Subscribe: The Register - Security: Malware
http://www.theregister.co.uk/security/virus/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
android  apps  black hat  black  cyber  data  found  management engine  new  researchers  security  users  year    … google   
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Malware

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



OK, OK, MIRA-I DID IT: Botnet-building compsci kid comes clean

Wed, 13 Dec 2017 22:13:23 GMT

Jha rule-breaker and pals confess IoT gadget hack crimes, now facing the slammer

A former New Jersey college student has copped to helping create and run the massive Mirai DDoS botnet.…




Barclays bank bod in the cooler for aiding Dridex money launderers

Wed, 13 Dec 2017 15:17:08 GMT

Six years's porridge. Dridex not a laundry soap – it's a Trojan

An employee of Barclays Bank who laundered thousands of pounds on behalf of Moldovan cybercriminals was yesterday sentenced to six years and four months behind bars in Blighty.…




One per cent of all websites probably p0wned each year, say boffins

Wed, 13 Dec 2017 07:28:07 GMT

Automated account-creator used bad passwords to detect when sites go bad

Researchers working on a technology to detect unannounced data breaches have found, to their dismay, that one per cent of the sites they monitored were hacked over the previous 18 months.…




Up to 'ONE BEEELLION' vid-stream gawpers toil in crypto-coin mines

Wed, 13 Dec 2017 07:02:10 GMT

Come for the free movies, stay to dig Monero for a stranger

Security experts claim four extremely popular video-streaming websites have been secretly loaded with crypto-currency-crafting code.…




Put down the eggnog, it's Patch Tuesday: Fix Windows boxes ASAP

Wed, 13 Dec 2017 02:13:06 GMT

IE haunted by ghosts of past bugs – plus remote-code exec holes that'll chill your blood

Microsoft has kicked out its December batch of software security fixes, the final Patch Tuesday of 2017.…




Intel to slap hardware lock on Management Engine code to thwart downgrade attacks

Wed, 13 Dec 2017 01:49:19 GMT

From version 12 onward, ME-equipped chips will defend against patch rollbacks

Intel's Coffee Lake and Cannon Lake x86 processors can be fortified by computer manufacturers to prevent in hardware attempts to downgrade, exploit and potentially neuter Chipzilla's built-in creepy Management Engine.…




I, Robot? Aiiiee, ROBOT! RSA TLS crypto attack pwns Facebook, PayPal, 27 of 100 top domains

Wed, 13 Dec 2017 01:02:33 GMT

Two-decade-old hole lets hackers unlock encrypted data

A 19-year-old vulnerability in the TLS network security protocol has been found in the software of at least eight IT vendors and open-source projects – and the bug could allow an attacker to decrypt encrypted communications.…




Tenable's response to folks upset at AWOL features: A 150-emails-a-minute spam storm

Tue, 12 Dec 2017 23:54:29 GMT

Nessus Pro V7 launch fiasco

Tenable Security has given itself two problems, by releasing a product its users don't like, and then adding them all to a support email group that's sending uncomfortable volumes of messages.…




Kaspersky dragged into US govt's trashcan as weaponized blockchain agile devops mulled

Tue, 12 Dec 2017 22:25:07 GMT

Trump signs defense law with No Eugenes clause, Kaspersky weighs options

Updated President Donald Trump has signed the National Defense Authorization Act for 2018, which includes a ban on products from Kaspersky Lab running in US government agencies.…




Argy-bargy Argies barge into Starbucks Wi-Fi with alt-coin discharges

Tue, 12 Dec 2017 20:34:51 GMT

Venti vanilla skinny latte with sprinkles of JavaScript and a side of Monero mining, please

Starbucks has joined the long growing list of organizations that have inadvertently and silently mined alt-coins on customers' computers for mystery miscreants.…




Brrr! It's a snow day and someone has pwned the chuffin' school heating

Tue, 12 Dec 2017 15:02:06 GMT

Building management systems easily hackable – researchers

Britain's freezing weather has reanimated the issue of insecure building control systems.…




