Subscribe: The Register - Security: Enterprise Security
Added By: Feedage Forager Feedage Grade A rated
Language: English
bug  car  data  don  firm  group  hand  law  malware  microsoft  network  online  security  server  time  web  years     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Enterprise Security

The Register - Security

Biting the hand that feeds IT

Copyright: Copyright 2017, Situation Publishing

UK cops can keep millions of mugshots of innocent folks on file

Sat, 25 Feb 2017 10:01:08 GMT

You can ask to be removed, but it's up to officers to listen, Home Office cheerfully concludes

After unlawfully hoarding millions of mugshots of one-time suspects, UK police chiefs were this week told to delete the snaps – but only if the people in the photos complain. And even then, requests can be easily waved away.…

NSA snoops told: Get your checkbooks and pens ready for a cyber-weapon shopping spree

Sat, 25 Feb 2017 00:38:55 GMT

US Cyber Command boss lays out plans for next decade

NSA and US Cyber Command boss Mike Rogers has revealed the future direction of his two agencies – and for the private sector, this masterplan can be summarized in one word.…

Don't worry about Privacy Shield, it's fine. Really. I promise, says US trade watchdog head

Fri, 24 Feb 2017 22:57:21 GMT

It's not fine

The acting head of the US Federal Trade Commission, Maureen Ohlhausen, has sought to assure people that the critical Privacy Shield data-sharing agreement will hold up despite President Trump's recent executive orders on immigration.…

Mysterious Gmail account lockouts prompt hack fears

Fri, 24 Feb 2017 17:31:04 GMT

Something happening here, what it is ain't exactly clear

Updated A substantial number of Gmail users have been affected by a potential but unconfirmed hack of unknown origin or purpose.…

South Korea targeted by cyberspies (again). Kim, got something to say?

Fri, 24 Feb 2017 03:06:15 GMT

Vulnerabilities in Hangul word processing program exploited

The South Korean public sector is once again in the firing line of a sophisticated – and likely government-backed – cyberattack.…

Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug

Fri, 24 Feb 2017 01:47:39 GMT

Heartbleed-style classic buffer overrun blunder strikes in 2017

Big-name websites leaked people's private session keys and personal information into strangers' browsers, due to a Cloudflare bug uncovered by Google researchers.…

I was authorized to trash my employer's network, sysadmin tells court

Thu, 23 Feb 2017 21:13:21 GMT

Michael Thomas' appeal will send shockwaves through IT industry if successful

Back in December 2011, Michael Thomas did what many sysadmins secretly dream of doing: he trashed his employer's network and left a note saying he quit.…

US 'security' biz trio Sentinel Labs, Vir2us, SpyChatter accused of lying about certification

Thu, 23 Feb 2017 20:28:17 GMT

Watchdog forces them to drop claims of privacy protections

Three US companies have settled with the FTC after they were accused of lying about the security safeguards on their customer information.…

'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time

Thu, 23 Feb 2017 18:33:07 GMT

Tired old algo underpinning online security must die now

Google researchers and academics have today demonstrated it is possible – following years of number crunching – to produce two different documents that have the same SHA-1 hash signature.…

Ex-employees sued for £15m over data slurpage ordered to pay up just £2

Thu, 23 Feb 2017 16:38:09 GMT

Brit firm 'missed the jackpot', says High Court judge

The High Court in London, UK, has agreed that a company's former employees who took thousands of confidential files away on USB sticks when they quit the firm were indeed naughty – and ordered them to pay damages of just £1 each.…

Deutsche Telekom hack suspect arrested at London airport

Thu, 23 Feb 2017 12:54:14 GMT

Cops probing Mirai telco takedown

UK police have arrested a suspect in connection with an attack that infected nearly 1 million Deutsche Telekom routers last November.…

