Subscribe: The Register - Security: Malware
http://www.theregister.co.uk/security/spyware/headlines.rss
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
android  bug  cameras  data  devices  europol  hackers  internet  malware  patch  phishing  powers  security  state  web  years     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Malware

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2016, Situation Publishing
 



Body cams too fragile for Canadian Mounties – so they won't be used

Thu, 08 Dec 2016 00:43:40 GMT

Kit dumped after fears over battery life and durability

The Royal Canadian Mounted Police (RCMP) says it will not be equipping its officers with body cameras after the units were found to be not rugged enough for field use.…




Sigh... 'Hundreds of thousands' of... sigh, web CCTV cams still at risk of... sigh, hijacking

Wed, 07 Dec 2016 23:44:29 GMT

It's been two years and no patches, say researchers

Vid Amid ongoing malware infections of IoT gadgets and armies of commandeered gizmos attacking server, glaring security holes in web-connected CCTV cameras are going unpatched.…




Could this be you? Really Offensive Security Engineer sought by Facebook

Wed, 07 Dec 2016 23:17:08 GMT

'Here's your new password, champ – GoF*!#Urs3lf'

Facebook is hiring an Offensive Security Engineer, and not the sort inclined to disparage the length of your keys or your choice of encryption algorithm.…




Don't have a Dirty COW, man: Android gets full kernel hijack patch

Wed, 07 Dec 2016 20:37:35 GMT

Meanwhile, another nasty Linux bug surfaces

Google has posted an update for Android that, among other fixes, officially closes the Dirty COW vulnerability.…




Crims turn to phishing-as-a-service to slash costs and max profits

Wed, 07 Dec 2016 19:52:23 GMT

So says Imperva after trolling the dark web

Prefab phishing campaigns cost less to run and are twice as profitable as traditional phishing attacks, according to a new study by security vendor Imperva.…




Crims using anti-virus exclusion lists to send malware to where it can do most damage

Wed, 07 Dec 2016 07:32:10 GMT

When vendors tell you what to whitelist, crims are reading too

Advanced malware writers are using anti-virus exclusion lists to better target victims, researchers say.…




Uber is watching your smartphone's battery charge

Wed, 07 Dec 2016 06:57:13 GMT

Browser vendors' Battery API deprecation can't come soon enough

Browser authors are abandoning the invasive Battery API W3C specification, but not everybody's got the memo: Uber, for example, still watches battery status.…




Android, Qualcomm move on insecure GPS almanac downloads

Wed, 07 Dec 2016 03:01:04 GMT

HTTPS? They've heard of it

Nearly a decade after it introduced assisted-GPS in its mobile chipsets, Qualcomm has squished a bug that allowed miscreants to mess around with people's location services, or crash their phones.…




Open source Roundcube webmail can be attacked ... by sending it an e-mail

Wed, 07 Dec 2016 01:57:11 GMT

The Fifth Element is a problem - the input argument that didn't get checked is an RCE hole

The developers of open source webmail package Roundcube want sysadmins to push in a patch, because a bug in versions prior to 1.2.3 let an attacker crash it remotely – by sending what looks like valid e-mail data.…




Hackers actively stealing Wi-Fi keys from vulnerable routers

Tue, 06 Dec 2016 13:26:08 GMT

Still using the password from the back of the router? Oops!

Hackers have graduated from planting malware on the vulnerable routers supplied to consumers by various ISPs towards stealing Wi-Fi keys.…




Own goal for Scottish Football Association as fans sent phishy emails

Tue, 06 Dec 2016 11:32:09 GMT

Body in lochdown after 'breach at third-party supplier'

Phishing emails ostensibly from the Scottish Football Association (SFA) were sent to subscribers on Monday as the result of a breach.…




Sony kills off secret backdoor in 80 internet-connected CCTV models

Tue, 06 Dec 2016 11:00:12 GMT

Magic 'secret key' HTTP request opens up admin control

Sony has killed off what, charitably, looks like a debug backdoor in 80 of its web-connected surveillance cameras that can be exploited to hijack the devices.…




