Subscribe: The Register - Security: Crime
http://www.theregister.co.uk/security/crime/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
attack  bug  cyber  data  equifax  hacked  hackers  hacking  key  linux  security  site  systems  website  week  windows     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Crime

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



Russia tweaks Telegram with tiny fine for decryption denial

Tue, 17 Oct 2017 03:03:07 GMT

FSB wanted keys, messaging outfit said Nyet

Encrypted messaging app Telegram must pay 800,000 roubles for resisting Russia's FSB's demand that it help decrypt user messages.…




Never mind the WPA2 drama... Details emerge of TPM key cockup that hits tonnes of devices

Mon, 16 Oct 2017 22:14:14 GMT

About a third of all crypto modules globally generate weak, crackable RSA pairs

RSA keys produced by smartcards, security tokens, laptops, and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and should be regenerated with stronger algorithms.…




Google isn't saying Microsoft security sucks but Chrome for Windows has its own antivirus

Mon, 16 Oct 2017 20:09:26 GMT

ESET scanning engine now built in – plus other defenses

In its ongoing effort to improve browser security, school Microsoft on security, and retain its search audience, Google is today rolling out several Chrome for Windows fortifications.…




Here's a timeless headline: Adobe rushes out emergency Flash fix after hacker exploits bug

Mon, 16 Oct 2017 18:39:09 GMT

So much for that security-patch-free October

Adobe today issued an emergency security patch for Flash, which squashes a bug being used in the wild right now by hackers to infect Windows PCs with spyware.…




Brit intel fingers Iran for brute-force attacks on UK.gov email accounts

Mon, 16 Oct 2017 15:06:08 GMT

Russia, you're off the hook

Iran has been blamed for the brute-force attack on UK Parliament earlier this year.…




Customers cheesed off after card details nicked in Pizza Hut data breach

Mon, 16 Oct 2017 13:03:14 GMT

Victims reporting fraudulent transactions

Miscreants have made off with payment card details of "a small number of clients" following a data breach at Pizza Hut.…




Remember how you said it was cool if your mobe network sold your name, number and location?

Mon, 16 Oct 2017 11:49:06 GMT

No? Well, never mind, because it's for your own protection

US mobile phone companies appear to be selling their customers' private data – including their full name, phone number, contract details, home zip code and current location to third parties – all in the name of security.…




WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto

Mon, 16 Oct 2017 11:36:10 GMT

Key handshake shakedown

Users are urged to continue using WPA2 pending the availability of a fix, experts have said, as a security researcher went public with more information about a serious flaw in the security protocol.…




Linus Torvalds lauds fuzzing for improving Linux security

Mon, 16 Oct 2017 07:03:12 GMT

But he's not at all keen on Santa Claus or fairies

Linus Torvalds release notification for Linux 4.14's fifth release candidate contains an interesting aside: the Linux Lord says fuzzing is making a big difference to the open source operating system.…




'Open sesame'... Subaru key fobs vulnerable, says engineer

Mon, 16 Oct 2017 03:55:08 GMT

ONE, TWO, THREE, what are we incrementing FOUR? (Don't ask, we don't give a damn)

A Dutch electronics engineer reckons Japanese auto-maker Subaru isn't acting on a key-fob cloning vulnerability he discovered.…




WPA2 security in trouble as KRACK Belgian boffins tease key reinstallation bug

Mon, 16 Oct 2017 01:58:11 GMT

Strap yourselves in readers, Wi-Fi may be cooked

Updated A promo for the upcoming Association for Computing Machinery security conference has set infosec types all a-Twitter over the apparent cryptographic death of the WPA2 authentication scheme widely used to secure Wi-Fi connections.…




Sounds painful: Audio code bug lets users, apps get root on Linux

Sun, 15 Oct 2017 23:39:07 GMT

Cisco discusses Advanced Linux Sound Architecture mess before formal CVE release

An advisory from Cisco issued last Friday, October 13th gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA).…




An oil industry hacker facing jail, a $20m damages bill, and claims of counter-hacking

Sat, 14 Oct 2017 15:30:09 GMT

Inside the bizarre ongoing Rigzone saga

Analysis David Kent, of Spring, Texas, USA, was sentenced to prison earlier this month for hacking Rigzone.com, a oil and gas industry website he founded and sold to employment data biz DHI Group, in an effort to build a second site, Oilpro.com, into an acquisition target.…




US Congress mulls first 'hack back' revenge law. And yup, you can guess what it'll let people do

Fri, 13 Oct 2017 22:36:31 GMT

Can you say 'collateral damage'?

