Subscribe: The Register - Security: Crime
Added By: Feedage Forager Feedage Grade B rated
Language: English
analytica  bugs  cambridge analytica  cambridge  cyber  data  facebook  flaws  hat asia  internet  malware  ryzen  security     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Crime

The Register - Security

Biting the hand that feeds IT

Copyright: Copyright 2018, Situation Publishing

World celebrates, cyber-snoops cry as TLS 1.3 internet crypto approved

Fri, 23 Mar 2018 21:53:42 GMT

Forward-secrecy protocol comes with the 28th draft

A much-needed update to internet security has finally passed at the Internet Engineering Task Force (IETF), after four years and 28 drafts.…

Nine Iranians accused of cyber-swiping 30TB+ of blueprints from unis, biz on Tehran's orders

Fri, 23 Mar 2018 20:36:33 GMT

Gang pilfered files from 320 colleges, 47 companies in 22 nations, Uncle Sam claims

The US Department of Justice and Department of the Treasury on Friday charged nine Iranians with carrying out a series of internet attacks on more than 300 universities and 47 companies in the US and abroad, as well as federal and state agencies and the United Nations.…

Microsoft to lock out Windows RDP clients if they are not patched against hijack bug

Fri, 23 Mar 2018 08:40:12 GMT

No update installed? No connection

Black Hat Asia Microsoft will prevent Windows Server from authenticating RDP clients that have not been patched to address a security flaw that can be exploited by miscreants to hijack systems and laterally move across a network.…

Your code is RUBBISH, says GitHub. Good thing we're here to save you

Fri, 23 Mar 2018 07:30:14 GMT

Dependency scanner turned up FOUR MEEELLION vulns from October to December 2017

Last year, GitHub added security scanning to its dependency graph and flicked the lid off a can absolutely crawling with bugs.…

'R2D2' stops disk-wipe malware before it executes evil commands

Fri, 23 Mar 2018 06:23:07 GMT

'Reactive Redundancy for Data Destruction Protection' stops the likes of Shamoon and Stonedrill before they hit 'erase'

Purdue University researchers reckon they've cracked how to protect data against “disk-wipe” malware.…

Mozilla pulls ads from Facebook after spat over privacy controls

Fri, 23 Mar 2018 05:29:08 GMT

UK advertisers' society has also fired a warning shot

The Mozilla Foundation has expressed its discomfort at the Cambridge Analytica revelations by pulling its ads from Facebook.…

Reflection of a QR code on PoS scanner used to own mobile payments

Fri, 23 Mar 2018 04:03:10 GMT

Chinese researcher also cracked magnetic and sonic payments

Black Hat Asia Paying for stuff with your smartphone is downright dangerous according to Zhe Zhou, a pre-tenure associate professor at Fudan University, who yesterday explained how three different payment methods can be cracked at Black Hat Asia in Singapore.…

City of Atlanta's IT gear thoroughly pwned by ransomware nasty

Thu, 22 Mar 2018 23:04:42 GMT

Data gone with the wind as attacker goes full Sherman

Updated IT systems used by the City of Atlanta, in the US state of Georgia, have succumbed to a ransomware attack, cutting off some online city services and potentially putting the personal information of employees and citizens at risk.…

US watchdog: Scam scammers scamming scammed in scam scam

Thu, 22 Mar 2018 21:20:06 GMT

It's like sleazebag Inception

America's trade regulator the FTC has issued a warning over reports of a new data-harvesting operation that is targeting the victims of a previous scam.…

Troubled Watchkeeper drones miss crucial UK flight safety certificate

Thu, 22 Mar 2018 12:48:08 GMT

Big drone, big money, big problems

The British Army's massively overdue Watchkeeper drone project has failed to gain a critical air safety certificate – yet the Ministry of Defence still insists it is "a satisfactory use of public resources".…

F-35B Block 4 software upgrades will cost Britain £345m

Thu, 22 Mar 2018 09:59:08 GMT

After we leave the EU we could cover that in a week with change to spare ... allegedly

Britain will spend £345m ($486m) upgrading its F-35B fighter jets to the most recent, combat-ready, version of the aircraft’s operating system.…

Holy sweat! Wearables have THREE attack surfaces

Thu, 22 Mar 2018 07:29:13 GMT

The device, the app and the cloud, and your development lifecycle isn’t fit enough to catch up

Black Hat Asia Wearable devices – and anything that relies on an app to help with configuration – has at least three attack surfaces and your existing secure development lifecycle probably isn’t going to cope with the complexity that creates.…

Internet Society: Cryptocurrency probably not an identity system

Thu, 22 Mar 2018 05:33:08 GMT

ID on a blockchain? Maybe. ID on Bitcoin? Forget it

Too many cryptocurrency people are trying to force-fit blockchain technology into identity solutions, when ID needs its own solutions.…

What ends with X and won't sue security researchers?

