Subscribe: The Register - Security: Malware
http://www.theregister.co.uk/security/virus/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
bug  car  data  don  firm  google  microsoft  million  online  people  privacy  remote  security  server  software  years     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Malware

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



Health firm gets £200k slap after IVF patients' data leaks online

Tue, 28 Feb 2017 12:51:11 GMT

Indian subcontractor kept transcripts on insecure server

A private health firm has been fined £200,000 after fertility patients’ confidential conversations leaked online.…




Germany, France lobby hard for terror-busting encryption backdoors – Europe seems to agree

Tue, 28 Feb 2017 08:04:04 GMT

Crypto shouldn't hold back cops, sniffs commission

The technology industry has hit back at proposed plans by France and Germany to force EU member states to backdoor encryption for the police.…




Two million recordings of families imperiled by cloud-connected toys' crappy MongoDB

Tue, 28 Feb 2017 02:45:10 GMT

Voice messages, account info held to ransom, evidence shows

Two million voice recordings of kids and their families were exposed online and repeatedly held to ransom – because an IoT stuffed-toy maker used an insecure MongoDB installation.…




ESET antivirus cracks opens Apple Macs to remote root execution via man-in-middle diddle

Tue, 28 Feb 2017 02:31:08 GMT

Get patching – fix available now

Bored hacker looking for fun? We couldn't possibly suggest you attack the latest vulnerability in ESET's antivirus software, because it's too basic to offer any challenge at all.…




Microsoft slaps Apple Gatekeeper-like controls on Windows 10: Install only apps from store

Tue, 28 Feb 2017 00:43:35 GMT

Configurable switch on software spotted in latest Insider build

A feature in the Windows Insider Preview Build 15042 allows administrators to block the installation of any Win32 application that is not fetched from Microsoft's software marketplace.…




Apple's macOS is the safer choice – but not for the reason you think

Mon, 27 Feb 2017 22:11:55 GMT

Eugene Kaspersky looks forward to a new darker dawn

Apple's Mac operating system may be the safer choice – but only because cybercriminals can't get their hands on people who know how to exploit it.…




Google Chrome 56's crypto tweak 'borked thousands of computers' using Blue Coat security

Mon, 27 Feb 2017 22:04:00 GMT

TLS 1.3 takes down Chromebooks, PCs

Updated The availability of Transport Layer Security protocol version 1.3 was supposed to make network encryption faster and more secure.…




NHS patient letters meant for GPs went undelivered for years

Mon, 27 Feb 2017 15:13:13 GMT

Yep, half a million

The NHS has been accused of covering up a large data loss involving the loss or mislaying of more than half a million pieces of confidential information.…




New prison law will let UK mobile networks deploy IMSI catchers

Mon, 27 Feb 2017 12:34:11 GMT

Walked past a jail? Expect to become a crime suspect

The Prisons and Courts Bill, introduced to Parliament last week, will force UK mobile networks to deploy fake mobile phone masts around the outside of prisons to snoop on mobile phone users.…




D-Link resolves enterprise switch hacker risk

Mon, 27 Feb 2017 09:57:12 GMT

Don't wait - update now

D-Link has resolved an authentication bypass flaw in one of its enterprise switches.…




Google's Project Zero reveals another Microsoft flaw

Mon, 27 Feb 2017 00:26:46 GMT

Edge, IE can find themselves running unexpected code if cooked by a malicious site

Google's Project Zero has revealed a bug in Microsoft's Internet Explorer and Edge browsers.…




Git fscked by SHA-1 collision? Not so fast, says Linus Torvalds

Sun, 26 Feb 2017 21:02:46 GMT

Attack is hard, discovery is easy, so fix it right
rather than right now

About that SHA-1 collision: Linus Torvalds has taken to Google+ to emphasise that in Git, its main role is error detection, so “the sky isn't falling.”…




Brit cops can keep millions of mugshots of innocent folks on file

Sat, 25 Feb 2017 10:01:08 GMT

You can ask to be removed, but it's up to officers to listen, Home Office cheerfully concludes