Two members of the US House of Representatives today introduced a law bill that would allow hacking victims to seek revenge and hack the hackers who hacked them.…




IT at sea makes data too easy to see: Ships are basically big floating security nightmares

Fri, 13 Oct 2017 20:30:38 GMT

Experts find maritime computer defenses lacking

If there's anything worse than container security, it would appear to be container ship security.…




Pulitzer-winning website Politifact hacked to mine crypto-coins in browsers

Fri, 13 Oct 2017 18:38:03 GMT

Mysterious malicious code silently chews up CPU cycles to craft cash on visitors' dime

Updated Politifact, the Pulitzer Prize-winning website devoted to checking the factual accuracy of US politicians' words, appears to have been hacked so that it secretly mines cryptocurrency in visitors' browsers.…




Android ransomware DoubleLocker encrypts data and changes PINs

Fri, 13 Oct 2017 13:51:08 GMT

Nasty activated by home button unless device gets factory reset

Crooks have come up with a strain of Android ransomware that both encrypts user data and locks victims out of compromised devices by changing PINs.…




More and more websites are mining crypto-coins in your browser to pay their bills, line pockets

Fri, 13 Oct 2017 05:29:07 GMT

No, Chrome isn't slowing down – you're just silently digging up cyber-cash

Updated Sketchy websites are increasingly using cryptocurrency mining as a source of income.…




Equifax's malvertising scare, Chromebook TPM RSA key panic, Cuban embassy sonic weapon heard at last – and more

Fri, 13 Oct 2017 05:02:08 GMT

Your essential security news soaking

Roundup We almost wanted to feel sorry for Equifax, were it not for the fact that the credit biz takes to IT security like a duck to an acid bath. After a brutal few weeks under the spotlight, on Wednesday night it suffered another hacking scare.…




Malware again checks into Hyatt's hotels, again checks out months later with victims' credit cards

Thu, 12 Oct 2017 20:20:41 GMT

Hyatt grievance, see?

Hyatt has provided the perfect excuse for folks trying to explain to bosses or spouses why a film they watched in their hotel room for just seven minutes appeared on their company or personal credit card.…




UK Treasury Committee chairman calls on Equifax to answer for breach omnishambles

Thu, 12 Oct 2017 09:35:44 GMT

'People have been left in the dark for too long'

Equifax may soon face the wrath of UK politicians after the chairman of the country's House of Commons Treasury Committee demanded answers from the firm over its handling of its recent data breach.…




Swiss banking software has Swiss cheese security, says Rapid7

Thu, 12 Oct 2017 02:30:46 GMT

Researchers go public after BPC Banking's long silence on SQL injection bug

Rapid7 has gone public with news of an e-commerce SQL injection vulnerability, saying it couldn't raise a response from the vendor.…




Dear America, best not share that password with your pals. Lots of love, the US Supremes

Wed, 11 Oct 2017 23:11:55 GMT

You may end up in the clink with 'hacker' on your criminal record

A California bloke fighting a computer hacking conviction has lost his final appeal after the US Supreme Court declined to hear his case.…




Dumb bug of the week: Outlook staples your encrypted emails to, er, plaintext copies when sending messages

Wed, 11 Oct 2017 21:15:03 GMT

You're formatting messages the wrong way

Attention anyone using Microsoft Outlook to encrypt emails. Researchers at security outfit SEC Consult have found a bug in Redmond's software that causes encrypted messages to be sent out with their unencrypted versions attached.…




Judge says US govt has 'no right to rummage' through anti-Trump protest website logs

Wed, 11 Oct 2017 19:07:35 GMT

Court tells hosting biz to protect identities of netizens

A Washington DC judge has told the US Department of Justice (DoJ) it "does not have the right to rummage" through the files of an anti-Trump protest website – and has ordered the dot-org site's hosting company to protect the identities of its users.…