The UK's Investigatory Powers Act allows the State to tell lies in court

Tue, 06 Dec 2016 09:00:07 GMT

Enshrining parallel construction in English law

Analysis Blighty's freshly passed Investigatory Powers Act, better known as the Snoopers' Charter, is a dog's dinner of a law. It gives virtually unrestricted powers not only to State spy organisations but also to the police and a host of other government agencies.…




Facebook, Microsoft, Twitter and YouTube team to ID terror content

Tue, 06 Dec 2016 08:29:14 GMT

Hash-sharing pact will help them ID violent extremism you see it

Facebook, Microsoft, Twitter and YouTube have teamed up to share their expertise spotting terrorism-related content, in order to crimp its spread.…




In the three years since IETF said pervasive monitoring is an attack, what's changed?

Tue, 06 Dec 2016 08:02:10 GMT

IETF Security director Stephen Farrell offers a report card on evolving defences

Feature After three years of work on making the Internet more secure, the Internet Engineering Task Force (IETF) still faces bottlenecks: ordinary peoples' perception of risk, sysadmins worried about how to manage encrypted networks, and – more even than state snooping – an advertising-heavy 'net business model that relies on collecting as much information as possible.…




Standards body warned SMS 2FA is insecure and nobody listened

Tue, 06 Dec 2016 07:02:07 GMT

Duo Security says NIST's advice to deprecate out-of-band passwords has been ignored

The US National Institute of Standards and Technology's (NIST) advice that SMS is a poor way to deliver two factor authentication is having little impact, according to Duo Security.…




Printer security is so bad HP Inc will sell you services to fix it

Tue, 06 Dec 2016 05:00:08 GMT

Finally, FINALLY, someone is turning off Telnet and FTP

Printer security is so awful HP Inc is willing to shut off shiny features and throw its own dedicated bodies at the perennial problem.…




Arista CloudVision Portal bug revealed, plus evidence it's been used

Tue, 06 Dec 2016 03:56:10 GMT

You know the drill: face-palm, download, patch, grumble about state of security, relax

Arista customers: if you're running a version of CloudVision Portal (CVP) older than 2016.1.2.1, get an update or risk getting p0wned.…




1.4bn records from HaveIBeenPwned offered for your analytical pleasure

Tue, 06 Dec 2016 02:44:13 GMT

Troy Hunt's Christmas trove is a splendid gift for security and data nerds

Security researcher Troy Hunt had better hope his anonymisation works: he's decided to offer up most of his “HaveIBeenPwned” data set for other security researchers to analyse.…




CloudFlare warns of another massive botnet, er, flaring up

Mon, 05 Dec 2016 22:41:39 GMT

DDoS attacks on the horizon as White House cybersecurity report issues recommendations

CloudFlare has warned of another massive botnet that appears to be ramping up and targeting the US West Coast.…




Yorkshire cyber security biz ECSC Group to debut on AIM exchange

Mon, 05 Dec 2016 14:03:37 GMT

These breaches ain't bad for business...

Bradford-based cyber security consultancy ECSC Group is set to float on the AIM stock exchange on December 14.…




Guessing valid credit card numbers in six seconds? Priceless

Mon, 05 Dec 2016 08:02:06 GMT

Brit researchers find a way to figure out VISA card numbers just by going shopping

Fraudsters can guess credit card numbers in as little as six seconds per attempt thanks to security gaps in Visa's network, academics say.…




IoT camera crew Titathink tells Reg it'll patch GET bug in a week

Mon, 05 Dec 2016 05:03:11 GMT

Apologises for 'serious mistake' in older kit, says latest things are secure

Titathink has become the second vendor to respond to the modified firmware that exposed a variety of surveillance cameras to a malicious URL attack.…




'Toyota dealer stole my wife's saucy snaps from phone, emailed them to a swingers website'

Sat, 03 Dec 2016 01:27:23 GMT

Texas pastor and spouse sue automaker, sales boss cuffed

A Texas couple is suing Toyota and one of its car dealerships after one of its staff allegedly stole saucy snaps off their cellphone and emailed them to a swingers website.…




