Subscribe: The Register - Security: Malware
http://www.theregister.co.uk/security/spyware/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
cloud  code  cyber  data  don  facebook  found  malware  secure  security vulnerabilities  security  vulnerabilities  web  yahoo     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Malware

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2018, Situation Publishing
 



Hyperoptic's ZTE-made 1Gbps routers had hyper-hardcoded hyper-root hyper-password

Thu, 26 Apr 2018 06:03:08 GMT

Firmware updates pushed out to up to 400,000 subscribers

A security vulnerability has been found in Brit broadband biz Hyperoptic's home routers that exposes tens of thousands of its subscribers to hackers.…




Power spike leads Chinese police to 600-machine mining rig

Thu, 26 Apr 2018 05:24:05 GMT

Six Bitcoiners cuffed for electricity heist

Chinese media is reporting the seizure of 600 Bitcoin miners in the northern municipality of Tianjin, on the grounds of electricity theft.…




Win 7, Server 2008 'Total Meltdown' exploit lands, pops admin shells

Thu, 26 Apr 2018 03:03:05 GMT

Plus: Xen admins – you need to get patching your patches, too

If you're not up-to-date with your Intel CPU Meltdown patches for Windows 7 or Server 2008 R2, get busy with that, because exploit code for Microsoft's own-goal flaw is available.…




ISO blocks NSA's latest IoT encryption systems amid murky tales of backdoors and bullying

Wed, 25 Apr 2018 19:33:53 GMT

Experts complain of shoddy tech specs and personal attacks

Two new encryption algorithms developed by the NSA have been rejected by an international standards body amid accusations of threatening behavior.…




Hotel, motel, Holiday Inn? Doesn't matter – they may need to update their room key software

Wed, 25 Apr 2018 17:34:38 GMT

Eggheads craft skeleton cards to unlock doors in global chains

Infosec outfit F-Secure has uncovered security vulnerabilities in hotel keycard systems that can be exploited by miscreants to break into rooms across the globe.…




World's biggest DDoS-for-hire souk shuttered, masterminds cuffed

Wed, 25 Apr 2018 15:59:04 GMT

Webstresser.org taken down by Europol plod and chums

Cops yesterday cuffed IT admins behind the "world’s biggest DDoS marketplace", webstresser.org, Europol confirmed today.…




Apple debugs debugger, nukes pesky vulns in iOS, WebKit, macOS

Wed, 25 Apr 2018 07:01:13 GMT

Cook's Cupertino crew corrects coding cockups

Apple has issued a trio of updates to patch security vulnerabilities in Safari, macOS, and iOS.…




Yahoo! fined! $35m! for! covering! up! massive! IT! security! screwup!

Tue, 24 Apr 2018 19:09:29 GMT

Now, who wants to take a look at the revamped Yahoo Mail?

The Disaster Formerly Known as Yahoo! has been fined $35m by US financial watchdog, the SEC, for failing to tell anyone about one of the world's largest ever computer security breaches.…




AWS DNS network hijack turns MyEtherWallet into ThievesEtherWallet

Tue, 24 Apr 2018 19:04:24 GMT

Audacious BGP seizure of Route 53 IP addys followed by crypto-cyber-heist

Updated Crooks today hijacked internet connections to Amazon Web Services systems to ultimately steal a chunk of alt-coins from online cryptocurrency website MyEtherWallet.com.…




Critical infrastructure needs more 21qs6Q#S$, less P@ssw0rd, UK.gov security committee told

Tue, 24 Apr 2018 17:18:56 GMT

Plus: No one will say whether Huawei, ZTE are the baddies

Banks could plug their security vulnerabilities by simply improving password protections, the deputy CEO of the Prudential Regulation Authority has told the House of Lords in England.…




Medic! Orangeworm malware targets hospitals worldwide

Tue, 24 Apr 2018 14:00:12 GMT

Hacking campaign goes after care providers and equipment

If there's one thing security vendors love it's a catchilly-named piece of malware to whip up fervor over, and boy is it a good day to be Symantec.…




Massive cyber attack targets mid-Atlantic nation 'Berylia'

