Subscribe: The Register - Security
http://www.regdeveloper.co.uk/security/breaking_it/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
bug  crypto  data breach  data  government  hack  hackers  maker  new  security  software  told  users  wikileaks  world     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



Massive US military social media spying archive left wide open in AWS S3 buckets

Fri, 17 Nov 2017 20:08:18 GMT

Dozens of terabytes exposed, your tax dollars at work

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest.…




Shamed TLS/SSL cert authority StartCom to shut up shop

Fri, 17 Nov 2017 17:29:05 GMT

Chairman tells El Reg nobody will even notice its passing

Controversial certificate authority StartCom is going out of business.…




For goodness sake, stop the plod using facial recog, London mayor told

Fri, 17 Nov 2017 16:03:09 GMT

At least until there's some sort of strategy. Jeez – GLA

London's Metropolitan Police force's use of "intrusive" technologies "without proper regulation" could put a fundamental principle of policing at risk, the London mayor has been told.…




Lloyds' Avios Reward credit cardholders report fraudulent activity

Fri, 17 Nov 2017 15:03:09 GMT

Concerns raised over data breach

Thousands of Lloyds Avios Rewards American Express credit card customers have been targeted by fraudsters, the bank has admitted.…




Fake news ‘as a service’ booming among cybercrooks

Fri, 17 Nov 2017 07:57:13 GMT

Fake sites spread fake stories to fuel pump and dump or other foul ends

Criminals are exploiting “fake news” for commercial gain, according to new research.…




Kaspersky: Clumsy NSA leak snoop's PC was packed with malware

Thu, 16 Nov 2017 23:59:05 GMT

Lab suspects Chinese spyware was on home computer

Kaspersky Lab, the US government's least favorite computer security outfit, has published its full technical report into claims Russian intelligence used its antivirus tools to steal NSA secrets.…




Parity: The bug that put $169m of Ethereum on ice? Yeah, it was on the todo list for months

Thu, 16 Nov 2017 23:06:33 GMT

Just didn't get round to fixing it – our bad

Alt-coin wallet software maker Parity has published a postmortem of the bug that put millions of dollars of people's Ethereum on ice – and has admitted it knew about the flaw for months. It just hadn't got round to fixing it.…




Oracle scrambles to sew up horrid security holes in PeopleSoft's Tuxedo

Thu, 16 Nov 2017 20:34:12 GMT

Nothing like unauth'd hijacking, Heartbleed-style bugs to patch ASAP

Oracle has published an out-of-band software update to address a handful of security flaws in parts of the PeopleSoft HR software.…




Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

Thu, 16 Nov 2017 19:42:47 GMT

Plus AWS creds, S3 silos filled with sensitive customer info

Chinese drone maker DJI left the private key for its dot-com's HTTPS certificate exposed on GitHub for up to four years, according to a researcher who gave up with the biz's bug bounty process.…




Pawnbroker pwnd: Cash Converters says hacker slurped customer data

Thu, 16 Nov 2017 15:31:11 GMT

Details from decommissioned UK webshop scoured

Pawnbroking and secondhand goods outlet Cash Converters has suffered a data breach.…




New, revamped Terdot Trojan: It's so 2017, it even fake-posts to Twitter

Thu, 16 Nov 2017 14:56:13 GMT

You've grown so much, you piece of @£$

Terdot, a banking Trojan that has been around since mid-2016, has been re-engineered with updated information and credential thievery as well as social media account monitoring functionality.…




DJI bug bounty NDA is 'not signable', say irate infosec researchers

Thu, 16 Nov 2017 12:24:13 GMT

Non-disclosure agreement prompts uproar

Chinese drone maker DJI faces questions from infosec researchers about its bug bounty programme. Sources have told The Register that a non-disclosure agreement (NDA) they were invited to sign would result in the company "owning their actions".…




Does UK high street banks' crappy crypto actually matter?

