Subscribe: The Register - Security: ID
http://www.theregister.com/security/identity/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
app  bitcoin  bug  code  conference  crypto  cyber  data  don  facebook  found  people  security  service  wannacry  web  week     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: ID

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2018, Situation Publishing
 



Massive cyber attack targets mid-Atlantic nation 'Berylia'

Tue, 24 Apr 2018 06:02:09 GMT

NATO exercise offers the chance to test full chain of cyber-defence command

NATO and assorted partners have unleashed a massive cyber-attack on the fictional country of Berylia to test their ability to defend critical infrastructure against outside attacks.…




I got 99 secure devices but a Nintendo Switch ain't one: If you're using Nvidia's Tegra boot ROM I feel bad for you, son

Mon, 23 Apr 2018 21:17:43 GMT

Unpatchable vuln found, exploited to run custom code

Security researcher Kate Temkin has released proof-of-concept code dubbed Fusée Gelée that exploits a bug in Nvidia's Tegra chipsets to run custom code on locked-down devices.…




Single single-sign-on SNAFU threatens three Cisco products

Mon, 23 Apr 2018 06:28:09 GMT

Firepower, AnyConnect and ASA appliances and clients need patches

Cisco has announced a suite of patches against a bug in its Security Assertion Markup Language (SAML) implementation.…




Brains behind seL4 secure microkernel begin RISC-V chip port

Mon, 23 Apr 2018 05:02:09 GMT

Unveil first code, joins giants in industry-standards club

Last week, the first RISC-V port of its seL4 microkernel was released by the Data61 division of the Australian government's Commonwealth Scientific and Industrial Research Organisation (CSIRO).…




Chinese web giant finds Windows zero-day, stays schtum on specifics

Mon, 23 Apr 2018 01:36:08 GMT

Quihoo 360 plays the responsible disclosure game

Chinese company Quihoo 360 says it's found a Windows zero-day in the wild, but because it's notified Microsoft, it's not telling anyone else how it works.…




Cloud-surfing orgs under attack, Microsoft antivirus for Chrome, Windows 10 S bypass, non-RSA gigs, and more

Sat, 21 Apr 2018 11:06:13 GMT

Your guide to this week in infosec

Roundup Here's a roundup of this week's security news, beyond what we've already covered.…




Oh, baby! Newborn-care website leaves database of medics wide open

Fri, 20 Apr 2018 23:30:27 GMT

Health Stream, are you out there? The guy that found your data leak wants a word

A US healthcare company seemingly exposed on the public internet contact information for roughly 10,000 medical professionals.…




No way, RSA! Security conference's mobile app embarrassingly insecure

Fri, 20 Apr 2018 21:20:17 GMT

Sorry about the hard-coded passwords, can we sell you some crypto now?

RSA has copped to a security vulnerability in the backend systems powering the smartphone app for its annual security conference, held this week in San Francisco, USA.…




British Crackas With Attitude chief gets two years in the cooler for CIA spymaster hack

Fri, 20 Apr 2018 19:21:30 GMT

Kane Gamble gambles and loses on hacking skills

The British teenager who was sufficiently talented and stupid to hack the webmail of the head of the CIA was today sent down for two years.…




Planned European death ray may not need Brit boffinry brain-picking

Fri, 20 Apr 2018 15:06:09 GMT

Plenty of laser research already going on – but there's more than one way to melt a drone

The EU is planning to build a laser cannon with double the power of Britain's under-construction Dragonfire zapper, according to reports – but the general state of the tech doesn't automatically mean Europe will be trying to snaffle Brit raygun smarts.…




Oracle whips out the swatter, squishes 254 security bugs in its gear

Thu, 19 Apr 2018 22:07:34 GMT

Java fixes lobbed out, Spectre Solaris patches issued

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products.…




Yahoo! webmail! hacker! faces! nearly! eight! years! in! the! cooler!