Microsoft catches up to Valentine's Day Flash flaw massacre

Thu, 23 Feb 2017 07:34:08 GMT

Critical update deals with five ways to do remote code execution on Windows

Microsoft's popped out a Security Update for Adobe Flash.…

Boffins exfiltrate data by blinking hard drives' LEDs

Thu, 23 Feb 2017 06:29:09 GMT

Malware? Check. Camera? Check. Let's go sniff passwords

That roll of tape you use to cover the Webcam? Better use some of it on your hard-drive LED, because it can be a data exfiltration vector.…

Linux kernel gets patch for 11-year-old local-root-hole security bug

Thu, 23 Feb 2017 02:57:13 GMT

DCCP code cockup lay unnoticed since 2005

Eleven years ago or thereabouts, the Linux kernel got support for the Datagram Congestion Control Protocol – and also got a privilege escalation bug that has just been fixed.…

Firefox certificate cache leaks user information

Thu, 23 Feb 2017 02:01:12 GMT

Mozilla devs debate whether this is a bug or a feature

Firefox's intermediate certificate cache can be tricked into leaking to a deliberately mis-configured server, creating yet-another chance to fingerprint users (including those who think they're protected by Private Browsing).…

US judge halts mass fingerprint harvesting by cops to unlock iPhones

Thu, 23 Feb 2017 00:29:29 GMT

Uncle Sam's vaguely worded raid warrant knocked down by the Constitution

Analysis An Illinois judge has rejected a warrant sought by the US government to force everyone in a given location to apply his or her fingerprints to any Apple electronic device investigators happen to find there, a ruling contrary to a similar warrant request granted last year by a judge in California.…

Blundering Boeing bod blabbed spreadsheet of 36,000 coworkers' personal details in email

Wed, 22 Feb 2017 19:43:10 GMT

Its own security software could have stopped data exposure

Global aerospace firm Boeing earlier this month sent a notification to Washington State Attorney General Bob Ferguson, as required by law, about a company employee who mistakenly emailed a spreadsheet full of employee personal data to his spouse in November, 2016.…

Privacy concerns over gaps in eBay crypto

Wed, 22 Feb 2017 16:26:10 GMT

HTTP still being used

eBay uses HTTPS on its most critical pages, such as those where payment or address information is entered, but a lack of encryption on several sensitive pages still poses a concern for the privacy conscious.…

Infosec firm NCC Group launches review over crap financials

Wed, 22 Feb 2017 13:53:10 GMT

Misses full-year forecast by, oh, only 20 per cent

Cybersecurity firm NCC Group has launched a strategic review after issuing a profit warning.…

Netflix treats security ills with Stethoscope: Open-source self-probing tool

Wed, 22 Feb 2017 07:58:05 GMT

Software scrutinizes device defenses, is better than just yelling IT policies at staff

Netflix has released the source code of a web application called Stethoscope for evaluating the security of mobile and desktop computing devices.…

How's your online bank security looking? The Dutch studied theirs and... yeah, not great

Wed, 22 Feb 2017 07:02:05 GMT

Just six per cent of banks using DNSSEC on domains

The Dutch banking industry is doing a terrible job of online security, according to the company that runs the country's .nl internet domains.…

DomainMonster mash: Hundreds of websites vandalized after Brit web host server hacked

Wed, 22 Feb 2017 06:29:08 GMT

Small biz wakes up to find online homes defaced

Hundreds of websites have been defaced by hackers who hijacked a web-hosting server run by UK domain registrar DomainMonster.…

Talos opens box, three Aerospike vulns fly out

Wed, 22 Feb 2017 03:01:14 GMT

NoSQL server, but a big unhappy Yes to the question of security worries

Aerospike NoSQL server DBAs, make sure you've rolled out version, because the vulnerabilities it fixes have been made public.…

Researchers offer simple scheme to stop the next Stuxnet

Wed, 22 Feb 2017 01:23:12 GMT

Don't get rung out about planting bugs in ladder logic: they should be easy to spot

One of the world's oldest programming styles, the ladder logic that runs on industrial programmable logic controllers, remains dangerously vulnerable to attack, according to boffins from Singapore and India.…

US Homeland Security is so secure even its own staff can't log in

Tue, 21 Feb 2017 22:42:27 GMT

Nothing like a post-holiday IT cockup

US Department of Homeland Security staff returning to work on Tuesday after the Presidents' Day holiday have apparently had a tough time getting computer systems to function.…

