Subscribe: The Register - Security: Malware
http://www.theregister.co.uk/security/virus/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
app  apple  attack  data  exploit  home  info  malware  new  personal info  researchers  security  service  software  time  year     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Malware

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



WikiLeaks a 'hostile intelligence service', SS7 spying, Russian money laundering – all now on US Congress todo list

Wed, 23 Aug 2017 21:16:03 GMT

Ron Wyden tacks measures onto snoop funding bill

Every year, US Congress must pass a new Intelligence Authorization Act to continue funding Uncle Sam's spies for the next 12 months. This year, the act passed, as expected, the committee stage smoothly with only one minor bump in the road: Senator Ron Wyden (D-OR).…




AccuWeather: Our app slurped your phone's location via Wi-Fi but we like totally didn't use it

Wed, 23 Aug 2017 19:55:50 GMT

Totally didn't use that info while totally rewriting its code

A day after a security researcher criticized AccuWeather for collecting people's location data – even if its users refused to grant permission to do – the weather forecasting company and its ad tech partner Reveal Mobile denied violating permission settings while also revising the app's info-grabbing code.…




VoIP bods Fuze defuse triple whammy of portal security vulnerabilities

Wed, 23 Aug 2017 18:36:09 GMT

Security researchers using the service found a bunch of flaws

Messaging provider Fuze has resolved a trio of vulnerabilities in its TPN Handset Portal.…




US prosecutors drop demand for 1.3m IP addresses of folks who visited anti-Trump site

Wed, 23 Aug 2017 18:21:01 GMT

But DreamHost's fight is not over: information still demanded

The US Department of Justice has eased up in its legal fight against hosting company DreamHost, saying it no longer wants all IP logs associated with a Trump protest site.…




Did ROPEMAKER just unravel email security? Nah, it's likely a feature

Wed, 23 Aug 2017 14:42:51 GMT

Exploit that changes content of messages after delivery found

A new attack, dubbed ROPEMAKER, changes the content of emails after their delivery to add malicious URLs and corrupt records.…




Banking trojan-slingers slip past Google Play's malware defences

Wed, 23 Aug 2017 13:34:31 GMT

BankBot nestled within allegedly 'fun' mobile game

Security researchers have uncovered an Android banking malware hiding on Google Play using stealthy new tactics.…




Identity fraud in the UK at 'epidemic' levels as cases rise 5% – report

Wed, 23 Aug 2017 10:38:06 GMT

Crooks now operate 'almost exclusively' online

There were almost 90,000 cases of identify fraud recorded in the first six months of 2017 – 5 per cent higher than the first half of last year, according to data released today.…




Adware API sends smartmobe data home to Chinese company

Wed, 23 Aug 2017 07:02:07 GMT

Google pulls 500 apps that used the Igexin SDK

Mobile developers, listen up: when you pick up that easy-to-use advertising API, make sure it's not snoopware.…




Lottery-hacking sysadmin's unlucky number comes up: 25 years in the slammer

Wed, 23 Aug 2017 02:58:10 GMT

Rigged a random number generator and tried to cash in

The lottery sysadmin who fooled around with random numbers has a new variable to consider: how much up to 25 years he'll have to serve of his latest sentence.…




Smart robots prove stupidly easy to hack for spying and murder

Tue, 22 Aug 2017 20:50:08 GMT

Your plastic pal who's psychotic

Robots are increasingly common in the 21st Century, both on the factory floor and in the home, however it appears their security systems are anything but modern and high tech.…




Apple iCloud Keychain easily slurped by cops, ElcomSoft claims

Tue, 22 Aug 2017 20:06:21 GMT

Credentials stored in the cloud succumb to forensic software

ElcomSoft, the Russia-based maker of forensic software, has managed to find a way for crime investigators to access the data stored in Apple's iCloud Keychain, if Apple ID account credentials are available.…




US Navy suffers third ship collision this year

Tue, 22 Aug 2017 14:02:06 GMT

Deaths of sailors prompt admirals to halt all warship ops

The accident-prone US Navy has suspended all of its warship operations around the world following its third collision at sea this year.…




Disbanding your security team may not be an entirely dumb idea

Tue, 22 Aug 2017 06:58:09 GMT

Plenty of other teams have some security responsibility, so why not end the overlap?