Thu, 22 Mar 2018 04:03:11 GMT

Netflix lures bounty-hunters, Dropbox offers vulnerability research safe harbour

If you listen carefully, you'll hear the sound of a very small ship coming in: Netflix has joined Bugcrowd, offering bounties of up to US$15,000 for vulnerabilities.…

US mulls drafting gray-haired hackers during times of crisis

Wed, 21 Mar 2018 20:59:35 GMT

Shortage of tech talent has government pondering end to age, gender restrictions

A US government commission has asked the public for its thoughts on possible changes to the military's selective service rules to allow the conscription of technical talent, including those with computer-oriented skills, regardless of sex or age.…

UK surgeon suspects his PC was hacked to target Syrian hospital

Wed, 21 Mar 2018 15:37:15 GMT

Not the only possible theory, say infosec types

A British surgeon whose instructions over the internet helped to guide operations in war-torn Aleppo fears his PC was hacked in order to target a makeshift hospital that was subsequently bombed.…

Symantec cert holdout sites told: Those Google Chrome warnings are not a good look

Wed, 21 Mar 2018 14:42:06 GMT

Users will stop trusting you, warns researcher

Many high profile UK sites still use Symantec certificates just days before Google will begin the process of dropping support for them with the next and upcoming releases of its Chrome browser.…

Creaking Chromebooks getting Meltdown protection soon

Wed, 21 Mar 2018 03:58:08 GMT

Chrome OS 66 to protect older Intel units, still working on ARM

Older Chromebook owners should keep an eye open for Chrome OS updates, because Google has announced they'll get Meltdown protection soon.…

Commonwealth Games are just the ticket for Facebook

Wed, 21 Mar 2018 00:27:46 GMT

Free Wi-Fi will be lousy without a Social Network™ login, which in this of all weeks is just dumb

Facebook may be up to its armpits in alligators, but that hasn't stopped Australia's Gold Coast Council from chumming up with the ad-farm to offer free Wi-Fi to visitors at the upcoming Commonwealth Games.…

CTS who? AMD brushes off chipset security bugs with firmware patches

Wed, 21 Mar 2018 00:25:09 GMT

Just give it a few weeks notice next time, not 24 hours

AMD has finally weighed in with its opinion of the security flaws in its Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile chips, identified in a rather over-the-top fashion by CTS-Labs a week ago.…

Now that's a bad trip: 880k credit cards 'likely' stolen by Orbitz hackers

Tue, 20 Mar 2018 23:28:22 GMT

And bad news for healthy types: thoroughly pwned, too

Vacation-booking biz Orbitz has warned that sensitive details on as many as 880,000 credit cards have "likely" been stolen from its servers by hackers.…

FBI raids home of spy sat techie over leak of secret comms source code on Facebook

Tue, 20 Mar 2018 20:58:03 GMT

Ex-NRO bod also allegedly swiped $340k of espionage kit plus classified files

The FBI has raided the home of US intelligence contractor John Weed who is suspected of leaking classified blueprints online via a fake Facebook account.…

Brit police forces spend peanuts on cybercrime training

Tue, 20 Mar 2018 10:58:14 GMT

£1.3m over three years? Get with the times, plod

The police force covering the base of the UK's electronic spy agency, GCHQ, in Cheltenham, England, has admitted that it has spent nothing at all on cybercrime training over the past few years.…

Leading by example:'s secure server setup is patchy at best

Tue, 20 Mar 2018 10:46:04 GMT

Many .gov websites 'broken, misconfigured or insecure'

The security of UK government websites is inconsistent, and local authorities are among the worst offenders.…

Apple moves on HSTS abuse in Safari

Tue, 20 Mar 2018 03:54:14 GMT

WebKit updated to kill 'supercookies'

