Subscribe: The Register - Security: Enterprise Security
http://www.theregister.co.uk/security/network/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
crypto  data  don  flaw  flaws  intel  meltdown spectre  meltdown  microsoft  security  spectre  windows  world  year     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Enterprise Security

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2018, Situation Publishing
 



Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix it

Fri, 23 Feb 2018 08:30:09 GMT

Letters to Congress detail the plan to keep CPU flaws secret

Letters sent to the United States Congress by Intel and the other six companies in the Meltdown/Spectre disclosure cabal have revealed how and why they didn't inform the wider world about the dangerous chip design flaws.…




OpenBSD releases Meltdown patch

Fri, 23 Feb 2018 05:30:10 GMT

And now to see it's an unwelcome imposition or a mere inconvenience

OpenBSD's Meltdown patch has landed, in the form of a Version 11 code update that separates user memory pages from the kernel's – pretty much the same approach as was taken in the Linux kernel.…




That microchipped e-passport you've got? US border cops still can't verify the data in it

Thu, 22 Feb 2018 21:54:45 GMT

Despite demanding world+dog gets one, Uncle Sam lacks tools to check crypto-signatures

Two Democratic US senators have formally asked Uncle Sam's Customs and Border Protection (CBP) agency to get its act together on electronic passports.…




uTorrent file-swappers urged to upgrade after PC hijack flaws fixed

Thu, 22 Feb 2018 07:33:13 GMT

Don't say we didn't warn you

Users of uTorrent should grab the latest versions of the popular torrenting tools: serious security bugs, which malicious websites can exploit to commandeer PCs, were squashed this week in the software.…




Hey, you. App dev. You like secure software? Let's learn from Tinder, Facebook's blunders

Thu, 22 Feb 2018 05:28:10 GMT

API holes would let miscreants spy on sexting lovers

App developers should take a long, hard look at how they use Facebook's Account Kit for identifying users – after a flaw in the system, and Tinder's use of the toolkit, left shag-seekers open to account hijacking.…




Guys, you're killing us! LA Times homicide site hacked to mine crypto-coins on netizens' PCs

Thu, 22 Feb 2018 00:29:17 GMT

And they say there's no money to be made in newspapers

A Los Angeles Times' website has been silently mining crypto-coins using visitors' web browsers and PCs for several days – after hackers snuck mining code onto its webpages.…




Guess who else Spectre is haunting? Yes, it's AMD. Four class-action CPU flaw lawsuits filed

Wed, 21 Feb 2018 22:43:31 GMT

Punters not happy with handling of vulnerability confessions

It's not just Intel facing a legal firestorm over its handling of the Spectre and Meltdown CPU design flaws – AMD is also staring at a growing stack of class-action complaints related to the chip vulnerabilities.…




If at first you don't succeed, you're likely Intel: Second Spectre microcode fix emitted

Wed, 21 Feb 2018 16:11:49 GMT

Mitigations for chip design vulnerabilities, take two

Updated For the second time of asking, Intel has issued microcode updates to computer makers that it prays says will mitigate the Spectre variant two design flaw impacting generations of x86 CPUs spewed out over previous decades.…




World's cyber attacks hit us much harder in past year – major infosec chief survey

Wed, 21 Feb 2018 13:28:52 GMT

Cisco report: Smacked orgs forked out $500k due to attacks

Cyber security breaches were twice as severe in the past year, with total financial losses reaching $500,000 (£356,00) per business, according to an extensive survey of CISOs across the globe.…




Bad news: 43% of login attempts 'malicious' Good news: Er, umm...

Wed, 21 Feb 2018 07:04:05 GMT

Also bad: Unpatched systems, unsecured APIs, IoT gear, anthrax candy, bottomless pits

An extraordinary 43 per cent of all attempted online account logins are malicious, Akamai claims in its latest internet security report.…




UK local gov: 37 cyber attacks a minute but little mandatory training

Tue, 20 Feb 2018 13:27:30 GMT

Campaigners blame gov bods' growing hunger for big data

Britain's local governments were hit by almost 100 million cyber attacks in the last five years, while one in four councils’ systems were successfully breached, according to research.…




