Subscribe: The Register - Security: Spam
http://www.theregister.co.uk/security/spam/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
attack  breach  bug  crypto  cyber attack  cyber  data  equifax  hacking  key  linux  malware  microsoft  security  wpa     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Spam

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



Malware hidden in vid app is so nasty, victims should wipe their Macs

Fri, 20 Oct 2017 19:57:25 GMT

If you downloaded and installed stuff from Eltima yesterday, you are totally screwed

It's going to be an unpleasant weekend for some Mac users who are facing a complete system wipe and reinstall – after hackers stashed malware in legitimate applications.…




Your data will get hacked anyway so you might as well give up protecting it

Fri, 20 Oct 2017 08:03:08 GMT

Spend the money on freezing your brain

Something for the Weekend, Sir? Flee! Flee! It’s the return of the frozen heads!…




Canadian govt snoops emit their own malware detection tool, eh

Fri, 20 Oct 2017 07:29:09 GMT

Canuck NSA/GCHQ equivalent open-sources 'Assemblyline', to make us all as safe as Canada

Canada's Communications Security Establishment has open-sourced its own malware detection tool.…




Hack apps, attack code drawbacks for cash stacks, Google yaks

Fri, 20 Oct 2017 06:03:09 GMT

An attempt was made

Google is offering cash to those who can find, exploit and report bugs in its Android apps, or similarly hack other programs in its Play Store.…




Make America late again: US 'lags' China in IT security bug reporting

Fri, 20 Oct 2017 02:58:09 GMT

Mind the gap

The US is starting to fall well behind China in terms of the speed at which organizations are alerted to reported security vulnerabilities, according to a study out this week by threat intel biz Recorded Future.…




YouTube sin-bins account of KRACK WPA2 researcher

Thu, 19 Oct 2017 12:33:07 GMT

Only to be mysteriously restored hours later

The YouTube account of the researcher behind the KRACK WPA2 Wi-Fi vulnerability was restored early on Thursday hours after it was shut down for violating "community guidelines".…




Yes, British F-35 engines must be sent to Turkey for overhaul

Thu, 19 Oct 2017 10:29:10 GMT

Also, the US negotiates fighter jet purchase contracts on our behalf

Britain’s F-35B fighter jets currently cost around $123m each – and British officials are quite content that the only engine overhaul facility for the stealth aircraft’s engines is located in Turkey.…




Stealth web crypto-cash miner Coin Hive back to the drawing board as blockers move in

Thu, 19 Oct 2017 07:02:06 GMT

We've got something much more ethical anyway, say devs

Malwarebytes has had enough of Coin Hive's alt-currency-generating browser-side code, and is now automatically blocking it.…




EU: No encryption backdoors but, eh, let's help each other crack that crypto, oui? Ja?

Thu, 19 Oct 2017 06:03:05 GMT

You scratch my PKCS, and I'll scratch yours

The European Commission has proposed that member states help each other break into encrypted devices by sharing expertise around the bloc.…




US-CERT study predicts machine learning, transport systems to become security risks

Thu, 19 Oct 2017 03:58:09 GMT

You've been warned

The Carnegie-Mellon University's Software Engineering Institute has nominated transport systems, machine learning, and smart robots as needing better cyber-security risk and threat analysis.…




You're doing open source wrong, Microsoft tsk-tsk-tsks at Google: Chrome security fixes made public too early

Thu, 19 Oct 2017 00:49:12 GMT

Redmond wags its finger

A few weeks ago, Google paid Microsoft $7,500 after Redmond's security gurus found, exploited and reported a vulnerability in the Chrome browser – a flaw that would allow malicious webpages to run malware on PCs.…




Hackers can track, spoof locations and listen in on kids' smartwatches

Wed, 18 Oct 2017 16:19:08 GMT

Norwegian project exposes worrying lack of security

Tests on smartwatches for children by security firm Mnemonic and the Norwegian Consumer Council have revealed them to be riddled with flaws.…




BoundHook: Microsoft downplays Windows systems exploit technique

Wed, 18 Oct 2017 13:31:11 GMT

It's just not a security vulnerability, says Redmond

Features of the Intel MPX designed to prevent memory errors and attacks might be abused to launch assaults on Windows systems, security researchers claim.…