Tue, 24 Apr 2018 06:02:09 GMT

NATO exercise offers the chance to test full chain of cyber-defence command

NATO and assorted partners have unleashed a massive cyber-attack on the fictional country of Berylia to test their ability to defend critical infrastructure against outside attacks.…




I got 99 secure devices but a Nintendo Switch ain't one: If you're using Nvidia's Tegra boot ROM I feel bad for you, son

Mon, 23 Apr 2018 21:17:43 GMT

Unpatchable vuln found, exploited to run custom code

Updated Security researcher Kate Temkin has released proof-of-concept code dubbed Fusée Gelée that exploits a bug in Nvidia's Tegra chipsets to run custom code on locked-down devices.…




Single single-sign-on SNAFU threatens three Cisco products

Mon, 23 Apr 2018 06:28:09 GMT

Firepower, AnyConnect and ASA appliances and clients need patches

Cisco has announced a suite of patches against a bug in its Security Assertion Markup Language (SAML) implementation.…




Brains behind seL4 secure microkernel begin RISC-V chip port

Mon, 23 Apr 2018 05:02:09 GMT

Unveil first code, join giants in industry-standards club

The first RISC-V port of the seL4 microkernel was last week released by the Data61 division of the Australian government's Commonwealth Scientific and Industrial Research Organisation (CSIRO).…




Chinese web giant finds Windows zero-day, stays schtum on specifics

Mon, 23 Apr 2018 01:36:08 GMT

Quihoo 360 plays the responsible disclosure game

Chinese company Quihoo 360 says it's found a Windows zero-day in the wild, but because it's notified Microsoft, it's not telling anyone else how it works.…




Cloud-surfing orgs under attack, Microsoft antivirus for Chrome, Windows 10 S bypass, non-RSA gigs, and more

Sat, 21 Apr 2018 11:06:13 GMT

Your guide to this week in infosec

Roundup Here's a roundup of this week's security news, beyond what we've already covered.…




Oh, baby! Newborn-care website leaves database of medics wide open

Fri, 20 Apr 2018 23:30:27 GMT

Health Stream, are you out there? The guy that found your data leak wants a word

A US healthcare company seemingly exposed on the public internet contact information for roughly 10,000 medical professionals.…




No way, RSA! Security conference's mobile app embarrassingly insecure

Fri, 20 Apr 2018 21:20:17 GMT

Sorry about the hard-coded passwords, can we sell you some crypto now?

RSA has copped to a security vulnerability in the backend systems powering the smartphone app for its annual security conference, held this week in San Francisco, USA.…




British Crackas With Attitude chief gets two years in the cooler for CIA spymaster hack

Fri, 20 Apr 2018 19:21:30 GMT

Kane Gamble gambles and loses on hacking skills

The British teenager who was sufficiently talented and stupid to hack the webmail of the head of the CIA was today sent down for two years.…




Planned European death ray may not need Brit boffinry brain-picking

Fri, 20 Apr 2018 15:06:09 GMT

Plenty of laser research already going on – but there's more than one way to melt a drone

The EU is planning to build a laser cannon with double the power of Britain's under-construction Dragonfire zapper, according to reports – but the general state of the tech doesn't automatically mean Europe will be trying to snaffle Brit raygun smarts.…




Oracle whips out the swatter, squishes 254 security bugs in its gear

Thu, 19 Apr 2018 22:07:34 GMT

Java fixes lobbed out, Spectre Solaris patches issued

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products.…




Yahoo! webmail! hacker! faces! nearly! eight! years! in! the! cooler!

Thu, 19 Apr 2018 18:25:50 GMT

Prosecutors ask judge to give Baratov 94 months for stealing accounts on behalf of FSB

The Canadian hacker who helped Russian agents by breaking into more than 11,000 Yahoo email accounts could spend the next eight years behind bars, if American prosecutors get their way.…




Eight months after Equifax megahack, some Brits are only just being notified

Thu, 19 Apr 2018 16:39:11 GMT

I'm fsck-ed off it took this long, rages affected Reg reader

Some of the 15 million Britons affected by the Equifax mega-hack are only now receiving letters notifying them that they were affected by the breach, eight months after the event.…