Disbanding your security team may not be an entirely dumb idea, because plenty of other people in your organisation already overlap with their responsibilities, or could usefully do their jobs.…




Boffins blast beats to bury secret sonar in your 'smart' home

Tue, 22 Aug 2017 05:02:13 GMT

Your Amazon Echo could live a double life as an echo-location device

Researchers at the University of Washington have devised a way of conducting surreptitious sonar surveillance using home devices equipped with microphones and speakers.…




Open AWS S3 bucket leaked hotel booking service data

Tue, 22 Aug 2017 03:57:04 GMT

Groupize denies report by researchers at Kromtech, but locks down repo anyway

Another day, another misconfigured AWS storage bucket leaking corporate data, this time from hotel booking service Groupize.…




Phisherfolk dangle bait at dot-fish domain

Tue, 22 Aug 2017 01:51:08 GMT

Gill us now

Netcraft 'net watchers have cast a fly over the lake of generic TLDs, and turned up the first .fish domain dedicated to – wait for it – phishing.…




Hackers scam half a million from Enigma digital currency investors

Mon, 21 Aug 2017 18:53:26 GMT

Sucky security leaves MIT cryptoboffins red-faced

Cunning hackers have successfully duped investors out of almost $500,000 after compromising the servers of the online currency platform Enigma.…




10% of UK's top firms would be screwed in a cyber attack – survey

Mon, 21 Aug 2017 17:04:50 GMT

And just 6% say they're fully prepared for GDPR

Most of the UK's top businesses are underprepared for new data protection rules, while 10 per cent have no response plan for a cyber attack, according to a government survey.…




British snoops at GCHQ knew FBI was going to arrest Marcus Hutchins

Mon, 21 Aug 2017 14:00:06 GMT

WannaCry killer had been working with the spy agency

Secretive electronic spy agency GCHQ was aware that accused malware author Marcus Hutchins, aka MalwareTechBlog, was due to be arrested by US authorities when he travelled to United States for the DEF CON hacker conference, according to reports.…




Mirai copycats fired the IoT-cannon at game hosts, researchers find

Mon, 21 Aug 2017 07:31:10 GMT

After first wave attacks ended, thing-herders took aim at PlayStation, XBOX and Valve

The Mirai botnet that took down large chunks of the Internet in 2016 was notable for hosing targets like Krebs on Security and domain host Dyn, but research presented at a security conference last week suggests a bunch of high-profile game networks were also targeted.…




Foxit PDF Reader is well and truly foxed up, but vendor won't patch

Mon, 21 Aug 2017 04:59:04 GMT

We've got Safe Mode and that's safe enough, vendor tells ~400m users

Updated The Zero Day Initiative (ZDI) has gone public with a Foxit PDF Reader vulnerability without a fix, because the vendor resisted patching.…




Bitcoin-accepting sites leave cookie trail that crumbles anonymity

Sun, 20 Aug 2017 23:58:05 GMT

Merchants share too much tracking information? Colour us un-surprised

Bitcoin transactions might be anonymous, but on the Internet, its users aren't – and according to research out of Princeton University, linking the two together is trivial on the modern, much-tracked Internet.…




US DoD, Brit ISP BT reverse proxies can be abused to frisk internal systems – researcher

Sat, 19 Aug 2017 07:26:06 GMT

And how to avoid making the same mistakes

BSides Minor blunders in reverse web proxies can result in critical security vulnerabilities on internal networks, the infosec world was warned this week.…




No, the cops can't get a search warrant to just seize all devices in sight – US appeals court

Fri, 18 Aug 2017 22:59:13 GMT

Judges frown upon fishing for incriminating data on phones

It's a ruling sending shockwaves through the worlds of privacy, device security, and law enforcement in America.…




Berkeley boffins build better spear-phishing black-box bruiser

Fri, 18 Aug 2017 20:12:54 GMT

Machine learning and code to detect and alert attempts to extract passwords from staff