Ex-TalkTalk chief grilled by MPs on suitability to chair NHS Improvement

Wed, 18 Oct 2017 08:02:04 GMT

From heading one cyber-attack victim to another

Dido Harding, the woman at the helm during UK ISP TalkTalk's 2015 mega breach, was yesterday grilled about her move to chair NHS Improvement, the body responsible for overseeing Blighty's health service and also famously clobbered by a huge cyber attack.…




Europol cops lean on phone networks, ISPs to dump CGNAT walls that 'hide' cyber-crooks

Wed, 18 Oct 2017 07:01:08 GMT

Plod say crims now too hard to find and catch online

Europol has asked cellphone networks and other internet providers to stop using Carrier Grade Network Address Translation (CGNAT) – because it’s making life too difficult for cops trying to track cyber-villains across the web.…




Oracle Hospitality apps rolled out the Big Red carpet to crims

Wed, 18 Oct 2017 03:58:09 GMT

Brrrt! Brrrt! Brrrt! Big Red's bug gun targets 252 bugs, and you for not patching fast enough

Hundreds of products, more than 250 vulnerabilities … yes, it's Oracle's quarterly critical patch update day!…




IRS tax bods tell Americans to chill out about Equifax

Wed, 18 Oct 2017 02:54:05 GMT

Your personal data was probably already in crims' hands

The United States Internal Revenue Service has said that citizens affected by the Equifax breach need not panic, because it probably didn't reveal anything that hasn't already been stolen and the agency has tooled up to deal with fraudulent tax claims.…




Domino's Pizza delivers user details to spammers

Wed, 18 Oct 2017 00:18:21 GMT

I’ll have a garlic bread, a Supreme and a side of privacy breach by slack partners

Domino's Pizza's Australian outpost has blamed a partner for a security breach, after angry customers went online complaining about finding themselves on spam lists.…




uBlock Origin ad-blocker knocked for blocking hack attack squawking

Tue, 17 Oct 2017 23:12:36 GMT

Block all the things! No, wait, not the XSS security alerts

Top ad-blocking plugin uBlock Origin has come under fire for being a little too eager in its quest to murder nasty stuff on the internet: it prevents browsers from sounding the alarm on hacking attacks.…




Watch out for Microsoft Word DDE nasties: Now Freddie Mac menaced

Tue, 17 Oct 2017 22:41:23 GMT

Forget KRACK, good ol' Office malware has biz workers in its sights again

Updated Malware exploiting Microsoft Word's DDE features to infect computers has been lobbed at US government-backed mortgage biz Freddie Mac.…




NHS: Remember those patient records we didn't deliver? Well, we found another 162,000

Tue, 17 Oct 2017 12:30:43 GMT

Dealing with backlog could cost 'in the zone of a million'

NHS leaders have admitted that the biggest ever loss of patient documents is worse than initially thought, as another 162,000 undelivered documents have been discovered.…




Release the KRACKen patches: The good, the bad, and the ugly on this WPA2 Wi-Fi drama

Tue, 17 Oct 2017 06:02:05 GMT

Don't panic... whoa, not so fast, Android, Linux users

WPA2 Wi-Fi users – ie, almost all of us – have had a troubling Monday with the arrival of research demonstrating a critical design flaw in the technology used to secure our wireless networks. A flaw so bad, it can be exploited by nearby miscreants to potentially snoop on people's internet connections over the air.…




Crypto-coin miners caught toiling away in hacked cloud boxes

Tue, 17 Oct 2017 05:28:05 GMT

Manic miners don't even pwn you: They just use default creds admins are too lazy to change

Here's yet another reason to make sure you lock down your clutch of cloud services: cryptocurrency mining.…




Russia tweaks Telegram with tiny fine for decryption denial

Tue, 17 Oct 2017 03:03:07 GMT

FSB wanted keys, messaging outfit said Nyet

Encrypted messaging app Telegram must pay 800,000 roubles for resisting Russia's FSB's demand that it help decrypt user messages.…




Never mind the WPA2 drama... Details emerge of TPM key cockup that hits tonnes of devices

