Subscribe: The Register - Security: Crime
http://www.theregister.com/security/crime/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
apple  attack  attacks  bug  carry  data  malware  mobile  new  rights  security  service  software  tech  users  web  world     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Crime

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



Encryp-xit: Europe will go all in for crypto backdoors in June

Thu, 30 Mar 2017 06:32:08 GMT

App-makers get a choice: Open up voluntarily or we'll pass laws forcing you to

The European Commission will push for backdoor access to end-to-end encrypted internet apps in June, according to EU Justice Commissioner Věra Jourová.…




How to leak data from an air-gapped PC – using, er, a humble scanner

Thu, 30 Mar 2017 05:30:09 GMT

Security researchers propose old-school gear as a covert command & control conduit

Cybercriminals managed to infect a PC in the design department of Contoso Ltd through a cleverly crafted spear-phishing campaign. Now they need a way to communicate with the compromised machine in secret.…




Kremlin-backed APT28 doesn't even bother hiding its attacks, says Finnish secret police

Thu, 30 Mar 2017 04:02:15 GMT

Supo: Espionage rising, attacks on infrastructure falling

The Finnish Security Intelligence Service Supo is complaining that nation-state-level attackers aren’t even bothering to hide themselves from prying eyes.…




Hey FCC, when you're not busy screwing our privacy, how about those SS7 cell network security flaws, huh?

Thu, 30 Mar 2017 03:25:55 GMT

No one else seems to care, sniff politicians

US Democrats have written to America's communications watchdog the FCC complaining the mobile industry needs a kick up the backside to fix serious flaws in its networks.…




Recruiters considered really harmful: Devs on GitHub hit with booby-trapped fake job emails

Thu, 30 Mar 2017 02:19:58 GMT

All the more reason to reject new_position_offer.docx

Recruiters are known to be a bit of a pain in the ASCII in the tech world – but how about these ones: bogus headhunters attempting to infect GitHub-using software developers.…




Bloke is paid to scour hashtags for threats, spots civil rights boss's tweets, gets fired, sues

Wed, 29 Mar 2017 21:53:05 GMT

State investigator, Oregon DoJ attorney lash out in lawsuits

A chap whose job was to investigate threats on social networks is suing the Oregon Department of Justice – for allegedly retaliating against him after his online sleuthing led him to the agency's own director of civil rights.…




Strange Mirai botnet brew blamed for powerful application layer attack

Wed, 29 Mar 2017 13:31:08 GMT

Varmints cooked up variant after malware code went public

Hackers have created a potent new variant of the Mirai IoT malware.…




RIP: Antivirus veteran Raimund Genes, 54

Tue, 28 Mar 2017 15:17:15 GMT

Trend Micro CTO suffered fatal heart attack

Colleagues and friends are mourning the sudden death of distinguished antivirus industry veteran Raimund Genes last Friday.…




Apple squashes cert-handling bug affecting macOS and iOS

Tue, 28 Mar 2017 13:38:06 GMT

Flaw posed remote code execution risk

Apple has resolved a certification validation vulnerability affecting both macOS and iOS users.…




World+dog had 1.4 BEEEELLION of its data records exposed last year

Tue, 28 Mar 2017 11:25:10 GMT

That's 86% up on 2015... and it's mostly identity theft

Almost 1.4 billion data records were compromised worldwide during 2016, a whopping increase of 86 per cent compared to the year before.…




As of today, iThings are even harder for police to probe

Tue, 28 Mar 2017 07:02:09 GMT

iOS 10.3 lands, complete with heavily encrypted Apple File System

Apple today released iOS 10.3, watchOS 3.2 and tvOS 10.2 (14W265), the first two of all of which bring some pleasing extra functionality to iThings, But the main attraction in the new release is Apple File System, because it adds comprehensive encryption to the iPhone and Apple Watch.…




CompSci boffins propose scheme to protect privacy in database searches

Tue, 28 Mar 2017 05:02:09 GMT

Queries indicate your intentions, so they're worth hiding

From stock searches to map directions, any time a user queries a database, they tell the database owner something valuable.…




FYI Docs.com users: You may have leaked passwords, personal info – thousands have

