Subscribe: The Register - Security: Enterprise Security
http://www.theregister.com/security/network/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
cyber  data  exploit  google  hacking  key  new  open  ransomware  remote  security  servers  shadow brokers  users  windows     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Enterprise Security

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



Ooooh, that's NASty. Security-watchers warn over man-in-the-middle risk

Wed, 18 Jan 2017 13:21:49 GMT

Small flaws, but they add up

Vulnerabilities in a network attached storage (NAS) devices made by QNAP Systems create a potential means for hackers to steal data and passwords, execute commands or drop malware on vulnerable kit, say security researchers.…




Hacker cracks Facebook with remote code execution bug

Wed, 18 Jan 2017 05:28:06 GMT

ImageMagick exploit earns chap US$40k bug bounty

Facebook has paid US$40,000 to vulnerability hunter Andrew Leonov for disclosing how the hacker gained remote code execution on its servers through the widely-reported ImageMagick flaw.…




Ransomware scum infect cancer non-profit

Wed, 18 Jan 2017 04:58:04 GMT

Net scum lowers bar

Ransomware scum have hit a new low by infecting a not-for-profit cancer services organisation.…




SOHOpeless routers offer hard-coded credentials and command injection bugs

Wed, 18 Jan 2017 04:01:12 GMT

Researcher says Zyxel and Billion kit in Thailand, and probably beyond, are rotten

Yet again, home routers are the home of SOHOpelessness: Zyxel and Billion units distributed in Thailand by TrueOnline have backdoors, and the researcher who found the flaw says the vendors have ignored his attempts to notify them.…




Kill it with fire: US-CERT urges admins to firewall off Windows SMB

Wed, 18 Jan 2017 01:58:13 GMT

Shadow Brokers may have loosed a zero-day so you're better safe than sorry

The US computer emergency readiness team is recommending organisations ditch old versions of the Windows SMB protocol and firewall off access to file servers – after a potential zero-day exploit was released by the Shadow Brokers hacking group.…




Credential-stuffers enjoy up to 2% attack success rate – report

Tue, 17 Jan 2017 16:29:12 GMT

It's kinda easy when all the passwords are 1234567

Hackers achieve a success rate of 0.1 to 2 per cent when reusing stolen credentials to access other sites, according to a new study by Shape Security.…




Mega UK hospitals trust Barts says IT borkage was due to trojan – not ransomware

Tue, 17 Jan 2017 16:03:39 GMT

Oh, well, that's all right then

Barts Health NHS Trust has blamed the disruption of its IT systems last Friday on a trojan horse infection and not ransomware.…




Ransomware brutes smacked 1 in 3 NHS trusts last year

Tue, 17 Jan 2017 12:27:11 GMT

One was hit 19 times over 12 months

A third (30 per cent) of NHS trusts have been infected by ransomware, with one – the Imperial College Healthcare in London – suffering 19 attacks in just 12 months.…




Devs reverse-engineer 16,000 Android apps, find secrets and keys to AWS accounts

Tue, 17 Jan 2017 07:20:14 GMT

It's 2017 and developers are still doing really dumb things

A security firm has reverse engineered 16,000 Android apps on Google's Play store and found that over 304 contain sensitive secret keys.…




Dodgy Dutch developer built backdoors into thousands of sites

Tue, 17 Jan 2017 06:54:13 GMT

Then hoovered out users' personal data, stole identities galore and spent up big

Update Dutch police are this week warning 20,000 users that their email accounts were hacked after a malicious web developer left backdoors in the sites he built.…




911 app is a joke, says security researcher Randy Westergren

Tue, 17 Jan 2017 03:02:42 GMT

'Panic Button' could be pressed by miscreants, repeatedly

The Rave Panic Button app, designed to allow businesses to summon emergency services, allows miscreants to easily 'swat' targets by making false reports of emergencies says security researcher Randy Westergren.…