Why bother cracking PCs? Spot o' malware on PLCs... Done. Industrial control network pwned

Tue, 12 Dec 2017 10:56:13 GMT

Jumping the air gap

Security researchers have demonstrated a new technique for hacking air-gapped industrial control system networks, and hope their work will encourage the development of more robust defences for SCADA-based systems.…




Google's Project Zero reveals Apple jailbreak exploit

Tue, 12 Dec 2017 02:02:10 GMT

Holy Moley! iOS and MacOS were wholly holey

Ian Beer of Google's Project Zero has followed up on a “coming soon” Twitter teaser with a jailbreakable iOS and Mac OS vulnerability.…




Archive of 1.4 BEEELLION credentials in clear text found in dark web archive

Tue, 12 Dec 2017 01:05:48 GMT

Find shows people still suck at passwords

A data dump containing over 1.4 billion email addresses, passwords, and other credentials, all in clear text, has been found online by security shop @4iQ.…




New Ruski hacker clan exposed: They're called MoneyTaker, and they're gonna take your money

Mon, 11 Dec 2017 17:58:12 GMT

Subtly named group has gone largely unnoticed until now

Security researchers have lifted the lid on a gang of Russian-speaking cybercrooks, dubbed MoneyTaker.…




Lifestyle pin-up site Pinterest: Hack attempts blamed on 'credential stuffing'

Mon, 11 Dec 2017 16:04:05 GMT

You might just have to wing it with that potpourri recipe

There’s a chill going around cyberspace with an upsurge of people concerned that their Pinterest account has been hacked.…




Blighty flogs Qatar a bunch of missiles and Typhoon fighter jets

Mon, 11 Dec 2017 13:09:07 GMT

And Hawk training aircraft as well. Just don't say 'despite Br-'

Qatar has agreed its long-awaited order for 24 British-built Eurofighter Typhoon fighter jets and a billion pounds' worth of missiles assembled in the UK to go with them.…




Hackers' delight: Mobile bank app security flaw could have smacked millions

Mon, 11 Dec 2017 12:33:13 GMT

Certificate pinning unpicked

Security researchers from the University of Birmingham, UK, last week went public about security shortcomings in mobile banking apps that leave millions of users at a heightened risk of hacking.…




Language bugs infest downstream software, fuzzer finds

Mon, 11 Dec 2017 08:04:07 GMT

And you worked so hard to make it secure

Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use.…




Leftover Synaptics debugger puts a keylogger on HP laptops

Mon, 11 Dec 2017 06:03:07 GMT

Vendor first to patch, expect other OEMs to follow

For the second time this year, HP Inc has had to patch its laptops after a security researcher found a driver-level keylogger – and this time, other laptop-makers might have to check their own products.…




Microsoft Dynamics 365 sandbox leaked TLS certificate's private parts

Mon, 11 Dec 2017 00:31:05 GMT

Hey Redmond, is this your secret key?

Another day, another credential found wandering without a leash: Microsoft accidentally left a Dynamics 365 TLS certificate and private key where they could leak, and according to the discoverer, took 100 days to fix the bungle.…




Android flaw lets attack code slip into signed apps

Fri, 08 Dec 2017 21:06:04 GMT

Janus bug leaves APKs vulnerable to poisoning

Researchers say a recently patched vulnerability in Android could leave users vulnerable to attack from signed apps.…




UK.gov law resources now untrustworthy, according to browsers

Fri, 08 Dec 2017 14:25:06 GMT

justice.gov.uk website SSL certificate expires

The SSL certificate on the criminal justice and court listing site justice.gov.uk expired yesterday, causing browsers to now warn users that their information is at risk.…




Next-gen telco protocol Diameter has last-gen security – researchers

Fri, 08 Dec 2017 13:10:08 GMT

Infosec boffins raise flags

Some of the well-known weaknesses of SS7 Roaming Networks have been replicated in the next-gen telco protocol, Diameter.…