After unlawfully hoarding millions of mugshots of one-time suspects, police chiefs in England and Wales were this week told to delete the snaps – but only if people in the photos complain. And even then, requests can be easily waved away.…




NSA snoops told: Get your checkbooks and pens ready for a cyber-weapon shopping spree

Sat, 25 Feb 2017 00:38:55 GMT

US Cyber Command boss lays out plans for next decade

NSA and US Cyber Command boss Mike Rogers has revealed the future direction of his two agencies – and for the private sector, this masterplan can be summarized in one word.…




Don't worry about Privacy Shield, it's fine. Really. I promise, says US trade watchdog head

Fri, 24 Feb 2017 22:57:21 GMT

It's not fine

The acting head of the US Federal Trade Commission, Maureen Ohlhausen, has sought to assure people that the critical Privacy Shield data-sharing agreement will hold up despite President Trump's recent executive orders on immigration.…




Mysterious Gmail account lockouts prompt hack fears

Fri, 24 Feb 2017 17:31:04 GMT

Something happening here, what it is ain't exactly clear

Updated A substantial number of Gmail users have been affected by a potential but unconfirmed hack of unknown origin or purpose.…




South Korea targeted by cyberspies (again). Kim, got something to say?

Fri, 24 Feb 2017 03:06:15 GMT

Vulnerabilities in Hangul word processing program exploited

The South Korean public sector is once again in the firing line of a sophisticated – and likely government-backed – cyberattack.…




Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug

Fri, 24 Feb 2017 01:47:39 GMT

Heartbleed-style classic buffer overrun blunder strikes in 2017

Big-name websites leaked people's private session tokens and personal information into strangers' browsers, due to a Cloudflare bug uncovered by Google researchers.…




I was authorized to trash my employer's network, sysadmin tells court

Thu, 23 Feb 2017 21:13:21 GMT

Michael Thomas' appeal will send shockwaves through IT industry if successful

Back in December 2011, Michael Thomas did what many sysadmins secretly dream of doing: he trashed his employer's network and left a note saying he quit.…




US 'security' biz trio Sentinel Labs, Vir2us, SpyChatter accused of lying about certification

Thu, 23 Feb 2017 20:28:17 GMT

Watchdog forces them to drop claims of privacy protections

Three US companies have settled with the FTC after they were accused of lying about the security safeguards on their customer information.…




'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time

Thu, 23 Feb 2017 18:33:07 GMT

Tired old algo underpinning online security must die now

Google researchers and academics have today demonstrated it is possible – following years of number crunching – to produce two different documents that have the same SHA-1 hash signature.…




Ex-employees sued for £15m over data slurpage ordered to pay up just £2

Thu, 23 Feb 2017 16:38:09 GMT

Brit firm 'missed the jackpot', says High Court judge

The High Court in London, UK, has agreed that a company's former employees who took thousands of confidential files away on USB sticks when they quit the firm were indeed naughty – and ordered them to pay damages of just £1 each.…




Deutsche Telekom hack suspect arrested at London airport

Thu, 23 Feb 2017 12:54:14 GMT

Cops probing Mirai telco takedown

UK police have arrested a suspect in connection with an attack that infected nearly 1 million Deutsche Telekom routers last November.…




Microsoft catches up to Valentine's Day Flash flaw massacre

Thu, 23 Feb 2017 07:34:08 GMT

Critical update deals with five ways to do remote code execution on Windows

Microsoft's popped out a Security Update for Adobe Flash.…




Boffins exfiltrate data by blinking hard drives' LEDs

Thu, 23 Feb 2017 06:29:09 GMT

Malware? Check. Camera? Check. Let's go sniff passwords

That roll of tape you use to cover the Webcam? Better use some of it on your hard-drive LED, because it can be a data exfiltration vector.…