Apple has moved to block an abuse vector in the WebKit framework that underpins its Safari browser and allows HSTS to be abused to act as a 'supercookie' for user tracking.…

1 in 5 Michigan state staffers fail phishing test but that's OK apparently

Mon, 19 Mar 2018 22:57:28 GMT

IT security in America's Water Wonderland deemed so-so in tech audit

Network security for the US State of Michigan has been rated as "moderately sufficient" in an audit of its Department of Technology, Management, and Budget (DTMB).…

BOOM! Cambridge Analytica explodes following extraordinary TV expose

Mon, 19 Mar 2018 22:05:05 GMT

Undercover investigation reveals dodgy tactics and sparks search warrant

Updated Controversial data analytics firm Cambridge Analytica has been hit with an emergency data seizure order in England following an extraordinary series of events Monday night that revolved around a TV undercover expose.…

Coverity Scan code checker's systems crypto-jacked to run cheeky mining op

Mon, 19 Mar 2018 15:30:32 GMT

Freebie tool restored after 4 weeks offline

The systems of freebie open-source code scanning tool Coverity Scan were hacked and abused to run a cryptocurrency mining operation, its operator has confirmed.…

Facebook suspends account of Cambridge Analytica whistleblower

Mon, 19 Mar 2018 05:58:07 GMT

Social network plans to 'take action' against all who misused data

Updated Chris Wylie, the whistleblower who has alleged the knowingly improper use of Facebook data by Cambridge Analytica, says The Social Network™ has suspended his account.…

Facebook confirms Cambridge Analytica stole its data; it’s a plot, claims former director

Sun, 18 Mar 2018 12:49:28 GMT

50 million profiles leaked and ‘politically weaponized’ against US voters

Analysis Facebook has “suspended” any business with controversial analytics firm Cambridge Analytica (CA) and its holding company, following claims by CA’s former director that the social media ad slinger’s data was purloined and used for political dirty tricks.…

AMD security flaw saga, browsers broken, Lamo dead at 37, and more

Sat, 17 Mar 2018 09:14:12 GMT

It's the week in security

Roundup The lingering fallout of security flaws in AMD processor chipsets has dominated the news this week, and it ain't over yet.…

Crooks opt for Monero as crypto of choice to launder ill-gotten gains

Fri, 16 Mar 2018 16:09:13 GMT

Study examines the cutting edge of cybercrime

Crooks are increasingly turning to Monero over Bitcoin, according to a new study on the economics of cybercrime.…

Ugh, of course Germany trounces Blighty for cyber security salaries

Fri, 16 Mar 2018 06:04:06 GMT

Britons never, never, never shall be wage slaves. Oh wait

Cyber security professionals in Germany earn on average 17 per cent more than their UK counterparts.…

FYI: There's a cop tool called GrayKey that force unlocks iPhones. Let's hope it doesn't fall into the wrong hands!

Fri, 16 Mar 2018 00:05:14 GMT

And how it works doesn't leak. Gulp!

A secretive unlocking tool offered to cops and government agents has some computer security bods worried over its privacy implications.…

We're Putin our foot down! DHS, FBI blame Russia for ongoing infrastructure hacks

Thu, 15 Mar 2018 23:30:09 GMT

Alert adds detail to 'Dragonfly' cyber-attack disclosed last year

The US Department of Homeland Security and the Federal Bureau of Investigation on Thursday issued an alert warning of ongoing cyber-attacks against the West's energy utilities and other critical infrastructure by individuals acting on behalf of the Russian government.…

Intel: Our next chips won't have data leak flaws we told you totally not to worry about

Thu, 15 Mar 2018 18:28:41 GMT

Meltdown, Spectre-free CPUs coming this year, allegedly

Intel has claimed its future processors – shipping as early as the second half of this year – will be free of the security design flaws it totally told you not to fret about.…

Researchers slap SAP CRM with vuln combo for massive damage

Thu, 15 Mar 2018 13:38:07 GMT

Directory traversal + log injection = I can see your privates

A pair of recently patched security vulnerabilities in SAP NetWeaver Application Server Java* could have been combined to hack customer relationship management (CRM) systems.…

MailChimp 'working' to stop hackers flinging malware-laced spam from accounts

Thu, 15 Mar 2018 11:56:10 GMT

What can you do about it for now? Sweet 2FA

Email newsletter distribution service MailChimp has promised to act on the abuse of accounts to send (frequently) malware-tainted spam.…

VPN tests reveal privacy-leaking bugs

Thu, 15 Mar 2018 08:27:06 GMT

Hotspot Shield patched; Zenmate and VPN Shield haven't ... yet?

