Subscribe: The Register - Security: Spam
http://www.theregister.co.uk/security/spam/headlines.rss
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
cpu  data  fix  hardware  intel  malware  meltdown spectre  meltdown  new  patches  security  spectre  systems  users     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Spam

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2018, Situation Publishing
 



America restarts dodgy spying program – just as classified surveillance abuse memo emerges

Fri, 19 Jan 2018 21:21:42 GMT

There is literally nothing decent in this story

Analysis The US Senate reauthorized a controversial NSA spying program on Thursday – and then, because it's 2018 and nothing matters any more, embarked on a partisan battle over a confidential memo that outlines Uncle Sam's alleged abuse of surveillance powers.…




There are other, legal ways to nab Microsoft emails, privacy groups remind Supremes

Fri, 19 Jan 2018 15:03:07 GMT

Redmond finds allies in Irish data centre spat

Allowing Uncle Sam to seize emails stored in Microsoft's Irish data centre would violate foreign data protection laws and risk setting a damaging precedent, the US Supreme Court has been told.…




Delve into the hidden corners of security at CyberThreat18

Fri, 19 Jan 2018 09:19:10 GMT

New event set to infiltrate QEII

Promo If you are a cybersecurity practitioner who feels on top of the latest developments in your field, CyberThreat18 may make you want to think again.…




Two things will survive a nuclear holocaust: Cockroaches and crafty URLs like ғасеьоок.com

Fri, 19 Jan 2018 06:03:11 GMT

Pesky phishing pages using international domain names just won't go away

It's been known for a long while that people can use similar-looking non-Roman characters to create internet addresses that look similar to real ones.…




You get a lawsuit! And you get a lawsuit! And you! Now Apple sued over CPU security flaws

Thu, 18 Jan 2018 23:15:09 GMT

iGiant up next in the Meltdown-Spectre-sueball-a-palooza

Add Apple to the list of companies facing a legal backlash in the US over the Spectre and Meltdown CPU security fiasco.…




Sad-sack Anon calling himself 'Mr Cunnilingus' online is busted for DDoSing ex-bosses

Thu, 18 Jan 2018 21:23:48 GMT

Electronics tutor's taunts come back to haunt him

An electronics technician pleaded guilty on Wednesday to orchestrating distributed denial of service (DDoS) attacks on a former employer and other organizations – and to unlawfully possessing a firearm as a former felon.…




Someone is touting a mobile, PC spyware platform called Dark Caracal to governments

Thu, 18 Jan 2018 16:00:12 GMT

Hundreds of gigabytes already slurped, say EFF and Lookout

An investigation by the Electronic Frontier Foundation and security biz Lookout has uncovered Dark Caracal, a surveillance-toolkit-for-hire that has been used to suck huge amounts of data from Android mobiles and Windows desktop PCs around the world.…




F-35 'incomparable' to Harrier jump jet, top test pilot tells El Reg

Thu, 18 Jan 2018 15:27:09 GMT

Naturally we demanded proof – and we got it

Interview What's it like to fly an F-35 fighter jet? We interviewed the chief British test pilot about a uniquely British flying technique – and then had a play with a full cockpit simulator to find out for ourselves.…




Google fuels up Chromecast Wi-Fi flooding fix

Thu, 18 Jan 2018 14:27:11 GMT

It lands today

Google has confirmed plans to issue a patch for Chromecast and Google Home aimed at resolving a traffic flooding problem that was swamping home networks.…




And Oracle E-biz suite makes 3: Package also vulnerable to exploit used by cryptocurrency miner

Thu, 18 Jan 2018 13:26:13 GMT

Hat trick!

