Subscribe: The Register - Security: Enterprise Security
Added By: Feedage Forager Feedage Grade A rated
Language: English
data  fix  google  hardware  malware  meltdown spectre  meltdown  mobile  new  patches  security  spectre  systems  users     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Enterprise Security

The Register - Security

Biting the hand that feeds IT

Copyright: Copyright 2018, Situation Publishing

UK Army chief: Russia could totally pwn us with cable-cutting and hax0rs

Mon, 22 Jan 2018 13:05:12 GMT

Speech to think tank will warn of Brit weaknesses in key areas

The UK needs to invest in up-to-date army tech, including protection from cyber attacks, the Ministry of Defence's chief of general staff will warn today.…

HMRC dev support team cc blurtfest: Over 1,400 email addresses blabbed

Mon, 22 Jan 2018 11:23:04 GMT

Developers find out who else is testing HMRC's tools

Almost 1,500 software developers registered to use the UK taxman's sandbox or API platform have had their email addresses blabbed in a mass mailing.…

The Reg visits London Met Police's digital and electronics forensics labs

Mon, 22 Jan 2018 10:09:07 GMT

Met lab tour throws up issues around storage, encryption and privacy versus security

More than 90 per cent of crime has "a digital element," we were told as The Reg was welcomed into London Metropolitan Police's Central Communications Command Centre, near Lambeth Bridge on the Thames.…

Dridex redux, with FTP serving the nasties

Mon, 22 Jan 2018 08:01:12 GMT

Venerable malware is back for another round of phishing phun

Keep your eyes open for yet-another Dridex-based malware attack.…

Smut site fingered as 'source' of a million US net neutrality comments

Mon, 22 Jan 2018 06:03:41 GMT

Bad news for the FCC because the site has 55 staff and doesn't hand out email addresses

Shmoocon An analysis of comments submitted to the United States Federal Communications Commission's consultation on the future of the nation's net neutrality rules has shown the whole process of public comments was fatally flawed.…

Meltdown/Spectre week three: World still knee-deep in something nasty

Mon, 22 Jan 2018 04:31:27 GMT

And years away from safety

It is now almost three weeks since The Register revealed the chip design flaws that Google later confirmed and the world still awaits certainty about what it will take to get over the silicon slip-ups.…

China flaunts quantum key distribution in-SPAAACE by securing videoconference

Mon, 22 Jan 2018 02:04:04 GMT

Satellite carries keys to Graz

China has revealed more detail of its much-hyped satellite quantum key distribution network.…

Unlocked: The hidden love note on the grave of America's first crypto power-couple

Sat, 20 Jan 2018 08:58:10 GMT


Shmoocon Among the 400,000 graves at the Arlington National Cemetery – a solemn US military graveyard in Virginia – lies the final resting place of cryptography pioneers William and Elizebeth Friedman.…

America restarts dodgy spying program – just as classified surveillance abuse memo emerges

Fri, 19 Jan 2018 21:21:42 GMT

There is literally nothing decent in this story

Analysis The US Senate reauthorized a controversial NSA spying program on Thursday – and then, because it's 2018 and nothing matters any more, embarked on a partisan battle over a confidential memo that outlines Uncle Sam's alleged abuse of surveillance powers.…

There are other, legal ways to nab Microsoft emails, privacy groups remind Supremes

Fri, 19 Jan 2018 15:03:07 GMT

Redmond finds allies in Irish data centre spat

Allowing Uncle Sam to seize emails stored in Microsoft's Irish data centre would violate foreign data protection laws and risk setting a damaging precedent, the US Supreme Court has been told.…

Delve into the hidden corners of security at CyberThreat18

Fri, 19 Jan 2018 09:19:10 GMT

New event set to infiltrate QEII

Promo If you are a cybersecurity practitioner who feels on top of the latest developments in your field, CyberThreat18 may make you want to think again.…

Two things will survive a nuclear holocaust: Cockroaches and crafty URLs like ғасеьоок.com

Fri, 19 Jan 2018 06:03:11 GMT

Pesky phishing pages using international domain names just won't go away

It's been known for a long while that people can use similar-looking non-Roman characters to create internet addresses that look similar to real ones.…