Thu, 16 Nov 2017 09:33:10 GMT

Commentards didn't hold back and some experts disagreed

The Register's recent story about the failure of most UK high street banks to follow web security best practices has provoked a lively debate among security experts.…




Q: Why are you running in the office? A: This is my password for El Reg

Thu, 16 Nov 2017 04:52:54 GMT

Boffins find smartmobe accelerometers can turn your gait into a biometric

A trio of Indian boffins have studied the use of smartphone accelerometers as biometric sensors and concluded they could be a handy way to identify users.…




The four problems with the US government's latest rulebook on security bug disclosures

Wed, 15 Nov 2017 22:59:12 GMT

But it's still better than nothing

Analysis The United States government has published its new policy for publicly disclosing vulnerabilities and security holes.…




Crouching cyber Hidden Cobra: US warns Nork hackers are at it again with new software nasty

Wed, 15 Nov 2017 21:50:55 GMT

Fallchill file-stealing malware raids American networks

The FBI and US Homeland Security have issued an alert about a new strain of malware infecting American corporate systems and stealing sensitive data.…




US govt's 'foreign' spy program that can snoop on Americans at home. Sure, let's reauth that...

Wed, 15 Nov 2017 20:20:36 GMT

What's Russian for "section 702 s***show"?

Analysis The reauthorization of a controversial US government spying program has made further progress with the Senate's intelligence committee putting forward its recommendations to the whole Senate.…




Confusion reigns over crypto vuln in Spanish electronic ID smartcards

Wed, 15 Nov 2017 16:38:13 GMT

Certs revoked, but where are the updates?

The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia.…




Amazon, Google inject Bluetooth vuln vaccines into Echo, Home AI pals

Wed, 15 Nov 2017 16:00:09 GMT

The BlueBorne ultimatum

Updated Amazon and Google have automatically patched people's Echo and Home AI assistant devices, respectively, to defend against recently discovered Bluetooth-related security vulnerabilities.…




Coming live to a warzone near you: Army Truck Driver for Xbox!

Wed, 15 Nov 2017 14:02:06 GMT

Shh, ignore senior Brit officers saying armed forces on brink of collapse

As recently retired senior officers told UK Parliament that the armed forces are at risk of "institutional failure", the Ministry of Defence told the world's press that soldiers are playing with Xbox controllers.…




Uncle Sam to strap body sensors to hackers in nuke lab security study

Wed, 15 Nov 2017 06:58:09 GMT

Sandia Labs, US military seeks a few good guinea pigs for hack contest

Exclusive The US Department of Defense is funding research into how hackers hack, with an interesting twist. It wants to wire them up with body monitoring equipment to measure how they react while hunting down and exploiting security flaws.…




How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'

Wed, 15 Nov 2017 03:01:45 GMT

As Homeland Security hacks 757 on the tarmac

At least some commercial aircraft are vulnerable to wireless hacking, a US Department of Homeland Security official has admitted.…




It's 2017 – and your Windows PC can be forced to run malware-stuffed Excel macros

Wed, 15 Nov 2017 01:12:46 GMT

Not enough? How about a few dozen PDF remote code holes?

Microsoft and Adobe are getting into the holiday spirit this month by gorging users and admins with a glut of security fixes.…




What do Vegas hookers, Colombian government, and 30,000 other sites have in common? Crypto-jacking miners

Wed, 15 Nov 2017 00:21:41 GMT

Someone’s potentially getting rich – and it isn’t you

Over the past few months there has been an alarming rise in the number of websites running code that silently joyrides computers and secretly makes them mine digital currency for miscreants.…




Privacy Pass protocol promises private perusing

Tue, 14 Nov 2017 16:39:05 GMT

Boffins write browser extension for anonymous authentication

Boffins have harnessed privacy-preserving crypto to create a browser extension that allows users to authenticate to services without being tracked.…




Estonia cuffs suspect, claims he's a Russian 'hacker spy'

Tue, 14 Nov 2017 14:39:08 GMT

20-year-old is not an agent, Russia retorts

Russia has denied that a person nabbed by Estonian local authorities was one of its spies. Estonia alleges the suspect had been intent on hacking into the Baltic country’s computer network.…




