Subscribe: The Register - Security: Spam
http://www.theregister.co.uk/security/spam/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
access  android  app  bug  chrome  code  found  hackers  malware  ransomware  researchers  security  service  systems  year     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Spam

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



US govt can't stop Microsoft taking its Irish email seizure fight to the Supreme Court

Tue, 24 Jan 2017 20:49:31 GMT

Message slurp faces scrutiny from America's highest judges

The US government has lost a legal appeal to have a critical case against Microsoft reheard, paving the way for a Supreme Court challenge.…




UK courts experiencing surge in cyber-crime case load

Tue, 24 Jan 2017 16:31:09 GMT

Value of fraud surpasses £1bn for first time in five years

The total cost of fraudulent activity in the UK surpassed a billion pounds for the first time in five years, reaching £1.137bn in 2016 compared to £732m the year before.…




Penguins force-fed root: Cruel security flaw found in systemd v228

Tue, 24 Jan 2017 15:32:10 GMT

Opens door to privilege escalation attacks

Some Linux distros will need to be updated following the discovery of an easily exploitable flaw in a core system management component.…




DDoSing has evolved in the vacuum left by IoT's total absence of security

Tue, 24 Jan 2017 15:04:09 GMT

Botnets' power level over 9,000 thanks to gaping vulnerabilities

IoT botnets have transformed the threat landscape, resulting in a big increase in the size of DDoS attacks from 500Gbps in 2015 up to 800Gbps last year.…




I don't care what your eyeballs tell you. Alternative fact is, we've locked up your files

Tue, 24 Jan 2017 11:23:06 GMT

Survey: 'Bluff' ransomware is on the up

Two in five large UK businesses have fallen victim to a "bluff" ransomware attack, according to a new survey.…




HummingBad malware returns in new, more annoying variant

Tue, 24 Jan 2017 06:28:10 GMT

Is it a bird? Is it a plane? No, it's a HUMMINGWHALE

The HummingBad malware first discovered in February 2016 is making a return visit to the charts.…




Furby Rickroll demo: What fresh hell is this?

Tue, 24 Jan 2017 04:58:11 GMT

Toy-makers, please quit this rubbish, you're NO GOOD at security

Here's your future botnet, world: connected kids toys that will Rickroll their owners while hosing big servers and guessing the nuclear codes.…




Kid hackers break XSS defences, find hack hole in 2 million websites

Tue, 24 Jan 2017 04:30:09 GMT

HTML Comment Box clocked

Hackers Karim Rahal and Ibram Marzouk have found multiple cross-site scripting vulnerabilities in the HTML Comment Box that opened avenues to compromise visitors to some used by some 2 million websites.…




Microsoft fixes remote desktop app Mac hole

Tue, 24 Jan 2017 04:01:12 GMT

Full read/write access was there for the taking

Microsoft has patched a code execution hole in its Mac remote desktop client that grants read and write to home directories if users do no more than click a link, says Italian security researcher Filippo Cavallarin.…




VXers gift their mates an Android bank-raiding app's source code

Tue, 24 Jan 2017 03:02:10 GMT

It needs admin privileges, but we know there's a pool of stupid out there waiting to be p0wned

Source code for an Android banking app has been published online, spurring fears it could prompt a wave of malicious apps.…




Western Union coughs up $586m for turning a blind eye to fraudsters

Mon, 23 Jan 2017 23:39:52 GMT

Helping internet scammers proved profitable, for a while

Western Union will forfeit more than half a billion dollars after admitting it broke money laundering laws.…




Cisco's WebEx Chrome plugin will execute evil code, install malware via secret 'magic URL'

Mon, 23 Jan 2017 23:19:00 GMT

Just get rid of it – bin it now

Malicious websites can remotely execute commands on Windows systems that have Cisco WebEx's Chrome extension installed. About 20 million people actively use this broken software.…




What links macOS, iOS, Safari, tvOS, watchOS? They all need patching

Mon, 23 Jan 2017 22:54:31 GMT

Apple squashes a bunch of security bugs, so get installing

Apple has emitted a set of software security updates for all of its major operating systems.…




