Subscribe: The Register - Security
http://www.theregister.com/security/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
breach  bug  crypto  data  fake  google  government  hackers  home  malware  new  open  privacy  security  told  web  world     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



Permissionless data slurping: Why Google's latest bombshell matters

Wed, 22 Nov 2017 16:09:10 GMT

Are you in control?

Comment According to an old Chinese proverb: "When a wise man points at the Moon, an idiot looks at his finger." Google may have been hoping that you were examining a finger, not reading a Quartz story yesterday, which reveals how Android phones send location data to Google without you even knowing it.…




You're such a goober, Uber: UK regulators blast hushed breach

Wed, 22 Nov 2017 15:15:13 GMT

MP: Funny, you managed to contact customers when TfL put your licence on hold…

Brit regulators, security agencies and MPs have slammed Uber for covering up the massive data breach of 57 million customer and driver records.…




Possible cut to British F-35 order considered before Parliament

Wed, 22 Nov 2017 13:05:04 GMT

MoD claims it's still committed but warns of 'uncertainty'

Rising costs might force the UK to reduce its order of F-35 fighter jets, the House of Commons has been told.…




Loake Shoes admits: We've fallen victim to cybercrims

Wed, 22 Nov 2017 10:18:05 GMT

Hold on to your laces, email server was compromised

Miscreants, hackers – call 'em what you will – have pilfered email addresses from an unknown number of Loake Shoes customers.…




Once more unto the breach: El Reg has a go at crisis management

Wed, 22 Nov 2017 09:43:11 GMT

And you can probably guess how that turned out

Hacks played representatives of a hacked company in an incident response exercise run by F-Secure this week.…




Crypto-jackers enlist Google Tag Manager to smuggle alt-coin miners

Wed, 22 Nov 2017 08:01:14 GMT

Ad giant has malware detection in its script-hosting service... but Coin Hive isn't flagged

Crypto-jackers using Coin Hive code to secretly mine Monero via computing power supplied by the unsuspecting have found Google Tag Manager to be a convenient means of distribution.…




Apple: Sure, we banned VPN iOS apps in China, but, um, er, art!

Wed, 22 Nov 2017 06:02:13 GMT

iGiant didn't want to aid censorship, but $10bn in revenue is $10bn in revenue

Apple has told the US government it cooperated with China's demands to block VPN services so it could get other concessions from the Middle Kingdom on human rights.…




Iranian military hacker fingered for 'Game of p0wns' HBO leak

Wed, 22 Nov 2017 03:58:04 GMT

Dept. of Justice lamely says 'winter is coming' for Behzad Mesri, aka 'Skote Vahshat'

The United States' Department of Justice has identified a suspect in July's attack on Home Box Office, naming an Iranian national, Behzad Mesri, in an indictment unsealed Tuesday, November 21.…




Microsoft says Win 8/10's weak randomisation is 'working as intended'

Wed, 22 Nov 2017 01:57:04 GMT

This bug is a feature in 11 out of 12 scenarios

Microsoft has rebutted analysis that suggested its Address Space Layout Randomisation (ASLR) technology could be exploited.…




Wait, did Oracle tip off world to Google's creepy always-on location tracking in Android?

Wed, 22 Nov 2017 00:55:42 GMT

War over Java spills into mobile privacy world

Analysis Having evidently forgotten about that Street View Wi-Fi-harvesting debacle, Google has admitted constantly collecting the whereabouts of Android devices regardless of whether or not they have location tracking enabled.…




Uber: Hackers stole 57m passengers, drivers' info. We also bribed the thieves $100k to STFU

Wed, 22 Nov 2017 00:04:30 GMT

And it happened a year ago, hoped you wouldn't find out

Uber's CEO Dara Khosrowshahi today revealed hackers broke into the ride-hailing app's databases and stole personal information on 57 million passengers and drivers – information including names, email addresses, and phone numbers.…




National Cyber Security Centre boss: For the love of $DEITY, use 2FA on your emails, peeps

