Subscribe: The Register - Security
http://www.theregister.com/security/headlines.rss
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
app  attack  data  drone  exploit  home  malware  microsoft  new  office  personal  phishing  privacy  security  software     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



No, the cops can't get a search warrant to just seize all devices in sight – US appeals court

Fri, 18 Aug 2017 22:59:13 GMT

Judges frown upon fishing for incriminating data on phones

It's a ruling sending shockwaves through the worlds of privacy, device security, and law enforcement in America.…




Berkeley boffins build better spear-phishing black-box brusier

Fri, 18 Aug 2017 20:12:54 GMT

Machine learning and code to detect and alert attempts to extract passwords from staff

Security researchers from UC Berkeley and the Lawrence Berkeley National Laboratory in the US have come up with a way to mitigate the risk of spear-phishing in corporate environments.…




So long and thanks for all the phish: Red teams need to be smarter now

Fri, 18 Aug 2017 14:06:48 GMT

Pen-testers face new challenges as defences evolve

BSides The opening talk at BSides Manchester on Thursday examined how red team tactics are evolving beyond phishing to include a wider variety of methods.…




Q: How many drones are we bombing ISIS with? A: That's secret, mmkay

Fri, 18 Aug 2017 13:23:36 GMT

But the MoD will happily tell you how many manned jets we're using to do that exact thing

The UK's Information Tribunal has rejected an appeal by campaigners trying to find out how many British Reaper drones are being used for warlike missions in the Middle East.…




What weighs 800kg and runs Windows XP? How to buy an ATM for fun and profit

Fri, 18 Aug 2017 11:57:12 GMT

Security researchers pick up angle grinder, drop £2k-plus in B-sides chat

BSides Weighing in at 800kg secondhand, freestanding ATMs - a “safe with a computer on top” - are a logistical nightmare to own and research, security boffin Leigh-Anne Galloway warned delegates at the BSides Manchester infosec conference yesterday.…




New NIST draft embeds privacy into US govt security for the first time

Fri, 18 Aug 2017 01:57:09 GMT

Federal agency addresses the new world of Alexa, smart cameras and IoT

A draft of new IT security measures by the US National Institute of Standards and Technology (NIST) has for the first time pulled privacy into its core text as well as expanded its scope to include the internet of things and smart home technology.…




US cops point at cell towers and say: Give us every phone number that's touched that mast

Thu, 17 Aug 2017 23:52:46 GMT

Verizon says basestation dumps increasingly popular

US telecoms giant Verizon says police are increasingly asking it to cough up massive dumps of cellphone data rather than individual records.…




What code is running on Apple's Secure Enclave security chip? Now we have a decryption key...

Thu, 17 Aug 2017 22:48:07 GMT

Ladies and gentlemen, start your ARM disassemblers

Apple's Secure Enclave, an ARM-based coprocessor used to enhance iOS security, became a bit less secure on Thursday with the publication of a firmware decryption key.…




Don't panic, Chicago, but an AWS S3 config blunder exposed 1.8 million voter records

Thu, 17 Aug 2017 20:47:40 GMT

Personal info spills from another poorly secured Amazon service

A voting machine supplier for dozens of US states left records on 1.8 million Americans in public view for anyone to download – after misconfiguring its AWS-hosted storage.…




London council 'failed to test' parking ticket app, exposed personal info

Thu, 17 Aug 2017 12:55:04 GMT

Authority fined £70k after missing URL manipulation

A London council has been fined £70,000 after design faults in its TicketViewer app allowed unauthorised access to 119 documents containing sensitive personal information.…




UK govt steams ahead with £5m facial recog system amid furore over innocents' mugshots

Thu, 17 Aug 2017 06:03:09 GMT

Contract ignores lack of strategy, growing criticism

The UK Home Office has put out to tender a £4.6m ($5.9m) contract for facial recognition software – despite the fact its biometrics strategy and retention systems remain embroiled in controversy.…




Bank IT fella accused of masterminding multimillion-dollar insider-trading scam

Thu, 17 Aug 2017 05:03:12 GMT

Consultant was all too app-y to break law, claim investigators

A banking IT expert orchestrated an insider-trading caper that raked in millions of dollars for him and his pals, it was claimed on Wednesday.…