Mon, 16 Oct 2017 22:14:14 GMT

About a third of all crypto modules globally generate weak, crackable RSA pairs

RSA keys produced by smartcards, security tokens, laptops, and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and should be regenerated with stronger algorithms.…




Google isn't saying Microsoft security sucks but Chrome for Windows has its own antivirus

Mon, 16 Oct 2017 20:09:26 GMT

ESET scanning engine now built in – plus other defenses

In its ongoing effort to improve browser security, school Microsoft on security, and retain its search audience, Google is today rolling out several Chrome for Windows fortifications.…




Here's a timeless headline: Adobe rushes out emergency Flash fix after hacker exploits bug

Mon, 16 Oct 2017 18:39:09 GMT

So much for that security-patch-free October

Adobe today issued an emergency security patch for Flash, which squashes a bug being used in the wild right now by hackers to infect Windows PCs with spyware.…




Brit intel fingers Iran for brute-force attacks on UK.gov email accounts

Mon, 16 Oct 2017 15:06:08 GMT

Russia, you're off the hook

Iran has been blamed for the brute-force attack on UK Parliament earlier this year.…




Customers cheesed off after card details nicked in Pizza Hut data breach

Mon, 16 Oct 2017 13:03:14 GMT

Victims reporting fraudulent transactions

Miscreants have made off with payment card details of "a small number of clients" following a data breach at Pizza Hut.…




Remember how you said it was cool if your mobe network sold your name, number and location?

Mon, 16 Oct 2017 11:49:06 GMT

No? Well, never mind, because it's for your own protection

US mobile phone companies appear to be selling their customers' private data – including their full name, phone number, contract details, home zip code and current location to third parties – all in the name of security.…




WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto

Mon, 16 Oct 2017 11:36:10 GMT

Key handshake shakedown

Updated Users are urged to continue using WPA2 pending the availability of a fix, experts have said, after security researchers went public with more information about a serious flaw in the wireless encryption protocol.…




Linus Torvalds lauds fuzzing for improving Linux security

Mon, 16 Oct 2017 07:03:12 GMT

But he's not at all keen on Santa Claus or fairies

Linus Torvalds release notification for Linux 4.14's fifth release candidate contains an interesting aside: the Linux Lord says fuzzing is making a big difference to the open source operating system.…




'Open sesame'... Subaru key fobs vulnerable, says engineer

Mon, 16 Oct 2017 03:55:08 GMT

ONE, TWO, THREE, what are we incrementing FOUR? (Don't ask, we don't give a damn)

A Dutch electronics engineer reckons Japanese auto-maker Subaru isn't acting on a key-fob cloning vulnerability he discovered.…




WPA2 security in trouble as KRACK Belgian boffins tease key reinstallation bug

Mon, 16 Oct 2017 01:58:11 GMT

Strap yourselves in readers, Wi-Fi may be cooked

Updated A promo for the upcoming Association for Computing Machinery security conference has set infosec types all a-Twitter over the apparent cryptographic death of the WPA2 authentication scheme widely used to secure Wi-Fi connections.…




Sounds painful: Audio code bug lets users, apps get root on Linux

Sun, 15 Oct 2017 23:39:07 GMT

Cisco discusses Advanced Linux Sound Architecture mess before formal CVE release

An advisory from Cisco issued last Friday, October 13th gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA).…




An oil industry hacker facing jail, a $20m damages bill, and claims of counter-hacking

Sat, 14 Oct 2017 15:30:09 GMT

Inside the bizarre ongoing Rigzone saga

Analysis David Kent, of Spring, Texas, USA, was sentenced to prison earlier this month for hacking Rigzone.com, a oil and gas industry website he founded and sold to employment data biz DHI Group, in an effort to build a second site, Oilpro.com, into an acquisition target.…




US Congress mulls first 'hack back' revenge law. And yup, you can guess what it'll let people do

Fri, 13 Oct 2017 22:36:31 GMT

Can you say 'collateral damage'?