Shut the front door: Jewson 'fesses up to data breach

Tue, 14 Nov 2017 11:03:11 GMT

Builder's merchant tells punters their privates might be out in the cold

Builders merchant Jewson has confirmed in writing to customers that their privates could have been exposed in a cyber break-in that occurred late this summer.…




Sure, Face ID is neat, but it cannot replace a good old fashioned passcode

Tue, 14 Nov 2017 10:04:14 GMT

Facial recognition isn't the most reliable authentication right now

Apple's iPhone X is one of several technologies bringing facial biometrics into the mainstream. It seems to have everything bar a heat scanner; the TrueDepth camera projects an impressive-sounding 30,000 infrared dots on to your phiz, scanning every blackhead in minute 3D detail.…




Think the US is alone? 18 countries had their elections hacked last year

Tue, 14 Nov 2017 05:01:11 GMT

Less than a quarter of world has freeish internet communication

While America explores quite how much its election was interfered with by outsiders, the news isn't good for the rest of us, according to independent watchdog Freedom House.…




WikiLeaks is wiki-leaked. And it's still not even a proper wiki anyway

Tue, 14 Nov 2017 02:58:06 GMT

Assange .org tried to help coordinate Trump's election campaign

Julian Assange's WikiLeaks – that bastion of fiercely independent journalism – privately urged the Trump campaign to not concede the 2016 presidential election, to contest the result as rigged, and asked for one of Donald's tax returns so as to appear impartial and nothing whatsoever to do with Russia's meddling in the White House race.…




Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask'

Mon, 13 Nov 2017 19:35:39 GMT

l'd like to take his... his Face ID... off

Video Apple's facial-recognition login system in its rather expensive iPhone X can be, it is claimed, fooled by a 3D printed mask, a couple of photos, and a blob of silicone.…




Stop your moaning, says maker of buggy Bluetooth sex toy

Mon, 13 Nov 2017 05:58:07 GMT

Companion app recorded audio you while you - ahem - played, but it never left your phone

Sex-toy maker Lovsense has told its customers to stop moaning about one of its products, which recorded audio of users as they – ahem – played, and stored it on their Android phones.…




Ride-share upstart 'Fasten' revealed as Hive of insecurity

Mon, 13 Nov 2017 00:34:49 GMT

Like Uber but for leaking personal data: a million customer records left on unsecured Hadoop

Boston-based ride-hailing hopeful Fasten has coughed to a million-customer data breach that happened because someone left a database lying around unsecured.…




CopperheadOS stops updates to thwart knock-off phone floggers

Sun, 12 Nov 2017 22:29:13 GMT

Hardened Android vendor found third parties eating its lunch

The folk in charge of the hardened Android distribution CopperheadOS have run into problems with licence violations. Over the weekend, they temporarily disabled over-the-air updates for Nexus devices, and pulled some downloads from their website.…




Manic miners, hideous hackers, frightful flaws, vibrating mock cock app shock – and more

Sat, 11 Nov 2017 08:34:08 GMT

It's your weekly security news bytes

Roundup Phew, we made it to the weekend. Let's take a look at everything that went down in IT security beyond what we've already covered this week.…




Parity's $280m Ethereum wallet freeze was no accident: It was a HACK, claims angry upstart

Fri, 10 Nov 2017 22:40:56 GMT

And we have evidence to prove it, says biz stiffed out of $1m

A crypto-currency collector who was locked out of his $1m Ethereum multi-signature wallet this week by a catastrophic bug in Parity's software has claimed the blunder was not an accident – it was "deliberate and fraudulent."…




How did someone hijack your Gmail? Phishing, keylogger or password reuse, we're guessing

Fri, 10 Nov 2017 19:50:48 GMT

If you run a website with user accounts, take a look at this research, ta

Google has teamed up with computer scientists at the University of California, Berkeley, to find out how exactly hijackers take over its users' accounts.…




Microsoft president says the world needs a digital Geneva Convention

Fri, 10 Nov 2017 17:57:07 GMT

Mr Smith goes to Switzerland

Microsoft president Brad Smith appeared before the UN in Geneva to talk about the growing problem of nation-state cyber attacks on Thursday.…