Dovecot mailserver graded 'nearly impenetrable'

Tue, 17 Jan 2017 01:58:13 GMT

Security audit of popular-with-service-providers package produces surprised smiles

POP and IMAP mailserver suite Dovecot has passed an extensive audit by hackers, who were able to find only three minor vulnerabilities.…




French spies warn politicians of hack risk as election draws near

Mon, 16 Jan 2017 12:52:10 GMT

Authorities uneasy in wake of alleged Russian interference in US presidential race

French authorities are warning political parties about the increased threat of cyber attacks as the country prepares to elect a new president in May.…




Windows 10 Anniversary Update crushed exploits without need of patches

Mon, 16 Jan 2017 08:01:11 GMT

Microsoft security boffins throw fresh CVEs at unpatched OS, emerge smiling

Microsoft says its Windows 10 Anniversary Update squashes more exploit delivery chains than ever.…




Google reveals its servers all contain custom security silicon

Mon, 16 Jan 2017 07:28:07 GMT

Even the servers it colocates (!) says new doc detailing Alphabet sub's security secrets

Google has published a Infrastructure Security Design Overview that explains how it secures the cloud it uses for its own operations and for public cloud services.…




Brilliant phishing attack probes sent mail, sends fake attachments

Mon, 16 Jan 2017 06:02:14 GMT

Strategy_Doc.PDF from the next cubicle is actually a portal to p0wnage

An newly-detected Gmail phishing attack sees criminals hack and then rifle through inboxes to target account owners' contacts with thoroughly convincing fake emails.…




Just give up: 123456 is still the world's most popular password

Mon, 16 Jan 2017 01:55:58 GMT

Data diggers' dumpster dive demonstrates dumb and dumberer defences

The security industry's ongoing efforts to educate users about strong passwords appears to be for naught, with a new study finding the most popular passwords last year were 123456 and 123456789.…




Promising compsci student sold key-logger, infects 16,000 machines, pleads guilty, faces jail

Sat, 14 Jan 2017 01:50:32 GMT

What a Shames

A 21-year-old computer science student, who won a Programmer of the Year Award in high school, has admitted selling key-logging malware out of his college dorm room.…




US Marines seek more than a few good men (3,000 men and women, actually) for cyber-war

Sat, 14 Jan 2017 00:45:09 GMT

From the phones of Montezuma to the servers of Tripoli

The head of the US Marines wants to recruit about 3,000 troops skilled in online warfare and espionage to make sure the Corps is ready for 21st-century battle.…




Playpen child sex abuse archive admin gets 20 years in the Big House

Fri, 13 Jan 2017 22:26:12 GMT

49 kids rescued so far

An administrator of Playpen – the notorious dark-web trading post of child sex abuse material – has been jailed for 20 years and faces a lifetime of parole.…




UK's largest hospital trust battles Friday 13th malware outbreak

Fri, 13 Jan 2017 18:46:51 GMT

Plug pulled on Barts Health computer gear to prevent cyber-disease spread

Malware has infected hospital computers at the UK’s biggest NHS trust.…




Google floats prototype Key Transparency to tackle secure swap woes

Fri, 13 Jan 2017 17:36:13 GMT

♪ I've got the key, I've got the secreeeee-eeet ♪

Google has released an open-source technology dubbed Key Transparency, which is designed to offer an interoperable directory of public encryption keys.…




Pirates, pirates, whatchu gonna do? Advertisers cop a visit from PIPCU

Fri, 13 Jan 2017 17:02:13 GMT

Someone's keeping the neckbeards in Doritos

Knock knock. Who's there? This Wednesday, officers from the City of London Police's Intellectual Property Crime Unit (PIPCU) trying to get your advertising agency to stop helping pirate sites generate revenue.…




Oh, for F...acebook: Critics bash WhatsApp encryption 'backdoor'

Fri, 13 Jan 2017 15:21:48 GMT

Don't panic, there's nothing to fear, insists green messenger

Updated A vulnerability in WhatsApp’s end-to-end encryption allows snoops to intercept and read encrypted messages, it was claimed today.…




EU policy makers consider FRAND licensing of machine-generated data

Fri, 13 Jan 2017 09:01:07 GMT

Anonymised app data silos impede movement

EU policy makers are considering introducing a new licensing regime for anonymised "machine-generated data".…




WordPress plugs eight holes in latest release

Fri, 13 Jan 2017 06:30:03 GMT

Cross-site scripting, request forgery, and more!

