Vulnerability not as bad as it gets, as most servers use the openssh library to support server-side SSH logins.
Plain text password storage? Check. Directory traversal? Check. SOHOpeless? Check
Eight D-Link router variants are vulnerable to complete pwnage via a combination of security screwups, and only two are going to get patched.
23 hours ago Completely Outsourced Security: A Bad IdeaInfoRiskToday View Synopsis+1
Organizations can effectively rely on managed security services providers to take care of many tasks, but certain strategic security functions must be handled in-house, says Sid Deshpande, research director at Gartner.
21 hours ago Party like it's 1989... SVGA code bug haunts VMware's house, lets guests flee to host OSThe Register View Synopsis+1
Malicious code in VMs can leap over ESXi, Workstation, Fusion hypervisor security
Get busy, VMware admins and users: the virtualisation virtuoso has patched a programming blunder in ESXi, Workstation Pro and Player, and Fusion and Fusion Pro products that can be exploited by malicious code to jump from guest OS to host machine.
20 hours ago War Declared on Default PasswordsInfoRiskToday View Synopsis+1
Initiatives in UK and California Aim to Deep-Six Poor IoT Security PracticesWith at least 20 billion new consumer devices set to be internet-connected by 2020, initiatives in the U.K. and California are trying to ensure that as many IoT devices as possible will be out-of-the-box secure, for starters by not shipping with default passwords.
British Prime Minister Theresa May will call on fellow EU leaders Thursday to take united action to punish cyber attackers, warning hackers cause economic harm and undermine democracies.
Britain is among eight European Union countries pushing for the bloc to urgently agree a new sanctions regime to address malign cyber activities.
Under the AU$17.3 million deal, Motorola is also providing the police force with in-car video technology.
7 hours ago Decoding the Google Titan, Titan, and Titan M - that last one is the Pixel 3's security chipThe Register View Synopsis+1
Chocolate Factory opens lid, just a little, on secure boot and crypto phone coprocessor
People in the Googleplex need to talk to each other more: the Chocolate Factory has launched a third product with "Titan" in its name, and it's only related to one of the other two bits of kit.
Ahead of the 2018 midterms, Florida counties targeted by Russian phishing attacks are hardening their networks and increasing cybersecurity training for election officials.
$500 service couples the security of a private server with the reliability of the cloud.
A comprehensive review of Australia's centralised digital health record has recommended extending the opt-out period by another 12 months while privacy controls are significantly tightened.
Tumblr on Wednesday disclosed a vulnerability that could have been exploited to obtain user account information, including email addresses and protected passwords.
The source code of malware from the ancient Chinese military-affiliated group appears to have changed hands.
The new system could potentially prevent similar memory-based attacks from risking our PCs and global services.
A former Equifax manager was sentenced Tuesday to serve eight months home confinement for engaging in insider trading in the wake of the company's massive data breach last year.
10 hours ago Tumblr turns stumblr, left humblr: Blogging biz blogs bloggers' private info to world+dogThe Register View Synopsis+1
'No evidence' vulnerability was abused, though, we're told
Tumblr today reveal it has fixed a security bug in its website that quietly revealed private details of some of its bloggers.