Thu, 19 Apr 2018 18:25:50 GMT

Prosecutors ask judge to give Baratov 94 months for stealing accounts on behalf of FSB

The Canadian hacker who helped Russian agents by breaking into more than 11,000 Yahoo email accounts could spend the next eight years behind bars, if American prosecutors get their way.…




Eight months after Equifax megahack, some Brits are only just being notified

Thu, 19 Apr 2018 16:39:11 GMT

I'm fsck-ed off it took this long, rages affected Reg reader

Some of the 15 million Britons affected by the Equifax mega-hack are only now receiving letters notifying them that they were affected by the breach, eight months after the event.…




Millions of scraped public social net profiles left in open AWS S3 box

Thu, 19 Apr 2018 15:00:07 GMT

Poorly configured cloud buckets strike again – this time, Localbox fingered

US social network data aggregator LocalBlox has been caught leaving its AWS bucket of 48 million records – harvested in part from public Facebook, LinkedIn and Twitter profiles – available to be viewed by anyone who stopped by.…




Cutting custody snaps too costly for cash-strapped cops – UK.gov

Thu, 19 Apr 2018 08:02:07 GMT

Home Office admits national and local databases don't talk to each other, so everything is manual

The UK government has admitted it can only delete custody images from its massive database through a complex manual process, and that it would cost too much to weed out all the images of innocent people by hand.…




PCI Council releases vastly expanded cards-in-clouds guidance

Thu, 19 Apr 2018 05:58:09 GMT

First word on how card security for containers, VDI, SDN and web apps

The Payment Card Industry Security Standards Council (PCI SSC) has issued a big update to its guidance on using payment cards with cloud computing services.…




Facebook's login-to-other-sites service lets scum slurp your stuff

Thu, 19 Apr 2018 01:58:04 GMT

How trackers can snatch private info from people's profiles

Updated It's possible for miscreants to secretly extract people's personal information via Facebook's Login service – the tool that lets you sign into websites using just a Facebook ID.…




Flash! Ah-ahhh! WebEx pwned for all of us!

Thu, 19 Apr 2018 00:12:47 GMT

Cisco issues critical patch to stop in-meeting attacks

Cisco has patched a serious vulnerability in its WebEx software that lets an attacker remotely execute code on target machines via poisoned Adobe Flash files.…




How's your Wednesday? Things going well? OK, your iPhone, iPad can be pwned via Wi-Fi sync

Wed, 18 Apr 2018 20:26:36 GMT

Don't panic… until you finish reading

RSA 2018 The iTunes Wi-Fi sync feature in Apple's iOS can be potentially abused by cops, snoops, and hackers to remotely extract information from, and control, iPhones and iPads.…




Surprise! Wireless brain implants are not secure, and can be hijacked to kill you or steal thoughts

Wed, 18 Apr 2018 18:57:27 GMT

Science-fiction horror trope now a reality in 2018

Scientists in Belgium have tested the security of a wireless brain implant called a neurostimulator – and found that its unprotected signals can be hacked with off-the-shelf equipment.…




ID theft in UK hits record high as crooks shift to more vulnerable targets

Wed, 18 Apr 2018 13:02:04 GMT

Less checked online services bear brunt

Identity fraud in Blighty hit a record high of 174,523 incidents last year – and the vast majority of it happened online.…




NHS given a lashing for lack of action plan one year since WannaCry

Wed, 18 Apr 2018 08:03:06 GMT

Cyber resiliency of the UK's health service still in disarray

Nearly a year has passed since the unprecedented WannaCry cyber attack and the UK's NHS has yet to agree an action plan, according to a report by MPs.…




Cisco, Microsoft and 32 big vendor pals join ‘Accord’ to improve security by doing … security stuff

Wed, 18 Apr 2018 06:57:11 GMT

No roadmap. No timeframe. No success metrics. Not much grip on reality, either

Analysis Thirty-four technology companies inked a "Cybersecurity Tech Accord" on Tuesday which they said represents "a public commitment … to protect and empower civilians online and to improve the security, stability and resilience of cyberspace".…




Hop to it, bunnies: TaskRabbit breach means new passwords

Wed, 18 Apr 2018 04:57:04 GMT

Repeat after The Vultures: don't re-use passwords

IKEA's TaskRabbit app and Website, which links buyers with people skilled with Allen key experts and other errand-runners, remain offline a day after the company announced a data breach.…




You're a govt official. You accidentally slap personal info on the web. Quick, blame a kid!

