Subscribe: The Register - Security
http://www.theregister.co.uk/security/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
android  apps  cyber  damian green  data  found  kaspersky  management engine  patch  researchers  russian  security  software   
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



Google's Project Zero reveals Apple jailbreak exploit

Tue, 12 Dec 2017 02:02:10 GMT

Holy Moley! iOS and MacOS were wholly holey

Ian Beer of Google's Project Zero bod has followed up on a “coming soon” Twitter teaser with a jailbreakable iOS and Mac OS vulnerability.…




Archive of 1.4 BEEELION credentials in clear text found in dark web archive

Tue, 12 Dec 2017 01:05:48 GMT

Find shows people still suck at passwords

A data dump containing over 1.4 billion email addresses, passwords, and other credentials, all in clear text, has been found online by security shop @4iQ.…




New Ruski hacker clan exposed: They're called MoneyTaker, and they're gonna take your money

Mon, 11 Dec 2017 17:58:12 GMT

Subtly named group has gone largely unnoticed until now

Security researchers have lifted the lid on a gang of Russian-speaking cybercrooks, dubbed MoneyTaker.…




Lifestyle pin-up site Pinterest: Hack attempts blamed on 'credential stuffing'

Mon, 11 Dec 2017 16:04:05 GMT

You might just have to wing it with that potpourri recipe

There’s a chill going around cyberspace with an upsurge of people concerned that their Pinterest account has been hacked.…




Blighty flogs Qatar a bunch of missiles and Typhoon fighter jets

Mon, 11 Dec 2017 13:09:07 GMT

And Hawk training aircraft as well. Just don't say 'despite Br-'

Qatar has agreed its long-awaited order for 24 British-built Eurofighter Typhoon fighter jets and a billion pounds' worth of missiles assembled in the UK to go with them.…




Hackers' delight: Mobile bank app security flaw could have smacked millions

Mon, 11 Dec 2017 12:33:13 GMT

Certificate pinning unpicked

Security researchers from the University of Birmingham last week went public about security shortcomings in mobile banking apps that leave millions of users at a heightened risk of hacking.…




Language bugs infest downstream software, fuzzer finds

Mon, 11 Dec 2017 08:04:07 GMT

And you worked so hard to make it secure

Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use.…




Leftover Synaptics debugger puts a keylogger on HP laptops

Mon, 11 Dec 2017 06:03:07 GMT

Vendor first to patch, expect other OEMs to follow

For the second time this year, HP has had to patch its laptops after a security researcher found a driver-level keylogger – and this time, other laptop-makers might have to check their own products.…




Dynamics 365 sandbox leaked TLS certificates

Mon, 11 Dec 2017 00:31:05 GMT

Hey Microsoft, is this your private key?

Another day, another credential found wandering without a leash: Microsoft accidentally left a Dynamics 365 TLS certificate and private key where they could leak, and according to the discoverer, took 100 days to fix the bungle.…




Android flaw lets attack code slip into signed apps

Fri, 08 Dec 2017 21:06:04 GMT

Janus bug leaves APKs vulnerable to poisoning

Researchers say a recently patched vulnerability in Android could leave users vulnerable to attack from signed apps.…




UK.gov law resources now untrustworthy, according to browsers

Fri, 08 Dec 2017 14:25:06 GMT

justice.gov.uk website SSL certificate expires

The SSL certificate on the criminal justice and court listing site justice.gov.uk expired yesterday, causing browsers to now warn users that their information is at risk.…




Next-gen telco protocol Diameter has last-gen security – researchers

Fri, 08 Dec 2017 13:10:08 GMT

Infosec boffins raise flags

Some of the well-known weaknesses of SS7 Roaming Networks have been replicated in the next-gen telco protocol, Diameter.…




Sloppy coding + huge PSD2 changes = Lots of late nights for banking devs next year

Fri, 08 Dec 2017 10:07:14 GMT

*Cough* Cobol, .NET *cough*

Poorly written code is leaving banks at greater risk of attack and poorly prepared for big changes in the financial sector due to come into effect early next year.…