A third Oracle enterprise package has been patched against a crypto-mining exploit.…




VTech fondleslabs for kids 'still vulnerable' despite sanctions

Thu, 18 Jan 2018 09:02:15 GMT

Researchers claim flaws remain more than two years later

New InnoTab child learning devices still have the same security flaw first found by researchers at Pen Test Partners two years ago.…




Mozilla edict: 'Web-accessible' features need 'secure contexts'

Thu, 18 Jan 2018 07:55:11 GMT

If an API or feature needs the 'net, it needs HTTPS under Mozilla's new plan

Mozilla has decided to further locking down the Internet with the announcement that developers can only access new Firefox features from what it calls “secure contexts”.…




North Korea's finest spent 2017 distributing RATs, wipers, and phish

Thu, 18 Jan 2018 06:30:11 GMT

And sent them mostly to South Korea, naturally

South Korea was the target of a barrage of malware campaigns last year.…




Industrial systems scrambling to catch up with Meltdown, Spectre

Thu, 18 Jan 2018 05:01:10 GMT

Some confessions, but 'watch this space' is the more common reaction - when there is one

Vendors of industrial systems have joined the long list of vendors responding responses to the Meltdown and Spectre processor vulnerabilities.…




Who's using 2FA? Sweet FA. Less than 10% of Gmail users enable two-factor authentication

Wed, 17 Jan 2018 21:33:46 GMT

Your daily dose of digital depression

Usenix Enigma It has been nearly seven years since Google introduced two-factor authentication for Gmail accounts, but virtually no one is using it.…




HTML5 may as well stand for Hey, Track Me Longtime 5. Ads can use it to fingerprint netizens

Wed, 17 Jan 2018 20:21:06 GMT

This language is wired for sound

Usenix Enigma HTML5 is a boon for unscrupulous web advertising networks, which can use the markup language's features to build up detailed fingerprints of individual netizens without their knowledge or consent.…




Former Santander bank manager pleads guilty to computer misuse crimes

Wed, 17 Jan 2018 15:24:06 GMT

Customer details spilled to boyfriend

Updated A former Santander bank manager has pleaded guilty to £15,000 worth of computer misuse crimes after her boyfriend talked her into giving him illicitly obtained customer information.…




Biggest vuln bombshell in forever and storage industry still umms and errs over patches

Wed, 17 Jan 2018 11:27:09 GMT

Does it run in VMs, containers, systems running external code? Just. Patch. It

Analysis A growing consensus among storage hardware appliance vendors is that, since they don't run external software on their hardware, they don't need to stick performance-hindering patches into their operating systems.…




Wanna motivate staff to be more secure? Don't bother bribing 'em

Wed, 17 Jan 2018 08:39:28 GMT

Also, don't get the BOFH to publicly smack them with a LART

Usenix Enigma It's frustrating getting users to keep information and systems secure on a daily basis. However, don't try any smart gimmicks – particularly offering wedges of cash or other prizes for good behavior.…




Another round of click-fraud extensions pulled from Chrome Store

Wed, 17 Jan 2018 08:01:08 GMT

More than 500,000 users stung

A security researcher has claimed that a cumulative half a million Chrome users have been hit by four malicious browser extensions pushing click and SEO fraud.…




BIND comes apart thanks to ancient denial-of-service vuln

Wed, 17 Jan 2018 01:57:13 GMT

No active exploits, but crashes are happening in the wild

Back in 2000, a bug crept into the Internet Systems Corporation's BIND server, and it lay unnoticed until now.…




Hospital injects $60,000 into crims' coffers to cure malware infection

Tue, 16 Jan 2018 23:48:55 GMT

Medics say they couldn't wait for backups to be pulled as ransomware ransacked kit

A US hospital paid extortionists roughly $60,000 to end a ransomware outbreak that forced staff to use pencil-and-paper records.…




Android snoopware Skygofree can pilfer WhatsApp messages

Tue, 16 Jan 2018 17:30:12 GMT

Sophisticated nasty also able to listen in based on location

Mobile malware strain Skygofree may be the most advanced Android-infecting nasties ever, antivirus-flinger Kaspersky Lab has warned.…




UK's Just Eat faces probe after woman tweets chat-up texts from 'delivery guy'

Tue, 16 Jan 2018 14:44:23 GMT

ICO to investigate allegations of driver delivering side order of creepy

A customer of takeaway delivery firm Just Eat has alleged a driver from an eatery used her phone number to ask her for a date.…




New Mirai botnet species 'Okiru' hunts for ARC-based kit

Tue, 16 Jan 2018 11:56:12 GMT

Researchers: Code designed to hit Linux devices

A new variant of the notorious Mirai malware is exploiting kit with ARC processors.…




