Subscribe: The Register - Security: Spam
http://www.theregister.co.uk/security/spam/headlines.rss
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
admitted  breach  company  data  equifax  malware  microsoft  new  security  software  time  year  years    … equifax   
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Spam

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



Guess – go on, guess – where a vehicle tracking company left half a million records

Mon, 25 Sep 2017 02:01:12 GMT

No prize, because it's too easy: SVR Tracking had an unsecured AWS S3 bucket

A US outfit that sells vehicle tracking services has been accused of leaving more than half a million records in a leaky AWS S3 bucket.…




Shock! Hackers for medieval caliphate are terrible coders

Mon, 25 Sep 2017 01:20:50 GMT

Daesh-bags give up on writing their own attack code, copy successful hackers

DerbyCon An analysis of the hacking groups allying themselves to Daesh/ISIS has shown that about 18 months ago the religious fanatics stopped trying to develop their own secure communications and hacking tools and instead turned to the criminal underground to find software that actually works.…




Don’t fear the software shopkeeper: T&Cs banning bad reviews aren’t legal in America

Fri, 22 Sep 2017 23:32:07 GMT

Doesn’t stop them trying to put the frighteners, tho

DerbyCon Security vendors are inserting language into their products' terms and conditions that attempt to silence critics, folks attending this year's DerbyCon conference were told on Friday.…




Want to get around app whitelists by pretending to be Microsoft? Of course you can...

Fri, 22 Sep 2017 22:27:03 GMT

...And here's how

DerbyCon A sprinkle of code and an understanding of the Windows digital certificate process is all that's needed for a miscreant to sneak malware past Microsoft's application whitelist within a corporate environment.…




Aw, not you too, Verizon: US telco joins list of leaky AWS S3 buckets

Fri, 22 Sep 2017 20:45:55 GMT

Now is a good time to go check your own Amazon settings. It's OK, we'll wait

Yet another major company has burned itself by failing to properly secure its cloud storage instances. Yes, it's Verizon.…




NBD: Adobe just dumped its PRIVATE PGP key on the internet

Fri, 22 Sep 2017 19:08:48 GMT

Change the name to A-d'oh!-be

An absent-minded security staffer just accidentally leaked Adobe's private PGP key onto the internet.…




IoT botnet Linux.ProxyM turns its grubby claws to spam rather than DDoS

Fri, 22 Sep 2017 15:28:12 GMT

I don't know which is worse

An IoT botnet is making a nuisance of itself online after becoming a conduit for spam distribution.…




Finance sector is littered with vulns, and guess what – most can be resolved by patching

Fri, 22 Sep 2017 13:55:05 GMT

But pen-testers have questioned the figures

Security vulnerabilities across the finance sector have increased more than fivefold (418 per cent) in the last four years, according to a study by NCC Group.…




Ethereum-backed hackathon excavates more security holes

Fri, 22 Sep 2017 11:51:06 GMT

Smart contracts language easy to use and create exploits with

An Ethereum-backed contest has revealed a few new tricks for disguising malware as the harmless code the network uses to transfer and manipulate funds: digital smart contracts.…




Mini-Heartbleed info leak bug strikes Apache, airborne malware, NSA algo U-turn, and more

Fri, 22 Sep 2017 09:01:10 GMT

The security week in review

Roundup As ever, it's been a doozy of a week for cybersecurity, or lack thereof. The Equifax saga just keeps giving, the SEC admitted it was thoroughly pwned, and Slack doesn't bother to sign its Linux versions. We do spoil you so, Reg readers. And that was only yesterday. Here's the rest of the week's shenanigans we didn't get round to.…




IT plonker stuffed 'destructive' logic bomb into US Army servers in contract revenge attack

Fri, 22 Sep 2017 00:34:13 GMT

He's now facing 10 years in prison for act of spite

An IT contractor is facing a possible decade behind bars in America for planting a ticking "destructive" time bomb in US military systems.…




Slain: Unions' US OPM mega-hack lawsuit against Uncle Sam

Thu, 21 Sep 2017 18:09:18 GMT

You have to get shafted before you can sue, says court

A lawsuit brought against the hacker-ransacked Office of Personnel Management on behalf of US federal employees has been killed.…




