Subscribe: The Register - Security: Crime
Added By: Feedage Forager Feedage Grade B rated
Language: English
attacks  battery  botnet  bug  data  europol  hackers  internet  isps  malware  patch  routers  security  state  web  years     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Crime

The Register - Security

Biting the hand that feeds IT

Copyright: Copyright 2016, Situation Publishing

US commission whistles to FIDO: Help end ID-based hacks by 2021

Thu, 08 Dec 2016 14:04:06 GMT

No breaches should result from compromised identities, say gov bods

A White House commission on improving cybersecurity has come up with a list of recommendations for US president-elect Donald Trump’s administration – including a target for no big hacks to involve identity-based compromises.…

Mirai variant turns TalkTalk routers into zombie botnet agents

Thu, 08 Dec 2016 13:03:08 GMT

Infosec folk spot web of compromised British devices

Hundreds of Mirai-infected home routers across the UK are currently acting as DDoS bots.…

Can ISPs step up and solve the DDoS problem?

Thu, 08 Dec 2016 09:27:08 GMT

Apply best routing practices liberally. Repeat each morning

Solve the DDoS problem? No problem. We’ll just get ISPs to rewrite the internet. In this interview Ian Levy, technical director of GCHQ’s National Cyber Security Centre, says it’s up to ISPs to rewrite internet standards and stamp out DDoS attacks coming from the UK. In particular, they should change the Border Gateway Protocol, which lies at the heart of the routing system, he suggests.…

Playtime's over: Internet-connected kids toys 'fail miserably' at privacy

Thu, 08 Dec 2016 08:28:05 GMT

Won't someone think of the children, literally?

The Electronic Privacy Information Center (EPIC) and the European Consumer Organization (BEUC) are calling for US and EU data protection authorities to take action against insecure networked toys.…

Stealing, scamming, bluffing: El Reg rides along with pen-testing 'red team hackers'

Thu, 08 Dec 2016 08:00:04 GMT

Broad smiles, good suits and fake IDs test security in new dimensions

FEATURE "Go to this McDonald's," Chris Gatford told me. "There's a 'Create Your Taste' burger-builder PC there and you should be able to access the OS. Find that machine, open the command prompt and pretend to do something important.…

Silver screen script hacker and dox douche gets 5 years in US cooler

Thu, 08 Dec 2016 07:40:13 GMT

Hello [celebrity], please reset your password

Bahamas man Alonzo Knowles has been sentenced to five years jail for hacking the email accounts of celebrities to steal and sell unreleased television and movie scripts, music, financial documents, and pornographic self footage.…

Need Xmas ideas? Try CVE-2015-7645, a Flash gift that keeps on giving

Thu, 08 Dec 2016 07:21:05 GMT

Who the hell needs zero days?

A Flash vulnerability subject to emergency patching by Adobe has been used in all major exploit kits to compromise users not already updated.…

Masterful malvertisers pwn Channel 9, Sky, MSN in stealth attacks

Thu, 08 Dec 2016 06:30:09 GMT

Same group compromised a million users A DAY.

A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN.…

Santa says you've been nice kids: OpenVPN to get security audit

Thu, 08 Dec 2016 03:00:06 GMT

Dr Matt Green to comb the code

Johns Hopkins University crypto professor Dr Matthew Green is to lead a security audit of OpenVPN 2.4.…

Body cams too fragile for Canadian Mounties – so they won't be used

Thu, 08 Dec 2016 00:43:40 GMT

Kit dumped after fears over battery life and durability

The Royal Canadian Mounted Police (RCMP) says it will not be equipping its officers with body cameras after the units were found to be not rugged enough for field use.…

Sigh... 'Hundreds of thousands' of... sigh, web CCTV cams still at risk of... sigh, hijacking

Wed, 07 Dec 2016 23:44:29 GMT

It's been two years and no patches, say researchers

Vid Amid ongoing malware infections of IoT gadgets and armies of commandeered gizmos attacking server, glaring security holes in web-connected CCTV cameras are going unpatched.…

Could this be you? Really Offensive Security Engineer sought by Facebook

Wed, 07 Dec 2016 23:17:08 GMT

'Here's your new password, champ – GoF*!#Urs3lf'

