Subscribe: The Register - Security: Crime
http://www.theregister.com/security/crime/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
bug  code  crypto  data  fake  government  iphone  maker  new  open  privacy  security  software  told  users  web  world     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Crime

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



Patch on way 'this week' for HP printer vulns

Tue, 21 Nov 2017 07:30:07 GMT

RCE? Check. Clear passwords? Check. Interfere with print jobs? Check

Sysadmins have been advised to watch for a coming HP printer firmware update that will plug a remote code execution vulnerability (among others) in its MFP-586 and the M553 printers.…




Windows 8 broke Microsoft's memory randomisation

Tue, 21 Nov 2017 03:02:14 GMT

The problem's still there in Windows 10, so prepare for code re-use attacks

A Carnegie-Mellon CERT researcher has discovered the Microsoft broke some use-cases for its Address Space Layout Randomisation (ASLR), designed to block code-reuse attacks.…




Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

Mon, 20 Nov 2017 23:53:23 GMT

Bugs can be exploited to extract info, potentially insert rootkits

Intel today admitted its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to multiple worrying security flaws, based on the findings of external security experts.…




Cops jam a warrant into Apple to make it cough up Texas mass killer's iPhone, iCloud files

Mon, 20 Nov 2017 23:30:44 GMT

Here we go again…

Texas Rangers have obtained a search warrant for the contents of a blood-splattered iPhone SE belonging to gunman Devin Kelley who killed 26 people in a murder-suicide at a church.…




It was El Reg wot won it: Bing banishes bogus Brit bank banner ad

Mon, 20 Nov 2017 20:06:47 GMT

Link to fake TSB site canned after we help raise alarm

Microsoft has axed a Bing search result advert that masqueraded as a legit online banking website – but was in fact a sophisticated phishing operation.…




Germany slaps ban on kids' smartwatches for being 'secret spyware'

Mon, 20 Nov 2017 17:35:13 GMT

Hands up, whose parents are listening in on this class?

The German telecoms regulator has banned the sale of children's smartwatches that allow users to secretly listen in on nearby conversations.…




Container ship loading plans are 'easily hackable'

Mon, 20 Nov 2017 10:12:09 GMT

Look! A pic that's not a metaphor

Security researchers have warned that it might be possible to destabilise a container ship by manipulating the vessel stowage plan or "Bay Plan".…




It's 2017, and command injection is still the top threat to web apps

Mon, 20 Nov 2017 08:02:07 GMT

Open Web Application Security Project updated 'top-ten risks' lands on Monday, but we found a late, late draft

The Open Web Application Security Project will on Monday, US time, reveal its annual analysis of web application risks, but The Register has sniffed out the final draft of the report and can report that it has found familiar attacks top its charts, but exotic exploits are on the rise.…




DNS resolver 9.9.9.9 will check requests against IBM threat database

Mon, 20 Nov 2017 06:58:12 GMT

Group Co-founded by City of London Police promises 'no snooping on your requests'

The Global Cyber Alliance has given the world a new free Domain Name Service resolver, and advanced it as offering unusually strong security and privacy features.…




F5 DROWNing, not waving, in crypto fail

Mon, 20 Nov 2017 06:02:10 GMT

Bleichenbacher, the name that always chills cryptographers' blood

If you're an F5 BIG-IP sysadmin, get patching: there's a bug in the company's RSA implementation that can give an attacker access to encrypted messages.…




User experience test tools: A privacy accident waiting to happen

Mon, 20 Nov 2017 03:58:12 GMT

Researchers watch publishers watching you, ignore privacy settings, run over mere HTTP

Researchers working on browser fingerprinting found themselves distracted by a much more serious privacy breach: analytical scripts siphoning off masses of user interactions.…




Some 'security people are f*cking morons' says Linus Torvalds

Mon, 20 Nov 2017 02:04:21 GMT

Linux Lord fires up over proposal to secure Linux by shutting down wonky processes

Linux overlord Linus Torvalds has offered some very choice words about different approaches security, during a discussion about whitelisting features proposed for version 4.15 of the Linux kernel.…