SEC 'fesses to security breach, says swiped info likely used for dodgy stock-market trading

Thu, 21 Sep 2017 17:34:10 GMT

EDGAR database a veritable goldmine of financial tips

The US Securities and Exchange Commission (SEC) has admitted that hackers broke into its corporate filling system last year.…




Researchers claim ISPs are 'complicit' in latest FinSpy snooping rounds

Thu, 21 Sep 2017 15:31:07 GMT

Dictators' favourite spyware is working at the top, says report

A surveillance campaign utilising a new variant of FinFisher, the infamous spyware also known as FinSpy, has been tracked by security researchers.…




Equifax fooled again! Blundering credit biz directs hack attack victims to parody site

Thu, 21 Sep 2017 14:15:13 GMT

Tim on the social media team will need a new job

You'd have thought that Equifax staff would be on their toes ever since the megahack that exposed the private data of over 143 million Americans but the corporation's social media certainly haven't got the message.…




You lost your ballpoint pen, Slack? Why's your Linux version unsigned?

Thu, 21 Sep 2017 09:04:04 GMT

No digital signature on hipster collab app means it's easy to make dangerous fakes

Slack is distributing versions of its chatroom app for Linux machines that are not digitally signed, contrary to industry best practice.…




CCleaner targeted top tech companies in attempt to lift IP

Thu, 21 Sep 2017 04:04:11 GMT

Infected Avast tool's payload went after the likes of Microsoft, Intel and Cisco, hit 20 targets

Cisco's security limb Talos has probed the malware-laden CCleaner utility that Avast so kindly gave to the world and has concluded its purpose was to create secondary attacks that attempted to penetrate top technology companies. Talos also thinks the malware may have succeeded in delivering a payload to some of those firms targeted.…




Orland-whoa! Chap cops to masterminding $100m Microsoft piracy racket

Wed, 20 Sep 2017 22:02:52 GMT

Chinese national pleads guilty to running a massive counterfeiting ring

A Chinese national has admitted he coordinated a massive piracy ring that shifted more than $100m in bootleg Microsoft gear.…




FedEx: TNT NotPetya infection blew a $300m hole in our numbers

Wed, 20 Sep 2017 19:25:53 GMT

File-scrambling malware put a bomb under shipping giant's sales growth

FedEx has estimated this year's NotPetya ransomware outbreak cost it $300m in lost business and cleanup costs.…




IT fraudster facing four years' bird time for $10k blackmail

Wed, 20 Sep 2017 17:47:42 GMT

Blackmailed former employer, redirected company website for porn portal

An IT contractor who sabotaged a client's website and demanded $10,000 to restore it was this week convicted of wire fraud and sentenced to four years behind bars.…




Manchester plod still running 1,500 Windows XP machines

Wed, 20 Sep 2017 12:48:53 GMT

Issue 'endemic' across public sector, shriek experts

Cops in Manchester, England, have 1,518 PCs running on Microsoft's dusty operating system Windows XP, according to a Freedom of Information response.…




Lloyds Bank payments glitch frustrates merchants

Wed, 20 Sep 2017 11:48:15 GMT

C'mon, you POS... >:(

Lloyds Bank has admitted that unspecified technical problems affected the operation of its Cardnet payment system on Tuesday. The UK bank denied suggestions that it had suffered a cyber attack.…




More data lost or stolen in first half of 2017 than the whole of last year

Wed, 20 Sep 2017 09:58:07 GMT

That's 1.9 BEEELLION records – and just you wait till GDPR

More data records were leaked or stolen by miscreants during the first half of 2017 (1.9 billion) than all of 2016 (1.37 billion).…




Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too

Wed, 20 Sep 2017 08:03:08 GMT

Those are just the ones known to have downloaded outdated versions

Thousands of companies may be susceptible to the same type of hack that recently struck Equifax.…