Mon, 27 Mar 2017 21:56:53 GMT

Just call it Doxx.com

Thousands of netizens inadvertently shared passwords and other highly private information with the rest of the planet – via Microsoft's publicly searchable Docs.com service.…




LastPass scrambles to fix another major flaw – once again spotted by Google's bugfinders

Mon, 27 Mar 2017 19:42:16 GMT

Ormandy sets snowflakes off over disclosure

For most of us, Saturday morning is a time for a lie in, a leisurely brunch, or maybe taking the kids to the park. But for some it's bug-hunting time.…




Ex-military and security firms oppose Home Sec in WhatsApp crypto row

Mon, 27 Mar 2017 16:30:14 GMT

'We are in real trouble if we apply blunt weapons to this'

UK government ministers calling for increased surveillance abilities in the wake of last Wednesday's terrorist attack have encountered opposition from a somewhat unexpected quarter.…




iPhone-havers think they're safe. But they're not

Mon, 27 Mar 2017 12:18:37 GMT

Growing mobile threats affect iOS

Mobile malware is at the highest level yet recorded, infecting 1.35 per cent of all mobile devices in October, according to a study by Nokia out today. The high water mark in October compares to figures of 1.06 per cent in April 2016.…




USA can afford golf for Trump. Can't afford .com for FBI infosec service

Mon, 27 Mar 2017 08:55:09 GMT

So guess what spoofers are doing with the fake site? Yup – getting dupes to log in

InfraGard.org is supposed to be one of the United States' defences against online criminals. But the FBI-led service is currently the subject of a typosquatting and email attack that could see organisations seeking protection instead send their personal data straight to parties unknown.…




Dishwasher has directory traversal bug

Sun, 26 Mar 2017 23:08:45 GMT

Thanks a Miele-on for making everything dangerous, Internet of Things firmware slackers

Don't say you weren't warned: Miele went full Internet-of-Things with a network-connected dishwasher, gave it a web server, and now finds itself on the wrong end of a security bug report – and it's accused of ignoring the warning.…




Ever visited a land now under Islamic State rule? And you want to see America? Hand over that Facebook, Twitter, pal

Sat, 25 Mar 2017 01:01:30 GMT

Uncle Sam turns up the heat on visa hopefuls

US embassies have been told to examine social media accounts of visa applicants who have ever set foot in Islamic-State-controlled areas.…




GiftGhostBot scares up victims' gift-card cash with brute-force attacks

Fri, 24 Mar 2017 19:08:00 GMT

Software nasty can burn through 1.7 million account numbers per hour

Cybercrooks are using a bot to automate the process of breaking into and draining online gift card accounts.…




UK.gov confirms it won't be buying V-22 Ospreys for new aircraft carriers

Fri, 24 Mar 2017 14:11:05 GMT

Also confirms earlier operational date for HMS Queen Elizabeth

Britain is not buying V-22 Osprey aircraft to fly from its new aircraft carriers, the government has confirmed.…




Did you know: Crimelords behind DDoS attacks offer customer loyalty points?

Fri, 24 Mar 2017 10:51:09 GMT

Tweaking business models for greater 404 kerching

The DDoS attack business has advanced to the point that running an attack can cost as little as $7 an hour, while the targeted company can end up losing thousands, if not millions of dollars.…




Inside OpenSSL's battle to change its license: Coders' rights, tech giants, patents and more

Fri, 24 Mar 2017 07:32:12 GMT

Devs who fail to respond to call for change will count as 'yes' votes for AL 2.0

Analysis The OpenSSL project, possibly the most widely used open-source cryptographic software, has a license to kill – specifically its own. But its effort to obtain permission to rewrite contributors' rights runs the risk of alienating the community that sustains it.…




Google slaps Symantec for sloppy certs, slow show of SNAFUs

Fri, 24 Mar 2017 04:58:05 GMT

Certs will keep working, but Chrome will be suspicious, soon

Updated Google's Chrome development team has posted a stinging criticism of Symantec's certificate-issuance practices, saying it has lost confidence in the company's practices and therefore in the safety of sessions hopefully-secured by Symantec-issued certificates.…