China's Great Firewall to crack down on unofficial VPNs – state-approved net connections only

Mon, 23 Jan 2017 21:21:38 GMT

良藥苦口

The Chinese government has started an 18-month crackdown that will require all VPN providers to seek government approval for their activities if they want to stay in business.…




IBM stuffs visualization tech into its bulging, uh, security portfolio

Mon, 23 Jan 2017 19:06:58 GMT

San Francisco's Agile 3 Solutions acquired

IBM has announced a deal to buy data visualization firm Agile 3 Solutions, a San Francisco-based privately held company. The terms of the deal, announced Monday, were not disclosed.…




Head of GCHQ Robert Hannigan steps down for 'personal reasons'

Mon, 23 Jan 2017 15:29:33 GMT

Cites demand on his family, will be replaced by 2019

The Director General of GCHQ, Robert Hannigan, has announced his intention to step down as leader of the UK signals intelligence agency.…




Lloyds Bank outage: DDoS is prime suspect

Mon, 23 Jan 2017 13:52:40 GMT

But it is keeping schtum

A DDoS attack was reportedly behind online outages at Lloyds Bank a fortnight ago.…




Protected US military server poked via army recruitment website

Mon, 23 Jan 2017 08:30:07 GMT

SNAFU reported via bug bounty program

Beads of sweat must have surely run down the face of one hacker who, while trying to score a bug bounty, inadvertently infiltrated an "internal US Department of Defence website that requires special credentials to access."…




It's 2017 and 200,000 services still have unpatched Heartbleeds

Mon, 23 Jan 2017 07:27:05 GMT

What does it take to get people patching? Not Reg readers, obviously. Other, silly people

Some 200,000 systems are still susceptible to Heartbleed more than two years and 9 months after the huge vulnerability was disclosed.…




Go dark with the flow: Lavabit lives again

Mon, 23 Jan 2017 07:03:13 GMT

Another shot at spook-proofing email

It's taken longer than first expected, but the first fruits of Lavabit founder Ladar Levison's Dark Mail Technical Alliance have landed with the relaunch of the encrypted mail service he closed in 2013.…




Satan enters roll-your-own ransomware game

Mon, 23 Jan 2017 06:02:10 GMT

Code named for Prince of Darkness offers commissions for spreading evil

Satan is infecting computers, encrypting files and demanding ransoms.…




Symantec carpeted over dodgy certificates, again

Mon, 23 Jan 2017 02:58:12 GMT

You had one job ... and it wasn't letting test certs escape into the wild and then revoking them

Symantec has confirmed that it's revoked another bunch of wrongly-issued certificates.…




Mozilla wants infosec activism to be the next green movement

Mon, 23 Jan 2017 00:57:04 GMT

Chief Mozillan calls for grass roots movement akin to 1960s' environmental awakenings

Mozilla has issued a prototype of its first internet health report in a bid to make humans give security and privacy the same level of attention they devote to climate change.…




350,000 Twitter bot sleeper cell betrayed by love of Star Wars and Windows Phone

Fri, 20 Jan 2017 21:35:12 GMT

Computer researchers uncover yuuuge dormant army

Computer boffins Juan Echeverria and Shi Zhou at University College London have chanced across a dormant Twitter botnet made up of more than 350,000 accounts with a fondness for quoting Star Wars novels.…




Rap for crap WhatsApp trap flap: Yack yack app claptrap slapped

Fri, 20 Jan 2017 20:08:12 GMT

Security gurus condemn sensational reporting of encryption backdoor-that-wasn't

Computer security experts and cryptographers have accused The Guardian of overblowing what was reported to be a backdoor in WhatsApp's encryption.…




General Electric plays down industrial control plant vulnerabilities

Fri, 20 Jan 2017 17:30:12 GMT

Only a local hacker in a facility would be able to run an attack

General Electric (GE) has pushed out an update to its industrial control systems following the discovery of vulnerabilities that create a way for hackers to steal SCADA system passwords.…




