Subscribe: The Register - Security: Malware
http://www.theregister.co.uk/security/virus/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
attack  centre  cyber  ddos  denial service  denial  hackers  hole  internet  new  password  patch  security  service  website     
Rate this Feed
Rating: 3 starRating: 3 starRating: 3 starRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Malware

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2016, Situation Publishing
 



Security man Krebs' website DDoS was powered by hacked Internet of Things botnet

Mon, 26 Sep 2016 13:15:06 GMT

Internet of Amazingly Insecure Tat? That's the one

The huge distributed denial of service (DDoS) attack which wiped security journalist Brian Krebs' website from the internet came from a million-device-strong Internet of Things botnet.…




Apple to crunch iOS 10 local backup password brute force hole

Mon, 26 Sep 2016 07:38:13 GMT

Research finds faster cracking flaw

Apple is brewing a fix to patch an iOS password flaw that allows credentials to be stolen from backups.…




Dev teaches bot to talk spammers' ears off

Mon, 26 Sep 2016 07:23:38 GMT

Crims are so keen to chat they respond to random hipsterisms and send legit discount codes

Brian Weinreich has been trolling spammers for two years using a bot that fires realistic and ridiculous replies to the pervasive online salespeople.…




Google rushes in where Akamai fears to tread, shields Krebs after world's-worst DDoS

Mon, 26 Sep 2016 04:15:07 GMT

600 Gbps traffic flood overwhelmed CDN

Google has provided free distributed denial of service attack (DDoS) mitigation services to security publication Krebs on Security, stepping in after Akamai withdrew support.…




And! it! begins! Yahoo! sued! over! ultra-hack! of! 500m! accounts!

Sat, 24 Sep 2016 19:21:08 GMT

Class-action lawsuit in California expected to be first of many in the US

Just two days after Yahoo! admitted hackers had raided its database of at least 500 million accounts, the Purple Palace is being dragged into court.…




IBM botched geo-block designed to save Australia's census

Fri, 23 Sep 2016 22:29:08 GMT

Bureau of Stats says spooks signed off IBM's plan, but Big Blue mucked something up

Australia's Bureau of Statistics has heavily criticised IBM for the security it applied to the nation's failed online census, which was taken offline after a distributed denial of service (DDoS) attack that battered a curiously flimsy defensive shield.…




Uni student cuffed for 'hacking professor's PC to change his grades'

Fri, 23 Sep 2016 19:12:20 GMT

Someone has been watching Wargames too much

A student at Kennesaw State University in Georgia is accused of hacking into his professor's computer to improve his grades.…




Woo hoo, UK.gov has unveiled yet another tech creche – for infosec

Fri, 23 Sep 2016 08:34:07 GMT

This one's in Cheltenham. Makes a change from hipsterville East London

Plans are afoot in Westminster to burn even more taxpayers' cash by launching a new cyber-security startup accelerator in Cheltenham.…




OpenSSL swats a dozen bugs, one notable nasty

Fri, 23 Sep 2016 08:15:11 GMT

Denial of service dross dead.

A dozen flaws have been patched in OpenSSL, including one high severity hole that allows denial of service attacks.…




Report: NSA hushed up zero-day spyware tool losses for three years

Fri, 23 Sep 2016 07:38:05 GMT

Investigation shows staffer screw-up over leak

Sources close to the investigation into how NSA surveillance tools and zero-day exploits ended up in the hands of hackers has found that the agency knew about the loss for three years but didn’t want anyone to know.…




Sad reality: It's cheaper to get hacked than build strong IT defenses

Fri, 23 Sep 2016 06:34:05 GMT

PHBs are applying the Ford Pinto formula to your data

Whenever mega-hacks like the Yahoo! fiasco hit the news, inevitably the question gets asked as to why the IT security systems weren't good enough. The answer could be that it's not in a company's financial interest to be secure.…




Cops blasted for relying on IP addresses to hunt down suspects

Fri, 23 Sep 2016 06:02:10 GMT

Numerical addresses too vague to be relied on, say activists

A new white paper from the Electronic Frontier Foundation argues that police rely too heavily on IP addresses when conducting criminal investigations.…