Amazing new WikiLeaks CIA bombshell: Agents can install software on Apple Macs, iPhones right in front of them

Thu, 23 Mar 2017 22:39:07 GMT

And in 2009 – just 8 years ago

Startling leaked documents show the CIA could purchase Apple Macs and iPhones, install spyware onto them, and give them to targets.…




If you were cuffed during Trump's inauguration, cops are trying to crack your smartphone

Thu, 23 Mar 2017 19:55:07 GMT

More than 100 mobes will only take a week to access

Vid The inauguration of President Donald Trump in the US capital was marked by protests, with cops collaring more than 200 people on the day. Now court documents reveal the US government's efforts to crack the arrestees' locked phones and slurp their contents.…




Android Forums resets passwords after hack

Thu, 23 Mar 2017 16:19:09 GMT

Only 2.5 per cent of userbase affected

Add Android Forums to the growing list of web properties that have suffered a security breach.…




eBay dumps users into insecure authentication mechanism

Thu, 23 Mar 2017 07:33:12 GMT

Dump dongles and move to SMS, says tat bazaar, oblivious to deprecation advice

Web tat bazaar eBay appears to be suggesting its readers adopt known-to-be-insecure practices when logging on to the service.…




Fake mobile base stations spreading malware in China

Thu, 23 Mar 2017 05:02:11 GMT

'Swearing Trojan' pushes phishing texts around carriers' controls

Chinese phishing scum are deploying fake mobile base stations to spread malware in text messages that might otherwise get caught by carriers.…




It's happening! It's happening! W3C erects DRM as web standard

Wed, 22 Mar 2017 20:39:12 GMT

World has until April 19 to make its views known on latest draft

The World Wide Web Consortium has formally put forward highly controversial digital rights management as a new web standard.…




Russian mastermind of $500m bank-raiding Citadel coughs to crimes

Wed, 22 Mar 2017 20:23:02 GMT

Chap's code infected 11m PCs, helped crooks make off with half a billion bucks, say Feds

The Russian programmer who built the bank-acount-raiding Citadel Trojan has admitted his crimes.…




Error prone, insecure, inevitable: Say hello to today's facial recog tech

Wed, 22 Mar 2017 19:45:10 GMT

If you want a picture of the future, imagine a database with every human visage

Facial recognition technology represents a valuable, and likely inevitable, method of identification for cops and Feds. Unfortunately, it's largely unregulated, error prone, and insecure.…




Malware 'disguised as Siemens software drills into 10 industrial plants'

Wed, 22 Mar 2017 19:34:35 GMT

Four years of active infection, claims security biz Dragos

Malware posing as legitimate software for Siemens control gear has apparently infected industrial equipment worldwide over the past four years.…




Bloke, 48, accused of whaling two US tech leviathans out of $100m

Wed, 22 Mar 2017 16:13:19 GMT

Lithuanian cuffed and charged

Evaldas Rimasauskas, a 48-year-old Lithuanian man, has been charged with defrauding two major US-based internet companies for more than $100m through whaling attacks.…




Gift cards or the iPhone gets it: Hackers threaten Apple with millions of remote wipes

Wed, 22 Mar 2017 15:26:07 GMT

'Turkish crime family' says Bitcoin's also OK

Updated Hackers who claim to have gained access to over 300 million iCloud and Apple email accounts are threatening to wipe user data unless Apple pays a ransom.…




Coppers 'persistently' breach data protection laws with police tech

Wed, 22 Mar 2017 12:57:09 GMT

Staff association warns that systems 'increasingly' being used for personal reasons

Coppers in England and Wales are "persistently" committing data breaches, according to the Police Federation's head of misconduct.…




Gemalto profits hit by crummy US card sales, dials back expectations by, oh, €100m

Wed, 22 Mar 2017 12:27:08 GMT

PINs hopes on some good news next year

Gemalto warned on Wednesday that its first-quarter revenues will be between 7 to 9 per cent lower compared to the same period of 2016.…




UK vuln 'fessing pilot's great but who's going to give a FoI?

Wed, 22 Mar 2017 09:35:08 GMT

Too many ppl, amirite? Poor old Brit govt ...