Two members of the US House of Representatives today introduced a law bill that would allow hacking victims to seek revenge and hack the hackers who hacked them.…




IT at sea makes data too easy to see: Ships are basically big floating security nightmares

Fri, 13 Oct 2017 20:30:38 GMT

Experts find maritime computer defenses lacking

Updated If there's anything worse than container security, it would appear to be container ship security.…




Pulitzer-winning website Politifact hacked to mine crypto-coins in browsers

Fri, 13 Oct 2017 18:38:03 GMT

Mysterious malicious code silently chews up CPU cycles to craft cash on visitors' dime

Updated Politifact, the Pulitzer Prize-winning website devoted to checking the factual accuracy of US politicians' words, appears to have been hacked so that it secretly mines cryptocurrency in visitors' browsers.…




Android ransomware DoubleLocker encrypts data and changes PINs

Fri, 13 Oct 2017 13:51:08 GMT

Nasty activated by home button unless device gets factory reset

Crooks have come up with a strain of Android ransomware that both encrypts user data and locks victims out of compromised devices by changing PINs.…




More and more websites are mining crypto-coins in your browser to pay their bills, line pockets

Fri, 13 Oct 2017 05:29:07 GMT

No, Chrome isn't slowing down – you're just silently digging up cyber-cash

Updated Sketchy websites are increasingly using cryptocurrency mining as a source of income.…




Equifax's malvertising scare, Chromebook TPM RSA key panic, Cuban embassy sonic weapon heard at last – and more

Fri, 13 Oct 2017 05:02:08 GMT

Your essential security news soaking

Roundup We almost wanted to feel sorry for Equifax, were it not for the fact that the credit biz takes to IT security like a duck to an acid bath. After a brutal few weeks under the spotlight, on Wednesday night it suffered another hacking scare.…




Malware again checks into Hyatt's hotels, again checks out months later with victims' credit cards

Thu, 12 Oct 2017 20:20:41 GMT

Hyatt grievance, see?

Hyatt has provided the perfect excuse for folks trying to explain to bosses or spouses why a film they watched in their hotel room for just seven minutes appeared on their company or personal credit card.…




UK Treasury Committee chairman calls on Equifax to answer for breach omnishambles

Thu, 12 Oct 2017 09:35:44 GMT

'People have been left in the dark for too long'

Equifax may soon face the wrath of UK politicians after the chairman of the country's House of Commons Treasury Committee demanded answers from the firm over its handling of its recent data breach.…




Swiss banking software has Swiss cheese security, says Rapid7

Thu, 12 Oct 2017 02:30:46 GMT

Researchers go public after BPC Banking's long silence on SQL injection bug

Rapid7 has gone public with news of an e-commerce SQL injection vulnerability, saying it couldn't raise a response from the vendor.…




Dear America, best not share that password with your pals. Lots of love, the US Supremes

Wed, 11 Oct 2017 23:11:55 GMT

You may end up in the clink with 'hacker' on your criminal record

A California bloke fighting a computer hacking conviction has lost his final appeal after the US Supreme Court declined to hear his case.…




Dumb bug of the week: Outlook staples your encrypted emails to, er, plaintext copies when sending messages

Wed, 11 Oct 2017 21:15:03 GMT

You're formatting messages the wrong way

Attention anyone using Microsoft Outlook to encrypt emails. Researchers at security outfit SEC Consult have found a bug in Redmond's software that causes encrypted messages to be sent out with their unencrypted versions attached.…




Judge says US govt has 'no right to rummage' through anti-Trump protest website logs

Wed, 11 Oct 2017 19:07:35 GMT

Court tells hosting biz to protect identities of netizens

A Washington DC judge has told the US Department of Justice (DoJ) it "does not have the right to rummage" through the files of an anti-Trump protest website – and has ordered the dot-org site's hosting company to protect the identities of its users.…




North Korean hackers allegedly probing US utilities for weaknesses

Wed, 11 Oct 2017 17:01:14 GMT

Spear phishing emails thought to be affiliated with Pyongyang sent to electricity firms

Hackers believed to be from North Korea are casing out US electric companies in preparation for a possible cyber attack – so says security firm FireEye.…




When Irish data's leaking: Supermarket shoppers urged to check bank statements

Wed, 11 Oct 2017 11:36:13 GMT

SuperValu breached after cyber attack at mega-retailer

Shoppers at SuperValu, Centra and Mace have been told to review their bank statements following a cyber attack against Irish retailer Musgrave.…