Subscribe: The Register - Security: ID
http://www.theregister.com/security/identity/headlines.rss
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
apache struts  apache  breach  company  data  equifax  malware  microsoft  running  security  struts  time  years  … equifax   
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: ID

The Register - Security



Biting the hand that feeds IT



Copyright: Copyright 2017, Situation Publishing
 



CCleaner targeted top tech companies in attempt to lift IP

Thu, 21 Sep 2017 04:04:11 GMT

Infected Avast tool's payload went after the likes of Microsoft, Intel and Cisco, hit 20 targets

Cisco's Talos security limb Talos has probed the malware-laden CCleaner utility that Avast so kindly gave to the world and has concluded it's purpose was to create secondary attacks that attempted to penetrate top technology companies. Talos also thinks the malware may have succeeded in delivering a payload to targeted companies.…




Orland-whoa! Chap cops to masterminding $100m Microsoft piracy racket

Wed, 20 Sep 2017 22:02:52 GMT

Chinese national pleads guilty to running a massive counterfeiting ring

A Chinese national has admitted he coordinated a massive piracy ring that shifted more than $100m in bootleg Microsoft gear.…




FedEx: TNT NotPetya infection blew a $300m hole in our numbers

Wed, 20 Sep 2017 19:25:53 GMT

File-scrambling malware put a bomb under shipping giant's sales growth

FedEx has estimated this year's NotPetya ransomware outbreak cost it $300m in lost business and cleanup costs.…




IT fraudster facing four years' bird time for $10k blackmail

Wed, 20 Sep 2017 17:47:42 GMT

Blackmailed former employer, redirected company website for porn portal

An IT contractor who sabotaged a client's website and demanded $10,000 to restore it was this week convicted of wire fraud and sentenced to four years behind bars.…




Manchester plod still running 1,500 Windows XP machines

Wed, 20 Sep 2017 12:48:53 GMT

Issue 'endemic' across public sector, shriek experts

Cops in Manchester, England, have 1,518 PCs running on Microsoft's dusty operating system Windows XP, according to a Freedom of Information response.…




Lloyds Bank payments glitch frustrates merchants

Wed, 20 Sep 2017 11:48:15 GMT

C'mon, you POS... >:(

Lloyds Bank has admitted that unspecified technical problems affected the operation of its Cardnet payment system on Tuesday. The UK bank denied suggestions that it had suffered a cyber attack.…




More data lost or stolen in first half of 2017 than the whole of last year

Wed, 20 Sep 2017 09:58:07 GMT

That's 1.9 BEEELLION records – and just you wait till GDPR

More data records were leaked or stolen by miscreants during the first half of 2017 (1.9 billion) than all of 2016 (1.37 billion).…




Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too

Wed, 20 Sep 2017 08:03:08 GMT

Those are just the ones known to have downloaded outdated versions

Thousands of companies may be susceptible to the same type of hack that recently struck Equifax.…




Inept bloke who tried to sell military sat secrets to Russia gets 5 years

Tue, 19 Sep 2017 23:12:07 GMT

Bumbling fool not so much Jason Bourne as Johnny English

A contractor who tried to sell trade secrets on military communication satellites to the Russians has been sent down for five years. Incredibly, it could have been longer after prosecutors alleged that he was also planning to kill his wife.…




Viacom exposes crown jewels to world+dog in AWS S3 bucket blunder

Tue, 19 Sep 2017 19:59:39 GMT

Passwords, server schematics and encryption keys up for grabs in open file store

Updated Media monster Viacom has been caught with its security trousers down. Researchers found a wide-open, public-facing misconfigured AWS S3 bucket containing pretty much everything a hacker would need to take down the company's IT systems.…




What's that, Equifax? Most people expect to be notified of a breach within hours?

Tue, 19 Sep 2017 09:46:13 GMT

Go on, you're the breach expert

Equifax hasn't found time for a houseclean and is making claims of authority and competence about security breaches that, following its own recent high profile breach, come off as pretty cringeworthy.…




European Commission proposes more powers for EU's infosec agency

Tue, 19 Sep 2017 08:11:09 GMT

Cross-border cybersecurity certification scheme planned

The European Commission has proposed an expansion in the role of ENISA, the EU's cybersecurity agency.…




Pirate Bay digs itself a new hole: Mining alt-coin in slurper browsers

Tue, 19 Sep 2017 06:02:10 GMT

Would you trade your CPU time and electricity bill for pirated content?