A security researcher has welcomed the UK's launch of a vulnerability co-ordination pilot while cautioning that a strategy for handling Freedom of Information requests needs to be developed.…




Web smut seekers take resurgent Ramnit malware from behind

Wed, 22 Mar 2017 07:02:04 GMT

♪ Botnet knocked down, but it gets up again ♪

Aficionados of salacious smut sites in the UK and Canada are picking up some nasty software that infects systems by using corrupted pop-under adverts.…




Mac OS IM tool Adium lagging on library security vulnerability

Wed, 22 Mar 2017 04:02:12 GMT

libpurple is a 'binary blob of unknown provenance' says researcher

A developer is warning Adium users to pick a different messaging app because of an exploitable vulnerability in its underlying libpurple version.…




Microsoft's 'Application Verifier' bug-finder is easily pwnable

Wed, 22 Mar 2017 01:56:05 GMT

Undocumented feature allows installation of persistent malware

Updated “Don't create undocumented features” should be tattooed in the corner of every developer's eye: there's one in the Microsoft Application Verifier Provider that provides attack vectors on everything Windows since XP.…




What should password managers not do? Leak your passwords? What a great idea, LastPass

Tue, 21 Mar 2017 19:54:02 GMT

Critical bugs found in Chrome, Firefox add-ons

Updated Password vault LastPass is scrambling to patch critical security flaws that malicious websites can exploit to steal millions of victims' passphrases.…




Now UK bans carry-on lappies, phones, slabs on flights from six nations amid bomb fears

Tue, 21 Mar 2017 18:14:32 GMT

Hit list: Turkey, Lebanon, Egypt, Jordan, Tunisia, Saudi Arabia

The UK has banned airline passengers on direct inbound flights from six countries in the Middle East and North Africa from taking a range of electronic devices into the cabin due to fears of a terrorist attack.…




World's worst botnet fiends switch from ransomware to stock scam spam

Tue, 21 Mar 2017 17:29:08 GMT

IT LIVES!

Cybercriminals behind the Necurs botnet have reactivated the zombie network and returned to their original business of using compromised machines as conduits for spam distribution.…




Three cops to data breach

Tue, 21 Mar 2017 12:56:11 GMT

Customers able to view account details of other users

Mobile operator Three has admitted that some customers were able to view the mobile account details of other Three users via their accounts yesterday.…




Airplane bomb fears spark America's laptop, tablet carry-on ban

Tue, 21 Mar 2017 10:00:08 GMT

Mid-East airports, airlines hit by tough luggage crackdown amid terror intel

Updated Fears of terrorists smuggling bombs disguised as laptops onto airplanes has triggered a fresh crackdown on carry-on luggage.…




Tip for darknet drug lords: Don't wear latex gloves to the post office

Tue, 21 Mar 2017 06:02:11 GMT

Fentanyl merchant was good at Tor, rubbish in meatspace and at deleting browser history

Delivery is the weakest link in the “dark web” drug trade: the postal habits of a large-scale trader have led to his undoing.…




DNS lookups can reveal every web page you visit, says German boffin

Tue, 21 Mar 2017 04:08:12 GMT

The fix is simple: turn your modem on and off again to get a new IP address. Or ask your ISP to assign them more often

Domain-name lookups only reveal websites visited, not individual pages viewed, right? Wrong: the interaction between a user and the DNS is more revealing than previously believed, according to a paper from German postdoc researcher Dominik Herrmann.…




Nest cameras can be easily blacked out by Bluetooth burglars

Tue, 21 Mar 2017 01:05:21 GMT

So far, no patch available to the public

Updated Nest's Dropcam and Dropcam Pro security cameras can be wirelessly attacked via Bluetooth to crash and stop recording footage. This is perfect for burglars and other crooks who want to knock out the cams moments before robbing a joint.…




Confirmed: TSA bans gear bigger than phones from airplane cabins

Mon, 20 Mar 2017 23:11:55 GMT

Air travel to the US from eight countries appears to be affected

People traveling by air to America from an undisclosed list of countries will no longer be allowed to carry devices larger than a mobile phone in carry-on baggage.…