Richard Chirgwin

Richard Chirgwin is a veteran of Australia's tech press, covering IT, telecommunications, security, networking, and protocols. Prior to iTnews, he worked at The Register for 9 years.

Recent articles by Richard Chirgwin

"Marvin" breathes new life into Bleichenbacher's timing oracle attack

"Marvin" breathes new life into Bleichenbacher's timing oracle attack

RSA PKCS#1 v1.5 encryption is ancient and should not be used.
Sep 27 2023 12:24PM
Salesforce cloud outage caused by security change

Salesforce cloud outage caused by security change

Goes public with post-mortem.
Sep 27 2023 12:23PM
Juniper Networks acknowledges new spin on firewall vulnerability

Juniper Networks acknowledges new spin on firewall vulnerability

Patches against fileless RCE.
Sep 27 2023 12:23PM
GitLab patches critical vulnerability

GitLab patches critical vulnerability

Attacker could imitate other users.
Sep 20 2023 3:16PM
Google warns security researchers of North Korean campaign

Google warns security researchers of North Korean campaign

Attackers used as-yet-unpatched zero-day.
Sep 11 2023 11:25AM
Duplicate waypoint name caused UK air traffic outage

Duplicate waypoint name caused UK air traffic outage

One in 15 million chance.
Sep 7 2023 3:24PM
Cisco SSO authentication bug patched

Cisco SSO authentication bug patched

BroadWorks platforms vulnerable.
Sep 7 2023 3:23PM
Crash log exposed Microsoft Outlook keys to threat actor

Crash log exposed Microsoft Outlook keys to threat actor

How July’s Storm-0558 attack happened.
Sep 7 2023 3:22PM
Palo Alto Networks closes door on TunnelCrack

Palo Alto Networks closes door on TunnelCrack

Configuration checks needed, rather than patches.
Aug 23 2023 11:55AM
Juniper web management interface open to RCE

Juniper web management interface open to RCE

Two Junos OS versions get patches.
Aug 21 2023 11:52AM
Azure bug allowed password theft, researcher says

Azure bug allowed password theft, researcher says

Tenable CEO critical of slow fix, transparency.
Aug 7 2023 1:26PM
Ivanti endpoint security needs security upgrade

Ivanti endpoint security needs security upgrade

Older MobileIron appliances had exploitable API.
Aug 3 2023 2:40PM
Salesforce email compromised for phishing attacks

Salesforce email compromised for phishing attacks

Now patched against "Phishforce".
Aug 3 2023 2:39PM
Malware spotted on Barracuda email gateways

Malware spotted on Barracuda email gateways

CISA issues new warning.
Jul 31 2023 12:30PM
TETRA radio protocol found to be vulnerable

TETRA radio protocol found to be vulnerable

Weak encryption in emergency services radio.
Jul 26 2023 11:54AM
OPSEC "fumble" exposed JumpCloud attackers

OPSEC "fumble" exposed JumpCloud attackers

North Korea’s UNC4889 behind attack, says Mandiant.
Jul 26 2023 11:52AM
Docker users careless with secrets

Docker users careless with secrets

More than one in 12 images leak secrets.
Jul 19 2023 11:47AM
Citrix zero-day vulnerability under attack

Citrix zero-day vulnerability under attack

NetScalar appliances affected.
Jul 19 2023 11:46AM
Microsoft scrambles zero-day fixes in bumper patch crop

Microsoft scrambles zero-day fixes in bumper patch crop

Multiple vulnerabilities exploited in the wild.
Jul 12 2023 11:39AM
More MOVEit vulnerabilities disclosed, patched

More MOVEit vulnerabilities disclosed, patched

Database contents could be exposed.
Jul 10 2023 11:37AM