A virtual private network recommendation site decided to call in the white hats and test three products for bugs, and the news wasn't good.…

Microsoft starts buying speculative execution exploits

Thu, 15 Mar 2018 07:01:06 GMT

Adds bug bounty class for Meltdown and Spectre attacks on Windows and Azure

Microsoft has created a new class of bug bounty specifically for speculative execution bugs like January's Meltdown and Spectre processor CPU design flaws.…

Transport for NSW scrambles to patch servers missing fixes released in 2007

Wed, 14 Mar 2018 21:47:26 GMT

But IBM Australia has only a ‘skeleton crew’ on duty, missed deadlines, will move people from other projects for fix

Around a third of servers at Transport for New South Wales, the public transport department in Australia’s largest most populous state, need security patches, some dating back to 2007. But IBM, which provides IT services to the agency, doesn’t have enough people dedicated to the job to get it done in the planned time frame or in a manner that will let the agency operate as it desires.…

Ex-Equifax exec charged with insider trading after bagging 1 MEEELLION dollars in stock sale

Wed, 14 Mar 2018 17:00:12 GMT

Jun Ying 'dumped' shares before megabreach went public

A former Equifax exec was today charged with insider trading for offloading almost $1m of shares before the company went public about the scandalous mass data breach.…

WhatsApp agrees not to share user info with the Zuckerborg… for now

Wed, 14 Mar 2018 15:58:06 GMT

ICO probe: No legal basis for Facebook slurps

WhatsApp has agreed not to share users' data with parent biz Facebook after failing to demonstrate a legal basis for the ad-fuelling data slurp in the EU.…

Ex-GCHQ boss: All the ways to go after Russia. Why pick cyberwar?

Wed, 14 Mar 2018 12:41:12 GMT

Adds his 2 cents as PM, security council meet about Salisbury poisoning

Former boss at Brit electronic spy agency GCHQ, Robert Hannigan, has called for the application of "unexplained wealth orders" and economic sanctions against Russia rather than cyber attacks.…

Samba settings SNAFU lets any user change admin passwords

Wed, 14 Mar 2018 06:02:10 GMT

Patch or risk Revenge Of The Users

Samba admins: get patching and/or updating. Unless you’re content to have your admin passwords overwritten by, well, anyone else using Samba.…

Let's Encrypt updates certificate automation, adds splats

Wed, 14 Mar 2018 01:58:08 GMT

ACME v2 and Wildcard Certificates now live

Let's Encrypt has updated its certificate automation support and added Wildcard Certificates to its system.…

Russian anti-antivirus security tester pleads guilty to certifying attack code

Wed, 14 Mar 2018 00:10:49 GMT

Crim cops to running illegal testbed

A Russian coder who ran and franchised a dark web service that optimized malware and checked it against antivirus engines has pled guilty to one charge of conspiracy and one charge of aiding and abetting computer intrusion.…

OK, deep breath, relax... Let's have a sober look at these 'ere annoying AMD chip security flaws

Tue, 13 Mar 2018 22:47:06 GMT

Holes useful for malware on completely pwned PCs, servers

Analysis CTS-Labs, a security startup founded last year in Israel, sent everyone scrambling and headlines flying today – by claiming it has identified "multiple critical security vulnerabilities and manufacturer backdoors in AMD’s latest Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile processors."…

It's March 2018, and your Windows PC can be pwned by a web article (well, none of OURS)

Tue, 13 Mar 2018 21:03:10 GMT

Plus plenty of other Microsoft and Adobe bugs to fix

Patch Tuesday Microsoft delivered another hefty bundle of patches with its scheduled monthly update.…

SecurEnvoy SecurMail, you say? Only after this patch is applied, though

Tue, 13 Mar 2018 16:38:05 GMT

Flaws meant others could read, meddle with encrypted emails

Recently resolved vulnerabilities in SecurEnvoy's encrypted email transfer SecurMail created a way for encrypted emails in users' inboxes to be read, overwritten and deleted by others.…