Massive US military social media spying archive left wide open in AWS S3 buckets

Fri, 17 Nov 2017 20:08:18 GMT

Dozens of terabytes exposed, your tax dollars at work

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest.…




Shamed TLS/SSL cert authority StartCom to shut up shop

Fri, 17 Nov 2017 17:29:05 GMT

Chairman tells El Reg nobody will even notice its passing

Controversial certificate authority StartCom is going out of business.…




For goodness sake, stop the plod using facial recog, London mayor told

Fri, 17 Nov 2017 16:03:09 GMT

At least until there's some sort of strategy. Jeez – GLA

London's Metropolitan Police force's use of "intrusive" technologies "without proper regulation" could put a fundamental principle of policing at risk, the London mayor has been told.…




Lloyds' Avios Reward credit cardholders report fraudulent activity

Fri, 17 Nov 2017 15:03:09 GMT

Concerns raised over data breach

Thousands of Lloyds Avios Rewards American Express credit card customers have been targeted by fraudsters, the bank has admitted.…




Fake news ‘as a service’ booming among cybercrooks

Fri, 17 Nov 2017 07:57:13 GMT

Fake sites spread fake stories to fuel pump and dump or other foul ends

Criminals are exploiting “fake news” for commercial gain, according to new research.…




Kaspersky: Clumsy NSA leak snoop's PC was packed with malware

Thu, 16 Nov 2017 23:59:05 GMT

Lab suspects Chinese spyware was on home computer

Kaspersky Lab, the US government's least favorite computer security outfit, has published its full technical report into claims Russian intelligence used its antivirus tools to steal NSA secrets.…




Parity: The bug that put $169m of Ethereum on ice? Yeah, it was on the todo list for months

Thu, 16 Nov 2017 23:06:33 GMT

Just didn't get round to fixing it – our bad

Alt-coin wallet software maker Parity has published a postmortem of the bug that put millions of dollars of people's Ethereum on ice – and has admitted it knew about the flaw for months. It just hadn't got round to fixing it.…




Oracle scrambles to sew up horrid security holes in PeopleSoft's Tuxedo

Thu, 16 Nov 2017 20:34:12 GMT

Nothing like unauth'd hijacking, Heartbleed-style bugs to patch ASAP

Oracle has published an out-of-band software update to address a handful of security flaws in parts of the PeopleSoft HR software.…




Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

Thu, 16 Nov 2017 19:42:47 GMT

Plus AWS creds, S3 silos filled with sensitive customer info

Chinese drone maker DJI left the private key for its dot-com's HTTPS certificate exposed on GitHub for up to four years, according to a researcher who gave up with the biz's bug bounty process.…




Pawnbroker pwnd: Cash Converters says hacker slurped customer data

Thu, 16 Nov 2017 15:31:11 GMT

Details from decommissioned UK webshop scoured

Pawnbroking and secondhand goods outlet Cash Converters has suffered a data breach.…




New, revamped Terdot Trojan: It's so 2017, it even fake-posts to Twitter

Thu, 16 Nov 2017 14:56:13 GMT

You've grown so much, you piece of @£$

Terdot, a banking Trojan that has been around since mid-2016, has been re-engineered with updated information and credential thievery as well as social media account monitoring functionality.…




DJI bug bounty NDA is 'not signable', say irate infosec researchers

Thu, 16 Nov 2017 12:24:13 GMT

Non-disclosure agreement prompts uproar

Chinese drone maker DJI faces questions from infosec researchers about its bug bounty programme. Sources have told The Register that a non-disclosure agreement (NDA) they were invited to sign would result in the company "owning their actions".…




Does UK high street banks' crappy crypto actually matter?