Inept bloke who tried to sell military sat secrets to Russia gets 5 years

Tue, 19 Sep 2017 23:12:07 GMT

Bumbling fool not so much Jason Bourne as Johnny English

A contractor who tried to sell trade secrets on military communication satellites to the Russians has been sent down for five years. Incredibly, it could have been longer after prosecutors alleged that he was also planning to kill his wife.…




Viacom exposes crown jewels to world+dog in AWS S3 bucket blunder

Tue, 19 Sep 2017 19:59:39 GMT

Passwords, server schematics and encryption keys up for grabs in open file store

Updated Media monster Viacom has been caught with its security trousers down. Researchers found a wide-open, public-facing misconfigured AWS S3 bucket containing pretty much everything a hacker would need to take down the company's IT systems.…




What's that, Equifax? Most people expect to be notified of a breach within hours?

Tue, 19 Sep 2017 09:46:13 GMT

Go on, you're the breach expert

Equifax hasn't found time for a houseclean and is making claims of authority and competence about security breaches that, following its own recent high profile breach, come off as pretty cringeworthy.…




European Commission proposes more powers for EU's infosec agency

Tue, 19 Sep 2017 08:11:09 GMT

Cross-border cybersecurity certification scheme planned

The European Commission has proposed an expansion in the role of ENISA, the EU's cybersecurity agency.…




Pirate Bay digs itself a new hole: Mining alt-coin in slurper browsers

Tue, 19 Sep 2017 06:02:10 GMT

Would you trade your CPU time and electricity bill for pirated content?

Bittorrent search engine and mortal enemy of intellectual property lawyers, The Pirate Bay, has upset the one group of people that actually likes it: its users.…




Sexploitation gang thrown in clink for 171 years after 'hunting' kids online and luring them in front of webcams

Tue, 19 Sep 2017 00:16:37 GMT

Youngsters tricked into performing sex acts for pervs

Four men have joined their two accomplices behind bars for tricking young girls into performing sex acts online so they could film them.…




Someone checked and, yup, you can still hijack Gmail, Bitcoin wallets etc via dirty SS7 tricks

Mon, 18 Sep 2017 23:37:50 GMT

Two-factor authentication by SMS? More like SOS

Once again, it's been demonstrated that vulnerabilities in cellphone networks can be exploited to intercept one-time two-factor authentication tokens in text messages.…




DRM now a formal Web recommendation after protest vote fails

Mon, 18 Sep 2017 18:51:42 GMT

W3C lays out the case for anti-piracy, anti-copying defenses

Anti-piracy and anti-copying protections are now formally part of the World Wide Web after an effort to vote down content controls at the WWW's standards body failed.…




Downloaded CCleaner lately? Oo, awks... it was stuffed with malware

Mon, 18 Sep 2017 13:46:06 GMT

OK, OK, well the 2.27 million victims were not Reg readers

Antivirus firm Avast has admitted inadvertently distributing a trojanised version of CCleaner, a popular PC tune-up tool, for nearly a month, infecting an estimated 2.27 million users.…




TfL hackathon showed data can keep transport running and people safe

Mon, 18 Sep 2017 13:19:51 GMT

Analytics is about the journey AND destination

Sponsored If software is eating the world, then hackathons are its fast-food restaurants. Groups of developers come together for short periods to try to solve pressing problems. This happens in sectors from healthcare to retail, and now it's happening in transportation too.…




Equifax's IT leaders 'retire' as company says it knew about the bug that brought it down

Sun, 17 Sep 2017 22:35:53 GMT

Company tried to find and patch vulnerable systems, but we know what happened next

Equifax's chief information officer and chief security officer “are retiring” and the company has admitted it knew Apache Struts needed patching in March, but looks to have fluffed attempts to secure the software.…




Equifax UK admits: 400,000 Brits caught up in mega-breach

Fri, 15 Sep 2017 19:39:53 GMT

UK dedicated systems not affected

Equifax UK has surfaced to say that British systems were not affected by a recently disclosed megahack, however 400,000 UK people were affected due to a “process failure.”…




Equifax mega-breach: Security bod flags header config conflict

Fri, 15 Sep 2017 18:05:27 GMT

Help wanted at Equifax. Badly

Further evidence has emerged regarding the insecurity of Equifax’s web setup, as independent security researcher Scott Helme reports having uncovered all manner of problems with Equifax’s security header configuration.…