'Hey, Homeland Security. Don't you dare demand Twitter, Facebook passwords at the border'

Tue, 21 Feb 2017 20:04:19 GMT

Civil liberty groups, security experts, law profs, lawmakers slam looming US policy

Over 50 human rights and civil liberties groups, nearly 100 law professors and security experts, and lawmakers have launched a campaign against digital searches at the US border.…

Hacking group RTM able to divert bulk financial transfers with malware

Tue, 21 Feb 2017 15:31:12 GMT

Attacks of great concern to Russian financial institutions

Cybercrime group RTM is deploying complex malware based in the Delphi programming language to target Remote Banking Systems (RBS), a type of business software used to make bulk financial transfers.…

TeamSpy hackers get the crew back together after four-year hiatus

Tue, 21 Feb 2017 12:54:09 GMT

Remote-control app hijacked for use as snooping tool – again

Updated Cybercrooks have once again begun slinging malware that subverts elements of the legitimate TeamViewer remote control app to snoop on victims.…

Java and Python have unpatched firewall-crossing FTP SNAFU

Tue, 21 Feb 2017 01:46:03 GMT

This gets interesting when you find your way into a mail server, says dev who found it

Stop us if you've heard this one: Java and Python have a bug you can exploit to cross firewalls. Since neither are yet patched, it might be a good day to nag your developers for a bit.…

Is your child a hacker? Liverpudlian parents get warning signs checklist

Mon, 20 Feb 2017 17:03:07 GMT

Do they use 'the language of hacking', including referring to themselves as a 'hacker'?

Hot on the heels of Liverpool being awarded the European Capital of Culture for 2008 comes a charity programme, run by YouthFed, titled Hackers to Heroes.…

Beeps, roots and leaves: Car-controlling Android apps create theft risk

Mon, 20 Feb 2017 13:55:10 GMT

Haven't named and shamed car-makers though

Insecure car-controlling Android apps create a heightened car theft risk, security researchers at Kaspersky Lab warn.…

Connected car in the second-hand lot? Don't buy it if you're not hack-savvy

Mon, 20 Feb 2017 06:02:11 GMT

The first owner might still have access. And the second. And so on

Cars are smart enough to remember an owner, but not smart enough to forget one – and that's a problem if a smart car is sold second-hand.…

Google bellows bug news after Microsoft sails past fix deadline

Mon, 20 Feb 2017 00:31:14 GMT

Mess in Windows graphics library can give bad hombres access to memory

Google's Project Zero has again revealed a Windows bug before Microsoft fixed it.…

Florida Man jailed for 4 years after raking in a million bucks from spam

Sat, 18 Feb 2017 14:32:08 GMT

Miscreant used stolen email accounts to cram crap into inboxes

A marketer who used stolen email accounts to trouser more than a million dollars by spamming people has been sent down for four years.…

Paper factory fired its sysadmin. He returned via VPN and caused $1m in damage. Now jailed

Sat, 18 Feb 2017 00:24:11 GMT

34-month sentence and he has to pay his old bosses back

A sacked system administrator has been jailed after hacking the control systems of his ex-employer – and causing over a million dollars in damage.…

Probe President Trump and his crappy Samsung Twitter-o-phone, demand angry congressfolk

Fri, 17 Feb 2017 21:40:28 GMT

The Galaxy S3 is real but is its security FAKE NEWS?

