Boffins promise protection and perfect performance with new ZeRØ, No-FAT memory safety techniques

Fast, easy to implement, and knocks attacks like Spectre on the head – what's the catch? Researchers at the Columbia University School of Engineering and Applied Science have showcased two new approaches to providing computers with memory protection without sacrificing performance – and they're being implemented in silicon by the US Air Force Research...

3h

Sure looks like someone's pirating the REvil ransomware, tweaking the binary in a hex editor for their own crimes

It's a crook-eat-crook world out there It appears someone is pirating the infamous REvil ransomware by tweaking its files for their own purposes.…

17h

SEC still digging into SolarWinds fallout, nudges undeclared victims

US markets watchdog sniffs around potential insider trading, data violations relating to hack US markets watchdog the Securities and Exchanges Commission (SEC) has begun a probe into last year's SolarWinds cyberattack, in a bid to find out who else might have been compromised.…

18h

'Set it and forget it' attitude to open-source software has become a major security problem, says Veracode

Study finds a whole sea of outdated third-party libraries There's a minefield of security problems bubbling under the surface of modern software, Veracode has claimed in its latest report, thanks to developers pulling third-party open-source libraries into their code bases – then never bothering to update them again.…

19h

There's no 'Skype' in Teams: Microsoft lets signing key for its Debian Skype repository slip gently into the night

Summer Solstice: A time for dancing, druids, and certificate errors Microsoft's inattentive approach to Linux has continued unabated, with reports that the signing key for its Debian Skype repository has expired.…

20h

Zephyr OS Bluetooth vulnerabilities left smart devices open to attack

The 'S' in 'IoT' stands for 'security' Vulnerabilities in the Zephyr real-time operating system's Bluetooth stack have been identified, leaving a wide variety of Internet of Things devices open to attack – unless upgraded to a patched version of the OS.…

1d

MI5 still risks breaking the law on surveillance data through poor controls – years after it was first warned

Yet spy agency overseer IPCO seems to be working as the public hoped Exclusive  MI5's storage of personal data on espionage subjects is still facing "legal compliance risk" issues despite years of warnings from spy agency regulator IPCO, a Home Office report has revealed.…

1d

US Air Force announces plan to assassinate molluscs with hypersonic missile

No word on whether top brass considered just shelling them into submission The United States Air Force (USAF) has issued a strangely specific threat to certain mollusc species living in the area of an upcoming weapons test.…

1d

To CAPTCHA or not to CAPTCHA? Gartner analyst says OK — but don’t be robotic about it

Picking street signs from a matrix of images is out, cleverer challenges are OK Poll  Analyst firm Gartner has advised in favour of the use of CAPTCHAs — but recommends using the least-annoying CAPTCHAs you can find.…

1d

Do you want speed or security as expected? Spectre CPU fixes cripple performance on Linux in tests

All depends on whether your workload is making a lot of system calls or not The mitigations applied to exorcise Spectre, the family of data-leaking processor vulnerabilities, from computers hinders performance enough that disabling protection for the sake of speed may be preferable for some.…

1d