NCC hires three Bank of England cyber experts to beef up assurance business

Fri, 15 Sep 2017 10:28:05 GMT

Intros CENTA - that new money smell

Three of the Bank of England’s cyber specialists have joined NCC Group to lead a newly established threat assurance unit at the UK-based security consultancy firm.…




Chrome to label FTP sites insecure

Fri, 15 Sep 2017 00:58:08 GMT

It's only 0.0026 per cent of traffic, but it's all in plaintext so deserves a red flag

Google's Chrome browser will soon label file transfer protocol (FTP) services insecure.…




Another month, another malware outbreak in Google's Play Store

Fri, 15 Sep 2017 00:24:39 GMT

50 apps get pulled as ExpensiveWall malware runs riot in the store

Google has had to pull 50 malware-laden apps from its Play Store after researchers found that virus writers had once again managed to fool the Chocolate Factory's code checking system.…




What is the cyber equivalent of 'use of force'? When do we send in the tanks?

Thu, 14 Sep 2017 19:35:28 GMT

Former National Security advisor and CIA deputy head reflect on the online world

Cloudflare Internet Summit The United States needs to define a new set of international rules that decides what the cyber equivalent of a missile attack is.…




Defrosted starter for 10: Iceland home delivery site spills customer details

Thu, 14 Sep 2017 14:52:10 GMT

Something smelled fishy

Iceland’s home delivery service exposed sensitive customer information for months until the problem was plugged this week, a UK security researcher discovered.…




Protect your business from ransomware robbers

Thu, 14 Sep 2017 07:40:10 GMT

The inevitable kick in the arse

Promo Two much-publicised ransomware attacks earlier this year, including one on the NHS, have raised the profile of the ransomware menace that hangs over businesses of all sizes.…




Shoddily-set-up Elastisearch hosting point-of-sale malware

Thu, 14 Sep 2017 04:02:11 GMT

Sigh. Admins of free AWS instances just didn't tick the right boxes.

Lazily-configured software has again created a security incident, this time resulting in 4,000 instances of open source analytics and search tool Elasticsearch inadvertently running PoS-stealing malware.…




Missed patch caused Equifax data breach

Thu, 14 Sep 2017 02:09:16 GMT

Apache Struts was popped, but company had at least TWO MONTHS to fix it

Equifax has revealed that the cause of its massive data breach was a flaw it should have patched weeks before it was attacked.…




Credit reference agencies faulted for poor patching

Wed, 13 Sep 2017 21:12:20 GMT

Hold our beers, Equifax

Updated Experian and Annual Credit Report.com – an organization set up by Equifax, Experian and Transunion to meet US consumer finance regulations – left themselves exposed to a serious vulnerability in Apache Struts earlier this year.…




Homeland Security drops the hammer on Kaspersky Lab with preemptive ban

Wed, 13 Sep 2017 20:08:41 GMT

Government departments have 90 days to rip and replace

Despite pending legislation to ban US federal government offices from using Kaspersky Lab security software, Homeland Security has issued a Binding Operational Directive demanding that the products be removed within 90 days.…




Giant frikkin' British laser turret to start zapping stuff next year

Wed, 13 Sep 2017 14:01:07 GMT

That's part one sorted. Now, who's supplying the sharks?

The Dragonfire laser cannon consortium has unveiled a fullsize mockup of its shipborne blaster at the Defence and Security Exhibition International arms fair in London.…




Apple’s facial recognition: Well, it is more secure for the, er, sleeping user

Wed, 13 Sep 2017 11:43:39 GMT

iPhoneX feature receives stony-faced reaction from security buffs

Security watchers have given Apple’s introduction of facial recognition technology a cautious welcome.…




Kaspersky shrugs off government sales ban proposal

Wed, 13 Sep 2017 07:35:14 GMT

It's not like we sell to the Feds, so go ahead and ban us!

Kaspersky Lab has laughed off attempts to have its wares banned from US government computers by saying it hardly sold to the Feds anyway.…