WordPress has patched a series of vulnerabilities in its content management system shuttering bugs affecting more than 10 million users.…




MongoDB hackers now sacking ElasticSearch

Fri, 13 Jan 2017 04:56:11 GMT

Open season on open services

It is open season on open services as net scum migrate from sacking MongoDB databases to insecure ElasticSearch instances.…




Trump's cyber-guru Giuliani runs ancient 'easily hackable website'

Fri, 13 Jan 2017 02:07:43 GMT

Stunned security experts tear strips off president-elect pick hours after announcement

US president-elect Donald Trump's freshly minted cyber-tsar Rudy Giuliani runs a website with a content management system years out of date and potentially utterly hackable.…




ISC squishes BIND packet-of-death bugs

Fri, 13 Jan 2017 01:56:12 GMT

DNS servers are crashable until they're patched

BIND administrators, get patching: there are three irritating flaws you need to splat.…




Donald Trump will take cybersecurity advice from, um, Rudy Giuliani

Thu, 12 Jan 2017 23:15:32 GMT

♪ Stop your messin' around, better think of your future ♪

The transition team for US president-elect Donald Trump has announced that former New York City mayor Rudy Giuliani will advise the incoming administration on how to secure America's digital infrastructure.…




Thanks, Obama: NSA to stream raw intelligence into FBI, DEA and pals

Thu, 12 Jan 2017 20:52:08 GMT

Gee, what a lovely parting gift by outgoing US prez

A last-minute rule change signed off by the outgoing Obama administration has made it much easier for the NSA to share raw surveillance data with more than a dozen government agencies.…




Shadow Brokers spew Windows hack tools after exploit auction flop

Thu, 12 Jan 2017 19:58:53 GMT

Screw you, guys, we're going home

Security exploit peddlers Shadow Brokers announced their retirement on Thursday – and released 58 tools for hacking Windows PCs for free by way of a parting gift.…




iPhone hacking biz Cellebrite hacked

Thu, 12 Jan 2017 19:03:46 GMT

Database pwned, cyber-forensics outfit admits

The Israeli company that found fame when it was fingered as a potential source of hacking software used by the FBI to crack open an iPhone has itself been hacked.…




Security hardened, pah! Expert doubts Kaymera's mighty Google's Pixel

Thu, 12 Jan 2017 17:30:06 GMT

Kaymera: building on shoulders of a giant, claim

The arrival of a security hardened version of Google’s supposed "iPhone killer" Pixel phone from Kaymera has received a sceptical reception from one expert.…




Brother-and-sister duo arrested over hacking campaign targeting Italy's bigwigs

Thu, 12 Jan 2017 16:31:08 GMT

EyePyramid operation targeted politicians and business leaders

A hacking operation featuring the EyePyramid trojan successfully compromised the systems of numerous high-profile Italian targets, including two former prime ministers, say Italian police.…




Peace-sign selfie fools menaced by fingerprint-harvesting tech

Thu, 12 Jan 2017 08:03:08 GMT

Cute photo? Your biometrics just got raided, boffins warn

Researchers from Japan's National Institute of Informatics say people's fingerprints could be extracted from photographs using yet-to-be built technology.…