Safe browsing checks fail as 16,000 WordPress sites hacked this year

Fri, 23 Sep 2016 05:54:49 GMT

Google's red screen of death marks half of malcious sites, McAfee only 11 per cent

At least 15,769 WordPress websites - and probably more - have been compromised this year, half slipping past Google's Safe Browsing checks, says security researcher Daniel Cid.…




Malware figures out it's running on VMs and refuses to execute

Fri, 23 Sep 2016 05:07:26 GMT

If a PC has just a couple of Word files, crooks figure it's a White-Hat's attack machine

Malware writers are looking for the absence of documents to figure out which PCs are potential victims and which are virtual machines being used by white hats.…




Valid logins to your workplace are on the net, right now

Fri, 23 Sep 2016 02:11:54 GMT

Mega-breaches and spiking smartphones malware mean crims can crack you, yesterday

Enterprises are almost universally open to intrusion attempts with stolen credentials, and are at increased risk from compromised smartphones thanks to a spike in device malware.…




US Homeland Security launches IoT willy-waving campaign

Thu, 22 Sep 2016 22:25:31 GMT

Our policies are gonna be the best, ignore all the rest

The US Department of Homeland Security has announced plans to make the internet-of-things just a bit more complicated – by trying to shove itself into the market with a new security framework.…




Half! a! billion! Yahoo! email! accounts! raided! by! 'state! hackers!'

Thu, 22 Sep 2016 19:20:40 GMT

Email addresses, phone numbers, hashed passwords, DoBs, security Q&As swiped

Updated Hackers strongly believed to be state-sponsored swiped account records for 500 million or more Yahoo! webmail users. And who knew there were that many people using its email?…




DDoS attacks: For the hell of it or targeted – how do you see them off?

Thu, 22 Sep 2016 08:02:06 GMT

Cloud-based DDoS defences introduce delays

Distributed Denial of Service (DDoS) attacks can be painful and debilitating. How can you defend against them? Originally, out-of-band or scrubbing-centre DDoS protection was the only show in town, but another approach, inline mitigation, provides a viable and automatic alternative.…




SWIFT warns of more 'sophisticated' attacks, readies anti-fraud tool

Thu, 22 Sep 2016 07:19:08 GMT

Haven't hardened? You're still gunna get hacked, says CISO

The chief information security officer for global money transfer network SWIFT says banks are still under attack from fraudsters hoping to cash in on identified security gaps to steal millions of dollars.…




Google automates Apps OAuth token revocation

Thu, 22 Sep 2016 02:01:31 GMT

Tells devs: 'errors are a feature, not a bug'.

Google has refined the security controls available to enterprise Gmail users by automatically killing OAuth 2.0 tokens for Apps when users change passwords.…




Cisco snaps shut remote pwnage hole in Cloud Services Platform

Wed, 21 Sep 2016 22:22:23 GMT

Flaw allowed hijacking via HTTP snippets

Cisco has provided a patch to address a remote hijacking vulnerability in its Cloud Services Platform (CSP).…




US cities promise to crack down on police surveillance tech

Wed, 21 Sep 2016 19:34:57 GMT

Growing demand for greater oversight of how snoopware is obtained by cops

A handful of US cities are banding together in an effort to change the way police acquire and use surveillance technology.…




Wow, RIP hackers ... It's Cyber-Lord Blunkett to the rescue for UK big biz

Wed, 21 Sep 2016 07:43:14 GMT

New system to ensure suppliers are up to scratch on IT security

A high-profile project has been launched with the aim of strengthening UK enterprises' IT security.…




Victoria Police warn of malware-laden USB sticks in letterboxes

Wed, 21 Sep 2016 07:31:05 GMT

It's called 'junk mail' for a reason people: take the pizza vouchers and ignore the rest

Police in the Australian State of Victoria have warned citizens not to trust un-marked USB sticks that appear in their letterboxes.…