VMware and Carbon Black: you complete me, no you complete me

Fri, 08 Dec 2017 04:03:10 GMT

Virtzilla's App Defence and CB's endpoint protection combine for whitelist-fest

VMware and Carbon Black have joined forces to enhance each other's security wares.…




Security industry needs to be less trusting to get more secure

Thu, 07 Dec 2017 23:01:23 GMT

Black Hat crowd encouraged to be paranoid

Delegates to Black Hat Europe have been encouraged to turn conventional security thinking on its head by practicing security through distrust.…




Apple gets around to patching all the other High Sierra security holes

Thu, 07 Dec 2017 20:47:15 GMT

Another week, another Mac patch to install

Apple has released a security update to address nearly two dozen vulnerabilities in macOS High Sierra.…




HMS Queen Lizzie formally joins the Royal Navy

Thu, 07 Dec 2017 15:33:09 GMT

At least one part of the 'Year of the Navy' went to plan

Britain’s biggest ever aircraft carrier, HMS Queen Elizabeth, has been formally commissioned into the Royal Navy, with Her Majesty attending the ceremony in person.…




Toucan play that game: Talking toy bird hacked

Thu, 07 Dec 2017 11:57:05 GMT

Parroting Cayla... if she were a bit more sweary

The same researchers whose hack on the My Friend Cayla doll prompted regulatory action have followed up with a hack on a talking toy robot bird.…




NiceHash diced up by hackers, thousands of Bitcoin pilfered

Wed, 06 Dec 2017 23:03:07 GMT

Mining outfit says its entire wallet gone, estimated $62m

Cryptocurrency mining market NiceHash says it has fallen victim to a hacking attack that may have resulted in the loss of its entire Bitcoin wallet.…




Intel Management Engine pwned by buffer overflow

Wed, 06 Dec 2017 16:30:07 GMT

Security researchers lift lid on snafu at Black Hat Europe

On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.…




Former US State Department cyber man: We didn’t see the Russian threat coming

Wed, 06 Dec 2017 15:35:07 GMT

Cyber no longer domain of techies, says ex-diplomat

Black Hat Cyber threats have evolved from been a solely technical issues to core issues of government policy, according to a senior US lawyer and former cyber diplomat.…




Google and pals rush to repair Android dev tools, block backdoor risks

Wed, 06 Dec 2017 11:32:12 GMT

Involves big hitter Android Studio, APKTool and more

Security researchers have found several flaws in the developer tools and environments used by Android programmers.…




Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters

Wed, 06 Dec 2017 07:01:10 GMT

Message client vendors have had 25 years to get RFC 1342 right

Penetration tester Sabri Haddouche has reintroduced the world to email source spoofing, bypassing spam filters and protections like Domain-based Message Authentication, Reporting and Conformance (DMARC), thereby posing a risk to anyone running a vulnerable and unpatched mail client.…




Beware the IDEs of Android: three biggies have vulnerabilities

Wed, 06 Dec 2017 04:54:12 GMT

Android Studio, Eclipse, and IntelliJ IDEA stabbed in the back by an XML parser

Developers using the Android Studio, Eclipse, and IntelliJ IDEA have been advised to update their IDEs against serious and easily-exploitable vulnerabilities.…




Data-slurping keyboard app makes Mongo mistake with user data

Tue, 05 Dec 2017 20:59:09 GMT

Ai.type leaves wealth of personal info open to all

Another week, another open database left online, but this latest case has shown not only sloppy security but also how much data you’re giving up with some apps.…




Brit bank Barclays' Kaspersky Lab diss: It's cyber balkanisation, hiss infosec bods

Tue, 05 Dec 2017 15:07:12 GMT

It's 2017: Is the splinternet nearer than ever?