WikiLeaks drama alert: CIA forged digital certs imitating Kaspersky Lab

Fri, 10 Nov 2017 12:31:08 GMT

Vault 8 release says spooks used disguise to siphon off data

The CIA wrote code to impersonate Kaspersky Labs in order to more easily siphon off sensitive data from hack targets, according to leaked intel released by Wikileaks on Thursday.…




Judge bins sueball lobbed at Malwarebytes by rival antivirus maker for torpedoing its tool

Fri, 10 Nov 2017 00:44:54 GMT

Litigious security biz upset at blanket PC ban

Security software slinger Enigma has lost a key legal battle against antivirus maker Malwarebytes, which blocks and deletes Enigma's products from PCs.…




Learn client-server C programming – with this free tutorial from the CIA

Thu, 09 Nov 2017 22:49:13 GMT

Available now via everyone's favorite publisher, WikiLeaks – Отличная работа, Джулиан!

WikiLeaks has shoved online more internal classified stuff nicked from the CIA – this time what's said to be the source code for spyware used by Uncle Sam to infect and snoop on targets' computers and devices.…




US government seizes Texas gun mass murder to demand backdoors

Thu, 09 Nov 2017 21:49:08 GMT

Too early to talk gun control, not too early to bork iPhone security

While US President Donald Trump thinks it's too early to discuss gun control in the wake of Sunday's Texas church massacre – America's latest mass shooting – his Deputy Attorney General Rod Rosenstein is just fine exploiting the murder-suicide of 26 people to push for backdoors.…




Uni staffer's health info blabbed in email list snafu

Thu, 09 Nov 2017 14:46:09 GMT

University leaks personal data for 2nd time in 5 months

The University of East Anglia has been involved in a personal data breach for the second time in five months.…




Not even ordering pizza is safe from the browser crypto-mining scourge

Thu, 09 Nov 2017 12:33:06 GMT

Coin Hive JavaScript increasingly pops up in top 3 million websites

A total of 2,531 of the top 3 million websites (1 in 1,000) are running the Coin Hive miner, according to new stats from analytics firm Red Volcano.…




Evil pixels: Researcher demos data-theft over screen-share protocols

Thu, 09 Nov 2017 07:02:11 GMT

Users see white noise, attackers see whatever they just stole from you

It's the kind of thinking you expect from someone who lives in a volcano lair: exfiltrating data from remote screen pixel values.…




Microsoft pals up with partners for threat-hunting

Thu, 09 Nov 2017 06:30:09 GMT

Bitdefender integration with Windows Defender ATP in preview; Lookout, Ziften soon

Windows Defender Advanced Threat Protection first landed as a public preview in September, and now its general availability, Microsoft has announced a bunch of partners to give it cross-platform support: Bitdefender for Linux and macOS, Lookout for iOS and Android, and Ziften for macOS and Linux).…




Brit moron tried buying a car bomb on dark web, posted it to his address. Now he's screwed

Thu, 09 Nov 2017 06:02:05 GMT

Wannabe terror teen found guilty, faces sentencing

A British teenager who tried to order a car bomb on the dark web and get it delivered to his address has been found guilty this week.…




Intel's super-secret Management Engine firmware now glimpsed, fingered via USB

Thu, 09 Nov 2017 05:11:50 GMT

As creator of OS on the chips calls out Chipzilla

Positive Technologies, which in September said it has a way to drill into Intel's secretive Management Engine technology buried deep in its chipsets, has dropped more details on how it pulled off the infiltration.…




Quantum computers could crack Bitcoin, but fixes are available now

Thu, 09 Nov 2017 03:45:04 GMT

Shor, we need a new sig scheme

An international group of quantum boffins reckons Bitcoin could be broken by the year 2027.…




Marissa! Mayer! pulled! out! of! retirement! to! explain! Yahoo! hack! to! Senators!

Wed, 08 Nov 2017 22:17:33 GMT

Joins Equifax and Verizon execs to explain pitiful security

Poor Marissa Mayer. After selling off Yahoo! and floating away on her golden parachute, she must have been looking for a nice rest. But US Congress wanted her to explain how every single user account on the portal got hacked.…