Greybeards beware: Hair dye for blokes outfit Just For Men served trojan

Wed, 21 Sep 2016 07:20:13 GMT

Close shave after WordPress mess was cut off at the roots

Malware writers have penetrated the website of hair-dye-for-greying-blokes outfit Just For Men, foisting a password-stealing trojan at visitors, Malwarebytes researcher Jerome Segura says.…




BT's Wi-Fi Extender works great – at extending your password to hackers

Wed, 21 Sep 2016 07:03:08 GMT

Got one of these gizmos? Patch its firmware ASAP

BT is urging folks to patch the firmware in its Wi-Fi Extender following the discovery of multiple security flaws.…




10-second hijack hole could kill any Facebook profile

Wed, 21 Sep 2016 04:10:49 GMT

Shame it wasn't used more before Zuck paid $16k to the uni student who found it

University student Arun S Kumar has scored US$16,000 (£12,312, A$21,200) for finding and reporting a Facebook vulnerability that led to account hijacking.…




Citrix swats Sweet32 bug by just turning off old ciphers

Wed, 21 Sep 2016 02:28:05 GMT

You can even leave out the turning it on again - this bug's not worth its brand, really

Citrix has pushed back a little against the dangers posed to its users by the Sweet32 “birthday attack” against old ciphers.…




CloudFlare offers web encryption up the wazoo

Tue, 20 Sep 2016 19:12:35 GMT

Don't sweat your mixed content, promises web whacker

CloudFlare is promising to bring about the encrypted internet by adopting the latest web security protocols and offering a solution to the horror of mixed content.…




Mobile review website MoDaCo coughs to data breach

Tue, 20 Sep 2016 16:35:10 GMT

Irate fans air views on firm's forum

Smartphone news and reviews site MoDaCo has admitted to a data breach.…




Going, going, done: Trio of prolific auction fraud fraudsters jailed

Tue, 20 Sep 2016 11:16:12 GMT

Can't put a price on porridge

Three men have been jailed yesterday over a conspiracy to commit internet shopping fraud scam that involved taking payments for non-existent goods and services.…




Hackers claim they breached Aussie point-of-sale tech firm, try to sell 'customer DB'

Tue, 20 Sep 2016 11:05:28 GMT

Claim to have backdoored supplier to Woolworths' pub chain

Exclusive Hackers are claiming to have hacked Australian point-of-sale technology (PoS) company H&L Australia, and have been claiming to potential buyers that they had lifted its customer database. They were already offering it for sale for AU$22,000 ($16,580, £12,723) more than two months ago.…




Online scammers speed up: Hit gold every 15 seconds

Tue, 20 Sep 2016 09:09:05 GMT

Take five to fix fraud

There were over one million fraud attempts in the UK in the first six months of 2016, or one every 15 seconds - more than 50 per cent higher than the same period of last year.…




Microsoft lets Beijing fondle its bits in new source code audit hub

Tue, 20 Sep 2016 04:39:25 GMT

New 'Transparency Centre' comes to Asia, more to open in 'coming weeks'

Microsoft has opened a technology centre in China to reassure Beijing it does not have backdoors in its software.…




Brits: Can banks do biometric security? We'd trust them before the government

Mon, 19 Sep 2016 13:06:55 GMT

Is that saying much, though?

Brits have more faith in their banks than government agencies to roll out authentication technologies based on biometrics, according to a new survey from Visa.…




Microsoft snubs alert over Exchange hole

Mon, 19 Sep 2016 11:01:11 GMT

It only applies to 'compromised' servers, says Redmond

Microsoft has downplayed the seriousness of an alleged Exchange auto-discovery vulnerability, saying that it sees no need to patch the reported security weakness.…




Dark web drug sellers shutter location-tracking EXIF data from photos

Mon, 19 Sep 2016 07:30:04 GMT

But 229 didn't

Criminals have started to aggressively erase EXIF metadata from their photos to make it harder for authorities to locate them, Harvard University students Paul Lisker and Michael Rose find.…




FBI overpaid $999,900 to crack San Bernardino iPhone 5c password

Mon, 19 Sep 2016 04:58:05 GMT

Hacker brews fast NAND mirroring prototype for $100.

