Subscribe: The Register - Security: ID
Added By: Feedage Forager Feedage Grade B rated
Language: English
access  attack  data  dyn  email  hackers  hijack  malware  microsoft  new  patch  researchers  security  users  vulnerability     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: ID

The Register - Security

Biting the hand that feeds IT

Copyright: Copyright 2016, Situation Publishing

Got Ancient exploit but nowhere to use it? Try the horrid GRX network

Wed, 26 Oct 2016 07:40:07 GMT

Audio: Aussie hacker shows even NSA hacks haven't schooled some telcos

Ruxcon They've been warned for years, but scores of telcos are still making bone-headed configuration mistakes in their GPRS Global Roaming Exchange (GRX) networks, leaving mail and FTP servers vulnerable.…

VXer turns to ancient freemium model to flog keylogger, malware tools

Wed, 26 Oct 2016 04:56:12 GMT

'Researcher' sells spamming, trojan wares

Malware has been spotted using the freemium model more than 30 years after it was introduced.…

This is not a drill: Hackers pop stock Nexus 6P in five minutes

Wed, 26 Oct 2016 02:56:13 GMT

Keen hackers at Mobile Pwn2Own

The Nexus 6P appears to have been hacked with attackers at the Mobile Pwn2Own contest installing malware without user interaction in less than five minutes.…

Asterisk users need to patch DoS bug

Tue, 25 Oct 2016 22:30:04 GMT

Overlap dialling lets attacker shut down system

Asterisk users need to get busy with a patch.…

'Every step your anti-theft tracker takes – I'll be watching you'

Tue, 25 Oct 2016 18:01:02 GMT

Phone-sync'd widgets open folks to stalker risk

Tracking widgets that you stick on your keys and wallet so you don't lose them are riddled with security vulnerabilities, we're told.…

Paging 1994: Crap encryption still rife in devices

Tue, 25 Oct 2016 15:23:12 GMT

Switch to asymmetric keys, stat!

Pager communications in industrial environments often run over unencrypted channels, creating a hacker risk in the process.…

Surveillance by consent: Commissioner launches CCTV strategy for England and Wales

Tue, 25 Oct 2016 12:31:08 GMT

Guidelines issued on ensuring the public is protected, not spied on

“There is a gap between what exists and what should exist,” according to the UK's commissioner responsible for ensuring that surveillance cameras are protecting members of the public, rather than spying on them.…

Microsoft: Watch out millennials for evil Security Essentials

Tue, 25 Oct 2016 07:30:12 GMT

Scammers: 'Gunna be lit, fam'

Microsoft is warning of fake copies of its Security Essentials that if executed will throw a fake blue screen of death, pwn machines, and lead users to technical support scams.…

Graduate recruitment site exposed 50,000 CVs sent to Virgin Media UK

Tue, 25 Oct 2016 06:33:13 GMT

Kid schools telco: 'So have you heard of access controls?'

Virgin Media has shuttered a kindergarten-grade bug in a third party website that exposed up to 50,000 résumés it's received over the years, complete with names, street and email addresses of applicants.…

MedSec's St Jude pacemaker hacks confirmed by pen-tester

Tue, 25 Oct 2016 02:58:12 GMT

Bishop Fox report says Merlin@Home vulns are real and deadly

St Jude Medical has suffered another setback in its lawsuit against Muddy Waters and security company MedSec.…

Joomla! readies patch for core vulnerability so critical it isn't talking

Tue, 25 Oct 2016 02:36:32 GMT

Patch to drop 1400 UTC, Tuesday. And the haste of its release suggests this is scary

The world's second-favourite content management system, Joomla!, is warning of a critical security hole so bad its developers aren't saying what it fixes.…

Judge orders FBI to reveal whether White House launched 'Tor pedo' torpedo exploits

Tue, 25 Oct 2016 00:56:07 GMT

Alleged Playpen perverts win a concession

A US judge overseeing an FBI “Playpen case” has told agents to reveal whether or not their investigative hacking was approved by the White House.…