Canada charges chap alleged to run stolen data-mart Leakedsource

Tue, 16 Jan 2018 01:59:09 GMT

Unlike similar services, this one sold purloined passwords

The Royal Canadian Mounted Police has announced it has cuffed and charged a man for selling stolen identities and passwords at LeakedSource.com.…




Bad benchmarks bedevil boffins' infosec efforts

Tue, 16 Jan 2018 00:58:07 GMT

'Benchmark crimes' understate true performance impact of security controls

A group of operating systems specialists has said that sloppy benchmarking is harming security efforts by making it hard to assess the likely performance impact of security countermeasures.…




Now Meltdown patches are making industrial control systems lurch

Mon, 15 Jan 2018 18:07:07 GMT

Automation and SCADA-flingers admit fix has affected products

Patches for the Meltdown vulnerability are causing stability issues in industrial control systems.…




Customers reporting credit card fraud after using OnePlus webstore

Mon, 15 Jan 2018 13:16:06 GMT

Chinese mobe-flinger probing the issue

A large number of OnePlus customers claim to have been hit by fraudulent credit card transactions after making purchases on the phone company's site. And they're unhappy that the company has been slow to address the issue.…




UK.gov denies data processing framework is 'sinister' – but admits ICO has concerns

Mon, 15 Jan 2018 10:18:09 GMT

Minister says commish is 'free to disregard' framework if it is 'irrelevant'

The government has moved to allay fears over amendments to the Data Protection Bill that critics say could undermine both the law and the powers of the UK’s privacy watchdog.…




Meltdown/Spectre fixes made AWS CPUs cry, says SolarWinds

Mon, 15 Jan 2018 08:37:05 GMT

CPU utilization up, throughput down, but a second fix may have restored normal service

Log-sniffing vendor SolarWinds has used its own wares to chronicle the application of Meltdown and Spectre patches on its own Amazon Web Services infrastructure, and the results make for ugly viewing.…




Oracle still silent on Meltdown, but lists patches for x86 servers among 233 new fixes

Mon, 15 Jan 2018 01:30:08 GMT

Sun ZFS Storage Appliance users: brace for super-critical fix

Oracle still has nothing to say about whether the Meltdown or Spectre vulnerabilities are a problem for its hardware.…




Intel puts security on the todo list, Tavis topples torrent tool, and more

Sat, 13 Jan 2018 10:11:11 GMT

A quick catch-up on infosec stuff beyond what we've already reported

Roundup The security world is still feeling the aftereffects of last week's CPU design flaw disclosures, which continued to dominate the news this week, even amid the noisy CES jamboree in Las Vegas.…




Let's Encrypt plugs hole that let miscreants grab HTTPS web certs for strangers' domains

Sat, 13 Jan 2018 01:40:14 GMT

Shared hosting oversight bites free SSL/TLS certificate org

Let's Encrypt – a SSL/TLS certificate authority run by the non-profit Internet Security Research Group (ISRG) to programmatically provide websites with free certs for their HTTPS websites – on Thursday said it is discontinuing TLS-SNI validation because it's insecure in the context of many shared hosting providers.…




Feds may have to explain knowledge of security holes – if draft law comes into play

Sat, 13 Jan 2018 00:59:28 GMT

House reps approve bill requiring vuln disclosure reports

The US House of Representatives this week approved a bill that, given further legislative and executive branch support, will require the American government to account for its handling of software and hardware vulnerabilities.…




Boffins split on whether Spectre fix needs tweaked hardware

Fri, 12 Jan 2018 17:09:05 GMT

It's not like a recall is possible, says chip security expert

Analysis Processor security experts – including one cited in the Meltdown paper – are split on whether the resolution of the Spectre vulnerability may need to involve hardware modifications or the software defences being rolled out are adequate.…




Intel AMT security locks bypassed on corp laptops – fresh research

Fri, 12 Jan 2018 16:08:05 GMT

Easy as A, B, CTRL+P

Updated Security shortcomings in Intel's Active Management Technology (AMT) can be exploited by miscreants to bypass login prompts on notebook computers.…




Data protection is best managed from the centre

Fri, 12 Jan 2018 14:45:12 GMT

Become the ruler of all you survey

Security people talk of an attack surface to describe exposure to malware and hacking. The bigger the attack surface, the more at risk you are.…