Year-old vuln turns Jenkins servers into Monero mining slaves

Tue, 20 Feb 2018 02:58:08 GMT

The hip world of continuous integration meets the dark world of crypto-jacking

Here's a salutary reminder why it pays to patch promptly: a Jenkins bug patched last year became the vector for a multi-million-dollar cryptocurrency mining hijack.…




Google reveals Edge bug that Microsoft has had trouble fixing

Tue, 20 Feb 2018 00:12:22 GMT

Oh great - because Google's explained how to make Edge run dodgy code

Google has again decided to disclose a flaw in Microsoft software before the latter company could deliver a fix. Indeed, Microsoft has struggled to fix this problem.…




Crims pull another SWIFT-ie, Indian bank stung for nearly US$2m

Mon, 19 Feb 2018 01:24:40 GMT

City Union Bank now reckons it has ‘adequate enhanced security’

A year after the SWIFT international bank transfer system enhanced its security, another breach has emerged: an Indian bank has confirmed that criminals gained access to its systems and made transfers totalling US$1.8 million.…




Australia's new insta-pay scheme has insta-lookup of any user's phone number

Mon, 19 Feb 2018 01:08:14 GMT

PayID operator says it's a feature that sends money to the right person. It's a bug that harvests data, say others

Updated The brand-new app implementing Australia’s New Payment Platform (NPP) system has a user enumeration flaw, but the organisation responsible for it considers it to be a feature.…




Global security crackdown, a host of code nasties, Brit cops mocked, and more

Sat, 17 Feb 2018 11:52:10 GMT

It's the week in security

Roundup Here's a summary of this week's security news beyond what we've already reported.…




Hands up who HASN'T sued Intel over Spectre, Meltdown chip flaws

Sat, 17 Feb 2018 00:42:46 GMT

Chipzilla says class-action lawsuit tally stands at 32

Intel says it is facing 32 separate class-action lawsuits following the revelations it shipped millions of processors with security design flaws dubbed Meltdown and Spectre.…




Mueller bombshell: 13 Russian 'troll factory' staffers charged with allegedly meddling in US presidential election

Fri, 16 Feb 2018 20:03:13 GMT

Ruskies stole citizen IDs to spread discord – indictment

Robert Mueller, the special prosecutor investigating foreign agents tampering with the 2016 US presidential election, has criminally charged 13 Russian nationals with conspiring against the United States.…




PM urged to protect data flows post-Brexit ahead of Munich speech

Fri, 16 Feb 2018 15:05:06 GMT

Security services facing 'curtailed' EU info sharing if UK doesn't agree terms

Security experts have warned that Brexit could lead to data flows between the UK and European Union being "substantially curtailed".…




UK.gov: Psst. Belgium. Buy these Typhoon fighter jets from us, will you?

Fri, 16 Feb 2018 13:39:07 GMT

And have some cyber goodness too – just don't mention the Belgacom hack

Great Britain, which is buying the US-made F-35 fighter jet, is urging European neighbour Belgium not to buy the US-made F-35 fighter jet.…




Russians behind bars in US after nicking $300m+ in credit-card hacks

Fri, 16 Feb 2018 02:54:12 GMT

Pair partly responsible for largest bank-card theft ring in American history

Two Russian criminals have been sent down in America after pleading guilty to helping run the largest credit-card hacking scam in US history.…




Techno-senator tells Tinder to hook up its app with better security

Fri, 16 Feb 2018 02:03:04 GMT

Swipe-a-shag tool gets the dreaded sternly-worded-letter treatment from Wyden

Cyber-senator Ron Wyden (D-OR) is asking execs from the parent company of Tinder to please use protection when spreading the love around.…




Former ICE top lawyer raided US govt database to steal aliens' identities

Thu, 15 Feb 2018 23:19:28 GMT

While kicking folks out of 'Murica, Raphael A. Sanchez committed fraud in their names

Yet again an insider has been caught misusing a workplace computer system to conduct identity theft and fraud.…




That terrifying 'unfixable' Microsoft Skype security flaw: THE TRUTH

Thu, 15 Feb 2018 19:58:45 GMT

Oh yeah, we patched that in October, Windows giant yawns

Microsoft has poured a bucket of cold water on people freaking out over a supposedly unfixable security flaw in Skype.…