Russia accuses hostile foreign powers of plot to undermine its banks

Fri, 02 Dec 2016 16:31:25 GMT

Let's get ready to rouble

Russia has accused unnamed foreign spies of launching a concerted effort to undermine its domestic banking system.…




Sh... IoT just got real: Mirai botnet attacks targeting multiple ISPs

Fri, 02 Dec 2016 12:19:08 GMT

Now ZyXEL and D-Link routers from Post Office and TalkTalk under siege

Analysis The Mirai botnet has struck again, with hundreds of thousands of TalkTalk and Post Office broadband customers affected. The two ISPs join a growing casualty list from a wave of assaults that have also affected customers at Deutsche Telekom, KCOM and Irish telco Eir over the last two weeks or so.…




Microsoft's 'Samaritan' refuses help to hackers doing Win 10 recon

Fri, 02 Dec 2016 08:27:07 GMT

'SAMRi10' script hides the creds hackers crave, making box-to-box jumps harder

Microsoft hacker Itai Grady has created a tool to help prevent blackhat scouts from stealing Windows credentials, an effort the firm hopes will make network compromises harder to achieve.…




Hackers waste Xbox One, PS4, MacBook, Pixel, with USB zapper

Fri, 02 Dec 2016 04:58:13 GMT

What would happen if someone sticks this USBBQ into an airplane seat socket?

VIDS Hackers are destroying everything from the latest gaming systems, phones, and even cars with a dangerous circuit-frying USB device that could put critical systems at risk.…




Shamoon malware returns to again wipe Saudi-owned computers

Fri, 02 Dec 2016 01:58:12 GMT

Iran suspected as likely source of re-vamped nastyware

Thousands of computers in Saudi Arabia's civil aviation agency and other Gulf State organisations have been wiped by the Shamoon malware after it resurfaced some four years after wiping thousands of Saudi Aramco workstations.…




Online criminals iced as cops bury malware-spewing Avalanche

Thu, 01 Dec 2016 23:57:11 GMT

Four-year op by US and EU culminates in arrests, server seizures

On November 30, simultaneous raids in five countries by the FBI, Europol, and the UK's National Crime Agency (NCA) finally shuttered the Avalanche criminal network that has been spewing malware and money laundering campaigns for the past seven years.…




Europol cop took terror dossier home, flashed it to the web accidentally

Thu, 01 Dec 2016 19:37:34 GMT

Europe's FBI sheds light on security bungle

An investigator at Europe's FBI Europol took home a USB stick packed with terror probe documents and accidentally spilled the files on the internet.…




Hull surfers cut off by router attack

Thu, 01 Dec 2016 15:01:10 GMT

Routers scooted, says KCOM

Thousands of broadband customers in the Hull area have been left without reliable internet access following a cyber attack.…




RAF Club members emailed fake invoices. Has it been hacked?

Thu, 01 Dec 2016 14:33:05 GMT

Military personnel's social centre scratches its head

The Royal Air Force Club appears to have been the victim of a hack, following members being sent fake invoices for staying at the club's London HQ.…




Clients say they'll take their money and run if service hacked – poll

Thu, 01 Dec 2016 10:57:11 GMT

Data breaches could cost firms business, Brits tell survey

Further evidence has emerged that hacked firms might subsequently suffer a customer exodus. After TalkTalk's famous data breach, 101,000 of its customers walked.…




Fatal flaws in ten pacemakers make for Denial of Life attacks

Thu, 01 Dec 2016 06:02:14 GMT

Brit/Belgian research team decipher signals and devise wounding wireless attacks

A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims.…




SHIFT + F10, Linux gets you Windows 10's cleartext BitLocker key

Thu, 01 Dec 2016 05:00:01 GMT

Don't panic, because this one's a bit esoteric. Do feel free to face-palm anyway

Microsoft is working on a patch for a bug or feature in Windows 10 that allowed access to the command line and, using a live Linux .ISO, made it possible steal BitLocker keys during OS updates.…