Trump's 'cyber tsar' Giuliani among creds leaked in mass hacks

Fri, 20 Jan 2017 16:33:39 GMT

We've got four more years, people

Passwords used by Donald Trump's incoming cybersecurity advisor Rudy Giuliani and 13 other top staffers have been leaked in mass hacks, according to a Channel 4 investigation.…




Unbreakable Locky ransomware is on the march again

Fri, 20 Jan 2017 08:41:11 GMT

Necurs botnet wakes up and starts fresh malware-cano

Cisco is warning of possible return of a massive ransomware spam campaign after researchers noticed traces of traffic from the hitherto dormant Necurs botnet.…




Shocking crime surge – THE TRUTH: England, Wales stats now include hacking and fraud

Fri, 20 Jan 2017 07:19:06 GMT

'More realistic picture' we're told

Crime stats for England and Wales have shown a huge year-on-year increase. Don't panic, though: it's due to the inclusion of fraud and computer misuse offences for the first time.…




Viral Chinese selfie app Meitu phones home with personal data

Fri, 20 Jan 2017 06:02:10 GMT

Reg man submits self to invasive sparkly-unicorn androgyny transformation

PIC The Meitu selfie horrorshow app going viral through Western audiences is a privacy nightmare, researchers say.…




Operator of DDoS protection service named as Mirai author

Fri, 20 Jan 2017 03:02:13 GMT

Krebs says he's fingered author of epic IoT web assault code

The author of the massive distributed denial-of-service attack malware Mirai, which ropes infected routers and internet of things devices into remotely controlled armies, is a New Jersey man, according to journo Brian Krebs.…




'Beeeellion-dollar' mastercrooks in hotel, restaurant blitzkrieg

Thu, 19 Jan 2017 15:52:48 GMT

Carbanak: It's not just a caramel-flavoured choc-trocity. It's also malware

The Carbanak cyber criminal gang is abusing Google’s infrastructure as a conduit for botnet control.…




Trump inauguration DDoS protest is 'illegal', warn securobods

Thu, 19 Jan 2017 12:06:02 GMT

Whitehouse.gov down?

A software engineer is calling on netizens opposed to Donald Trump to visit the Whitehouse.gov site and overload it with traffic tomorrow.…




ProtonMail launches Tor hidden service to dodge totalitarian censorship

Thu, 19 Jan 2017 09:33:10 GMT

Known oppressive regimes including Egypt, and er... the UK? Oh, the IP Act is law...

ProtonMail, the privacy-focused email business, has launched a Tor hidden service to combat the censorship and surveillance of its users.…




What's the biggest danger to the power grid? Hackers? Terrorists? Er, squirrels

Thu, 19 Jan 2017 07:57:07 GMT

Turns out Mother Nature is a killer for power and people

Video For decades now people have been claiming that the power grid could be taken down by terrorists. However, simple statistical analysis shows that the biggest danger isn't online hackers, but squirrels – aka rats with good PR.…




Chrome dev explains how modern browsers make secure UI just about impossible

Thu, 19 Jan 2017 06:00:12 GMT

The 'LINE OF DEATH' between safe content and untrustworthy stuff is receding every year

Google Chrome engineer Eric Lawrence has described the battle of browser barons against the 'line of death', an ever-diminishing demarcation between trusted content and the no-man's land where phishers dangle their poison.…




Insecure Hadoop installs next in 'net scum crosshairs

Thu, 19 Jan 2017 04:03:04 GMT

Because MongoDB, Elasticsearch ransomware attacks are sooo last week

Rinse-and-repeat ransomware attacks on data services left unsecured by dozy sysadmins are now hitting Hadoop instances.…




Adobe's naughty Chrome telemetry code had XSS problem

Thu, 19 Jan 2017 01:27:07 GMT

Since patched, but a bad look for Adobe when it can't even get snoopware right

Adobe's pushed out a fix for its already-controversial Chrome telemetry extension after Project Zero's Tavis Ormandy found an egregious bug.…