LinkedIn, Dropbox hack suspect named as Yevgeniy Nikulin by US prosecutors

Mon, 24 Oct 2016 22:32:39 GMT

Russia hoping to block accused miscreant's extradition

The US Department of Justice has unsealed its indictment against a Russian bloke accused of hacking high-profile websites.…

It's nearly 2017 and JPEGs, PDFs, font files can hijack your Apple Mac, iPhone, iPad

Mon, 24 Oct 2016 21:41:09 GMT

Get patching now

Apple has distributed a fresh round of security updates to address remote-code execution holes in iOS, macOS, Safari, and the firmware for Apple Watch and AppleTV.…

App proves Rowhammer can be exploited to root Android phones – and there's little Google can do to fully kill it

Mon, 24 Oct 2016 18:31:00 GMT

Hardware vuln strikes 18 of 27 tested mobes

Security researchers have demonstrated how to gain root privileges from a normal Android app without relying on any software bug.…

Chinese electronics biz recalls webcams at heart of botnet DDoS woes

Mon, 24 Oct 2016 14:01:06 GMT

US products compromised by Mirai mischief in another Internet of Things success

Chinese electronics firm Hangzhou Xiongmai is set to recall swathes of webcams after they were compromised by the Mirai botnet.…

Hacktivist crew claims it launched last week's DDoS mega-attack

Mon, 24 Oct 2016 11:09:10 GMT

Dyn-Dyn-Dyn... it's a knockout!

A group called New World Hackers has claimed responsibility for a DDoS attack that rendered significant portions of the web unreachable last Friday.…

Ageing GSM crypto cracked on commodity graphics rig

Mon, 24 Oct 2016 07:02:06 GMT

A*STAR Singapore shows how easy it is

The crypto scheme applied to second generation (2G) mobile phone data can be hacked within seconds, security researchers have demonstrated.…

Hackers pop top 'secure' wireless keyboard and mouse kits, gain RCE

Mon, 24 Oct 2016 04:56:04 GMT

Patch? Nah, we'll just remove 'secure' from the tin: vendor

Ruxcon Wireless keyboard and mouse manufacturers including Microsoft, Fujitsu, and Logitech have been forced to fix borked encryption in peripherals that allow physical attackers to hijack computers.…

Thanks, IoT vendors: your slack attitude will get regulators moving

Mon, 24 Oct 2016 03:54:04 GMT

Networks also need to grab a mirror and look at themselves

Last Friday's Mirai botnet attack against Dyn must force everybody's hands – vendors, regulators, and Internet infrastructure operators.…

Brute force cred crunchers gifted Username Anarchy

Mon, 24 Oct 2016 01:58:09 GMT

dpauli, darren.pauli, darrenp, pauli.darren, paulid

Ruxcon Melbourne security bod Andrew Horton has created a tool to automate the generation of usernames in a bid to round-out brute force account attacks.…

Every LTE call, text, can be intercepted, blacked out, hacker finds

Sun, 23 Oct 2016 22:59:33 GMT

Emergency fail over provisions abused

Ruxcon Hacker Wanqiao Zhang of Chinese security house Qihoo 360 has blown holes in 4G LTE networks by detailing how to intercept and make calls, send text messages and even force phones offline.…

Mozilla plots TLS 1.3 future for Firefox

Sun, 23 Oct 2016 22:42:55 GMT

Quicker handshake starts encrypting data sooner

Mozilla has decided it needs to lift its HTTPS game, and will default to TLS 1.3 in next year's Firefox 52.…

Pacemaker maker St Jude faces new security flaw claims from biz short-selling its stock

Sat, 22 Oct 2016 12:30:10 GMT

This is not the way to get vulnerabilities fixed

Security startup MedSec and the financial house backing the biz have published new allegations of security flaws in pacemakers and defibrillators built by St Jude Medical – and again look set to profit from the disclosures in an unorthodox way.…