Bittorrent search engine and mortal enemy of intellectual property lawyers, The Pirate Bay, has upset the one group of people that actually likes it: its users.…




Sexploitation gang thrown in clink for 171 years after 'hunting' kids online and luring them in front of webcams

Tue, 19 Sep 2017 00:16:37 GMT

Youngsters tricked into performing sex acts for pervs

Four men have joined their two accomplices behind bars for tricking young girls into performing sex acts online so they could film them.…




Someone checked and, yup, you can still hijack Gmail, Bitcoin wallets etc via dirty SS7 tricks

Mon, 18 Sep 2017 23:37:50 GMT

Two-factor authentication by SMS? More like SOS

Once again, it's been demonstrated that vulnerabilities in cellphone networks can be exploited to intercept one-time two-factor authentication tokens in text messages.…




DRM now a formal Web recommendation after protest vote fails

Mon, 18 Sep 2017 18:51:42 GMT

W3C lays out the case for anti-piracy, anti-copying defenses

Anti-piracy and anti-copying protections are now formally part of the World Wide Web after an effort to vote down content controls at the WWW's standards body failed.…




Downloaded CCleaner lately? Oo, awks... it was stuffed with malware

Mon, 18 Sep 2017 13:46:06 GMT

OK, OK, well the 2.27 million victims were not Reg readers

Antivirus firm Avast has admitted inadvertently distributing a trojanised version of CCleaner, a popular PC tune-up tool, for nearly a month, infecting an estimated 2.27 million users.…




TfL hackathon showed data can keep transport running and people safe

Mon, 18 Sep 2017 13:19:51 GMT

Analytics is about the journey AND destination

Sponsored If software is eating the world, then hackathons are its fast-food restaurants. Groups of developers come together for short periods to try to solve pressing problems. This happens in sectors from healthcare to retail, and now it's happening in transportation too.…




Equifax's IT leaders 'retire' as company says it knew about the bug that brought it down

Sun, 17 Sep 2017 22:35:53 GMT

Company tried to find and patch vulnerable systems, but we know what happened next

Equifax's chief information officer and chief security officer “are retiring” and the company has admitted it knew Apache Struts needed patching in March, but looks to have fluffed attempts to secure the software.…




Equifax UK admits: 400,000 Brits caught up in mega-breach

Fri, 15 Sep 2017 19:39:53 GMT

UK dedicated systems not affected

Equifax UK has surfaced to say that British systems were not affected by a recently disclosed megahack, however 400,000 UK people were affected due to a “process failure.”…




Equifax mega-breach: Security bod flags header config conflict

Fri, 15 Sep 2017 18:05:27 GMT

Help wanted at Equifax. Badly

Further evidence has emerged regarding the insecurity of Equifax’s web setup, as independent security researcher Scott Helme reports having uncovered all manner of problems with Equifax’s security header configuration.…




NCC hires three Bank of England cyber experts to beef up assurance business

Fri, 15 Sep 2017 10:28:05 GMT

Intros CENTA - that new money smell

Three of the Bank of England’s cyber specialists have joined NCC Group to lead a newly established threat assurance unit at the UK-based security consultancy firm.…




Chrome to label FTP sites insecure

Fri, 15 Sep 2017 00:58:08 GMT

It's only 0.0026 per cent of traffic, but it's all in plaintext so deserves a red flag

Google's Chrome browser will soon label file transfer protocol (FTP) services insecure.…




Another month, another malware outbreak in Google's Play Store

Fri, 15 Sep 2017 00:24:39 GMT

50 apps get pulled as ExpensiveWall malware runs riot in the store

Google has had to pull 50 malware-laden apps from its Play Store after researchers found that virus writers had once again managed to fool the Chocolate Factory's code checking system.…




What is the cyber equivalent of 'use of force'? When do we send in the tanks?