Security researchers from UC Berkeley and the Lawrence Berkeley National Laboratory in the US have come up with a way to mitigate the risk of spear-phishing in corporate environments.…




So long and thanks for all the phish: Red teams need to be smarter now

Fri, 18 Aug 2017 14:06:48 GMT

Pen-testers face new challenges as defences evolve

BSides The opening talk at BSides Manchester on Thursday examined how red team tactics are evolving beyond phishing to include a wider variety of methods.…




Q: How many drones are we bombing ISIS with? A: That's secret, mmkay

Fri, 18 Aug 2017 13:23:36 GMT

But the MoD will happily tell you how many manned jets we're using to do that exact thing

The UK's Information Tribunal has rejected an appeal by campaigners trying to find out how many British Reaper drones are being used for warlike missions in the Middle East.…




What weighs 800kg and runs Windows XP? How to buy an ATM for fun and profit

Fri, 18 Aug 2017 11:57:12 GMT

Security researchers pick up angle grinder, drop £2k-plus in B-sides chat

BSides Weighing in at 800kg secondhand, freestanding ATMs - a “safe with a computer on top” - are a logistical nightmare to own and research, security boffin Leigh-Anne Galloway warned delegates at the BSides Manchester infosec conference yesterday.…




New NIST draft embeds privacy into US govt security for the first time

Fri, 18 Aug 2017 01:57:09 GMT

Federal agency addresses the new world of Alexa, smart cameras and IoT

A draft of new IT security measures by the US National Institute of Standards and Technology (NIST) has for the first time pulled privacy into its core text as well as expanded its scope to include the internet of things and smart home technology.…




US cops point at cell towers and say: Give us every phone number that's touched that mast

Thu, 17 Aug 2017 23:52:46 GMT

Verizon says basestation dumps increasingly popular

US telecoms giant Verizon says police are increasingly asking it to cough up massive dumps of cellphone data rather than individual records.…




What code is running on Apple's Secure Enclave security chip? Now we have a decryption key...

Thu, 17 Aug 2017 22:48:07 GMT

Ladies and gentlemen, start your ARM disassemblers

Apple's Secure Enclave, an ARM-based coprocessor used to enhance iOS security, became a bit less secure on Thursday with the publication of a firmware decryption key.…




Don't panic, Chicago, but an AWS S3 config blunder exposed 1.8 million voter records

Thu, 17 Aug 2017 20:47:40 GMT

Personal info spills from another poorly secured Amazon service

A voting machine supplier for dozens of US states left records on 1.8 million Americans in public view for anyone to download – after misconfiguring its AWS-hosted storage.…




London council 'failed to test' parking ticket app, exposed personal info

Thu, 17 Aug 2017 12:55:04 GMT

Authority fined £70k after missing URL manipulation

A London council has been fined £70,000 after design faults in its TicketViewer app allowed unauthorised access to 119 documents containing sensitive personal information.…




UK govt steams ahead with £5m facial recog system amid furore over innocents' mugshots

Thu, 17 Aug 2017 06:03:09 GMT

Contract ignores lack of strategy, growing criticism

The UK Home Office has put out to tender a £4.6m ($5.9m) contract for facial recognition software – despite the fact its biometrics strategy and retention systems remain embroiled in controversy.…




Bank IT fella accused of masterminding multimillion-dollar insider-trading scam

Thu, 17 Aug 2017 05:03:12 GMT

Consultant was all too app-y to break law, claim investigators

A banking IT expert orchestrated an insider-trading caper that raked in millions of dollars for him and his pals, it was claimed on Wednesday.…




Rowhammer RAM attack adapted to hit flash storage

Thu, 17 Aug 2017 04:27:10 GMT

Project Zero's two-year-old dog learns a new trick

It's Rowhammer, Jim, but not as we know it: IBM boffins have taken the DRAM-bit-flipping-as-attack-vector trick found by Google and applied it to MLC NAND Flash.…