UCam247 tells El Reg most of its cams aren't vulnerable to GET vuln

Thu, 01 Dec 2016 03:01:06 GMT

IoT vendor in prompt, polite, sensible, security shocker

IoT security camera vendor UCam247 has contacted The Register to say most devices in the wild aren't vulnerable to the “single URL pwnage” vulnerability.…




Google's Project Zero tweaking Microsoft, because it did fix a bug

Thu, 01 Dec 2016 02:03:04 GMT

Redmond said it wouldn't fix a flaw, then did it on the sly

For once, a Google Project Zero bug report to Microsoft has resulted in a fix without a public spat. Indeed, this fix happened without any public announcement at all.…




Wow. What a shock. The FBI will get its bonus hacking powers after all

Wed, 30 Nov 2016 23:04:55 GMT

Rule 41 makes life easier for Feds, cops to target Tor, VPN users, and malware victims

Three last-ditch legislative efforts to block the changes to Rule 41 of the Federal Rules of Criminal Procedure have failed, and from tomorrow the Feds will find hacking your PC a lot less of a hassle.…




Android-rooting Gooligan malware infects 1 million devices

Wed, 30 Nov 2016 16:21:29 GMT

At an estimated rate of 13,000 smartphones a day

A new strain of Android malware is infecting an estimated 13,000 devices per day.…




UCL snags head of Europol for a seminar on privacy

Wed, 30 Nov 2016 12:39:21 GMT

Debates ahoy in late January

The head of Europol will be contributing to a seminar at UCL on "the state of the current privacy landscape", which will run in January.…




UK cops spot webcam 'sextortion' plots: How vics can hit stop

Wed, 30 Nov 2016 11:56:06 GMT

Don't panic, don't pay

The NCA has said that "at least four young men have taken their own lives" after being targeted by financially motivated webcam blackmailers, while UK police forces are sharing stats and tips in a campaign to combat the rising problem.…




UK National Lottery data breach: Fingers crossed – it might not be you

Wed, 30 Nov 2016 11:16:12 GMT

No card data but possibly other personal stuff

Cyber criminals appear to be using passwords and email addresses from previous breaches to gain access to 26,000 online UK National Lottery accounts.…




'Tesco Bank's major vulnerability is its ownership by Tesco,' claims ex-employee

Wed, 30 Nov 2016 10:03:13 GMT

Links to supermarket's systems may have exposed vulnerability

A former techie at the UK's Tesco Bank reckons the recent high-profile breach may be down to security shortcomings at the bank's parent supermarket.…




Speaking in Tech: The limitations of Android's crypto

Wed, 30 Nov 2016 09:24:12 GMT

Podcast Podcast Idol winners rap about Apple, Google DeepMind and more



UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor

Wed, 30 Nov 2016 07:04:05 GMT

How far will it go? You'll have to ask the Home Secretary

Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors.…




PayPal proffers patch for OAuth app hack hole

Wed, 30 Nov 2016 05:32:04 GMT

Payment giant takes second look at bad bugs.

Paypal has patched a phishing vulnerability that could allow attackers to steal any OAuth token for its payment apps and gain access to accounts.…




GET pwned: Web CCTV cams can be hijacked by single HTTP request

Wed, 30 Nov 2016 02:27:46 GMT

Server buffer overflow equals remote control

An insecure web server embedded in more than 35 models of internet-connected CCTV cameras leaves devices wide open to hijacking, it is claimed.…




Drive-by web nasty unmasks Tor Browser users, Mozilla dashes to patch zero-day vuln

Wed, 30 Nov 2016 01:33:19 GMT

JavaScript smuggles malicious payload into PCs

Updated Mozilla is scrambling to patch a vulnerability in Firefox that is apparently being exploited in the wild to unmask Tor Browser users.…




Another Canadian uni hit by ransomware, students told to keep Windows PCs away

Tue, 29 Nov 2016 23:31:58 GMT

Network crippled by extortion software nasty

Carleton University in Ontario, Canada, has confirmed it has been hit by a ransomware infection that crippled some of the Windows machines on its main campus.…