North Korean hackers allegedly probing US utilities for weaknesses

Wed, 11 Oct 2017 17:01:14 GMT

Spear phishing emails thought to be affiliated with Pyongyang sent to electricity firms

Hackers believed to be from North Korea are casing out US electric companies in preparation for a possible cyber attack – so says security firm FireEye.…




When Irish data's leaking: Supermarket shoppers urged to check bank statements

Wed, 11 Oct 2017 11:36:13 GMT

SuperValu breached after cyber attack at mega-retailer

Shoppers at SuperValu, Centra and Mace have been told to review their bank statements following a cyber attack against Irish retailer Musgrave.…




'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Wed, 11 Oct 2017 02:16:14 GMT

Fourth Amendment trumps your math, nerds

Continuing the US government's menacing of strong end-to-end encryption, Deputy Attorney General Rod Rosenstein told an audience at the US Naval Academy that encryption isn't protected by the American Constitution.…




'Israel hacked Kaspersky and caught Russian spies using AV tool to harvest NSA exploits'

Wed, 11 Oct 2017 01:19:00 GMT

Explosive new claims also put a bomb under US-Israeli cooperation

Updated The brouhaha over Russian spies using Kaspersky antivirus to steal NSA exploits from a staffer's home PC took an explosive turn on Tuesday.…




Hackers nick $60m from Taiwanese bank in tailored SWIFT attack

Wed, 11 Oct 2017 00:58:07 GMT

Arrests after customized malware apparently used to drain millions

Updated Hackers managed to pinch $60m from the Far Eastern International Bank in Taiwan by infiltrating its computers last week. Now, most of the money has been recovered, and two arrests have been made in connection with the cyber-heist.…




It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too

Tue, 10 Oct 2017 22:22:14 GMT

But at least there's no Flash update (not this week, anyway)

Microsoft today released patches for more than 60 CVE-listed vulnerabilities in its software. Meanwhile, Adobe is skipping October's Patch Tuesday altogether.…




Equifax: About those 400,000 UK records we lost? It's now 15.2M. Yes, M for MEELLLION

Tue, 10 Oct 2017 21:22:20 GMT

Brits will be warned by post, agency says

Updated Last month, US credit score agency Equifax admitted the personal data for just under 400,000 UK accounts was slurped by hackers raiding its database. On Tuesday this week, it upped that number ever-so-slightly to 15.2 million.…




Apple's iOS password prompts prime punters for phishing: Too easy now for apps to swipe secrets, dev warns

Tue, 10 Oct 2017 19:39:01 GMT

Fake login request boxes spark formal bug report

Apple, we have a problem. A bug report filed Monday through Open Radar – which mirrors bug reports developers submit to Apple's private bug tracking system – suggests that password prompts in iOS apps can be misused to steal passwords and other secrets.…




Hackers in Arab world collaborate more than hoodie-clad Westerners

Tue, 10 Oct 2017 16:02:08 GMT

Ideological unity drives 'spirit of sharing' in crimeware market

Cybercriminals in the Arab states are some of the most cooperative in the world, according to Trend Micro this week.…




Overdraft-fiddling hackers cost banks in Eastern Europe $100m

Tue, 10 Oct 2017 13:14:13 GMT

Mules open forged accounts, crooks clear them out from foreign ATMs

Hybrid cyber attacks on banks in former Soviet states has already resulted in estimated losses of $100m.…




Real Mad-quid: Murky cryptojacking menace that smacked Ronaldo site grows

Tue, 10 Oct 2017 11:21:06 GMT

They’re taking our processor cycles

Cryptojacking is well on its way to becoming a new menace to internet hygiene.…




Leaky-by-design location services show outsourced security won't ever work

Tue, 10 Oct 2017 07:03:04 GMT

Google and Facebook can't – or won't – anticipate misuses of data that shouldn't exist

We’re leaking location data everywhere, and it's time to fix it by design.…




Smut-watchers suckered by evil advertising

Tue, 10 Oct 2017 01:28:35 GMT

'Millions' of Pr0rnHüb visitors offered fake browser updates

Security bods have closed off a malvertising campaign targeting an ad network spread through an ad network that targeted smut site P0rnHub.…




