Author: Tom Mendelsohn

(credit: Gage Skidmore)

Donald Trump's controversial luxury golf resort in Aberdeenshire has a chequered history of putting its neighbours' noses out of joint, but this time, it's flouted the UK's data laws by failing—possibly for years—to register with the Information Commissioner's Office.

The Guardian found that the £30 million resort in north-east Scotland hadn't been registered under the Data Protection Act, "despite operating an extensive CCTV system and handling data on thousands of golfers and guests, its staff, and suppliers," potentially putting Trump's golf resort at risk of being found guilty of a criminal offence and fined.

However, just as the ICO was preparing to write to Trump International Golf Course to remind it of its legal duties, it received registration details, somewhat taking the wind out of the sails of the newspaper's investigation.

The successors to Silk Road, the darknet drug market shut down by the FBI in 2013, are raking in tens of millions of pounds in total revenue every month, according to a new report.

British dealers apparently have a serious finger in the pie, taking home roughly 16 percent of the global revenues, or around £1.75 million, between an estimated 338 vendors.

The report, commissioned by the Dutch government to gauge the growth of darknet markets in the years following the demise of Silk Road, found some good news for beleaguered law enforcement: "cryptomarkets have grown substantially in the past few years, but not explosively," though the numbers of vendors and hosting sites have grown. In fact, researchers found around 50 of these markets in total, however, the total volume of listings is now only six times larger than in 2013.

Microsoft has inadvertently demonstrated the intrinsic security problem of including a universal backdoor in its software after it accidentally leaked its so-called "golden key"—which allows users to unlock any device that's supposedly protected by Secure Boot, such as phones and tablets.

The key basically allows anyone to bypass the provisions Microsoft has put in place ostensibly to prevent malicious versions of Windows from being installed, on any device running Windows 8.1 and upwards with Secure Boot enabled.

And while this means that enterprising users will be able to install any operating system—Linux, for instance—on their Windows tablet, it also allows bad actors with physical access to a machine to install bootkits and rootkits at deep levels. Worse, according to the security researchers who found the keys, this is a decision Microsoft may be unable to reverse.

Juniper Networks has found and mostly patched a flaw in the way the firmware on its routers process IPv6 traffic, which allowed malicious users to simulate Direct Denial of Service attacks.

The vulnerability, which seems to be common to all devices processing IPv6 address, meant that purposely crafted neighbour discovery packets could be used to flood the routing engine from a remote or unauthenticated source, causing it to stop processing legitimate traffic, and leading to a DDoS condition.

According to Juniper's advisory report:

(credit: John Palmer)

Four major security holes in the Qualcomm chips which power modern Android devices have left as many as 900 million users vulnerable to a range of attacks.

According to Israel-based security firm Checkpoint, the flaws—dubbed "Quadrooter"—found in the firmware which governs the chips, could allow potential attackers to "trigger privilege escalations for the purpose of gaining root access to a device" using malware which wouldn't require special permissions, allowing it to pass under suspicious users' radars.

Qualcomm makes chips for the majority of the world's phones, holding a 65 percent share of the market. Most of the major recent Android devices are expected to be affected by the flaw, including:

(credit: Blue Coat)

Large UK companies are amongst the hardest hit by ransomware in western countries according to a new report that found that more than half had been affected by it—and that nine percent had been left "entirely unable to operate."

Ransomware is clearly a growth industry in Britain; 58 percent of IT directors in this country have paid ransoms in the past, and the UK experiences more attacks than the Canada, Germany, and the US, where bosses are 21 times less likely to give in to hackers' demands.

Ransomware is malicious software which locks users out of key files or their entire system using tough encryption until the owner pays up. It's a relatively simple scam, and according to Malwarebytes, who commissioned the report, gaining rapidly in popularity. The vast majority of attacks are coming through an endpoint, with 46 percent originating from an e-mail.

(credit: Photograph by Randy Stewart)

A notorious black hat says he has more than 200 million hacked Yahoo accounts for sale on the dark Web. The company says it is "aware of [the] claim," but is refusing to comment on its veracity. Yahoo accounts are primarily used to log into the company's webmail service, but also for other sites like Flickr.

It's unclear at this point whether Yahoo has itself been breached, but the account data has been publicly available on a Tor-accessible marketplace called The Real Deal since Monday, and is apparently being sold by a hacker known as Peace, who has previously been linked to large-scale sales of MySpace and LinkedIn account details in 2012.

A Yahoo spokesperson said:

(credit: Apple)

Apple has quietly waded into the gun violence debate enveloping America this week, after it announced it would be releasing more than 100 new or redesigned emoji—and would replace the symbol of a revolver with one of a water pistol.

The new green-and-orange emoji could barely look less threatening, and it seems to be Apple's response to a spate of mass shootings in 2016, which has been a particularly violent and deadly year, for minorities and police officers alike.

Apple is replacing the pistol emoji with a squirt gun https://t.co/y6uooZzKz2 pic.twitter.com/wOi6QsfAZX

— Jürgen Siebert (@Fontblog) August 1, 2016

A group called New Yorkers Against Gun Violence are claiming the change as a victory for their campaign, having lobbied Apple heavily to remove the pistol symbol “as a symbolic gesture to limit gun accessibility.” A representative for the charity told CNN: “Apple has stood up to the bullying tactics of the NRA and gun industry by showing that there are many more life-affirming ways to express oneself than with a gun.”

(credit: Julien GONG Min)

Microsoft plans to lay off nearly 3,000 more jobs over the next year across its smartphone hardware business and global sales division.

The latest cuts heap misery on Microsoft staff, after the software giant confirmed in May that 1,850 jobs would be lost at its mobile wing—even as its Windows and devices veep Terry Myerson insisted: "we're scaling back, but we're not out!"

Microsoft bought Nokia's devices and services business in 2013 for €5.4 billion ($7.1 billion), bringing with it what would quickly unravel into one of the worst tech acquisitions of all time.

(credit: amalthya)

A bug in the Telegram Messager app logged anything its users pasted into their chats in its syslog on macOS, even if they had opted for the end-to-end encrypted "secret" mode.

The vulnerability was spotted earlier this month by Russian infosec operative Kirill Firsov, who directly and publicly challenged Telegram's flamboyant founder and chief Pavel Durov about the app's latest security flaw.

Official #Telegram for MacOS logs every pasted message to syslog, even in secret chats. @durov what's going on? pic.twitter.com/MvbWguAkT0

— Kirill Firsov (@k_firsov) July 23, 2016

In an angry reply, Durov admitted that the vuln existed, but insisted it "applies only to texts that were copy-pasted from clipboard, and such texts are open to all other Mac apps anyway."