RedHat admins, patch now – don’t let your servers get pwned!

A command injection bug in Red Hat's DHCP client could allow an attacker to run any command on your computer. As root.

Chili’s PoS breach: Want some credit card theft with your baby back ribs?

Chili's is advising customers to check their bank records after discovering the point-of-sale breach.

Facebook can’t wiggle out of facial recognition lawsuit, judge says

There are too many factual disagreements for a quick judgment, the judge said, including over what a faceprint actually is.

Serious XSS vulnerability discovered in Signal

Researchers have discovered a serious cross-site scripting (XSS) vulnerability affecting all desktop versions of Edward Snowden’s favourite security application, Signal.

Facebook app left 3 million users’ data exposed for four years

Highly sensitive user data collected from the app was left on a badly secured website for anybody to get at.

Police dog sniffs out USB drive to snare school hacker

Police traced an "electronic trail" to the suspect's house where the USB drive was hidden.

The next Android version’s killer feature? Security patches

Not before time, Google is addressing the mess it's made of Android updates

The EFAIL vulnerability – why it’s OK to keep on using email

The EFAIL bug shows how to trick some mail clients into turning the email encryption tools S/MIME and OpenPGP against themselves.

Prison phone service can expose the location of anyone with a phone

The system requires that you have legal authority to use it, but doesn't check

Critical Out-Of-Band Adobe Security Updates! And ongoing minor Mac concerns...

Nest turns up the temperature on password reusers

Nest's advice to its users gets a thumbs-up from the Online Trust Alliance.

Warehouse full of digital copiers yields truckloads of secrets

Copiers' hard drives aren't typically encrypted or wiped. One result: a used copier with 300 people's medical records: just hit "print!"

Is Google’s Duplex AI helpful or plain creepy?

Last week, Google CEO Sundar Pichai used the company’s annual I/O event to demo an experimental new feature of Google Assistant: Duplex.

Remote code execution bug found in GPON routers, but how bad is it really?

An anonymous researcher recently disclosed two vulnerabilities in several older models of Dasan-made GPON routers.

2 million lines of source code left exposed by phone company EE

What should be secret AWS and API keys were (un)secured with the default password credentials: "admin" as the name, "admin" for a password.

Monday review – the hot 18 stories of the week

From the WhatsApp text bomb and iOS 11.4's 7-day USB shutout to the critical bug in 7-zip, and more!

When it comes to patches, how urgent is urgent? [Chet Chat Podcast 268]

Chet Chat podcast: Sophos experts Chester Wisniewski and Greg Iddon discuss the latest cybersecurity issues.

IBM bans USB drives – but will it work?

Can you blindly ban all USB drives, or will it lead to "shadow IT" where staff use them anyway? Sophos CISO Ross McKerchar has his say...

Firefox support for WebAuthn shows passwords the door

Passwords aren't dead, yet.

Apple boots out apps that abuse location data collection

GDPR is coming and Apple's spring cleaning the App Store

iOS 11.4 to come with 7-day USB shutout

After 7 days if there's no passcode, then there's no access.