Tue, 21 Nov 2017 13:03:37 GMT

Brit biz bosses, improve your infosec. We'll handle Russia

The chief exec of the National Cyber Security Centre – a branch of the UK's spy nerve-centre GCHQ – has called on everyone to enable two-factor authentication for their emails. This follows revelations that almost the entire population's details are available for sale on the dark web.…




Patch on way 'this week' for HP printer vulns

Tue, 21 Nov 2017 07:30:07 GMT

RCE? Check. Clear passwords? Check. Interfere with print jobs? Check

Sysadmins have been advised to watch for a coming HP printer firmware update that will plug a remote code execution vulnerability (among others) in its MFP-586 and the M553 printers.…




Microsoft's memory randomization security defense is a little busted in Windows 8, 10

Tue, 21 Nov 2017 03:02:14 GMT

RIP ROP? Think again

A Carnegie-Mellon CERT researcher has discovered that Microsoft broke some use-cases for its Address Space Layout Randomisation (ASLR) mechanism, designed to severely hamper hackers' attempts to exploit security bugs.…




Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

Mon, 20 Nov 2017 23:53:23 GMT

Bugs can be exploited to extract info, potentially insert rootkits

Intel today admitted its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to multiple worrying security flaws, based on the findings of external security experts.…




Cops jam a warrant into Apple to make it cough up Texas mass killer's iPhone, iCloud files

Mon, 20 Nov 2017 23:30:44 GMT

Here we go again…

Texas Rangers have obtained a search warrant for the contents of a blood-splattered iPhone SE belonging to gunman Devin Kelley who killed 26 people in a murder-suicide at a church.…




It was El Reg wot won it: Bing banishes bogus Brit bank banner ad

Mon, 20 Nov 2017 20:06:47 GMT

Link to fake TSB site canned after we help raise alarm

Microsoft has axed a Bing search result advert that masqueraded as a legit online banking website – but was in fact a sophisticated phishing operation.…




Germany slaps ban on kids' smartwatches for being 'secret spyware'

Mon, 20 Nov 2017 17:35:13 GMT

Hands up, whose parents are listening in on this class?

The German telecoms regulator has banned the sale of children's smartwatches that allow users to secretly listen in on nearby conversations.…




Container ship loading plans are 'easily hackable'

Mon, 20 Nov 2017 10:12:09 GMT

Look! A pic that's not a metaphor

Security researchers have warned that it might be possible to destabilise a container ship by manipulating the vessel stowage plan or "Bay Plan".…




It's 2017, and command injection is still the top threat to web apps

Mon, 20 Nov 2017 08:02:07 GMT

Open Web Application Security Project updated 'top-ten risks' lands on Monday, but we found a late, late draft

The Open Web Application Security Project will on Monday, US time, reveal its annual analysis of web application risks, but The Register has sniffed out the final draft of the report and can report that it has found familiar attacks top its charts, but exotic exploits are on the rise.…




DNS resolver 9.9.9.9 will check requests against IBM threat database

Mon, 20 Nov 2017 06:58:12 GMT

Group Co-founded by City of London Police promises 'no snooping on your requests'

The Global Cyber Alliance has given the world a new free Domain Name Service resolver, and advanced it as offering unusually strong security and privacy features.…




F5 DROWNing, not waving, in crypto fail

Mon, 20 Nov 2017 06:02:10 GMT

Bleichenbacher, the name that always chills cryptographers' blood

If you're an F5 BIG-IP sysadmin, get patching: there's a bug in the company's RSA implementation that can give an attacker access to encrypted messages.…




User experience test tools: A privacy accident waiting to happen

Mon, 20 Nov 2017 03:58:12 GMT

Researchers watch publishers watching you, ignore privacy settings, run over mere HTTP

Researchers working on browser fingerprinting found themselves distracted by a much more serious privacy breach: analytical scripts siphoning off masses of user interactions.…




Some 'security people are f*cking morons' says Linus Torvalds

Mon, 20 Nov 2017 02:04:21 GMT

Linux Lord fires up over proposal to secure Linux by shutting down wonky processes