Analysis Barclays has stopped offering free Kaspersky Lab products to new users in a move that shows, like Best Buy, commercial firms can be swayed by governmental stances on dealing with the Russian software firm.…




Once again, UK doesn't rule out buying F-35A fighter jets

Tue, 05 Dec 2017 12:52:06 GMT

It'd be more expensive than just buying Bs. Why do this?

The United Kingdom is edging ever closer to buying F-35As, instead of the B model needed to fly from the Navy’s new aircraft carriers, as a senior officer once again refused to rule out a future F-35A purchase.…




Turns out Leakbase can keep a secret: It has shut down with zero info

Tue, 05 Dec 2017 07:03:13 GMT

Stolen-creds-for-cash site disappears, unmourned

Stolen-creds-for-sale site Leakbase has gone dark and started redirecting to Troy Hunt's HaveIBeenPwned.…




Google prepares 47 Android bug fixes, ten of them rated Critical

Tue, 05 Dec 2017 06:02:05 GMT

Nexus and Pixel owners get their fixes on US Tuesday. The rest of us peasants have to wait

Google has teased 47 Android patches for Nexus and Pixel devices.…




Infosys names a new CEO: welcome to the hot-seat Salil S. Parekh

Tue, 05 Dec 2017 03:32:05 GMT

Former CapGemini man steps in after last CEO bailed after nasty sniping

Infosys has named its next leader: Salil S. Parekh will become as CEO an managing director as of January 2nd, 2018, and has been appointed for five years.…




Dentist-turned bug-biter given a taste of freedom

Tue, 05 Dec 2017 01:58:10 GMT

Just did an eight month bit without bail for chewing the FBI's ear

Justin Shafer, who last year sparked a complaint to the FBI for discovering a dental software vendor's unprotected FTP server, will walk free until his trial begins.…




International team takes down virus-spewing Andromeda botnet

Tue, 05 Dec 2017 00:46:51 GMT

Infections spread across over 200 regions

Police and private companies have taken down a massive botnet used to move malware onto compromised PCs.…




SEC's cyber-cops cyber-file cyber-first cyber-fraud cyber-charges

Tue, 05 Dec 2017 00:30:09 GMT

Securities watchdog puts the freeze on dodgy ICO

The SEC's new online crime unit says it has frozen what officials believe to be a fraudulent cryptocurrency.…




Prison hacker who tried to free friend now likely to join him inside

Mon, 04 Dec 2017 21:00:46 GMT

But he got oh so close

A Michigan man who hacked into his local prison's computing system to gain early release for a friend is facing his own time inside after getting caught.…




Creepy Cayla doll violates liberté publique, screams French data protection agency

Mon, 04 Dec 2017 14:31:06 GMT

You can probably strike these toys off your kids' Crimbo lists

The French data protection agency has issued a formal notice to a biz peddling allegedly insecure toys, just in time for Christmas.…




Damian Green: Not only my workstation – mystery pr0n all over Parliamentary PCs

Mon, 04 Dec 2017 13:54:05 GMT

Denies he downloaded any of it

Under-fire Cabinet Office minister Damian Green has reportedly told an internal UK government inquiry that he has proof he was not the one who downloaded porn onto his Parliamentary computer.…




Brit MP Dorries: I gave my staff the, um, green light to use my login

Mon, 04 Dec 2017 12:09:13 GMT

Defence of Damian shows relaxed attitude to account security

UK MP Nadine Dorries revealed yesterday that she shares her parliamentary login information with her staff. This was an attempt to defend recently resurfaced allegations about porn allegedly found on fellow politician Damian Green's office computer.…




Google to crack down on apps that snoop

Mon, 04 Dec 2017 06:58:07 GMT

Android developers given 60 days to inform users, after that apps will do it for themselves

Google has warned Android developers to give users better warnings about their apps' data collection behaviours, or it will flag their failings.…




PayPal paid $US233m for company that leaked 1.6 million records

Mon, 04 Dec 2017 05:58:10 GMT

Canadian outfit TIO acquired in Feb 'fesses up to unauthorized access

PayPal has “identified a potential compromise of personally identifiable information for approximately 1.6 million customers.”…