Linux kernel gets patch for 11-year-old local-root-hole security bug

Thu, 23 Feb 2017 02:57:13 GMT

DCCP code cockup lay unnoticed since 2005

Eleven years ago or thereabouts, the Linux kernel got support for the Datagram Congestion Control Protocol – and also got a privilege escalation bug that has just been fixed.…




Firefox certificate cache leaks user information

Thu, 23 Feb 2017 02:01:12 GMT

Mozilla devs debate whether this is a bug or a feature

Firefox's intermediate certificate cache can be tricked into leaking to a deliberately mis-configured server, creating yet-another chance to fingerprint users (including those who think they're protected by Private Browsing).…




US judge halts mass fingerprint harvesting by cops to unlock iPhones

Thu, 23 Feb 2017 00:29:29 GMT

Uncle Sam's vaguely worded raid warrant knocked down by the Constitution

Analysis An Illinois judge has rejected a warrant sought by the US government to force everyone in a given location to apply his or her fingerprints to any Apple electronic device investigators happen to find there, a ruling contrary to a similar warrant request granted last year by a judge in California.…




Blundering Boeing bod blabbed spreadsheet of 36,000 coworkers' personal details in email

Wed, 22 Feb 2017 19:43:10 GMT

Its own security software could have stopped data exposure

Global aerospace firm Boeing earlier this month sent a notification to Washington State Attorney General Bob Ferguson, as required by law, about a company employee who mistakenly emailed a spreadsheet full of employee personal data to his spouse in November, 2016.…




Privacy concerns over gaps in eBay crypto

Wed, 22 Feb 2017 16:26:10 GMT

HTTP still being used

eBay uses HTTPS on its most critical pages, such as those where payment or address information is entered, but a lack of encryption on several sensitive pages still poses a concern for the privacy conscious.…




Infosec firm NCC Group launches review over crap financials

Wed, 22 Feb 2017 13:53:10 GMT

Misses full-year forecast by, oh, only 20 per cent

Cybersecurity firm NCC Group has launched a strategic review after issuing a profit warning.…




Netflix treats security ills with Stethoscope: Open-source self-probing tool

Wed, 22 Feb 2017 07:58:05 GMT

Software scrutinizes device defenses, is better than just yelling IT policies at staff

Netflix has released the source code of a web application called Stethoscope for evaluating the security of mobile and desktop computing devices.…




How's your online bank security looking? The Dutch studied theirs and... yeah, not great

Wed, 22 Feb 2017 07:02:05 GMT

Just six per cent of banks using DNSSEC on domains

The Dutch banking industry is doing a terrible job of online security, according to the company that runs the country's .nl internet domains.…




DomainMonster mash: Hundreds of websites vandalized after Brit web host server hacked

Wed, 22 Feb 2017 06:29:08 GMT

Small biz wakes up to find online homes defaced

Hundreds of websites have been defaced by hackers who hijacked a web-hosting server run by UK domain registrar DomainMonster.…




Talos opens box, three Aerospike vulns fly out

Wed, 22 Feb 2017 03:01:14 GMT

NoSQL server, but a big unhappy Yes to the question of security worries

Aerospike NoSQL server DBAs, make sure you've rolled out version 3.11.1.1, because the vulnerabilities it fixes have been made public.…




Researchers offer simple scheme to stop the next Stuxnet

Wed, 22 Feb 2017 01:23:12 GMT

Don't get rung out about planting bugs in ladder logic: they should be easy to spot

One of the world's oldest programming styles, the ladder logic that runs on industrial programmable logic controllers, remains dangerously vulnerable to attack, according to boffins from Singapore and India.…




US Homeland Security is so secure even its own staff can't log in

Tue, 21 Feb 2017 22:42:27 GMT

Nothing like a post-holiday IT cockup

US Department of Homeland Security staff returning to work on Tuesday after the Presidents' Day holiday have apparently had a tough time getting computer systems to function.…




'Hey, Homeland Security. Don't you dare demand Twitter, Facebook passwords at the border'