Linux overlord Linus Torvalds has offered some very choice words about different approaches security, during a discussion about whitelisting features proposed for version 4.15 of the Linux kernel.…




Massive US military social media spying archive left wide open in AWS S3 buckets

Fri, 17 Nov 2017 20:08:18 GMT

Dozens of terabytes exposed, your tax dollars at work

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest.…




Shamed TLS/SSL cert authority StartCom to shut up shop

Fri, 17 Nov 2017 17:29:05 GMT

Chairman tells El Reg nobody will even notice its passing

Controversial certificate authority StartCom is going out of business.…




For goodness sake, stop the plod using facial recog, London mayor told

Fri, 17 Nov 2017 16:03:09 GMT

At least until there's some sort of strategy. Jeez – GLA

London's Metropolitan Police force's use of "intrusive" technologies "without proper regulation" could put a fundamental principle of policing at risk, the London mayor has been told.…




Lloyds' Avios Reward credit cardholders report fraudulent activity

Fri, 17 Nov 2017 15:03:09 GMT

Concerns raised over data breach

Thousands of Lloyds Avios Rewards American Express credit card customers have been targeted by fraudsters, the bank has admitted.…




Fake news ‘as a service’ booming among cybercrooks

Fri, 17 Nov 2017 07:57:13 GMT

Fake sites spread fake stories to fuel pump and dump or other foul ends

Criminals are exploiting “fake news” for commercial gain, according to new research.…




Kaspersky: Clumsy NSA leak snoop's PC was packed with malware

Thu, 16 Nov 2017 23:59:05 GMT

Lab suspects Chinese spyware was on home computer

Kaspersky Lab, the US government's least favorite computer security outfit, has published its full technical report into claims Russian intelligence used its antivirus tools to steal NSA secrets.…




Parity: The bug that put $169m of Ethereum on ice? Yeah, it was on the todo list for months

Thu, 16 Nov 2017 23:06:33 GMT

Just didn't get round to fixing it – our bad

Alt-coin wallet software maker Parity has published a postmortem of the bug that put millions of dollars of people's Ethereum on ice – and has admitted it knew about the flaw for months. It just hadn't got round to fixing it.…




Oracle scrambles to sew up horrid security holes in PeopleSoft's Tuxedo

Thu, 16 Nov 2017 20:34:12 GMT

Nothing like unauth'd hijacking, Heartbleed-style bugs to patch ASAP

Oracle has published an out-of-band software update to address a handful of security flaws in parts of the PeopleSoft HR software.…




Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

Thu, 16 Nov 2017 19:42:47 GMT

Plus AWS creds, S3 silos filled with sensitive customer info

Chinese drone maker DJI left the private key for its dot-com's HTTPS certificate exposed on GitHub for up to four years, according to a researcher who gave up with the biz's bug bounty process.…




Pawnbroker pwnd: Cash Converters says hacker slurped customer data

Thu, 16 Nov 2017 15:31:11 GMT

Details from decommissioned UK webshop scoured

Pawnbroking and secondhand goods outlet Cash Converters has suffered a data breach.…




New, revamped Terdot Trojan: It's so 2017, it even fake-posts to Twitter

Thu, 16 Nov 2017 14:56:13 GMT

You've grown so much, you piece of @£$

Terdot, a banking Trojan that has been around since mid-2016, has been re-engineered with updated information and credential thievery as well as social media account monitoring functionality.…




DJI bug bounty NDA is 'not signable', say irate infosec researchers

Thu, 16 Nov 2017 12:24:13 GMT

Non-disclosure agreement prompts uproar

Chinese drone maker DJI faces questions from infosec researchers about its bug bounty programme. Sources have told The Register that a non-disclosure agreement (NDA) they were invited to sign would result in the company "owning their actions".…




Does UK high street banks' crappy crypto actually matter?