Facebook is hiring an Offensive Security Engineer, and not the sort inclined to disparage the length of your keys or your choice of encryption algorithm.…

Don't have a Dirty COW, man: Android gets full kernel hijack patch

Wed, 07 Dec 2016 20:37:35 GMT

Meanwhile, another nasty Linux bug surfaces

Google has posted an update for Android that, among other fixes, officially closes the Dirty COW vulnerability.…

Crims turn to phishing-as-a-service to slash costs and max profits

Wed, 07 Dec 2016 19:52:23 GMT

So says Imperva after trolling the dark web

Prefab phishing campaigns cost less to run and are twice as profitable as traditional phishing attacks, according to a new study by security vendor Imperva.…

Crims using anti-virus exclusion lists to send malware to where it can do most damage

Wed, 07 Dec 2016 07:32:10 GMT

When vendors tell you what to whitelist, crims are reading too

Advanced malware writers are using anti-virus exclusion lists to better target victims, researchers say.…

Uber is watching your smartphone's battery charge

Wed, 07 Dec 2016 06:57:13 GMT

Browser vendors' Battery API deprecation can't come soon enough

Browser authors are abandoning the invasive Battery API W3C specification, but not everybody's got the memo: Uber, for example, still watches battery status.…

Android, Qualcomm move on insecure GPS almanac downloads

Wed, 07 Dec 2016 03:01:04 GMT

HTTPS? They've heard of it

Nearly a decade after it introduced assisted-GPS in its mobile chipsets, Qualcomm has squished a bug that allowed miscreants to mess around with people's location services, or crash their phones.…

Open source Roundcube webmail can be attacked ... by sending it an e-mail

Wed, 07 Dec 2016 01:57:11 GMT

The Fifth Element is a problem - the input argument that didn't get checked is an RCE hole

The developers of open source webmail package Roundcube want sysadmins to push in a patch, because a bug in versions prior to 1.2.3 let an attacker crash it remotely – by sending what looks like valid e-mail data.…

Hackers actively stealing Wi-Fi keys from vulnerable routers

Tue, 06 Dec 2016 13:26:08 GMT

Still using the password from the back of the router? Oops!

Hackers have graduated from planting malware on the vulnerable routers supplied to consumers by various ISPs towards stealing Wi-Fi keys.…

Own goal for Scottish Football Association as fans sent phishy emails

Tue, 06 Dec 2016 11:32:09 GMT

Body in lochdown after 'breach at third-party supplier'

Phishing emails ostensibly from the Scottish Football Association (SFA) were sent to subscribers on Monday as the result of a breach.…

Sony kills off secret backdoor in 80 internet-connected CCTV models

Tue, 06 Dec 2016 11:00:12 GMT

Magic 'secret key' HTTP request opens up admin control

Sony has killed off what, charitably, looks like a debug backdoor in 80 of its web-connected surveillance cameras that can be exploited to hijack the devices.…

The UK's Investigatory Powers Act allows the State to tell lies in court

Tue, 06 Dec 2016 09:00:07 GMT

Enshrining parallel construction in English law

Analysis Blighty's freshly passed Investigatory Powers Act, better known as the Snoopers' Charter, is a dog's dinner of a law. It gives virtually unrestricted powers not only to State spy organisations but also to the police and a host of other government agencies.…

Facebook, Microsoft, Twitter and YouTube team to ID terror content

Tue, 06 Dec 2016 08:29:14 GMT

Hash-sharing pact will help them ID violent extremism you see it

Facebook, Microsoft, Twitter and YouTube have teamed up to share their expertise spotting terrorism-related content, in order to crimp its spread.…

In the three years since IETF said pervasive monitoring is an attack, what's changed?