Silence is golden: How Google hunts Android malware in the wild

Wed, 18 Jan 2017 22:29:14 GMT

When mobes and gadgets stop verifying app installations, you're gonna have a bad time

To determine whether a mobile app is potentially harmful, Google listens for the sound of silence.…




College fires IT admin, loses access to Google email, successfully sues IT admin for $250,000

Wed, 18 Jan 2017 19:50:18 GMT

Sacked techie claims school retaliated over race complaint

Shortly after the American College of Education (ACE) in Indiana fired IT administrator Triano Williams in April, 2016, it found that it no longer had any employees with admin access to the Google email service used by the school.…




'Ancient' Mac backdoor discovered that targets medical research firms

Wed, 18 Jan 2017 15:35:13 GMT

More secure than PC? Ha!

Security researchers at Malwarebytes have discovered a Mac backdoor using antiquated code that targets biomedical research facilities.…




Ooooh, that's NASty. Security-watchers warn over man-in-the-middle risk

Wed, 18 Jan 2017 13:21:49 GMT

Small flaws, but they add up

Vulnerabilities in a network attached storage (NAS) devices made by QNAP Systems create a potential means for hackers to steal data and passwords, execute commands or drop malware on vulnerable kit, say security researchers.…




Hacker cracks Facebook with remote code execution bug

Wed, 18 Jan 2017 05:28:06 GMT

ImageMagick exploit earns chap US$40k bug bounty

Facebook has paid US$40,000 to vulnerability hunter Andrew Leonov for disclosing how the hacker gained remote code execution on its servers through the widely-reported ImageMagick flaw.…




Ransomware scum infect cancer non-profit

Wed, 18 Jan 2017 04:58:04 GMT

Cyber-bastards lower bar

Ransomware scum have hit a new low by infecting a not-for-profit cancer support organization in Muncie, Indianapolis, US.…




SOHOpeless routers offer hard-coded credentials and command injection bugs

Wed, 18 Jan 2017 04:01:12 GMT

Researcher says Zyxel and Billion kit in Thailand, and probably beyond, are rotten

Yet again, home routers are the home of SOHOpelessness: Zyxel and Billion units distributed in Thailand by TrueOnline have backdoors, and the researcher who found the flaw says the vendors have ignored his attempts to notify them.…




Kill it with fire: US-CERT urges admins to firewall off Windows SMB

Wed, 18 Jan 2017 01:58:13 GMT

Shadow Brokers may have loosed a zero-day so you're better safe than sorry

The US computer emergency readiness team is recommending organisations ditch old versions of the Windows SMB protocol and firewall off access to file servers – after a potential zero-day exploit was released by the Shadow Brokers hacking group.…




Credential-stuffers enjoy up to 2% attack success rate – report

Tue, 17 Jan 2017 16:29:12 GMT

It's kinda easy when all the passwords are 1234567

Hackers achieve a success rate of 0.1 to 2 per cent when reusing stolen credentials to access other sites, according to a new study by Shape Security.…




Mega UK hospitals trust Barts says IT borkage was due to trojan – not ransomware

Tue, 17 Jan 2017 16:03:39 GMT

Oh, well, that's all right then

Barts Health NHS Trust has blamed the disruption of its IT systems last Friday on a trojan horse infection and not ransomware.…




Ransomware brutes smacked 1 in 3 NHS trusts last year

Tue, 17 Jan 2017 12:27:11 GMT

One was hit 19 times over 12 months

A third (30 per cent) of NHS trusts have been infected by ransomware, with one – the Imperial College Healthcare in London – suffering 19 attacks in just 12 months.…




Devs reverse-engineer 16,000 Android apps, find secrets and keys to AWS accounts

Tue, 17 Jan 2017 07:20:14 GMT

It's 2017 and developers are still doing really dumb things

A security firm has reverse engineered 16,000 Android apps on Google's Play store and found that over 304 contain sensitive secret keys.…