NotPetya ransomware attack cost us $300m – shipping giant Maersk

Wed, 16 Aug 2017 22:15:38 GMT

IT crippled so badly firm relied on WhatsApp

The world's largest container shipping biz has revealed the losses it suffered after getting hit by the NotPetya ransomware outbreak, and the results aren't pretty.…




Disgraced US Secret Service agent coughs to second Bitcoin heist

Wed, 16 Aug 2017 19:04:20 GMT

Fox, meet henhouse

An ex-Secret Service agent who stole Bitcoins from the Silk Road dark web drugs bazaar he was supposed to be investigating has admitted stealing even more sacks of the digital currency.…




HBO Game Of Thrones leak: Four 'techies' arrested in India

Wed, 16 Aug 2017 13:27:09 GMT

GoT suspects cuffed

Four arrests connected with the leak of an unaired Game of Thrones episode have been made in India.…




She's arrived! HMS Queen Lizzie enters Portsmouth Naval Base

Wed, 16 Aug 2017 10:59:08 GMT

65,000 tonnes and 4.5 acres of British sovereign territory – but is she worth it?

Pics Britain’s newest warship, its biggest warship of all time, HMS Queen Elizabeth, entered Portsmouth Harbour for the first time this morning.…




Och. Scottish Parliament under siege from brute-force cyber attack

Wed, 16 Aug 2017 10:37:12 GMT

Unidentified hackers attempt to bust open email accounts

Hackers are trying to break into Scottish Parliament email accounts weeks after similar campaigns against Westminster.…




Speaking in Tech: Tomorrow's infosec fiasco is a 'we're not a company any more' fiasco

Wed, 16 Aug 2017 10:03:06 GMT

Podcast Wannacry is just the beginning



Months after breach at the 'UnBank' Ffrees, customers complain: No one told us

Wed, 16 Aug 2017 08:03:08 GMT

Yet 'alternative' UK financial service has complied with law

Customers of UK financial services firm FFrees said they were unaware of a breach that took place there four months ago until a security researcher got in touch with them.…




Russian malware scum post new rent-an-exploit

Wed, 16 Aug 2017 01:56:12 GMT

Unpatched browser, plug-in bugs targeted by and with 'Disdain' kit

WebEx on Firefox is among the targets of a new exploit kit that's started circulating on Russian nastyware exchanges.…




Creepy backdoor found in NetSarang server management software

Tue, 15 Aug 2017 22:58:08 GMT

Do you use this suite? If yes: A July 18 update screwed over your security

Researchers at Kaspersky Lab have found a well-hidden backdoor in NetSang's server management software.…




Uber to bend over, take privacy probe every two years for next 20 years

Tue, 15 Aug 2017 19:33:43 GMT

FTC forces taxi app upstart to let in auditors after complaints of data security cockups

Uber and America's trade watchdog have reached a settlement following claims the taxi app maker lied about the extent to which its staff can mine customers' personal info for fun.…




Fresh Microsoft Office franken-exploit flops – and you should have patched by now anyway

Tue, 15 Aug 2017 15:30:59 GMT

Exploit combo fails to dodge Word warning prompts

Updated A booby-trapped .RTF file is doing the rounds that combines two publicly available Microsoft Office exploits.…




APT-style attack against over 4,000 infrastructure firms blamed on lone Nigerian 20-something

Tue, 15 Aug 2017 13:01:07 GMT

'Get rich or die trying' seems to be working out for this fellow

A seemingly state-sponsored cyberattack aimed at more than 4,000 infrastructure companies has been blamed on a lone Nigerian cybercriminal.…




Drone-maker DJI's Go app contains naughty Javascript hot-patching framework

Tue, 15 Aug 2017 11:59:07 GMT

Apple has already smote JSPatch once this year

Updated Chinese drone firm DJI appears to have baked a hot-patching framework into its Go app that breaks Apple's App Store terms and conditions, according to drone hacker sources.…




US military spies: We'll capture enemy malware, tweak it, lob it right back at our adversaries

Tue, 15 Aug 2017 00:22:39 GMT

Collateral damage in 3, 2, 1…

The US Defense Intelligence Agency has vowed to capture enemy malware, study and customize it, and then turn the software nasties on their creators.…