'Mummy, what's felching?' Tot gets smut served by Android app

Fri, 12 Jan 2018 14:00:12 GMT

Google’s Play Store fails again

Researchers have found a batch of over 60 malware-carrying apps in Google's Play Store designed to rob mobile users or show them pornography, all with a kid-friendly theme.…




Intel’s Meltdown fix freaked out some Broadwells, Haswells

Fri, 12 Jan 2018 03:27:03 GMT

Customers say PCs and servers reboot a lot after fixes. Meanwhile, AMD admits to Spectre problems

Intel has warned that the fix for its Meltdown and Spectre woes might have made PCs and servers less stable.…




Brace yourselves for the 'terabyte (sic) of death', warns US army IT boss

Fri, 12 Jan 2018 01:11:50 GMT

Sorry, make that, exiting IT boss

The outgoing head of the Defense Information Systems Agency, which handles computer security for the US Department of Defense, has warned a massive cyber-attack is "looming" at the American military's door.…




Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo...

Thu, 11 Jan 2018 13:00:13 GMT

SCADA mobile app security is getting worse

The security of mobile apps that tie in with Supervisory Control and Data Acquisition (SCADA) systems has deteriorated over the last two-and-a-half years, according to new research.…




Ohio coder accused of infecting Macs, PCs with webcam, browser spyware for 13 years

Thu, 11 Jan 2018 01:12:17 GMT

Alleged Fruitfly creator faces decades in prison if guilty

A computer programmer has been accused of hacking, committing identity theft, and creating child pornography after allegedly developing custom malware to take control of thousands of computers.…




Leaky credit report biz face massive fines if US senators get their way

Wed, 10 Jan 2018 20:21:25 GMT

That Equifax hack would have cost the outfit $1.5bn

New legislation introduced in the US Senate by Elizabeth Warren (D-MA) and Mark Warner (D-VA) would result in credit reporting agencies being slapped with stiff fines if they play fast and loose with data security.…




Taiwanese cops give malware-laden USB sticks as prizes for security quiz

Wed, 10 Jan 2018 07:29:07 GMT

What was second prize? We think we'd rather have that

Winners of a security quiz staged by Taiwan's Criminal Investigation Bureau may be wondering why they tried so hard to do well after some of the USB drives handed out as prizes turned out to be wretched hives of malware and villainy.…




Russia claims it repelled home-grown drone swarm in Syria

Wed, 10 Jan 2018 07:02:08 GMT

13 explosively armed but cobbled-together drones swarmed airbase

The Russian Defense Ministry has reported that its forces in Syria have been attacked by a swarm of GPS-guided drones carrying improvised explosives.…




IBM’s complete Meltdown fix won’t land until mid-February

Wed, 10 Jan 2018 05:58:07 GMT

POWER CPU patches available now or next week, AIX and i OS fixes are more than a month off

IBM’s started to release its own patches for the Meltdown mess and the Spectre SNAFU, which it’s half-confirmed impact its hardware and operating systems, but won’t have a complete fix until mid-February.…




Intel, Microsoft confess: Meltdown, Spectre may slow your servers

Wed, 10 Jan 2018 05:02:09 GMT

It's getting hard to deny all the new and sluggish benchmarks

Analysis After spending last week insisting that the performance impact of fixing the Meltdown and Spectre CPU vulnerabilities "should not be significant," Intel on Tuesday tried to maintain that stance even as it acknowledged SYSmark tests assessing post-patch slowdowns ranging from two per cent to 14 per cent.…




Facebook has open-sourced encrypted group chat

Wed, 10 Jan 2018 03:01:07 GMT

Governments hate encrypted chat tools on social media, so brace for outrage in 3 ... 2 ...

Updated Facebook has responded to governments' criticism of cryptography by giving the world an open source encrypted group chat tool.…




CPU bug patch saga: Antivirus tools caught with their hands in the Windows cookie jar

Tue, 09 Jan 2018 23:49:18 GMT

You're fondling our kernel wrong, grumbles Microsoft

Microsoft's workaround to protect Windows computers from the Intel processor security flaw dubbed Meltdown has revealed the rootkit-like nature of modern security tools.…