Crims shut off Ukraine power in wide-ranging anniversary hacks

Thu, 12 Jan 2017 05:56:09 GMT

Phishing, denial of service, and remote exploitation part of hacking banquet

Hackers of unknown origin cut power supplies in Ukraine for a second time in 12 months as part of wide-ranging attacks that hit the country in December.…




Google Cloud unlocks key achievement

Thu, 12 Jan 2017 01:08:30 GMT

Encryption got you down? Google will manage your secrets for you

Google on Wednesday introduced its Cloud Key Management Service in beta to help Google Cloud Platform customers deal with their encryption keys.…




Digital video recorder installers master password list 'leaked' – claims

Wed, 11 Jan 2017 16:02:11 GMT

If true, we're talking remote viewing of people's CCTV cams

Xiongmai, the vendor behind many Mirai-vulnerable DVRs, has earned the consternation of security watchers once again.…




GoDaddy revokes 9,000 SSL certificates wrongly validated by code bug

Wed, 11 Jan 2017 15:00:13 GMT

Your website will work, but might be riddled with errors

GoDaddy was obliged to revoke thousands of SSL certificates on Tuesday as the result of an unspecified software bug.…




GCHQ feeds first crop of infosec startups to Cyber Accelerator

Wed, 11 Jan 2017 13:27:15 GMT

Tech 'crèche' will nurture firms to compete on the world stage

The first infosec startups selected for the GCHQ Cyber Accelerator have been unveiled.…




US Navy runs into snags with aircraft carrier's electric plane-slingshot

Wed, 11 Jan 2017 13:03:13 GMT

EMAL system was nearly bought by the UK. Bullet dodged? Oh no

The US Navy is having difficulties with its latest aircraft carrier's Electromagnetic Aircraft Launching System (EMALS) – the same system which the UK mooted fitting to its new Queen Elizabeth-class carriers.…




Oh Britain. Worried your routers will be hacked, but won't touch the admin settings

Wed, 11 Jan 2017 12:01:16 GMT

Survey shows people don't act on insecure wireless routers

Recent Mirai-style attacks against home broadband routers have had some effect but the majority of users have failed to act.…




How to secure MongoDB – because it isn't by default and thousands of DBs are being hacked

Wed, 11 Jan 2017 11:02:05 GMT

Stop right now and make sure you've configured it correctly

The rise in ransomware attacks on MongoDB installations prompted the database maker last week to issue advice on how to avoid being victimized.…




British Hadoop security startup expands to New York to land big investor

Wed, 11 Jan 2017 10:10:43 GMT

Panaseer reckons market there is more mature, i.e. it spends more money on security

British security startup Panaseer is expanding to New York from London as it plans to land a large American investor in 2017.…




New Windows 10 privacy controls: Just a little snooping – or the max

Wed, 11 Jan 2017 08:02:03 GMT

Microsoft offers two settings – on and almost off – and a dashboard of collected data

Microsoft has built an online dashboard of privacy controls in an attempt to soothe lingering anger over Windows 10 and its ability to phone home people's private information.…




Sundown exploit kit weaves Edge hack hole

Wed, 11 Jan 2017 06:35:08 GMT

Thankfully most users are patched

Authors of the Sundown exploit kit have integrated a since patched and limited Microsoft Edge vulnerability from a security firm's public proof-of-concept.…




Ansible patches 'own the farm' vulnerability

Wed, 11 Jan 2017 04:56:09 GMT

Just the Facts, sysadmins

Ansible sysadmins, make with the patch-fingers because the project's just gone public with a high-severity bug.…




EMC slings patch at remote hack nonce-nse

Wed, 11 Jan 2017 03:56:20 GMT

Smells like 2010

Remote attackers can hose EMC hybrid flash storage thanks to cryptographic weaknesses.…




Juniper warns: Borked upgrade opens root on firewalls

Wed, 11 Jan 2017 02:56:09 GMT

Turn it off and turn it back on again. No, really

Juniper is warning users of its SRX firewalls that a borked upgrade leaves a root-level account open to the world.…