Tue, 21 Feb 2017 20:04:19 GMT

Civil liberty groups, security experts, law profs, lawmakers slam looming US policy

Over 50 human rights and civil liberties groups, nearly 100 law professors and security experts, and lawmakers have launched a campaign against digital searches at the US border.…




Hacking group RTM able to divert bulk financial transfers with malware

Tue, 21 Feb 2017 15:31:12 GMT

Attacks of great concern to Russian financial institutions

Cybercrime group RTM is deploying complex malware based in the Delphi programming language to target Remote Banking Systems (RBS), a type of business software used to make bulk financial transfers.…




TeamSpy hackers get the crew back together after four-year hiatus

Tue, 21 Feb 2017 12:54:09 GMT

Remote-control app hijacked for use as snooping tool – again

Updated Cybercrooks have once again begun slinging malware that subverts elements of the legitimate TeamViewer remote control app to snoop on victims.…




Java and Python have unpatched firewall-crossing FTP SNAFU

Tue, 21 Feb 2017 01:46:03 GMT

This gets interesting when you find your way into a mail server, says dev who found it

Stop us if you've heard this one: Java and Python have a bug you can exploit to cross firewalls. Since neither are yet patched, it might be a good day to nag your developers for a bit.…




Is your child a hacker? Liverpudlian parents get warning signs checklist

Mon, 20 Feb 2017 17:03:07 GMT

Do they use 'the language of hacking', including referring to themselves as a 'hacker'?

Hot on the heels of Liverpool being awarded the European Capital of Culture for 2008 comes a charity programme, run by YouthFed, titled Hackers to Heroes.…




Beeps, roots and leaves: Car-controlling Android apps create theft risk

Mon, 20 Feb 2017 13:55:10 GMT

Haven't named and shamed car-makers though

Insecure car-controlling Android apps create a heightened car theft risk, security researchers at Kaspersky Lab warn.…




Connected car in the second-hand lot? Don't buy it if you're not hack-savvy

Mon, 20 Feb 2017 06:02:11 GMT

The first owner might still have access. And the second. And so on

Cars are smart enough to remember an owner, but not smart enough to forget one – and that's a problem if a smart car is sold second-hand.…




Google bellows bug news after Microsoft sails past fix deadline

Mon, 20 Feb 2017 00:31:14 GMT

Mess in Windows graphics library can give bad hombres access to memory

Google's Project Zero has again revealed a Windows bug before Microsoft fixed it.…




Florida Man jailed for 4 years after raking in a million bucks from spam

Sat, 18 Feb 2017 14:32:08 GMT

Miscreant used stolen email accounts to cram crap into inboxes

A marketer who used stolen email accounts to trouser more than a million dollars by spamming people has been sent down for four years.…




Paper factory fired its sysadmin. He returned via VPN and caused $1m in damage. Now jailed

Sat, 18 Feb 2017 00:24:11 GMT

34-month sentence and he has to pay his old bosses back

A sacked system administrator has been jailed after hacking the control systems of his ex-employer – and causing over a million dollars in damage.…




Probe President Trump and his crappy Samsung Twitter-o-phone, demand angry congressfolk

Fri, 17 Feb 2017 21:40:28 GMT

The Galaxy S3 is real but is its security FAKE NEWS?

Fifteen members of US Congress have asked the House Oversight Committee to investigate whether President Trump is putting national security at risk by using an insecure phone and holding sensitive meetings in public.…




Smash up your kid's Bluetooth-connected Cayla 'surveillance' doll, Germany urges parents

Fri, 17 Feb 2017 19:45:18 GMT

Or switch it off, bin it, bury it, whatever's necessary

Germany's Federal Network Agency, or Bundesnetzagentur, has banned Genesis Toys' Cayla doll as an illegal surveillance device.…




US account holders more likely to switch banks following fraud

Fri, 17 Feb 2017 16:30:07 GMT

More evidence that security = happy customers

Account holders in the US are more likely to switch banks in the aftermath of fraud, according to a new study.…