Como–D'oh! Infosec duo exploits OCR flaw to nab a website's HTTPS cert

Fri, 21 Oct 2016 20:40:31 GMT

Pair abused typo blind spot to game certificate authority

Two European security researchers exploited Comodo's crappy backend systems to obtain a HTTPS certificate for a domain they do not own.…

Dyn dinged by DDoS: US DNS firm gives web a bad hair day

Fri, 21 Oct 2016 14:23:12 GMT

Reddit, Github, Airbnb and pals affected

A denial of service attack against managed DNS provider Dyn restricted access to many US-based websites on Friday.…

Hax0rs sow Discord by using VoIP service to sling malware at gamers

Fri, 21 Oct 2016 13:31:07 GMT

Not even playtime's safe these days

Hackers abused a free VoIP service for gamers to distribute remote-access Trojans and other malware.…

Hack us and you're basically attacking America, says UK defence sec

Fri, 21 Oct 2016 11:43:11 GMT

And we'll attack you back, promises Defence Secretary

Britain is splurging £265m on military cyber security – and that includes offensive capabilities, according to Defence Secretary Sir Michael Fallon.…

Slack whacks global account hijack holes

Fri, 21 Oct 2016 06:30:05 GMT

For a while there your Slack account could be hijacked with just a username

Hipster collaboration platform Slack has shuttered an access control bypass that allowed users to hijack any account.…

Fruity hacking group juiced by Microsoft's October patch parade

Fri, 21 Oct 2016 05:29:05 GMT

Get your patching done, people, this Font-borne bug is being actively exploited

Kaspersky Labs researcher Anton Ivanov says an advanced threat group was exploiting a Windows zero day vulnerability before Microsoft patched it last week.…

Spam scum ping global blacklists to wreck rep

Fri, 21 Oct 2016 04:02:09 GMT

Email pests seek clean machines for better hit rates.

Malware authors are consulting IP blacklists designed to help fight spam in a bid to avoid detection and increase inbox hit rates.…

Dirty COW explained: Get a moooo-ve on and patch Linux root hole

Fri, 21 Oct 2016 02:21:33 GMT

Widespread flaw can be easily exploited to hijack PCs, servers, gizmos, phones

Code dive Patch your Linux-powered systems, phones and gadgets as soon as possible, if you can, to kill off a kernel-level flaw affecting nearly every distro of the open-source operating system.…

Google pays $100k to anti-malware crusader Giovanni Vigna

Fri, 21 Oct 2016 01:58:13 GMT

Prolific malware murderer bags Mountain View's Security, Privacy and Anti-Abuse award

Anti-malware machine and head of the Shellphish DARPA Grand Challenge bronze-medallist team has won US$100,000 from Google for security research efforts.…

DIY website builder Weebly was secured feebly

Fri, 21 Oct 2016 00:55:41 GMT

43m credentials lifted, plus 58m more at Modern Business Solutions and 22m from FourSquare

Another day, another three major breaches: this time at do it yourself website builder Weebly, which has been revealed as secured feebly, as were FourSquare and Modern Business Solutions.…

Three million debit cards at risk after hackers raid Indian payment systems

Thu, 20 Oct 2016 20:37:37 GMT

It wasn't us, gov! Hitachi Payment Services denies its ATMs were pwned

A suspected security breach has led banks in India to warn 3.25 million customers to replace their debit cards or change the PINs.…

US DNC hackers blew through SIX zero-days vulns last year alone

Thu, 20 Oct 2016 19:07:51 GMT

Most targets were individuals with Gmail addresses

Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed for ransacking the US Democratic National Committee's computers.…

Boffins exploit Intel CPU weakness to run rings around code defenses

Thu, 20 Oct 2016 16:48:12 GMT

Branch buffer shortcoming allows hackers to reliably install malware on systems

US researchers have pinpointed a vulnerability in Intel chips – and possibly other processor families – that clears the way for circumventing a popular operating-system-level security control.…