Millions of scraped public social net profiles left in open AWS S3 box

Thu, 19 Apr 2018 15:00:07 GMT

Poorly configured cloud buckets strike again – this time, Localbox fingered

US social network data aggregator LocalBlox has been caught leaving its AWS bucket of 48 million records – harvested in part from public Facebook, LinkedIn and Twitter profiles – available to be viewed by anyone who stopped by.…




Cutting custody snaps too costly for cash-strapped cops – UK.gov

Thu, 19 Apr 2018 08:02:07 GMT

Home Office admits national and local databases don't talk to each other, so everything is manual

The UK government has admitted it can only delete custody images from its massive database through a complex manual process, and that it would cost too much to weed out all the images of innocent people by hand.…




PCI Council releases vastly expanded cards-in-clouds guidance

Thu, 19 Apr 2018 05:58:09 GMT

First word on how card security for containers, VDI, SDN and web apps

The Payment Card Industry Security Standards Council (PCI SSC) has issued a big update to its guidance on using payment cards with cloud computing services.…




Facebook's login-to-other-sites service lets scum slurp your stuff

Thu, 19 Apr 2018 01:58:04 GMT

How trackers can snatch private info from people's profiles

Updated It's possible for miscreants to secretly extract people's personal information via Facebook's Login service – the tool that lets you sign into websites using just a Facebook ID.…




Flash! Ah-ahhh! WebEx pwned for all of us!

Thu, 19 Apr 2018 00:12:47 GMT

Cisco issues critical patch to stop in-meeting attacks

Cisco has patched a serious vulnerability in its WebEx software that lets an attacker remotely execute code on target machines via poisoned Adobe Flash files.…




How's your Wednesday? Things going well? OK, your iPhone, iPad can be pwned via Wi-Fi sync

Wed, 18 Apr 2018 20:26:36 GMT

Don't panic… until you finish reading

RSA 2018 The iTunes Wi-Fi sync feature in Apple's iOS can be potentially abused by cops, snoops, and hackers to remotely extract information from, and control, iPhones and iPads.…




Surprise! Wireless brain implants are not secure, and can be hijacked to kill you or steal thoughts

Wed, 18 Apr 2018 18:57:27 GMT

Science-fiction horror trope now a reality in 2018

Scientists in Belgium have tested the security of a wireless brain implant called a neurostimulator – and found that its unprotected signals can be hacked with off-the-shelf equipment.…




ID theft in UK hits record high as crooks shift to more vulnerable targets

Wed, 18 Apr 2018 13:02:04 GMT

Less checked online services bear brunt

Identity fraud in Blighty hit a record high of 174,523 incidents last year – and the vast majority of it happened online.…




NHS given a lashing for lack of action plan one year since WannaCry

Wed, 18 Apr 2018 08:03:06 GMT

Cyber resiliency of the UK's health service still in disarray

Nearly a year has passed since the unprecedented WannaCry cyber attack and the UK's NHS has yet to agree an action plan, according to a report by MPs.…




Cisco, Microsoft and 32 big vendor pals join ‘Accord’ to improve security by doing … security stuff

Wed, 18 Apr 2018 06:57:11 GMT

No roadmap. No timeframe. No success metrics. Not much grip on reality, either

Analysis Thirty-four technology companies inked a "Cybersecurity Tech Accord" on Tuesday which they said represents "a public commitment … to protect and empower civilians online and to improve the security, stability and resilience of cyberspace".…




Hop to it, bunnies: TaskRabbit breach means new passwords

Wed, 18 Apr 2018 04:57:04 GMT

Repeat after The Vultures: don't re-use passwords

IKEA's TaskRabbit app and Website, which links buyers with people skilled with Allen key experts and other errand-runners, remain offline a day after the company announced a data breach.…




You're a govt official. You accidentally slap personal info on the web. Quick, blame a kid!

Wed, 18 Apr 2018 03:59:45 GMT

Hacking charge for twiddling URL – O Canada!?