Sloppy coding + huge PSD2 changes = Lots of late nights for banking devs next year

Fri, 08 Dec 2017 10:07:14 GMT

*Cough* Cobol, .NET *cough*

Poorly written code is leaving banks at greater risk of attack and poorly prepared for big changes in the financial sector due to come into effect early next year.…




VMware and Carbon Black: you complete me, no you complete me

Fri, 08 Dec 2017 04:03:10 GMT

Virtzilla's App Defence and CB's endpoint protection combine for whitelist-fest

VMware and Carbon Black have joined forces to enhance each other's security wares.…




Security industry needs to be less trusting to get more secure

Thu, 07 Dec 2017 23:01:23 GMT

Black Hat crowd encouraged to be paranoid

Delegates to Black Hat Europe have been encouraged to turn conventional security thinking on its head by practicing security through distrust.…




Apple gets around to patching all the other High Sierra security holes

Thu, 07 Dec 2017 20:47:15 GMT

Another week, another Mac patch to install

Apple has released a security update to address nearly two dozen vulnerabilities in macOS High Sierra.…




HMS Queen Lizzie formally joins the Royal Navy

Thu, 07 Dec 2017 15:33:09 GMT

At least one part of the 'Year of the Navy' went to plan

Britain’s biggest ever aircraft carrier, HMS Queen Elizabeth, has been formally commissioned into the Royal Navy, with Her Majesty attending the ceremony in person.…




Toucan play that game: Talking toy bird hacked

Thu, 07 Dec 2017 11:57:05 GMT

Parroting Cayla... if she were a bit more sweary

The same researchers whose hack on the My Friend Cayla doll prompted regulatory action have followed up with a hack on a talking toy robot bird.…




NiceHash diced up by hackers, thousands of Bitcoin pilfered

Wed, 06 Dec 2017 23:03:07 GMT

Mining outfit says its entire wallet gone, estimated $62m

Cryptocurrency mining market NiceHash says it has fallen victim to a hacking attack that may have resulted in the loss of its entire Bitcoin wallet.…




Intel Management Engine pwned by buffer overflow

Wed, 06 Dec 2017 16:30:07 GMT

Security researchers lift lid on snafu at Black Hat Europe

On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.…




Former US State Department cyber man: We didn’t see the Russian threat coming

Wed, 06 Dec 2017 15:35:07 GMT

Cyber no longer domain of techies, says ex-diplomat

Black Hat Cyber threats have evolved from been a solely technical issues to core issues of government policy, according to a senior US lawyer and former cyber diplomat.…




Google and pals rush to repair Android dev tools, block backdoor risks

Wed, 06 Dec 2017 11:32:12 GMT

Involves big hitter Android Studio, APKTool and more

Security researchers have found several flaws in the developer tools and environments used by Android programmers.…




Mailsploit: It's 2017, and you can spoof the 'from' in email to fool filters

Wed, 06 Dec 2017 07:01:10 GMT

Message client vendors have had 25 years to get RFC 1342 right

Penetration tester Sabri Haddouche has reintroduced the world to email source spoofing, bypassing spam filters and protections like Domain-based Message Authentication, Reporting and Conformance (DMARC), thereby posing a risk to anyone running a vulnerable and unpatched mail client.…




Beware the IDEs of Android: three biggies have vulnerabilities

Wed, 06 Dec 2017 04:54:12 GMT

Android Studio, Eclipse, and IntelliJ IDEA stabbed in the back by an XML parser

Developers using the Android Studio, Eclipse, and IntelliJ IDEA have been advised to update their IDEs against serious and easily-exploitable vulnerabilities.…




Data-slurping keyboard app makes Mongo mistake with user data

Tue, 05 Dec 2017 20:59:09 GMT

Ai.type leaves wealth of personal info open to all

Another week, another open database left online, but this latest case has shown not only sloppy security but also how much data you’re giving up with some apps.…




Brit bank Barclays' Kaspersky Lab diss: It's cyber balkanisation, hiss infosec bods

Tue, 05 Dec 2017 15:07:12 GMT

It's 2017: Is the splinternet nearer than ever?