Dell EMC squashes pair of VMAX virtual appliance bugs

Thu, 15 Feb 2018 15:58:05 GMT

vApp Manager contained undocumented default account

Dell EMC has patched two serious flaws in the management interface for its VMAX enterprise storage systems, one of which could potentially allow a remote attacker to gain unauthorised access to systems.…




Essex black hat behind Cryptex and reFUD gets two years behind bars

Thu, 15 Feb 2018 15:03:11 GMT

Goncalo Esteves sobbed as he was sentenced

A 24-year-old Essex man behind the reFUD.me antivirus evasion site, who made an estimated half a million pounds from Bitcoin, has been jailed for two years.…




UK names Russia as source of NotPetya, USA follows suit

Thu, 15 Feb 2018 08:33:09 GMT

'Almost certain' assessment enough for official blast from Foreign Office

Updated The United Kingdon's Foreign and Commonwealth Office has formally "attributed the NotPetya cyber-attack to the Russian Government", specifically the nation's military.…




PCI Council and X9 Committee to combine PIN security standards

Thu, 15 Feb 2018 07:29:09 GMT

One PIN to rule them all, one PIN to find them, one PIN to rule them all and in the darkness bind them

The PCI Security Standards Council (PCI SSC) and financial services standards outfit the Accredited Standards Committee X9 have decided to combine forces on personal-identification-number-handling-rules.…




Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits

Wed, 14 Feb 2018 23:50:50 GMT

And upcoming hardware changes may not be enough to kill off these security bugs

When details of the Meltdown and Spectre CPU security vulnerabilities emerged last month, the researchers involved hinted that further exploits may be developed beyond the early proof-of-concept examples.…




US govt staffers use personal gear on work networks, handle biz docs on the reg – study

Wed, 14 Feb 2018 22:33:09 GMT

As in on the regular, not... oh never mind

Employees of US government agencies are largely ignoring basic security measures.…




Hua-no-wei! NSA, FBI, CIA bosses put Chinese mobe makers on blast

Wed, 14 Feb 2018 22:14:20 GMT

No probs, says Huawei: It's a big world, we don't need America

Don't trust the Chinese – that seemed to be the theme at Tuesday's open US Senate Intelligence Committee hearings on Capitol Hill.…




Crypto-gurus: Which idiots told the FBI that Feds-only backdoors in encryption are possible?

Wed, 14 Feb 2018 20:06:05 GMT

Brilliant boffins back bullsh*tting bureau bollocking

Four cryptography experts have backed a US Senator's campaign to force the FBI to explain how exactly a Feds-only backdoor can be added to strong and secure encryption.…




Three in hospital after NSA cops open fire on campus ram-raid SUV

Wed, 14 Feb 2018 19:29:31 GMT

Roses are red, spy agencies are black, US g-men don't fsck around when under attack

Three people are in hospital after a car rammed a barrier at the NSA headquarters in Fort Meade, Maryland, today at around 0655 ET (0355 PT, 1155 UTC).…




Roses are red, Kaspersky is blue: 'That ban's unconstitutional!' Boo hoo hoo

Wed, 14 Feb 2018 14:05:11 GMT

New front opens in Russian firm's legal fight with US gov

Kaspersky Lab, the antivirus house, now claims that the US government's ban on its products amounts to punishment without trial.…




From tomorrow, Google Chrome will block crud ads. Here's how it'll work

Wed, 14 Feb 2018 12:00:05 GMT

Consider it a wakeup call for websites – it's time to end the scourge of awful banners

Starting tomorrow, Google, which makes most of its money from online advertising, will begin blocking egregious ads in its Chrome browser under limited circumstances – though it would really rather not.…




South China waters are red, Brit warships are blue, HMS Sutherland's sailing there

Wed, 14 Feb 2018 11:32:12 GMT

And Queen Lizzie will too

A British warship has set sail for the South China Sea, paving the way for aircraft carrier HMS Queen Elizabeth to do the same thing in three years’ time.…




Microsoft working to scale Blockchain for grand distributed ID scheme

Wed, 14 Feb 2018 06:29:05 GMT

Someone's got to get it scaling!