Comment There's a curious legal situation developing in Nova Scotia, Canada, right now.…




Hey, govt hacker bod. Made some really nasty malware? Don't be upset if it returns to bite you

Wed, 18 Apr 2018 00:45:24 GMT

Cough, cough, EternalBlue, cough, cough Wannacry, splutter, Stuxnet

RSA 2018 "You don't launch a cyber weapon, you share it."…




Signal app guru Moxie: Facebook is like Exxon. Everyone needs it, everyone despises it

Tue, 17 Apr 2018 19:52:00 GMT

Crypto expert panel tackles the big stories of the year

RSA 2018 Speaking at the 2018 RSA conference, a board of some of the most respected names in security spoke on Tuesday and were scathing about Facebook – and the industry's response to the Spectre processor bug.…




We 'could' send troubled Watchkeeper drones to war, insists UK minister

Tue, 17 Apr 2018 14:58:04 GMT

And I 'could' sing a duet with Taylor Swift

Comment The British Army's troubled Watchkeeper drones "could still be deployed on operations", a defence minister has insisted.…




Build up your security credentials at SANS London June 2018

Tue, 17 Apr 2018 10:12:07 GMT

Train to outwit the cyber criminals

Promo Even as IT systems grow and become more complex, so new and ingenious methods for stealing vital data or holding organisations to ransom proliferate at an increasingly rapid pace.…




Facebook admits it does track non-users, for their own good

Tue, 17 Apr 2018 05:53:12 GMT

Oh that snitch-code? It's just a little thing to make the web more convenient ... for Facebook and its advertisers

Facebook's apology-and-explanation machine grinds on, with The Social Network™ posting detail on one of its most controversial activities – how it tracks people who don't use Facebook.…




Intel's security light bulb moment: Chips to recruit GPUs to scan memory for software nasties

Tue, 17 Apr 2018 03:00:09 GMT

Coprocessors drafted for threat detection duties

Updated Having weathered revelations in January that its chips can be attacked through a novel class of side-channel vulnerabilities – mostly addressed through microcode fixes – Intel is adding broader silicon-level security improvements to its processors.…




Microsoft has designed an Arm Linux IoT cloud chip. Repeat, an Arm Linux IoT cloud chip

Tue, 17 Apr 2018 00:58:22 GMT

And it talks to Azure. Cortana probably spotted lurking nearby

Microsoft has designed a family of Arm-based system-on-chips for Internet-of-Things devices that runs its own flavor of Linux – and securely connects to an Azure-hosted backend.…




US, UK cyber cops warn Russians are rooting around in your routers

Mon, 16 Apr 2018 21:00:41 GMT

After all, it's where all your data is flowing through

American and British crimefighters have launched another round of pin-the-tail-on-the-Russians – with a warning that Moscow-backed hackers are trying to subvert the world's network devices.…




Google to add extra Gmail security … by building a walled garden

Mon, 16 Apr 2018 20:37:56 GMT

Wants to make money and ignore end-to-end encryption

Comment Google is planning to add several new security features to its ubiquitous email service, Gmail, but they will come with a cost – literally and figuratively.…




Security? We've heard of it, say web-app devs. 31 in 33 codebases have at least one big bad vuln

Mon, 16 Apr 2018 19:06:01 GMT

HTTP 404: Secure programming not found

Automated source code analysis of 33 web applications has found that 94 per cent of them have at least one high-severity vulnerability, according to security biz Positive Technologies.…




UK spy agency warns Brit telcos to flee from ZTE gear

Mon, 16 Apr 2018 14:55:08 GMT

GCHQ's cyber guys don't say why...

GCHQ's cyber security advice group has formally warned of the risk of using ZTE equipment and services for the UK's telco infrastructure.…




Cisco backs test to help classical crypto outlive quantum computers

Mon, 16 Apr 2018 05:58:09 GMT

Borg helps Isara's post-quantum PKI cert test in the hope it future-proofs TLS

Cisco and quantum security outfit Isara reckon they've got at least as far as alpha stage in one problem of the future: securing public key certificates against quantum computers.…




Security bods liberate EITest malware slaves

Mon, 16 Apr 2018 03:58:12 GMT

Miscreants' command and control network traffic sent down sinkhole

One of the world's longest-lived malware networks, EITest, has gone offline.…




Android apps prove a goldmine for dodgy password practices

Mon, 16 Apr 2018 00:58:09 GMT

And password crackers are getting a lot smarter

Bsides SF An analysis of free Android apps has shown that developers are leaving their crypto keys embedded in applications, in some cases because the software developer kits install them by default.…