Wed, 18 Apr 2018 03:59:45 GMT

Hacking charge for twiddling URL – O Canada!?

Comment There's a curious legal situation developing in Nova Scotia, Canada, right now.…




Hey, govt hacker bod. Made some really nasty malware? Don't be upset if it returns to bite you

Wed, 18 Apr 2018 00:45:24 GMT

Cough, cough, EternalBlue, cough, cough Wannacry, splutter, Stuxnet

RSA 2018 "You don't launch a cyber weapon, you share it."…




Signal app guru Moxie: Facebook is like Exxon. Everyone needs it, everyone despises it

Tue, 17 Apr 2018 19:52:00 GMT

Crypto expert panel tackles the big stories of the year

RSA 2018 Speaking at the 2018 RSA conference, a board of some of the most respected names in security spoke on Tuesday and were scathing about Facebook – and the industry's response to the Spectre processor bug.…




We 'could' send troubled Watchkeeper drones to war, insists UK minister

Tue, 17 Apr 2018 14:58:04 GMT

And I 'could' sing a duet with Taylor Swift

Comment The British Army's troubled Watchkeeper drones "could still be deployed on operations", a defence minister has insisted.…




Build up your security credentials at SANS London June 2018

Tue, 17 Apr 2018 10:12:07 GMT

Train to outwit the cyber criminals

Promo Even as IT systems grow and become more complex, so new and ingenious methods for stealing vital data or holding organisations to ransom proliferate at an increasingly rapid pace.…




Facebook admits it does track non-users, for their own good

Tue, 17 Apr 2018 05:53:12 GMT

Oh that snitch-code? It's just a little thing to make the web more convenient ... for Facebook and its advertisers

Facebook's apology-and-explanation machine grinds on, with The Social Network™ posting detail on one of its most controversial activities – how it tracks people who don't use Facebook.…




Intel's security light bulb moment: Chips to recruit GPUs to scan memory for software nasties

Tue, 17 Apr 2018 03:00:09 GMT

Coprocessors drafted for threat detection duties

Updated Having weathered revelations in January that its chips can be attacked through a novel class of side-channel vulnerabilities – mostly addressed through microcode fixes – Intel is adding broader silicon-level security improvements to its processors.…




Microsoft has designed an Arm Linux IoT cloud chip. Repeat, an Arm Linux IoT cloud chip

Tue, 17 Apr 2018 00:58:22 GMT

And it talks to Azure. Cortana probably spotted lurking nearby

Microsoft has designed a family of Arm-based system-on-chips for Internet-of-Things devices that runs its own flavor of Linux – and securely connects to an Azure-hosted backend.…




US, UK cyber cops warn Russians are rooting around in your routers

Mon, 16 Apr 2018 21:00:41 GMT

After all, it's where all your data is flowing through

American and British crimefighters have launched another round of pin-the-tail-on-the-Russians – with a warning that Moscow-backed hackers are trying to subvert the world's network devices.…




Google to add extra Gmail security … by building a walled garden

Mon, 16 Apr 2018 20:37:56 GMT

Wants to make money and ignore end-to-end encryption

Comment Google is planning to add several new security features to its ubiquitous email service, Gmail, but they will come with a cost – literally and figuratively.…




Security? We've heard of it, say web-app devs. 31 in 33 codebases have at least one big bad vuln

Mon, 16 Apr 2018 19:06:01 GMT

HTTP 404: Secure programming not found

Automated source code analysis of 33 web applications has found that 94 per cent of them have at least one high-severity vulnerability, according to security biz Positive Technologies.…




UK spy agency warns Brit telcos to flee from ZTE gear

Mon, 16 Apr 2018 14:55:08 GMT

GCHQ's cyber guys don't say why...

