we say potentially serious, we mean, someone can potentially hack and hijack your site via this flaw.…

Webcast: Arm yourself before you go threat hunting in 2019

Join Carbon Black at livestreamed event based on global independent research

Promo  As cyber attackers evolve their techniques, businesses are exposed to a relentless stream of worrying data security breaches. The latest big one hit hotel group Marriott International in November 2018, and may have led to the personal information of up to 500 million guests being compromised.…

Apple yoinks enterprise certs from Facebook, Google, killing internal apps, to show its power

You have been warned, says Cupertino: Tech giants abuse dev program, iPhone maker eventually undoes ban

After briefly punishing Facebook and Google for violating the rules of its enterprise developer program, Apple has relented and is in the process of restoring the digital certificates used by each company to distribute iOS apps internally to employees.…

Six Flags fingerprinted my son without consent, says mom. Y’know, this biometric case has teeth, say state supremes…

Theme park's attempt to shoot down lawsuit snubbed by top judges

Analysis  The Illinois Supreme Court on Friday ruled that a family's lawsuit against downmarket-Disneyland Six Flags for allegedly violating the state's Biometric Privacy Act can proceed, reversing an appellate court ruling that rejected the claim because the plaintiff's did not allege any specific harm.…

As netizens, devs scream bloody murder over Chrome ad-block block, Googlers insist: It’s not set in stone (yet)

Advertising giant insists it's all still on drawing board – as plugin devs face code rewrites

Analysis  Following uproar from developers and netizens over proposed changes to Chrome that threaten to break content and ad blockers, and knacker other browser extensions, Google software engineer Devlin Cronin has offered reassurance that the plans aren't set in stone.…

‘It’s like they took a rug and covered it up’: Flight booking web app used by scores of airlines still vuln to attack – claim

Security hole can still be exploited to tamper with journeys, warn infosec bods

Exclusive  A security hole in a widely used airline reservation system remains open to exploit, allowing miscreants to edit strangers' travel details online, The Register has learned. A fix to close the vulnerability was incomplete, and thus ineffective, it is claimed.…

This must be some kind of mistake. IT managers axed, CEO and others’ wallets lightened in patient hack aftermath

Executives held to account? And three underlings thanked for their work? What is this madness?

The Singaporean government-owned biz responsible for that country's patient database has fined senior executives, including the CEO, and dismissed two managers, after blunders allowed hackers to siphon off private records.…

Nissan EV app password reset prompts user panic

Looks like a functionality fail rather than a data breach, though

Nervous Nissan UK drivers were today assured by the car maker that Connect EV app log-in failures are related to a migration of data onto a new platform rather than anything more nefarious.…

If you wanna learn from the IT security blunders committed by hacked hospital group, here’s some weekend reading

Database intrusion should not have succeeded, probe finds, but...

The theft of 1.5 million patient records, including those of Singapore's Prime Minister, from the city state's SingHealth hospital group by hackers could probably have been stopped had the IT department not been so useless, an inquiry has found.…

Dozens of .gov HTTPS certs expire, webpages offline, FBI on ice, IT security slows… Yup, it’s day 20 of Trump’s govt shutdown

Hackers may be rubbing their hands with glee

The IT impact of the ongoing partial US federal government shutdown has begun to show up in the form of degraded computer security. According to internet services biz Netcraft, more than 80 TLS certificates used on .gov websites have expired and have not been renewed.…