Thu, 16 Nov 2017 09:33:10 GMT

Commentards didn't hold back and some experts disagreed

The Register's recent story about the failure of most UK high street banks to follow web security best practices has provoked a lively debate among security experts.…




Q: Why are you running in the office? A: This is my password for El Reg

Thu, 16 Nov 2017 04:52:54 GMT

Boffins find smartmobe accelerometers can turn your gait into a biometric

A trio of Indian boffins have studied the use of smartphone accelerometers as biometric sensors and concluded they could be a handy way to identify users.…




The four problems with the US government's latest rulebook on security bug disclosures

Wed, 15 Nov 2017 22:59:12 GMT

But it's still better than nothing

Analysis The United States government has published its new policy for publicly disclosing vulnerabilities and security holes.…




Crouching cyber Hidden Cobra: US warns Nork hackers are at it again with new software nasty

Wed, 15 Nov 2017 21:50:55 GMT

Fallchill file-stealing malware raids American networks

The FBI and US Homeland Security have issued an alert about a new strain of malware infecting American corporate systems and stealing sensitive data.…




US govt's 'foreign' spy program that can snoop on Americans at home. Sure, let's reauth that...

Wed, 15 Nov 2017 20:20:36 GMT

What's Russian for "section 702 s***show"?

Analysis The reauthorization of a controversial US government spying program has made further progress with the Senate's intelligence committee putting forward its recommendations to the whole Senate.…




Confusion reigns over crypto vuln in Spanish electronic ID smartcards

Wed, 15 Nov 2017 16:38:13 GMT

Certs revoked, but where are the updates?

The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia.…




Amazon, Google inject Bluetooth vuln vaccines into Echo, Home AI pals

Wed, 15 Nov 2017 16:00:09 GMT

The BlueBorne ultimatum

Updated Amazon and Google have automatically patched people's Echo and Home AI assistant devices, respectively, to defend against recently discovered Bluetooth-related security vulnerabilities.…




Coming live to a warzone near you: Army Truck Driver for Xbox!

Wed, 15 Nov 2017 14:02:06 GMT

Shh, ignore senior Brit officers saying armed forces on brink of collapse

As recently retired senior officers told UK Parliament that the armed forces are at risk of "institutional failure", the Ministry of Defence told the world's press that soldiers are playing with Xbox controllers.…




Uncle Sam to strap body sensors to hackers in nuke lab security study

Wed, 15 Nov 2017 06:58:09 GMT

Sandia Labs, US military seeks a few good guinea pigs for hack contest

Exclusive The US Department of Defense is funding research into how hackers hack, with an interesting twist. It wants to wire them up with body monitoring equipment to measure how they react while hunting down and exploiting security flaws.…




How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'

Wed, 15 Nov 2017 03:01:45 GMT

As Homeland Security hacks 757 on the tarmac

At least some commercial aircraft are vulnerable to wireless hacking, a US Department of Homeland Security official has admitted.…




It's 2017 – and your Windows PC can be forced to run malware-stuffed Excel macros

Wed, 15 Nov 2017 01:12:46 GMT

Not enough? How about a few dozen PDF remote code holes?

Microsoft and Adobe are getting into the holiday spirit this month by gorging users and admins with a glut of security fixes.…




What do Vegas hookers, Colombian government, and 30,000 other sites have in common? Crypto-jacking miners

Wed, 15 Nov 2017 00:21:41 GMT

Someone’s potentially getting rich – and it isn’t you

Over the past few months there has been an alarming rise in the number of websites running code that silently joyrides computers and secretly makes them mine digital currency for miscreants.…




Privacy Pass protocol promises private perusing

Tue, 14 Nov 2017 16:39:05 GMT

Boffins write browser extension for anonymous authentication

Boffins have harnessed privacy-preserving crypto to create a browser extension that allows users to authenticate to services without being tracked.…




Estonia cuffs suspect, claims he's a Russian 'hacker spy'

Tue, 14 Nov 2017 14:39:08 GMT

20-year-old is not an agent, Russia retorts

Russia has denied that a person nabbed by Estonian local authorities was one of its spies. Estonia alleges the suspect had been intent on hacking into the Baltic country’s computer network.…