Tue, 06 Dec 2016 08:02:10 GMT

IETF Security director Stephen Farrell offers a report card on evolving defences

Feature After three years of work on making the Internet more secure, the Internet Engineering Task Force (IETF) still faces bottlenecks: ordinary peoples' perception of risk, sysadmins worried about how to manage encrypted networks, and – more even than state snooping – an advertising-heavy 'net business model that relies on collecting as much information as possible.…

Standards body warned SMS 2FA is insecure and nobody listened

Tue, 06 Dec 2016 07:02:07 GMT

Duo Security says NIST's advice to deprecate out-of-band passwords has been ignored

The US National Institute of Standards and Technology's (NIST) advice that SMS is a poor way to deliver two factor authentication is having little impact, according to Duo Security.…

Printer security is so bad HP Inc will sell you services to fix it

Tue, 06 Dec 2016 05:00:08 GMT

Finally, FINALLY, someone is turning off Telnet and FTP

Printer security is so awful HP Inc is willing to shut off shiny features and throw its own dedicated bodies at the perennial problem.…

Arista CloudVision Portal bug revealed, plus evidence it's been used

Tue, 06 Dec 2016 03:56:10 GMT

You know the drill: face-palm, download, patch, grumble about state of security, relax

Arista customers: if you're running a version of CloudVision Portal (CVP) older than 2016.1.2.1, get an update or risk getting p0wned.…

1.4bn records from HaveIBeenPwned offered for your analytical pleasure

Tue, 06 Dec 2016 02:44:13 GMT

Troy Hunt's Christmas trove is a splendid gift for security and data nerds

Security researcher Troy Hunt had better hope his anonymisation works: he's decided to offer up most of his “HaveIBeenPwned” data set for other security researchers to analyse.…

CloudFlare warns of another massive botnet, er, flaring up

Mon, 05 Dec 2016 22:41:39 GMT

DDoS attacks on the horizon as White House cybersecurity report issues recommendations

CloudFlare has warned of another massive botnet that appears to be ramping up and targeting the US West Coast.…

Yorkshire cyber security biz ECSC Group to debut on AIM exchange

Mon, 05 Dec 2016 14:03:37 GMT

These breaches ain't bad for business...

Bradford-based cyber security consultancy ECSC Group is set to float on the AIM stock exchange on December 14.…

Guessing valid credit card numbers in six seconds? Priceless

Mon, 05 Dec 2016 08:02:06 GMT

Brit researchers find a way to figure out VISA card numbers just by going shopping

Fraudsters can guess credit card numbers in as little as six seconds per attempt thanks to security gaps in Visa's network, academics say.…

IoT camera crew Titathink tells Reg it'll patch GET bug in a week

Mon, 05 Dec 2016 05:03:11 GMT

Apologises for 'serious mistake' in older kit, says latest things are secure

Titathink has become the second vendor to respond to the modified firmware that exposed a variety of surveillance cameras to a malicious URL attack.…

'Toyota dealer stole my wife's saucy snaps from phone, emailed them to a swingers website'

Sat, 03 Dec 2016 01:27:23 GMT

Texas pastor and spouse sue automaker, sales boss cuffed

A Texas couple is suing Toyota and one of its car dealerships after one of its staff allegedly stole saucy snaps off their cellphone and emailed them to a swingers website.…

Russia accuses hostile foreign powers of plot to undermine its banks

Fri, 02 Dec 2016 16:31:25 GMT

Let's get ready to rouble

Russia has accused unnamed foreign spies of launching a concerted effort to undermine its domestic banking system.…

Sh... IoT just got real: Mirai botnet attacks targeting multiple ISPs

Fri, 02 Dec 2016 12:19:08 GMT

Now ZyXEL and D-Link routers from Post Office and TalkTalk under siege

Analysis The Mirai botnet has struck again, with hundreds of thousands of TalkTalk and Post Office broadband customers affected. The two ISPs join a growing casualty list from a wave of assaults that have also affected customers at Deutsche Telekom, KCOM and Irish telco Eir over the last two weeks or so.…

Microsoft's 'Samaritan' refuses help to hackers doing Win 10 recon

Fri, 02 Dec 2016 08:27:07 GMT

'SAMRi10' script hides the creds hackers crave, making box-to-box jumps harder

Microsoft hacker Itai Grady has created a tool to help prevent blackhat scouts from stealing Windows credentials, an effort the firm hopes will make network compromises harder to achieve.…

Hackers waste Xbox One, PS4, MacBook, Pixel, with USB zapper

Fri, 02 Dec 2016 04:58:13 GMT

What would happen if someone sticks this USBBQ into an airplane seat socket?