You get a lawsuit! And you get a lawsuit! And you! Now Apple sued over CPU security flaws

Thu, 18 Jan 2018 23:15:09 GMT

iGiant up next in the Meltdown-Spectre-sueball-a-palooza

Add Apple to the list of companies facing a legal backlash in the US over the Spectre and Meltdown CPU security fiasco.…

Sad-sack Anon calling himself 'Mr Cunnilingus' online is busted for DDoSing ex-bosses

Thu, 18 Jan 2018 21:23:48 GMT

Electronics tutor's taunts come back to haunt him

An electronics technician pleaded guilty on Wednesday to orchestrating distributed denial of service (DDoS) attacks on a former employer and other organizations – and to unlawfully possessing a firearm as a former felon.…

Someone is touting a mobile, PC spyware platform called Dark Caracal to governments

Thu, 18 Jan 2018 16:00:12 GMT

Hundreds of gigabytes already slurped, say EFF and Lookout

An investigation by the Electronic Frontier Foundation and security biz Lookout has uncovered Dark Caracal, a surveillance-toolkit-for-hire that has been used to suck huge amounts of data from Android mobiles and Windows desktop PCs around the world.…

F-35 'incomparable' to Harrier jump jet, top test pilot tells El Reg

Thu, 18 Jan 2018 15:27:09 GMT

Naturally we demanded proof – and we got it

Interview What's it like to fly an F-35 fighter jet? We interviewed the chief British test pilot about a uniquely British flying technique – and then had a play with a full cockpit simulator to find out for ourselves.…

Google fuels up Chromecast Wi-Fi flooding fix

Thu, 18 Jan 2018 14:27:11 GMT

It lands today

Google has confirmed plans to issue a patch for Chromecast and Google Home aimed at resolving a traffic flooding problem that was swamping home networks.…

And Oracle E-biz suite makes 3: Package also vulnerable to exploit used by cryptocurrency miner

Thu, 18 Jan 2018 13:26:13 GMT

Hat trick!

A third Oracle enterprise package has been patched against a crypto-mining exploit.…

VTech fondleslabs for kids 'still vulnerable' despite sanctions

Thu, 18 Jan 2018 09:02:15 GMT

Researchers claim flaws remain more than two years later

New InnoTab child learning devices still have the same security flaw first found by researchers at Pen Test Partners two years ago.…

Mozilla edict: 'Web-accessible' features need 'secure contexts'

Thu, 18 Jan 2018 07:55:11 GMT

If an API or feature needs the 'net, it needs HTTPS under Mozilla's new plan

Mozilla has decided to further locking down the Internet with the announcement that developers can only access new Firefox features from what it calls “secure contexts”.…

North Korea's finest spent 2017 distributing RATs, wipers, and phish

Thu, 18 Jan 2018 06:30:11 GMT

And sent them mostly to South Korea, naturally

South Korea was the target of a barrage of malware campaigns last year.…

Industrial systems scrambling to catch up with Meltdown, Spectre

Thu, 18 Jan 2018 05:01:10 GMT

Some confessions, but 'watch this space' is the more common reaction - when there is one

Vendors of industrial systems have joined the long list of vendors responding responses to the Meltdown and Spectre processor vulnerabilities.…

Who's using 2FA? Sweet FA. Less than 10% of Gmail users enable two-factor authentication

Wed, 17 Jan 2018 21:33:46 GMT

Your daily dose of digital depression

Usenix Enigma It has been nearly seven years since Google introduced two-factor authentication for Gmail accounts, but virtually no one is using it.…

HTML5 may as well stand for Hey, Track Me Longtime 5. Ads can use it to fingerprint netizens

Wed, 17 Jan 2018 20:21:06 GMT

This language is wired for sound

Usenix Enigma HTML5 is a boon for unscrupulous web advertising networks, which can use the markup language's features to build up detailed fingerprints of individual netizens without their knowledge or consent.…