Rowhammer RAM attack adapted to hit flash storage

Thu, 17 Aug 2017 04:27:10 GMT

Project Zero's two-year-old dog learns a new trick

It's Rowhammer, Jim, but not as we know it: IBM boffins have taken the DRAM-bit-flipping-as-attack-vector trick found by Google and applied it to MLC NAND Flash.…




NotPetya ransomware attack cost us $300m – shipping giant Maersk

Wed, 16 Aug 2017 22:15:38 GMT

IT crippled so badly firm relied on WhatsApp

The world's largest container shipping biz has revealed the losses it suffered after getting hit by the NotPetya ransomware outbreak, and the results aren't pretty.…




Disgraced US Secret Service agent coughs to second Bitcoin heist

Wed, 16 Aug 2017 19:04:20 GMT

Fox, meet henhouse

An ex-Secret Service agent who stole Bitcoins from the Silk Road dark web drugs bazaar he was supposed to be investigating has admitted stealing even more sacks of the digital currency.…




HBO Game Of Thrones leak: Four 'techies' arrested in India

Wed, 16 Aug 2017 13:27:09 GMT

GoT suspects cuffed

Four arrests connected with the leak of an unaired Game of Thrones episode have been made in India.…




She's arrived! HMS Queen Lizzie enters Portsmouth Naval Base

Wed, 16 Aug 2017 10:59:08 GMT

65,000 tonnes and 4.5 acres of British sovereign territory – but is she worth it?

Pics Britain’s newest warship, its biggest warship of all time, HMS Queen Elizabeth, entered Portsmouth Harbour for the first time this morning.…




Och. Scottish Parliament under siege from brute-force cyber attack

Wed, 16 Aug 2017 10:37:12 GMT

Unidentified hackers attempt to bust open email accounts

Hackers are trying to break into Scottish Parliament email accounts weeks after similar campaigns against Westminster.…




Speaking in Tech: Tomorrow's infosec fiasco is a 'we're not a company any more' fiasco

Wed, 16 Aug 2017 10:03:06 GMT

Podcast Wannacry is just the beginning



Months after breach at the 'UnBank' Ffrees, customers complain: No one told us

Wed, 16 Aug 2017 08:03:08 GMT

Yet 'alternative' UK financial service has complied with law

Customers of UK financial services firm FFrees said they were unaware of a breach that took place there four months ago until a security researcher got in touch with them.…




Russian malware scum post new rent-an-exploit

Wed, 16 Aug 2017 01:56:12 GMT

Unpatched browser, plug-in bugs targeted by and with 'Disdain' kit

WebEx on Firefox is among the targets of a new exploit kit that's started circulating on Russian nastyware exchanges.…




Creepy backdoor found in NetSarang server management software

Tue, 15 Aug 2017 22:58:08 GMT

Do you use this suite? If yes: A July 18 update screwed over your security

Researchers at Kaspersky Lab have found a well-hidden backdoor in NetSang's server management software.…




Uber to bend over, take privacy probe every two years for next 20 years

Tue, 15 Aug 2017 19:33:43 GMT

FTC forces taxi app upstart to let in auditors after complaints of data security cockups

Uber and America's trade watchdog have reached a settlement following claims the taxi app maker lied about the extent to which its staff can mine customers' personal info for fun.…




Fresh Microsoft Office franken-exploit flops – and you should have patched by now anyway

Tue, 15 Aug 2017 15:30:59 GMT

Exploit combo fails to dodge Word warning prompts

Updated A booby-trapped .RTF file is doing the rounds that combines two publicly available Microsoft Office exploits.…




APT-style attack against over 4,000 infrastructure firms blamed on lone Nigerian 20-something

Tue, 15 Aug 2017 13:01:07 GMT

'Get rich or die trying' seems to be working out for this fellow

A seemingly state-sponsored cyberattack aimed at more than 4,000 infrastructure companies has been blamed on a lone Nigerian cybercriminal.…




