Security News

The SolarWinds hack exposed sealed US court documents - which could have a serious effect on Western sanctions against state-backed hackers. Infosec journalist Brian Krebs reported a US Courts Administrative Office statement about the impact of the Russian-backed SolarWinds hack, quoting an anonymous source as saying that the agency was "Hit hard".

Home Depot has exposed the private order confirmations of hundreds of Canadian consumers, containing names, physical addresses, email addresses, order details and partial credit-card information. After customers began reporting that they had received hundreds of emails from the home-improvement giant, each containing an order confirmation for a stranger, the company confirmed the issue.

TikTok has expanded its vulnerability disclosure policy to include a global bug-bounty program through a partnership with the ethical hacker platform HackerOne. Hackers who find critical vulnerabilities in TikTok's platform can receive between $6,900 to $14,800 according to the program, which marks the first time TikTok has invited the public security community to analyze its platform for vulnerabilities.

Privacy-focused browser maker Brave has responded to complaints about affiliate links by apologising for a coding error but also stating that adding affiliate links to search queries is standard practice. The browser was never guilty of the more serious accusation of injecting affiliate links into the HTML rendered for a page, said Brave.

As it faces a major lawsuit, Zoom is taking a significant step to bolster security and privacy efforts by recruiting an industry heavy-hitter - former Facebook CISO Alex Stamos - to provide special counsel. Zoom now says that it aims to clean up its issues from both the product side and by taking a high-level executive approach, Zoom founder Eric Yaun said in a blog post published Wednesday.

An infosec researcher has published a JavaScript-based proof of concept for the Netgear routerlogin.com vulnerability revealed at the end of January. Through service workers, scripts that browsers run as background processes, Saleem Rashid reckons he can exploit Netgear routers to successfully compromise admin panel credentials.

Capita Education Services had a bit of an oopsie yesterday as a new helpdesk system spurted potentially thousands of email addresses at unsuspecting users. A Register reader got in touch to express his surprise at receiving an email regarding a helpdesk ticket he didn't open, logged by someone he didn't know.

Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. Within hours of the NSA going public with details about its prized bug find, exploit writers posted working code demonstrating how the flaw can be abused to trick unpatched Windows computers into accepting fake digital certificates - which are used to verify the legitimacy of software, and encrypt web connections.

Mass-mail fail followed outfit's appearance at jobs fair BT Security managed to commit the most basic blunder of all after emailing around 150 infosec professionals who attended a jobs fair –...

Government cares what you think. Honest A UK Home Office consultation on new, intrusive police powers was so incompetently written that you could both "strongly agree" and "strongly disagree" at...