Former Santander bank manager pleads guilty to computer misuse crimes

Wed, 17 Jan 2018 15:24:06 GMT

Customer details spilled to boyfriend

Updated A former Santander bank manager has pleaded guilty to £15,000 worth of computer misuse crimes after her boyfriend talked her into giving him illicitly obtained customer information.…

Biggest vuln bombshell in forever and storage industry still umms and errs over patches

Wed, 17 Jan 2018 11:27:09 GMT

Does it run in VMs, containers, systems running external code? Just. Patch. It

Analysis A growing consensus among storage hardware appliance vendors is that, since they don't run external software on their hardware, they don't need to stick performance-hindering patches into their operating systems.…

Wanna motivate staff to be more secure? Don't bother bribing 'em

Wed, 17 Jan 2018 08:39:28 GMT

Also, don't get the BOFH to publicly smack them with a LART

Usenix Enigma It's frustrating getting users to keep information and systems secure on a daily basis. However, don't try any smart gimmicks – particularly offering wedges of cash or other prizes for good behavior.…

Another round of click-fraud extensions pulled from Chrome Store

Wed, 17 Jan 2018 08:01:08 GMT

More than 500,000 users stung

A security researcher has claimed that a cumulative half a million Chrome users have been hit by four malicious browser extensions pushing click and SEO fraud.…

BIND comes apart thanks to ancient denial-of-service vuln

Wed, 17 Jan 2018 01:57:13 GMT

No active exploits, but crashes are happening in the wild

Back in 2000, a bug crept into the Internet Systems Corporation's BIND server, and it lay unnoticed until now.…

Hospital injects $60,000 into crims' coffers to cure malware infection

Tue, 16 Jan 2018 23:48:55 GMT

Medics say they couldn't wait for backups to be pulled as ransomware ransacked kit

A US hospital paid extortionists roughly $60,000 to end a ransomware outbreak that forced staff to use pencil-and-paper records.…

Android snoopware Skygofree can pilfer WhatsApp messages

Tue, 16 Jan 2018 17:30:12 GMT

Sophisticated nasty also able to listen in based on location

Mobile malware strain Skygofree may be the most advanced Android-infecting nasties ever, antivirus-flinger Kaspersky Lab has warned.…

UK's Just Eat faces probe after woman tweets chat-up texts from 'delivery guy'

Tue, 16 Jan 2018 14:44:23 GMT

ICO to investigate allegations of driver delivering side order of creepy

A customer of takeaway delivery firm Just Eat has alleged a driver from an eatery used her phone number to ask her for a date.…

New Mirai botnet species 'Okiru' hunts for ARC-based kit

Tue, 16 Jan 2018 11:56:12 GMT

Researchers: Code designed to hit Linux devices

A new variant of the notorious Mirai malware is exploiting kit with ARC processors.…

Canada charges chap alleged to run stolen data-mart Leakedsource

Tue, 16 Jan 2018 01:59:09 GMT

Unlike similar services, this one sold purloined passwords

The Royal Canadian Mounted Police has announced it has cuffed and charged a man for selling stolen identities and passwords at…

Bad benchmarks bedevil boffins' infosec efforts

Tue, 16 Jan 2018 00:58:07 GMT

'Benchmark crimes' understate true performance impact of security controls

A group of operating systems specialists has said that sloppy benchmarking is harming security efforts by making it hard to assess the likely performance impact of security countermeasures.…

Now Meltdown patches are making industrial control systems lurch

Mon, 15 Jan 2018 18:07:07 GMT

Automation and SCADA-flingers admit fix has affected products

Patches for the Meltdown vulnerability are causing stability issues in industrial control systems.…

Customers reporting credit card fraud after using OnePlus webstore

Mon, 15 Jan 2018 13:16:06 GMT

Chinese mobe-flinger probing the issue

A large number of OnePlus customers claim to have been hit by fraudulent credit card transactions after making purchases on the phone company's site. And they're unhappy that the company has been slow to address the issue.… denies data processing framework is 'sinister' – but admits ICO has concerns

Mon, 15 Jan 2018 10:18:09 GMT

Minister says commish is 'free to disregard' framework if it is 'irrelevant'