Thu, 14 Sep 2017 19:35:28 GMT

Former National Security advisor and CIA deputy head reflect on the online world

Cloudflare Internet Summit The United States needs to define a new set of international rules that decides what the cyber equivalent of a missile attack is.…




Defrosted starter for 10: Iceland home delivery site spills customer details

Thu, 14 Sep 2017 14:52:10 GMT

Something smelled fishy

Iceland’s home delivery service exposed sensitive customer information for months until the problem was plugged this week, a UK security researcher discovered.…




Protect your business from ransomware robbers

Thu, 14 Sep 2017 07:40:10 GMT

The inevitable kick in the arse

Promo Two much-publicised ransomware attacks earlier this year, including one on the NHS, have raised the profile of the ransomware menace that hangs over businesses of all sizes.…




Shoddily-set-up Elastisearch hosting point-of-sale malware

Thu, 14 Sep 2017 04:02:11 GMT

Sigh. Admins of free AWS instances just didn't tick the right boxes.

Lazily-configured software has again created a security incident, this time resulting in 4,000 instances of open source analytics and search tool Elasticsearch inadvertently running PoS-stealing malware.…




Missed patch caused Equifax data breach

Thu, 14 Sep 2017 02:09:16 GMT

Apache Struts was popped, but company had at least TWO MONTHS to fix it

Equifax has revealed that the cause of its massive data breach was a flaw it should have patched weeks before it was attacked.…




Credit reference agencies faulted for poor patching

Wed, 13 Sep 2017 21:12:20 GMT

Hold our beers, Equifax

Updated Experian and Annual Credit Report.com – an organization set up by Equifax, Experian and Transunion to meet US consumer finance regulations – left themselves exposed to a serious vulnerability in Apache Struts earlier this year.…




Homeland Security drops the hammer on Kaspersky Lab with preemptive ban

Wed, 13 Sep 2017 20:08:41 GMT

Government departments have 90 days to rip and replace

Despite pending legislation to ban US federal government offices from using Kaspersky Lab security software, Homeland Security has issued a Binding Operational Directive demanding that the products be removed within 90 days.…




Giant frikkin' British laser turret to start zapping stuff next year

Wed, 13 Sep 2017 14:01:07 GMT

That's part one sorted. Now, who's supplying the sharks?

The Dragonfire laser cannon consortium has unveiled a fullsize mockup of its shipborne blaster at the Defence and Security Exhibition International arms fair in London.…




Apple’s facial recognition: Well, it is more secure for the, er, sleeping user

Wed, 13 Sep 2017 11:43:39 GMT

iPhoneX feature receives stony-faced reaction from security buffs

Security watchers have given Apple’s introduction of facial recognition technology a cautious welcome.…




Kaspersky shrugs off government sales ban proposal

Wed, 13 Sep 2017 07:35:14 GMT

It's not like we sell to the Feds, so go ahead and ban us!

Kaspersky Lab has laughed off attempts to have its wares banned from US government computers by saying it hardly sold to the Feds anyway.…




North Korea attacks Bitcoin bods to swell its war chest says FireEye

Wed, 13 Sep 2017 06:31:13 GMT

BTC isn't explicitly covered by sanctions and Kim could launder it into useful currencies

North Korea appears to have commenced online attacks aimed at acquiring Bitcoin so it can evade sanctions.…




SAP E-Recruiting bug could let you stop rivals poaching your people

Wed, 13 Sep 2017 01:28:39 GMT

This might be the rare case of a bug you don't want patched

SAP admins, there's an e-mail system bug that could give your HR department headaches, by blocking peoples from registering their e-mail with its E-Recruiting system.…




It's September 2017, and .NET lets PDFs hijack your Windows PC

Tue, 12 Sep 2017 23:36:24 GMT

Look Microsoft, we'll stop these headlines when your stuff stops getting pwned

While much of the tech world is still fixating on Apple's $1,000 face-reading iPhone, administrators are going to be busy testing and deploying this month's Patch Tuesday load.…




