Richard Chirgwin

Richard Chirgwin is a veteran of Australia's tech press, covering IT, telecommunications, security, networking, and protocols. Prior to iTnews, he worked at The Register for 9 years.

Recent articles by Richard Chirgwin

US law enforcement, cyber security orgs heighten calls to harden Confluence

US law enforcement, cyber security orgs heighten calls to harden Confluence

Amid ongoing exploits of patched vulnerability.
Oct 18 2023 2:55PM
Microsoft identifies "Oro0lxy" as Confluence attacker

Microsoft identifies "Oro0lxy" as Confluence attacker

Atlassian vulnerability exploit attributed to Chinese hacker.
Oct 12 2023 12:16PM
HTTP2 zero-day enabled record-setting DDoS attacks

HTTP2 zero-day enabled record-setting DDoS attacks

Vendors scramble to patch Rapid Reset vulnerability.
Oct 11 2023 10:53AM
Rapid Reset among Microsoft’s 105 patches for October

Rapid Reset among Microsoft’s 105 patches for October

Three bugs already exploited.
Oct 11 2023 10:52AM
Exim mail servers worldwide need urgent patches

Exim mail servers worldwide need urgent patches

Three out of six issues already fixed.
Oct 4 2023 10:33AM
Malware once again a headache for npm

Malware once again a headache for npm

Fortiguard finds data-thieving packages.
Oct 4 2023 10:32AM
Another Progress Software file transfer utility vulnerable

Another Progress Software file transfer utility vulnerable

WS_FTP has critical deserialisation bug.
Oct 3 2023 12:44PM
CISA warns China's BlackTech had control of routers

CISA warns China's BlackTech had control of routers

Modified firmware helped state actors snoop on traffic.
Oct 2 2023 2:15PM
"Marvin" breathes new life into Bleichenbacher's timing oracle attack

"Marvin" breathes new life into Bleichenbacher's timing oracle attack

RSA PKCS#1 v1.5 encryption is ancient and should not be used.
Sep 27 2023 12:24PM
Juniper Networks acknowledges new spin on firewall vulnerability

Juniper Networks acknowledges new spin on firewall vulnerability

Patches against fileless RCE.
Sep 27 2023 12:23PM
Salesforce cloud outage caused by security change

Salesforce cloud outage caused by security change

Goes public with post-mortem.
Sep 27 2023 12:23PM
GitLab patches critical vulnerability

GitLab patches critical vulnerability

Attacker could imitate other users.
Sep 20 2023 3:16PM
Google warns security researchers of North Korean campaign

Google warns security researchers of North Korean campaign

Attackers used as-yet-unpatched zero-day.
Sep 11 2023 11:25AM
Duplicate waypoint name caused UK air traffic outage

Duplicate waypoint name caused UK air traffic outage

One in 15 million chance.
Sep 7 2023 3:24PM
Cisco SSO authentication bug patched

Cisco SSO authentication bug patched

BroadWorks platforms vulnerable.
Sep 7 2023 3:23PM
Crash log exposed Microsoft Outlook keys to threat actor

Crash log exposed Microsoft Outlook keys to threat actor

How July’s Storm-0558 attack happened.
Sep 7 2023 3:22PM
Palo Alto Networks closes door on TunnelCrack

Palo Alto Networks closes door on TunnelCrack

Configuration checks needed, rather than patches.
Aug 23 2023 11:55AM
Juniper web management interface open to RCE

Juniper web management interface open to RCE

Two Junos OS versions get patches.
Aug 21 2023 11:52AM
Azure bug allowed password theft, researcher says

Azure bug allowed password theft, researcher says

Tenable CEO critical of slow fix, transparency.
Aug 7 2023 1:26PM
Ivanti endpoint security needs security upgrade

Ivanti endpoint security needs security upgrade

Older MobileIron appliances had exploitable API.
Aug 3 2023 2:40PM