The government has moved to allay fears over amendments to the Data Protection Bill that critics say could undermine both the law and the powers of the UK’s privacy watchdog.…

Meltdown/Spectre fixes made AWS CPUs cry, says SolarWinds

Mon, 15 Jan 2018 08:37:05 GMT

CPU utilization up, throughput down, but a second fix may have restored normal service

Log-sniffing vendor SolarWinds has used its own wares to chronicle the application of Meltdown and Spectre patches on its own Amazon Web Services infrastructure, and the results make for ugly viewing.…

Oracle still silent on Meltdown, but lists patches for x86 servers among 233 new fixes

Mon, 15 Jan 2018 01:30:08 GMT

Sun ZFS Storage Appliance users: brace for super-critical fix

Oracle still has nothing to say about whether the Meltdown or Spectre vulnerabilities are a problem for its hardware.…

Intel puts security on the todo list, Tavis topples torrent tool, and more

Sat, 13 Jan 2018 10:11:11 GMT

A quick catch-up on infosec stuff beyond what we've already reported

Roundup The security world is still feeling the aftereffects of last week's CPU design flaw disclosures, which continued to dominate the news this week, even amid the noisy CES jamboree in Las Vegas.…

Let's Encrypt plugs hole that let miscreants grab HTTPS web certs for strangers' domains

Sat, 13 Jan 2018 01:40:14 GMT

Shared hosting oversight bites free SSL/TLS certificate org

Let's Encrypt – a SSL/TLS certificate authority run by the non-profit Internet Security Research Group (ISRG) to programmatically provide websites with free certs for their HTTPS websites – on Thursday said it is discontinuing TLS-SNI validation because it's insecure in the context of many shared hosting providers.…

Feds may have to explain knowledge of security holes – if draft law comes into play

Sat, 13 Jan 2018 00:59:28 GMT

House reps approve bill requiring vuln disclosure reports

The US House of Representatives this week approved a bill that, given further legislative and executive branch support, will require the American government to account for its handling of software and hardware vulnerabilities.…

Boffins split on whether Spectre fix needs tweaked hardware

Fri, 12 Jan 2018 17:09:05 GMT

It's not like a recall is possible, says chip security expert

Analysis Processor security experts – including one cited in the Meltdown paper – are split on whether the resolution of the Spectre vulnerability may need to involve hardware modifications or the software defences being rolled out are adequate.…

Intel AMT security locks bypassed on corp laptops – fresh research

Fri, 12 Jan 2018 16:08:05 GMT

Easy as A, B, CTRL+P

Updated Security shortcomings in Intel's Active Management Technology (AMT) can be exploited by miscreants to bypass login prompts on notebook computers.…

Data protection is best managed from the centre

Fri, 12 Jan 2018 14:45:12 GMT

Become the ruler of all you survey

Security people talk of an attack surface to describe exposure to malware and hacking. The bigger the attack surface, the more at risk you are.…

'Mummy, what's felching?' Tot gets smut served by Android app

Fri, 12 Jan 2018 14:00:12 GMT

Google’s Play Store fails again

Researchers have found a batch of over 60 malware-carrying apps in Google's Play Store designed to rob mobile users or show them pornography, all with a kid-friendly theme.…

Intel’s Meltdown fix freaked out some Broadwells, Haswells

Fri, 12 Jan 2018 03:27:03 GMT

Customers say PCs and servers reboot a lot after fixes. Meanwhile, AMD admits to Spectre problems

Intel has warned that the fix for its Meltdown and Spectre woes might have made PCs and servers less stable.…

Brace yourselves for the 'terabyte (sic) of death', warns US army IT boss

Fri, 12 Jan 2018 01:11:50 GMT

Sorry, make that, exiting IT boss

The outgoing head of the Defense Information Systems Agency, which handles computer security for the US Department of Defense, has warned a massive cyber-attack is "looming" at the American military's door.…

Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo...

Thu, 11 Jan 2018 13:00:13 GMT

SCADA mobile app security is getting worse

The security of mobile apps that tie in with Supervisory Control and Data Acquisition (SCADA) systems has deteriorated over the last two-and-a-half years, according to new research.…