Thu, 16 Nov 2017 09:33:10 GMT

Commentards didn't hold back and some experts disagreed

The Register's recent story about the failure of most UK high street banks to follow web security best practices has provoked a lively debate among security experts.…




Q: Why are you running in the office? A: This is my password for El Reg

Thu, 16 Nov 2017 04:52:54 GMT

Boffins find smartmobe accelerometers can turn your gait into a biometric

A trio of Indian boffins have studied the use of smartphone accelerometers as biometric sensors and concluded they could be a handy way to identify users.…




The four problems with the US government's latest rulebook on security bug disclosures

Wed, 15 Nov 2017 22:59:12 GMT

But it's still better than nothing

Analysis The United States government has published its new policy for publicly disclosing vulnerabilities and security holes.…




Crouching cyber Hidden Cobra: US warns Nork hackers are at it again with new software nasty

Wed, 15 Nov 2017 21:50:55 GMT

Fallchill file-stealing malware raids American networks

The FBI and US Homeland Security have issued an alert about a new strain of malware infecting American corporate systems and stealing sensitive data.…




US govt's 'foreign' spy program that can snoop on Americans at home. Sure, let's reauth that...

Wed, 15 Nov 2017 20:20:36 GMT

What's Russian for "section 702 s***show"?

Analysis The reauthorization of a controversial US government spying program has made further progress with the Senate's intelligence committee putting forward its recommendations to the whole Senate.…




Confusion reigns over crypto vuln in Spanish electronic ID smartcards

Wed, 15 Nov 2017 16:38:13 GMT

Certs revoked, but where are the updates?

The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia.…




Amazon, Google inject Bluetooth vuln vaccines into Echo, Home AI pals

Wed, 15 Nov 2017 16:00:09 GMT

The BlueBorne ultimatum

Updated Amazon and Google have automatically patched people's Echo and Home AI assistant devices, respectively, to defend against recently discovered Bluetooth-related security vulnerabilities.…




Coming live to a warzone near you: Army Truck Driver for Xbox!

Wed, 15 Nov 2017 14:02:06 GMT

Shh, ignore senior Brit officers saying armed forces on brink of collapse

As recently retired senior officers told UK Parliament that the armed forces are at risk of "institutional failure", the Ministry of Defence told the world's press that soldiers are playing with Xbox controllers.…




Uncle Sam to strap body sensors to hackers in nuke lab security study

Wed, 15 Nov 2017 06:58:09 GMT

Sandia Labs, US military seeks a few good guinea pigs for hack contest

Exclusive The US Department of Defense is funding research into how hackers hack, with an interesting twist. It wants to wire them up with body monitoring equipment to measure how they react while hunting down and exploiting security flaws.…




How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'

Wed, 15 Nov 2017 03:01:45 GMT

As Homeland Security hacks 757 on the tarmac

At least some commercial aircraft are vulnerable to wireless hacking, a US Department of Homeland Security official has admitted.…




It's 2017 – and your Windows PC can be forced to run malware-stuffed Excel macros

Wed, 15 Nov 2017 01:12:46 GMT

Not enough? How about a few dozen PDF remote code holes?

Microsoft and Adobe are getting into the holiday spirit this month by gorging users and admins with a glut of security fixes.…




What do Vegas hookers, Colombian government, and 30,000 other sites have in common? Crypto-jacking miners

Wed, 15 Nov 2017 00:21:41 GMT

Someone’s potentially getting rich – and it isn’t you

Over the past few months there has been an alarming rise in the number of websites running code that silently joyrides computers and secretly makes them mine digital currency for miscreants.…




Privacy Pass protocol promises private perusing

Tue, 14 Nov 2017 16:39:05 GMT

Boffins write browser extension for anonymous authentication

Boffins have harnessed privacy-preserving crypto to create a browser extension that allows users to authenticate to services without being tracked.…




Estonia cuffs suspect, claims he's a Russian 'hacker spy'

Tue, 14 Nov 2017 14:39:08 GMT

20-year-old is not an agent, Russia retorts

Russia has denied that a person nabbed by Estonian local authorities was one of its spies. Estonia alleges the suspect had been intent on hacking into the Baltic country’s computer network.…




Shut the front door: Jewson 'fesses up to data breach

Tue, 14 Nov 2017 11:03:11 GMT

Builder's merchant tells punters their privates might be out in the cold

Builders merchant Jewson has confirmed in writing to customers that their privates could have been exposed in a cyber break-in that occurred late this summer.…