Fending off cyber attacks as important as combatting terrorism, says new GCHQ chief

Mon, 09 Oct 2017 14:01:06 GMT

Director Jeremy Fleming sets out priorities for intel agency

Keeping the UK safe from cyber attacks is now as important as fighting terrorism, the new GCHQ boss has said.…




1,000 jobs on the line at BAE Systems' Lancashire plants – reports

Mon, 09 Oct 2017 13:21:11 GMT

Warton braced for job cuts

BAE Systems, maker of military machinery, is to slash more than 1,000 jobs, according to reports, with most roles affected at its Warton plant in Lancashire, England – the main factory that builds the Eurofighter Typhoon.…




Video games used to be an escape. Now not even they are safe from ads

Mon, 09 Oct 2017 11:33:09 GMT

Devs seduced by the dark arts of data collection and product placement

VB2017 Poor disclosure and intrusive advertising are becoming a bête noire for gamers who increasingly find themselves getting fragged by promos.…




VPN logs helped unmask alleged 'net stalker, say feds

Sun, 08 Oct 2017 22:10:58 GMT

PureVPN assisted investigation of suspect

Virtual private network provider PureVPN helped the FBI track down a suspected internet stalker, by combing its logs to reveal his IP address.…




After selling his site for millions, founder hacked it for a second payday

Sat, 07 Oct 2017 00:56:07 GMT

Rigzone founder sentenced for data duplication scheme

"Operation Resume Hoard" was going well. Initiated around April 1, 2015, it represented David W. Kent's plan to build the membership of his oil and gas industry networking site Oilpro.com.…




It's 4PM on Friday, almost time to log off and, oh look, Disqus says it's been hacked

Fri, 06 Oct 2017 23:53:24 GMT

Put down the pint, a top news commenting app just got pwned

Disqus, the developer of website comment systems used worldwide, is playing the old "bury bad news late on a Friday" card – as it just confessed one of its databases was swiped by hackers.…




Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold

Fri, 06 Oct 2017 19:34:46 GMT

Versions in use by millions lag behind latest OS, leaving systems vulnerable to attack

Microsoft is silently patching security bugs in Windows 10, and not immediately rolling out the same updates to Windows 7 and 8, potentially leaving hundreds of millions of computers at risk of attack.…




FBI iPhone hack lost forever, White House mobe compromised, SSH – and plenty more

Fri, 06 Oct 2017 17:29:04 GMT

Plus: How SEC's IT staff begged for more cash

Roundup Another week draws to a close so it's time to review the security news you may have missed in between the big hitters: the NSA contractor who leaked more exploits, Apple's encryption password blunder, and so on. This week we've seen bugs, hacking, and government silliness – take a look...…




Russia, America dig into tug-of-war over Bitcoin laundering suspect

Fri, 06 Oct 2017 17:02:13 GMT

We want him! No, he's ours! Shut up!

Russia doesn't want America taking one of its nationals accused of running a $4bn Bitcoin laundering ring – Moscow wants him more.…




Avast urges devs to secure toolchains after hacked build box led to CCleaner disaster

Fri, 06 Oct 2017 06:26:13 GMT

Timeline of compromise goes back to April

VB2017 Avast staffers spoke at the Virus Bulletin International Conference in Madrid, Spain, on Thursday to shed more light on their postmortem of the CCleaner fiasco – and urge developers to protect their software's toolchain and distribution systems from hackers.…




Another W3C API exposing users to browser snitching

Fri, 06 Oct 2017 00:56:12 GMT

Web Payments API bugs, or perhaps features, can be abused: Lukasz Olejnik

Yet another W3C API can be turned against the user, privacy boffin Lukasz Olejnik has warned – this time, it's in how browsers store and check credit card data.…




How bad can the new spying legislation be? Exhibit 1: it's called the USA Liberty Act

Thu, 05 Oct 2017 23:20:54 GMT

Freedom doesn't mean what you think it does

Analysis The US Senate Judiciary Committee has unveiled its answer to a controversial spying program run by the NSA and used by the FBI to fish for crime leads.…