Analysis Barclays has stopped offering free Kaspersky Lab products to new users in a move that shows, like Best Buy, commercial firms can be swayed by governmental stances on dealing with the Russian software firm.…




Once again, UK doesn't rule out buying F-35A fighter jets

Tue, 05 Dec 2017 12:52:06 GMT

It'd be more expensive than just buying Bs. Why do this?

The United Kingdom is edging ever closer to buying F-35As, instead of the B model needed to fly from the Navy’s new aircraft carriers, as a senior officer once again refused to rule out a future F-35A purchase.…




Turns out Leakbase can keep a secret: It has shut down with zero info

Tue, 05 Dec 2017 07:03:13 GMT

Stolen-creds-for-cash site disappears, unmourned

Stolen-creds-for-sale site Leakbase has gone dark and started redirecting to Troy Hunt's HaveIBeenPwned.…




Google prepares 47 Android bug fixes, ten of them rated Critical

Tue, 05 Dec 2017 06:02:05 GMT

Nexus and Pixel owners get their fixes on US Tuesday. The rest of us peasants have to wait

Google has teased 47 Android patches for Nexus and Pixel devices.…




Infosys names a new CEO: welcome to the hot-seat Salil S. Parekh

Tue, 05 Dec 2017 03:32:05 GMT

Former CapGemini man steps in after last CEO bailed after nasty sniping

Infosys has named its next leader: Salil S. Parekh will become as CEO an managing director as of January 2nd, 2018, and has been appointed for five years.…




Dentist-turned bug-biter given a taste of freedom

Tue, 05 Dec 2017 01:58:10 GMT

Just did an eight month bit without bail for chewing the FBI's ear

Justin Shafer, who last year sparked a complaint to the FBI for discovering a dental software vendor's unprotected FTP server, will walk free until his trial begins.…




International team takes down virus-spewing Andromeda botnet

Tue, 05 Dec 2017 00:46:51 GMT

Infections spread across over 200 regions

Police and private companies have taken down a massive botnet used to move malware onto compromised PCs.…




SEC's cyber-cops cyber-file cyber-first cyber-fraud cyber-charges

Tue, 05 Dec 2017 00:30:09 GMT

Securities watchdog puts the freeze on dodgy ICO

The SEC's new online crime unit says it has frozen what officials believe to be a fraudulent cryptocurrency.…




Prison hacker who tried to free friend now likely to join him inside

Mon, 04 Dec 2017 21:00:46 GMT

But he got oh so close

A Michigan man who hacked into his local prison's computing system to gain early release for a friend is facing his own time inside after getting caught.…




Creepy Cayla doll violates liberté publique, screams French data protection agency

Mon, 04 Dec 2017 14:31:06 GMT

You can probably strike these toys off your kids' Crimbo lists

The French data protection agency has issued a formal notice to a biz peddling allegedly insecure toys, just in time for Christmas.…




Damian Green: Not only my workstation – mystery pr0n all over Parliamentary PCs

Mon, 04 Dec 2017 13:54:05 GMT

Denies he downloaded any of it

Under-fire Cabinet Office minister Damian Green has reportedly told an internal UK government inquiry that he has proof he was not the one who downloaded porn onto his Parliamentary computer.…




Brit MP Dorries: I gave my staff the, um, green light to use my login

Mon, 04 Dec 2017 12:09:13 GMT

Defence of Damian shows relaxed attitude to account security

UK MP Nadine Dorries revealed yesterday that she shares her parliamentary login information with her staff. This was an attempt to defend recently resurfaced allegations about porn allegedly found on fellow politician Damian Green's office computer.…




Google to crack down on apps that snoop

Mon, 04 Dec 2017 06:58:07 GMT

Android developers given 60 days to inform users, after that apps will do it for themselves

Google has warned Android developers to give users better warnings about their apps' data collection behaviours, or it will flag their failings.…