VIDS Hackers are destroying everything from the latest gaming systems, phones, and even cars with a dangerous circuit-frying USB device that could put critical systems at risk.…

Shamoon malware returns to again wipe Saudi-owned computers

Fri, 02 Dec 2016 01:58:12 GMT

Iran suspected as likely source of re-vamped nastyware

Thousands of computers in Saudi Arabia's civil aviation agency and other Gulf State organisations have been wiped by the Shamoon malware after it resurfaced some four years after wiping thousands of Saudi Aramco workstations.…

Online criminals iced as cops bury malware-spewing Avalanche

Thu, 01 Dec 2016 23:57:11 GMT

Four-year op by US and EU culminates in arrests, server seizures

On November 30, simultaneous raids in five countries by the FBI, Europol, and the UK's National Crime Agency (NCA) finally shuttered the Avalanche criminal network that has been spewing malware and money laundering campaigns for the past seven years.…

Europol cop took terror dossier home, flashed it to the web accidentally

Thu, 01 Dec 2016 19:37:34 GMT

Europe's FBI sheds light on security bungle

An investigator at Europe's FBI Europol took home a USB stick packed with terror probe documents and accidentally spilled the files on the internet.…

Hull surfers cut off by router attack

Thu, 01 Dec 2016 15:01:10 GMT

Routers scooted, says KCOM

Thousands of broadband customers in the Hull area have been left without reliable internet access following a cyber attack.…

RAF Club members emailed fake invoices. Has it been hacked?

Thu, 01 Dec 2016 14:33:05 GMT

Military personnel's social centre scratches its head

The Royal Air Force Club appears to have been the victim of a hack, following members being sent fake invoices for staying at the club's London HQ.…

Clients say they'll take their money and run if service hacked – poll

Thu, 01 Dec 2016 10:57:11 GMT

Data breaches could cost firms business, Brits tell survey

Further evidence has emerged that hacked firms might subsequently suffer a customer exodus. After TalkTalk's famous data breach, 101,000 of its customers walked.…

Fatal flaws in ten pacemakers make for Denial of Life attacks

Thu, 01 Dec 2016 06:02:14 GMT

Brit/Belgian research team decipher signals and devise wounding wireless attacks

A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims.…

SHIFT + F10, Linux gets you Windows 10's cleartext BitLocker key

Thu, 01 Dec 2016 05:00:01 GMT

Don't panic, because this one's a bit esoteric. Do feel free to face-palm anyway

Microsoft is working on a patch for a bug or feature in Windows 10 that allowed access to the command line and, using a live Linux .ISO, made it possible steal BitLocker keys during OS updates.…

UCam247 tells El Reg most of its cams aren't vulnerable to GET vuln

Thu, 01 Dec 2016 03:01:06 GMT

IoT vendor in prompt, polite, sensible, security shocker

IoT security camera vendor UCam247 has contacted The Register to say most devices in the wild aren't vulnerable to the “single URL pwnage” vulnerability.…

Google's Project Zero tweaking Microsoft, because it did fix a bug

Thu, 01 Dec 2016 02:03:04 GMT

Redmond said it wouldn't fix a flaw, then did it on the sly

For once, a Google Project Zero bug report to Microsoft has resulted in a fix without a public spat. Indeed, this fix happened without any public announcement at all.…

Wow. What a shock. The FBI will get its bonus hacking powers after all

Wed, 30 Nov 2016 23:04:55 GMT

Rule 41 makes life easier for Feds, cops to target Tor, VPN users, and malware victims

Three last-ditch legislative efforts to block the changes to Rule 41 of the Federal Rules of Criminal Procedure have failed, and from tomorrow the Feds will find hacking your PC a lot less of a hassle.…

Android-rooting Gooligan malware infects 1 million devices

Wed, 30 Nov 2016 16:21:29 GMT

At an estimated rate of 13,000 smartphones a day

A new strain of Android malware is infecting an estimated 13,000 devices per day.…

UCL snags head of Europol for a seminar on privacy

Wed, 30 Nov 2016 12:39:21 GMT

Debates ahoy in late January

The head of Europol will be contributing to a seminar at UCL on "the state of the current privacy landscape", which will run in January.…