Bish, bosh, Bashware: Microsoft downplays research on WSL Win 10 'hack' threat

Tue, 12 Sep 2017 22:59:39 GMT

To be fair, it's a hard hack to pull off

Microsoft has downplayed the risks of running a Linux Bash shell command line on Windows 10 via its Windows Subsystem for Linux (WSL) feature after security researchers said the technology could help hackers smuggle malware past security scanners and onto Windows 10 machines.…




Bluetooth bugs bedevil billions of devices

Tue, 12 Sep 2017 22:26:02 GMT

Baffling spec sinks security for short-range comms protocol

Security experts have long complained that complexity is the enemy of security, but the designers of the Bluetooth specification have evidently failed to pay attention.…




D-Link router riddled with 0-day flaws

Tue, 12 Sep 2017 19:34:49 GMT

'Basically, everything was pwned, from the Lan to the Wan'

A security researcher has shamed D‑Link by publicly disclosing 10 serious, as-yet unpatched vulnerabilities in a line of consumer-grade routers without notifying the vendor first.…




Another reason to hate Excel: its Macros can help pivot attacks

Tue, 12 Sep 2017 06:01:08 GMT

From Excel.Application to remote code execution. Lovely

A white-hat has taken a good look at whether you can pivot an attack from one machine to others using Microsoft Excel, and you probably won't like what he found.…




Equifax backtracks arbitrate-don't-litigate plan for punters

Tue, 12 Sep 2017 02:17:50 GMT

It's also bought a random number generator for PINs

Equifax has decided it will no longer try and impose arbitration on any of the millions of Americans who try to find out if they've been stung in its massive data leak.…




Google to kill Symantec certs in Chrome 66, due in early 2018

Tue, 12 Sep 2017 00:56:02 GMT

This is how trust ends, not with a bang but with a whimper

Google has detailed its plan to deprecate Symantec-issued certificates in Chrome.…




Crackas With Attitude troll gets five years in prison for harassment

Mon, 11 Sep 2017 21:33:20 GMT

Embarrassing law enforcement comes at a heavy price

A member of the short-lived Crackas With Attitude hacking troupe has received five years in prison, despite the fact that he hadn't actually hacked any accounts himself and had accepted a plea deal.…




FireEye pulls Equifax boasts as it tries to handle hack fallout

Mon, 11 Sep 2017 17:50:02 GMT

Now credit freezes may not even be secure

FireEye removed an Equifax case study* from its website in response to a recently disclosed mega-breach at the credit reference agency.…




44m UK consumers on Equifax's books. How many pwned? Blighty eagerly awaits spex on the breach

Mon, 11 Sep 2017 12:41:03 GMT

Speculation mounts as Equifax stays mum

The impact of the Equifax data leak in the UK remains unclear days after the breach was first made public, amid reports estimating that the personal details of up to 44 million Brit could have been exposed.…




42: The answer to life, the universe and how many Cisco products have Struts bugs

Mon, 11 Sep 2017 06:29:08 GMT

Borg starts appraising its exposure to Apache problem

More than 42 Cisco products might inherit the Apache Struts bug that emerged last week.…




Everybody without Android Oreo vulnerable to overlay attack

Mon, 11 Sep 2017 03:27:13 GMT

'Toast' micro-messages can burn just about every Android users

Any unpatched Android phone running a version older than Oreo is going to need patching fairly soon, with researchers turning up a class of vulnerability that lets malware draw fake dialogs so users “okay” their own pwnage.…




Apache Foundation rebuffs allegation it allowed Equifax attack

Mon, 11 Sep 2017 02:09:32 GMT

Timeline explains that either Equifax didn't patch old bugs, or was zero-dayed

The Apache Software Foundation has defended its development practices in the face of a report alleging its code was responsible for the Equifax data leak.…




Virginia scraps poke-to-vote machines hackers destroyed at DefCon

Mon, 11 Sep 2017 00:56:09 GMT

Three different machines fail tests, must be binned before November election

Virginia's State Board of Elections has decided its current generation of electronic voting machines is potentially vulnerable, and wants them replaced in time for the gubernatorial election due on November 7th, 2017.…