Microsoft's wanted a really good federated identity scheme ever since the early 2000s, when it gave the world Project Hailstorm, aka ".Net My Services", to let a web of online services know a little about you and the information you are happy to share with others.…




OpenSSL alpha adds TLS 1.3 support

Wed, 14 Feb 2018 06:01:06 GMT

Shambling corpse of ancient, shoddy, buggy, crypto shoved towards the grave

Developers working with OpenSSL can finally start to work with TLS 1.3, thanks to the alpha version of OpenSSL 1.1.1 that landed yesterday.…




Meltdown-and-Spectre-detector comes to Windows Analytics

Wed, 14 Feb 2018 05:02:07 GMT

After flubbing its early responses, Microsoft's thrown sysadmins a bone

Microsoft's added a Meltdown-and-Spectre detector to Windows Analytics, the company's telemetry analysis tool for sysadmins.…




Roses are red, Windows error screens are blue. It's 2018, and an email can still pwn you

Wed, 14 Feb 2018 01:01:04 GMT

Here's a bumper crop of security fixes you do not want to miss

Patch Tuesday Serious security flaws in Outlook and Edge are headlining a busy Microsoft Patch Tuesday.…




While Western Union wired customers' money, hackers transferred their personal deets

Tue, 13 Feb 2018 21:40:09 GMT

Outside storage outfit blamed for data leak blunder

Western Union has confirmed one of its IT suppliers was hacked, and that customer information was exposed to miscreants.…




Shock horror! Telegram messaging app proves insecure yet again!

Tue, 13 Feb 2018 21:05:50 GMT

Unicode clumsiness allowed months of malware installations

Telegram has fixed a security flaw in its desktop app that hackers spent several months exploiting to install remote-control malware and cryptocurrency miners on vulnerable Windows PCs.…




UK Home Sec Amber Rudd unveils extremism blocking tool

Tue, 13 Feb 2018 10:48:53 GMT

Brought to you by those who 'understand necessary hashtags'

UK Home Secretary Amber Rudd has announced a tool that purports to detect and block jihadist content online, and tech companies may end up being legally required to use it.…




The strange case of the data breach that stayed online for a month

Tue, 13 Feb 2018 08:25:12 GMT

Your security is only as good as your partners' ability to fix messes and flush caches

A couple of weeks ago Jeff* quit his job at the Singaporean branch of a major enterprise technology vendor that is, if not quite a household name, certainly known to most IT professionals.…




Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

Tue, 13 Feb 2018 02:13:38 GMT

Pwned credit-score biz quietly admits more info lost

Last year, Equifax admitted hackers stole sensitive personal records on 145 million Americans and hundreds of thousands in the UK and Canada.…




Still not on Windows 10? Fine, sighs Microsoft, here are its antivirus tools for Windows 7, 8.1

Mon, 12 Feb 2018 20:40:46 GMT

Redmond extends ATP to older builds, adds third-party links

Microsoft has back-ported its Windows Defender Advanced Threat Protection (ATP) security toolkit from Windows 10 to Windows 7 and 8.1.…




Until last week, you could pwn KDE Linux desktop with a USB stick

Mon, 12 Feb 2018 15:56:12 GMT

Tweak VFAT volume to execute arbitrary code

A recently resolved flaw in the KDE Linux desktop environment meant that files held on a USB stick could be executed as soon as they were plugged into a vulnerable device.…




See that over Heathrow? It's not an airliner – it's a Predator drone

Mon, 12 Feb 2018 15:17:13 GMT

If you can fly bombs through there, you can fly parcels, too

Military efforts to approve the flying of Predator military drones through Britain’s skies could pave the way for point-to-point drone deliveries, newly disclosed correspondence has revealed.…




Cryakl ransomware antidote released after servers seized

Mon, 12 Feb 2018 12:43:10 GMT

Don't pay the miscreants – don't even fix a price

Free decryption keys for the Cryakl ransomware were released last Friday – the fruit of an ongoing cybercrime investigation.…




If you haven't already killed Lotus Notes, IBM just gave you the perfect reason to do it now, fast

Mon, 12 Feb 2018 02:58:12 GMT

Also: Big Blue's Meltdown, Spectre status updated, and a mystery bug in AIX

IBM has warned that bugs in its Notes auto-updater mean the service can be tricked into running malicious code.…