University of Cambridge senior research associate Sergei Skorobogatov has laid waste to United States Federal Bureau of Intelligence (FBI) assertions about iPhone security by demonstrating password bypassing using a $100 NAND mirroring rig.…




Mozilla will patch zero-day Firefox bug to fizzle man-in-the-middle diddle

Sun, 18 Sep 2016 22:59:23 GMT

Cert-pinning cockup can be exploited to identify Tor users

Mozilla will patch a flaw in Firefox that can be exploited by well-resourced attackers to impersonate the browser's software update servers – and thus inject malicious code into victims' computers.…




Let's Encrypt won its Comodo trademark battle – but now fan tools must rename

Sun, 18 Sep 2016 03:44:38 GMT

Why the popular letsencrypt.sh is now known as Dehydrated

Popular Bash shell script LetsEncrypt.sh, which is used to manage free SSL/TLS certificates from the Let's Encrypt project, has renamed this week to avoid a trademark row.…




National Cyber Security Centre to shift UK to 'active' defence

Fri, 16 Sep 2016 13:42:04 GMT

Cyber chief calls for 'offensive' weapons

The head of the UK’s new National Cyber Security Centre (NCSC) has detailed plans to move the UK to "active cyber-defence", to better protect government networks and improve the UK’s overall security.…




Pramworld admits mailing list breach

Fri, 16 Sep 2016 12:51:46 GMT

Spamalot Friday

UK baby care supplier Pramworld has admitted that a breach of its systems was the reason customers were sent spam emails on Friday.…




You call it 'hacking.' I call it 'investigation'

Fri, 16 Sep 2016 10:22:36 GMT

Let's call the whole thing off

Something for the Weekend, Sir? Here's a photo of what I had for lunch! Amazing!!!




Ransomware scum infect Comic Relief server: Internal systems taken down

Fri, 16 Sep 2016 09:51:20 GMT

Nothing funny about stealing from a charity

Comic Relief’s internal systems are down for the third day running after a ransomware attack on one of the charity’s servers on Wednesday.…




Researcher says Patch Tuesday fix should have been made earlier

Fri, 16 Sep 2016 07:37:07 GMT

Alleges attack allowing targeted Trojans was known long before Redmond's wranglers roped it

Security researcher Kafeine says one of this week's Microsoft patches addresses a vulnerability it knew of since last year, and may only have pulled the patching trigger after a spate of banking trojan attacks.…




Remote hacker nabs Win10 logins in 'won't-fix' Safe Mode* attack

Fri, 16 Sep 2016 04:11:54 GMT

*Turns out to be very unsafe mode thanks to this hack

Security researcher Doron Naim has cooked an attack that abuses Windows 10's Safe Mode to help hackers steal logins.…




Cisco drops patch for nasty WebEx remote code execution hole

Fri, 16 Sep 2016 01:54:28 GMT

Patch, then patch this, this, this, this, this, this, this, and this

Cisco is warning admins to apply a patch for a critical WebEx vulnerability, one of nine fixed this week.…




Encryption backdoors? It's an ongoing dialogue, say anti-terror bods

Thu, 15 Sep 2016 21:37:49 GMT

Silicon Valley's uneasy alliance with Washington

CloudFlare Internet Summit It's not every day you walk into a tech conference in San Francisco to find a propaganda video for the Islamic State playing on the screens.…




It's OK for the FBI's fake hacks to hack suspects' PCs, says DoJ watchdog

Thu, 15 Sep 2016 20:30:05 GMT

Feds' 'request for comment' to school bomb threat teen was loaded with malware

No rules were broken when an FBI agent posed as a journalist to infect a criminal suspect's PC with spyware, says a US watchdog. And the Feds can do it again, provided they get the undercover operation signed off by their higher-ups.…




Trump website server config snafu left interns' CVs exposed

Thu, 15 Sep 2016 16:32:12 GMT

An HTTP 301, you say? Oh deary me

Misconfiguration of Donald Trump's campaign website left the personal information of interns – and perhaps more – accessible to casual snooping.…