Dirty COW redux: Linux devs patch botched patch for 2016 mess

Mon, 04 Dec 2017 02:02:12 GMT

This time it's a 'Huge Dirty COW' and Linus Torvalds has cleaned up after it

Linus Torvalds last week rushed a patch into the Linux kernel, after researchers discovered the patch for 2016's Dirty COW bug had a bug of its own.…




RSA coughs to critical-rated bug in its authentication SDK

Sun, 03 Dec 2017 23:59:28 GMT

Yup, that means if you code with it, your projects inherit the problem. Yay!

RSA developers and admins have been given two critical-level authentication bugs to patch.…




UK government bans all Russian anti-virus software from Secret-rated systems

Sun, 03 Dec 2017 22:29:16 GMT

Starts talks with Kaspersky to 'prevent the transfer of UK data to the Russian state'

The United Kingdom's National Cyber Security Centre has effectively banned the use of Russian anti-virus products from government departments and revealed it is trying to “prevent the transfer of UK data to the Russian state” from Kaspersky Labs software.…




Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row

Sat, 02 Dec 2017 00:08:49 GMT

Maryland man cops to making illegal copies of top-secret code

An NSA hacker has admitted taking home copies of classified software exploits – understood to be the cyber-weapons slurped from an agency worker's home Windows PC by Kaspersky Labs' antivirus.…




Apple iOS 11 security 'downgrade' decried as 'horror show'

Fri, 01 Dec 2017 22:33:23 GMT

Ability to reset iTunes Backup passwords unravels layered protection, claims researcher

After rapidly patching a flaw that allowed anyone with access to a High Sierra Mac to obtain administrative control, Apple still has more work to do to make its software secure, namely iOS 11, it was claimed this week.…




Expert gives Congress solution to vote machine cyber-security fears: Keep a paper backup

Fri, 01 Dec 2017 21:30:02 GMT

Hot take from crypto-guru Prof Matt Blaze

Video With too many electronic voting systems buggy, insecure and vulnerable to attacks, US election officials would be well advised to keep paper trails handy.…




Ex-cop who 'kept private copies of data' fingers Cabinet Office minister in pr0nz at work claims

Fri, 01 Dec 2017 17:01:08 GMT

Decade-old Damien Green MP row reheated by BBC

Cabinet Office Minister Damian Green has been caught up in a fresh row over his Parliamentary computer habits after the BBC reported that he had porn on his parliamentary PC a decade ago.…




High Court judge finds Morrisons supermarket liable for 2014 data leak

Fri, 01 Dec 2017 16:28:14 GMT

100,000 staff entitled to comp for 'upset and distress' caused

Morrisons is responsible for the leak of staff personal details by an ex-employee, the High Court ruled today.…




Linux laptop-flinger says bye-bye to buggy Intel Management Engine

Fri, 01 Dec 2017 12:49:08 GMT

Says 'disabling' the ME will reduce future vulnerabilities

In a slap to Intel, custom Linux computer seller System76 has said it will be "disabling" the Intel Management Engine in its laptops.…




Stop us if you've heard this one: Russian hacker thrown in US slammer for $59m bank fraud

Fri, 01 Dec 2017 00:25:23 GMT

More punishment on the menu for Roman Seleznev

A Russian hacker already facing a lengthy prison stay in the US has been sent down for another 14 years for heading up an "organized cybercrime ring" that racked up $59m in damages across America.…




Protecting your data from ransomware

Thu, 30 Nov 2017 23:53:09 GMT

Wearing a couple of bullet-proof vests increases your chances of escaping unscathed

Supported Well, there’s a surprise. The National Audit Office’s report into the WannaCry ransomware and its effect on the NHS came out in late October. It points the blame at – wait for it – the NHS. Despite warnings, trusts had not prepared themselves with the basic patches necessary to avoid what ended up being an unsophisticated attack.…