Drone-maker DJI's Go app contains naughty Javascript hot-patching framework

Tue, 15 Aug 2017 11:59:07 GMT

Apple has already smote JSPatch once this year

Updated Chinese drone firm DJI appears to have baked a hot-patching framework into its Go app that breaks Apple's App Store terms and conditions, according to drone hacker sources.…




US military spies: We'll capture enemy malware, tweak it, lob it right back at our adversaries

Tue, 15 Aug 2017 00:22:39 GMT

Collateral damage in 3, 2, 1…

The US Defense Intelligence Agency has vowed to capture enemy malware, study and customize it, and then turn the software nasties on their creators.…




WannaCry vanquisher Marcus Hutchins pleads not guilty to flogging banking trojan Kronos

Mon, 14 Aug 2017 16:34:54 GMT

Trial scheduled for October

Marcus Hutchins, the WannaCry kill-switch hero, has today pleaded not guilty to charges of creating and selling malware at a hearing in Milwaukee, Wisconsin.…




If Anonymous 'pwnd' the Daily Stormer, they did a spectacularly awful job

Mon, 14 Aug 2017 14:32:08 GMT

More likely damage control after host GoDaddy pulled plug

Doubts have been cast over claims that hacktivists have taken control of neo-Nazi website the Daily Stormer.…




Is your corporate inbox smelling a bit 'phishy' these days?

Mon, 14 Aug 2017 11:00:13 GMT

Yes, it’s time for another reader poll

Study Phishing is the attempt to obtain personal, private, or commercially sensitive information or funds by impersonating a trustworthy source. Fraudsters commonly use email to quarry their pray, but messaging apps, social media, fake websites, and phone calls are frequently used too. Consumer phishing attacks still outnumber those specifically targeting businesses and institutions, but this should not lull IT and business managers into a false sense of security.…




Sneaky devs could abuse shared libraries to slurp smartphone data

Mon, 14 Aug 2017 03:04:45 GMT

Privilege escalation is baked in to mobile OSes, if you look for it

Oxford researchers reckon they've spotted the next emerging trend in Android advertising (and possibly malware): using common libraries to “collude” between apps with different privilege levels.…




Leaky PostgreSQL passwords plugged

Sun, 13 Aug 2017 23:58:09 GMT

DBAs: strap on your patching boots. Every DB in your clusters needs work

PostgreSQL has released three security patches for versions 9.6.4, 9.5.8, 9.4.13, 9.3.18, and 9.2.22.…




Top repo managers clone, then close, a nasty SSH vector

Sun, 13 Aug 2017 22:56:03 GMT

Git, Mercurial, SVN patched; CVS hasn't got around to it yet

Users of the world's most popular software version control systems can be attacked when cloning a repository over SSH.…




Kremlin's hackers 'wield stolen NSA exploit to spy on hotel guests in Europe, Mid East'

Sat, 12 Aug 2017 11:21:09 GMT

Putin's favorite attack dogs APT28 fingered by FireEye

Russian hackers accused of ransacking the US Democratic party's servers last year may now be targeting hotels in Europe and the Middle East, it is claimed.…




Infosec eggheads rig USB desk lamp to leak passwords via Bluetooth

Fri, 11 Aug 2017 20:41:31 GMT

Malicious gadgets can snoop on keypresses, other data, through ports, it is claimed

Malicious USB gadgets can secretly spy on data flowing in and out of devices plugged into adjacent USB ports, security researchers in Australia have warned.…




HMS Queen Lizzie impugned by cheeky Scot's drone landing

Fri, 11 Aug 2017 15:38:13 GMT

Local photographer took pics of 'ghost ship' deck, then flew off unchallenged

An amateur photographer has reportedly landed his £475 drone aboard the largest warship ever built for the Royal Navy – without permission and completely unchallenged.…




Good Lord: Former UK spy boss backs crypto

Fri, 11 Aug 2017 12:36:32 GMT

'Counter-terrorism not the only national security threat we face'

A former boss at UK domestic spy arm MI5 has cautioned against a crackdown on encrypted messaging apps.…