Fifteen members of US Congress have asked the House Oversight Committee to investigate whether President Trump is putting national security at risk by using an insecure phone and holding sensitive meetings in public.…

Smash up your kid's Bluetooth-connected Cayla 'surveillance' doll, Germany urges parents

Fri, 17 Feb 2017 19:45:18 GMT

Or switch it off, bin it, bury it, whatever's necessary

Germany's Federal Network Agency, or Bundesnetzagentur, has banned Genesis Toys' Cayla doll as an illegal surveillance device.…

US account holders more likely to switch banks following fraud

Fri, 17 Feb 2017 16:30:07 GMT

More evidence that security = happy customers

Account holders in the US are more likely to switch banks in the aftermath of fraud, according to a new study.…

Mystery deepens over Android spyware targeting Israeli soldiers

Fri, 17 Feb 2017 12:59:09 GMT

'Unlikely Hamas is responsible' – researchers

Hackers are continuing to target Israeli Defence Force (IDF) personnel with Android spyware but doubts have emerged that Hamas is behind the cyber-spying operation.…

New Royal Navy Wildcat helicopters can't transmit vital data

Fri, 17 Feb 2017 12:17:10 GMT

Crews have to land and move tactical info around via USB sticks. No, really

Britain's latest military helicopter fleet has still not had a tactical data link capability fitted, two years after the aircraft entered service.…

US visitors must hand over Twitter, Facebook handles by law – newbie Rep starts ball rolling

Fri, 17 Feb 2017 01:08:13 GMT

Rookie's bill targets visa applicants, may never happen

A newbie congressman has floated his first ever US law bill – one that demands visitors to America hand over URLs to their social network accounts.…

Don’t panic over cyber-terrorism: Daesh-bags still at script kiddie level

Thu, 16 Feb 2017 21:44:59 GMT

Medieval terror bastards not great at hacking says ex-top NSA lawyer

RSA USA There’s no need to panic about the threat of a major online terrorist attack, since ISIS and their allies are all talk and no trousers. That's according to the former head of the US National Counterterrorism Center.…

Corpse of US anti-spying law unearthed, reanimated, pushed blinking into the sunlight

Thu, 16 Feb 2017 20:16:45 GMT

Bill reintroduced to crack down on location snooping

US Congressional lawmakers on Wednesday reintroduced legislation to establish rules limiting how American government agencies can obtain a person's whereabouts.…

Haven't deleted your Yahoo account yet? Reminder: Hackers forged login cookies

Thu, 16 Feb 2017 14:33:13 GMT

We're! not! even! bothering! with! exclamation! mark! this! time!

Yahoo! is reminding folks that hackers broke into its systems, and learned how to forge its website's session cookies. That allowed the miscreants to log into user accounts without ever typing a password.…

F-Secure buys industrial control security firm

Thu, 16 Feb 2017 12:19:08 GMT

Also locks down automotive and aviation electronics

F-Secure has acquired hardware and embedded system security firm Inverse Path. Financial terms of the deal, announced on Thursday, were undisclosed.…

Former NSA techies raise $8m for their data governance startup

Thu, 16 Feb 2017 12:00:13 GMT

Immuta to free up data scientists in 'highly regulated' environments

Immuta, a data governance startup run by former US National Security Agency technicians, has announced the conclusion of its Series A funding round, pulling in $8m.…

Revealed: Web servers used by disk-nuking Shamoon cyberweapon

Thu, 16 Feb 2017 07:58:14 GMT

Avoid this wonderful malware on your network by black-holing connections

A detailed analysis of the Shamoon malware – which is playing a huge role in the cyberwar between Saudi Arabia and Iran – has identified servers used to spread the software nasty.…

Crypto-curious? Wickr's opened its kimono for code review

Thu, 16 Feb 2017 04:54:06 GMT

Look, don't copy: 'this is not an open source license'

Ephemeral messaging application Wickr has opened up the core crypto software of its Wickr Professional app so others can review it.…

ITU ponders whether blockchain belongs in its security standards

Thu, 16 Feb 2017 04:02:08 GMT

Security working group has decided it wants to know what it needs to know

The International Telecommunication Union has decided the time has come to consider whether Blockchain deserves its attention so it can be considered for future security standards.…

As Microsoft touts Windows Insider for biz, let's take a look at W10's broken 2FA logins

Thu, 16 Feb 2017 00:36:56 GMT

Smart card support busted? Redmond says: ¯\_(ツ)_/¯

For months now, the Windows 10 Anniversary Update has broken two-factor logins using certain smart cards – and Microsoft has refused to discuss it.…