Sure, Face ID is neat, but it cannot replace a good old fashioned passcode

Tue, 14 Nov 2017 10:04:14 GMT

Facial recognition isn't the most reliable authentication right now

Apple's iPhone X is one of several technologies bringing facial biometrics into the mainstream. It seems to have everything bar a heat scanner; the TrueDepth camera projects an impressive-sounding 30,000 infrared dots on to your phiz, scanning every blackhead in minute 3D detail.…




Think the US is alone? 18 countries had their elections hacked last year

Tue, 14 Nov 2017 05:01:11 GMT

Less than a quarter of world has freeish internet communication

While America explores quite how much its election was interfered with by outsiders, the news isn't good for the rest of us, according to independent watchdog Freedom House.…




WikiLeaks is wiki-leaked. And it's still not even a proper wiki anyway

Tue, 14 Nov 2017 02:58:06 GMT

Assange .org tried to help coordinate Trump's election campaign

Julian Assange's WikiLeaks – that bastion of fiercely independent journalism – privately urged the Trump campaign to not concede the 2016 presidential election, to contest the result as rigged, and asked for one of Donald's tax returns so as to appear impartial and nothing whatsoever to do with Russia's meddling in the White House race.…




Thousand-dollar iPhone X's Face ID wrecked by '$150 3D-printed mask'

Mon, 13 Nov 2017 19:35:39 GMT

l'd like to take his... his Face ID... off

Video Apple's facial-recognition login system in its rather expensive iPhone X can be, it is claimed, fooled by a 3D printed mask, a couple of photos, and a blob of silicone.…




Stop your moaning, says maker of buggy Bluetooth sex toy

Mon, 13 Nov 2017 05:58:07 GMT

Companion app recorded audio you while you - ahem - played, but it never left your phone

Sex-toy maker Lovsense has told its customers to stop moaning about one of its products, which recorded audio of users as they – ahem – played, and stored it on their Android phones.…




Ride-share upstart 'Fasten' revealed as Hive of insecurity

Mon, 13 Nov 2017 00:34:49 GMT

Like Uber but for leaking personal data: a million customer records left on unsecured Hadoop

Boston-based ride-hailing hopeful Fasten has coughed to a million-customer data breach that happened because someone left a database lying around unsecured.…




CopperheadOS stops updates to thwart knock-off phone floggers

Sun, 12 Nov 2017 22:29:13 GMT

Hardened Android vendor found third parties eating its lunch

The folk in charge of the hardened Android distribution CopperheadOS have run into problems with licence violations. Over the weekend, they temporarily disabled over-the-air updates for Nexus devices, and pulled some downloads from their website.…




Manic miners, hideous hackers, frightful flaws, vibrating mock cock app shock – and more

Sat, 11 Nov 2017 08:34:08 GMT

It's your weekly security news bytes

Roundup Phew, we made it to the weekend. Let's take a look at everything that went down in IT security beyond what we've already covered this week.…




Parity's $280m Ethereum wallet freeze was no accident: It was a HACK, claims angry upstart

Fri, 10 Nov 2017 22:40:56 GMT

And we have evidence to prove it, says biz stiffed out of $1m

A crypto-currency collector who was locked out of his $1m Ethereum multi-signature wallet this week by a catastrophic bug in Parity's software has claimed the blunder was not an accident – it was "deliberate and fraudulent."…




How did someone hijack your Gmail? Phishing, keylogger or password reuse, we're guessing

Fri, 10 Nov 2017 19:50:48 GMT

If you run a website with user accounts, take a look at this research, ta

Google has teamed up with computer scientists at the University of California, Berkeley, to find out how exactly hijackers take over its users' accounts.…




Microsoft president says the world needs a digital Geneva Convention

Fri, 10 Nov 2017 17:57:07 GMT

Mr Smith goes to Switzerland

Microsoft president Brad Smith appeared before the UN in Geneva to talk about the growing problem of nation-state cyber attacks on Thursday.…