Ukrainian man, 51, cuffed on suspicion of distributing NotPetya

Fri, 11 Aug 2017 11:39:51 GMT

Sergey Neverov accused of posting Petya-A tutorial + ransomware links

A middle-aged Ukrainian has been arrested on suspicion of acting as an agent in distributing the infamous NotPetya ransomware.…




'Adversarial DNA' breeds buffer overflow bugs in PCs

Fri, 11 Aug 2017 03:57:06 GMT

Boffins had to break gene-reading software but were able to remotely exploit a computer

Scientists from the University of Washington have created synthetic DNA that produced malware of a sort.…




Schoolboy bags $10,000 reward from Google with easy HTTP Host bypass

Thu, 10 Aug 2017 21:14:47 GMT

Nice birthday gift for clever kid who found a way to access web giant's confidential info

A teenager in Uruguay has scored big after finding and reporting a bug in Google's App Engine to view confidential internal Google documents.…




Kaspersky axes antitrust complaints against Microsoft after Windows giant vows to play nice

Thu, 10 Aug 2017 16:45:08 GMT

Builtin antivirus will make room for rival products

Kaspersky Labs is dropping its antitrust complaints against Microsoft in Russia and Europe.…




Lauri Love and Gary McKinnon's lawyer, UK supporters rally around Marcus Hutchins

Thu, 10 Aug 2017 11:45:23 GMT

Take a plea deal and come home quick, opines East London meeting

Marcus Hutchins’ British supporters believe his best chance of getting home within the next few years is to accept a plea deal with US prosecutors, some of them opined last night.…




TalkTalk fined £100k for exposing personal sensitive info

Thu, 10 Aug 2017 10:35:20 GMT

21,000 accounts handled by Indian outsourcing biz exposed

Blighty's Information Commissioner’s Office has whacked TalkTalk with a £100,000 fine after the data of the records of 21,000 people were exposed to fraudsters in an Indian call centre.…




Can GCHQ order techies to work as govt snoops? Experts fear: 'Yes'

Thu, 10 Aug 2017 08:27:11 GMT

UK Home Office's response to concerns are a riddle wrapped in an enigma

Analysis The UK Home Office's ambiguous response to whether or not the Investigatory Powers Act gives the British government the authority to pressure or force people to work for GCHQ is troubling.…




So you're thinking about becoming an illegal hacker – what's your business plan?

Thu, 10 Aug 2017 06:29:11 GMT

Some insights from the HBO hack and bomb threat claims

It's something every aspiring crook needs to consider before they attempt to break into the world of cyber-crime: what's the business plan?…




Salesforce sacks two top security engineers for their DEF CON talk

Thu, 10 Aug 2017 05:01:03 GMT

Revealing penetration-testing tool sealed staffers' fate

Salesforce fired two of its senior security engineers after they revealed details of an internal tool for testing IT defenses at DEF CON last month.…




Microsoft bins unloved Chinese cert shops

Thu, 10 Aug 2017 03:03:04 GMT

WoSign and StartCom banished from Windows 10

Microsoft's decided not to support digital certificates issued by Chinese outfits WoSign and StartCom, but the first-mentioned CA disputes the decision.…




Carbon Black denies its IT security guard system oozes customer secrets

Thu, 10 Aug 2017 00:45:08 GMT

Not a bug, it's a clearly labelled switched-off feature, we're told

Security firms are, understandably, quite sensitive about claims that their products are insecure, so accusations of this sort tend to cause a kerfuffle.…




US court system bug opened hole for hackers to scoop up legal docs for free on victims' dime

Wed, 09 Aug 2017 23:44:07 GMT

It's 2017 and cross-site forgery vulnerabilities are still a thing

A cross-site forgery vulnerability in the American court system's document archive PACER has been fixed. The bug could have been exploited to hijack accounts and retrieve civil and criminal lawsuit files on victims' dime.…




US border cops must get warrants to search phones, devices – EFF

Wed, 09 Aug 2017 20:19:21 GMT

Privacy warriors' legal battle to play out before appeals court

The controversial topic of electronic device searches at the US border, and whether customs agents should be required to get warrants before sucking data off them, is heading to the Fifth Circuit Court of Appeals.…