GCHQ's cyber security advice group has formally warned of the risk of using ZTE equipment and services for the UK's telco infrastructure.…




Cisco backs test to help classical crypto outlive quantum computers

Mon, 16 Apr 2018 05:58:09 GMT

Borg helps Isara's post-quantum PKI cert test in the hope it future-proofs TLS

Cisco and quantum security outfit Isara reckon they've got at least as far as alpha stage in one problem of the future: securing public key certificates against quantum computers.…




Security bods liberate EITest malware slaves

Mon, 16 Apr 2018 03:58:12 GMT

Miscreants' command and control network traffic sent down sinkhole

One of the world's longest-lived malware networks, EITest, has gone offline.…




Android apps prove a goldmine for dodgy password practices

Mon, 16 Apr 2018 00:58:09 GMT

And password crackers are getting a lot smarter

Bsides SF An analysis of free Android apps has shown that developers are leaving their crypto keys embedded in applications, in some cases because the software developer kits install them by default.…




Australian Feds cuff woman who used BTC to buy drugs on dark web

Mon, 16 Apr 2018 00:07:02 GMT

'We can see you everywhere and so can our friends in the UK', says Border Force

Australia’s Border Force (ABF) has warned that “people shouldn’t assume the dark web is invisible to Australian agencies” after cuffing a woman who bought illicit drugs using Bitcoin and had them shipped from the UK to Australia.…




So you’ve got a zero-day – do you sell to black, grey or white markets?

Sun, 15 Apr 2018 23:05:14 GMT

Bug bounty sales are getting very complicated, financially and morally

Bsides SF Barely a decade ago the mere idea of selling vulnerabilities was highly controversial. Today the market is mature, but increasingly complicated - researchers can now choose between making lots of money, being moral and making less, or going fully black.…




Router ravaging, crippling code, and why not to p*ss off IT staff

Sat, 14 Apr 2018 14:04:11 GMT

The wacky week in security

Roundup It has been a busy week for security, with the CYBERUK 2018 conference in the UK and the industry gearing up for BSides and the RSA conference in San Francisco next week.…




Exposed: Lazy Android mobe makers couldn't care less about security

Fri, 13 Apr 2018 21:58:10 GMT

Never. Is never a good time to get vulnerability fixes? Never is OK with you? Cool, never it is

Let's nail this once and for all: Too many Android smartphone makers simply aren't rolling out Google's security bug fixes for the mobile operating system.…




UK health service boss in the guts of WannaCry outbreak warns of more nasty code infections

Fri, 13 Apr 2018 18:27:46 GMT

Assume we're going to get hacked next time and plan for it

The UK's National Health Service has learned from last year's WannaCry attack – and started putting in place disaster recovery measures that will allow it to maintain services in the face of an even fiercer assault.…




Tried checking under the sofa? Indian BTC exchange Coinsecure finds itself $3.5m lighter

Fri, 13 Apr 2018 18:03:46 GMT

Outfit loses 438 bitcoin in security snafu

Indian Bitcoin exchange Coinsecure has mislaid 438.318 BTC belonging to its customers.…




From Bangkok to Phuket, they cry out: Oh, Bucket! Thai mobile operator spills 46k people's data

Fri, 13 Apr 2018 11:15:03 GMT

S3 spillage spoils included driving licences and passports

TrueMove H, the biggest 4G mobile operator in Thailand, has suffered a data breach.…




Cloudflare promises to tend not two, but 65,535 ports in a storm

Fri, 13 Apr 2018 00:27:38 GMT

But no Daily Stormer please

Cloudflare made its name proxying traffic for web servers, on network ports 80 (HTTP) and 443 (HTTPS), as a defense against denial of service attacks and their ilk.…




When SecureRandom()... isn't: JavaScript fingered for poking cash-spilling holes in Bitcoin wallets

Thu, 12 Apr 2018 23:57:15 GMT

If you've got an old money store, check it for hacked gaps

Concerns about a flawed crypto library that could allow Bitcoin theft have been revived following a post to a Bitcoin mailing list last week.…




'Well intentioned lawmakers could stifle IoT innovation', warns bug bounty pioneer

Thu, 12 Apr 2018 20:51:19 GMT

The pushback against regulation starts here

IoT security regulations could stifle innovation without addressing the security problems at hand, a well-respected security researcher controversially argues.…




GCHQ boss calls out Russia for 'industrial scale disinformation'

Thu, 12 Apr 2018 15:46:08 GMT

Kremlin 'blurring boundaries between criminal and state activity' – director

GCHQ‬ boss Jeremy Fleming has hailed the success of a cyber-offensive against ISIS last year and warned of the growing threat posed by Russia.…