Security research tool had security problem

Thu, 20 Oct 2016 07:31:07 GMT

Plugin for popular disassembler OllyDbg allowed man-in-the-middle diddle

Security researchers and the networks they rely on were at risk of breach by the hackers they investigate, thanks to now mitigated man-in-the-middle holes in a popular plugin for analysing debugger OllyDbg.…

Kids today are so stupid they fall for security scams more often than greybeards

Thu, 20 Oct 2016 05:27:06 GMT

Millennials turn out to be digital naïfs, not digital natives

Millennials are more likely to fall for tech support scams than baby boomers, Microsoft says.…

GPS spoofing can put Yik Yak in a flap

Thu, 20 Oct 2016 04:34:13 GMT

De-anonymising 'secret' chat app not that hard, really

A little machine learning can de-anonymise Yik Yak users, according to researchers from American and Chinese universities.…

Jumpin' AppFlash! Actifio's devops gear rolls onto Pure kit

Thu, 20 Oct 2016 02:58:08 GMT

Copy data virtualisation gets a flash boost

+Comment Actifio's AppFlash DevOps Platform will run on Pure Storage's FlashArray.…

Reading this? Then you can pop root shells on Markvision enterprises

Thu, 20 Oct 2016 02:04:04 GMT

Twin bug bombs perish with patch

Lexmark has patched two dangerous vulnerability in its Markvision enterprise IT analysis platform that grants remote attackers god-mode system access over the internet.…

Yahoo! begs! US! spymaster! Clapper!: Spill! the! beans! on! secret! email! snooping!

Thu, 20 Oct 2016 00:12:24 GMT

Uncle Sam asked to come clean on what info it sought. Good luck with that

Yahoo! has asked the US government to break its silence on the secret court order that forced the Purple Palace to scan its webmail users' messages for specific keywords.…

Donald Trump running insecure email servers

Wed, 19 Oct 2016 15:39:05 GMT

But he's got a yuge firewall, folks... the best kind of firewall

US presidential candidate Donald Trump’s criticism of rival Hillary Clinton's use of a private email server while Secretary of State appeared to have rebounded on him.…

It's finally happened: Hackers are coming for home routers en masse

Wed, 19 Oct 2016 14:18:12 GMT


Cybercrooks are increasingly targeting routers in consumers’ homes.…

Crims cram credit card details into product shots on e-shops

Wed, 19 Oct 2016 03:57:06 GMT

Just Save Image As to exfiltrate data, safe in the knowledge webmasters trust JPGs

Hackers are going to considerable lengths to hide credit cards stolen from websites victimised in a wave of recent attacks, weaving the data into working images of products sold online.…

Democralypse Now? US election first battle in new age of cyberwarfare

Tue, 18 Oct 2016 13:45:12 GMT

CIA said to blame Russia for voter database hacks

Hacking attempts against more than 10 US state election databases have increased fears about Russian efforts to disrupt or influence the 2016 presidential election.…

You work so hard on coding improvements... and it's all undone by a buggy component

Tue, 18 Oct 2016 12:03:22 GMT

Third-party addition not the time-saver the boss thinks it is

Nearly all (97 per cent) of Java applications contain at least one component with a known vulnerability, according to a new study by app security firm Veracode.…

It's good to talk, UK banks told after massaging cyberattack figures

Tue, 18 Oct 2016 10:20:05 GMT

It's not like the public will think any worse of you

Top techies at British banks are being encouraged to share information about cyberattacks following revelations that the financial sector is under-reporting breaches to regulators.…

Audit sees VeraCrypt kill critical password recovery, cipher flaws

Tue, 18 Oct 2016 04:02:05 GMT

Patches slung at 11 bad bugs

Security researchers have found eight critical, three medium, and 15 low -severity vulnerabilities in a one month audit of popular encryption platform VeraCrypt.…