Subscribe: The Register - Security: Spyware
Added By: Feedage Forager Feedage Grade A rated
Language: English
account  attack  critical  dns  dyn  hacker  hackers  hijack  hole  malware  microsoft  patch  patched  security  users     
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Register - Security: Spyware

The Register - Security

Biting the hand that feeds IT

Copyright: Copyright 2016, Situation Publishing

Phishing fraudsters pose as UK bank social media types

Thu, 27 Oct 2016 15:35:13 GMT

LOL! You can totes sign in here

Cybercrooks are posing as customer support staff from UK banks in a ruse designed to hoodwink gullible customers out of their credentials.…

Belgian court fines Skype for failing to intercept criminals' calls in 2012

Thu, 27 Oct 2016 15:20:10 GMT

It's technically impossible to do what you want, Skype said

Belgium has fined Skype €30,000 for failing to comply with a court request to intercept users' communications, something Skype claims was technically impossible at the time of the request.…

Schneider Electric plugs gaping hole in industrial control kit

Thu, 27 Oct 2016 10:06:06 GMT

Provider Schneider would've had hackers inside 'er

A vulnerability in Schneider Electric’s industrial controller management software created a possible mechanism for hackers to plant malicious code on industrial networks.…

How Google's Project Zero made Apple refactor its kernel

Thu, 27 Oct 2016 07:04:09 GMT

MacOS, iOS task threading was open to hijack

When Apple shipped its security bug-fixes earlier this week, one patch mostly passed under the radar.…

PayPal patches bone-headed two factor authentication bypass

Thu, 27 Oct 2016 06:30:08 GMT

No phone? No worries

Update Paypal has patched a boneheaded two factor authentication breach that allowed attackers to switch off the critical account control in minutes by changing a zero to a one.…

Good luck securing 'things' when users assume 'stuff just works'

Thu, 27 Oct 2016 06:02:04 GMT

Making devices secure by design requires more effort than vendors currently allow

At the end of April my home was broken into by a professional who silently and systematically looted my residence of all my portable wealth while I slept.…

Hacker's Icarus machine steals drones midflight

Thu, 27 Oct 2016 05:34:04 GMT

Popular RC protocol pwned

PacSec Security researcher Jonathan Andersson has developed a tidy hardware module capable of fully hijacking a variety of popular drones and remote control gear running over the most popular protocol.…

Internet of S**t things claims another scalp: DNS DDoS smashes StarHub

Thu, 27 Oct 2016 03:56:06 GMT

'Don't buy rubbish Webcams', carrier tells customers

StarHub in Singapore is the latest large network to get hammered with attacks on its DNS infrastructure – apparently by compromised kit owned by its customers.…

Three LibTIFF bugs found, only two patched

Thu, 27 Oct 2016 02:03:13 GMT

Buffer overruns, remote code execution, you know the drill

LibTIFF has three bugs that let booby-trapped files pwn a target - and only two of them have been patched.…

How many Internet of S**t devices knocked out Dyn? Fewer than you may expect

Thu, 27 Oct 2016 01:30:08 GMT

DNS really needs to be fixed if it can be taken out by 100,000 home devices

With more time to analyse its logs, DNS provider Dyn reckons about 100,000 Mirai-infected home web-connected gadgets knocked it out last Friday.…

Joomla! squashes critical privileged account creation holes

Thu, 27 Oct 2016 00:56:06 GMT

Borked two factor authentication also fixed

Joomla! has revealed it's patched twin critical flaws allowing attackers to bypass rules and create elevated privilege accounts.…

Adobe emits emergency patch for Flash hole malware is exploiting right this minute

Wed, 26 Oct 2016 18:48:11 GMT

Windows folks – how can we say this? UPDATE ASAP

Adobe is advising folks to update Flash Player – as malware is right now exploiting a newly discovered hole in the internet's screen door to hijack Windows PCs.…

Cyber-crooks menacing hospitals are put under the microscope

Wed, 26 Oct 2016 18:22:37 GMT

IT defense overall must be prioritized, says Intel Security’s Raj Samani

Cybercriminals are spreading into the healthcare sector even though the price per stolen medical record remains lower than for comparable financial account crime.…

Password1? You're so random. By which we mean not random at all -

Wed, 26 Oct 2016 16:00:11 GMT

Campaign says #thinkrandom, but experts demand cyber-security rethink

The UK government has renewed its efforts to persuade consumers to pick stronger passwords.…

Got Ancient exploit but nowhere to use it? Try the horrid GRX network

Wed, 26 Oct 2016 07:40:07 GMT

Audio: Aussie hacker shows even NSA hacks haven't schooled some telcos

Ruxcon They've been warned for years, but scores of telcos are still making bone-headed configuration mistakes in their GPRS Global Roaming Exchange (GRX) networks, leaving mail and FTP servers vulnerable.…

VXer turns to ancient freemium model to flog keylogger, malware tools

Wed, 26 Oct 2016 04:56:12 GMT

'Researcher' sells spamming, trojan wares

Malware has been spotted using the freemium model more than 30 years after it was introduced.…

This is not a drill: Hackers pop stock Nexus 6P in five minutes

Wed, 26 Oct 2016 02:56:13 GMT

Keen hackers at Mobile Pwn2Own

The Nexus 6P appears to have been hacked with attackers at the Mobile Pwn2Own contest installing malware without user interaction in less than five minutes.…

Asterisk users need to patch DoS bug

Tue, 25 Oct 2016 22:30:04 GMT

Overlap dialling lets attacker shut down system

Asterisk users need to get busy with a patch.…

'Every step your anti-theft tracker takes – I'll be watching you'

Tue, 25 Oct 2016 18:01:02 GMT

Phone-sync'd widgets open folks to stalker risk

Tracking widgets that you stick on your keys and wallet so you don't lose them are riddled with security vulnerabilities, we're told.…

Paging 1994: Crap encryption still rife in devices

Tue, 25 Oct 2016 15:23:12 GMT

Switch to asymmetric keys, stat!

Pager communications in industrial environments often run over unencrypted channels, creating a hacker risk in the process.…

Surveillance by consent: Commissioner launches CCTV strategy for England and Wales

Tue, 25 Oct 2016 12:31:08 GMT

Guidelines issued on ensuring the public is protected, not spied on

“There is a gap between what exists and what should exist,” according to the UK's commissioner responsible for ensuring that surveillance cameras are protecting members of the public, rather than spying on them.…

Microsoft: Watch out millennials for evil Security Essentials

Tue, 25 Oct 2016 07:30:12 GMT

Scammers: 'Gunna be lit, fam'

Microsoft is warning of fake copies of its Security Essentials that if executed will throw a fake blue screen of death, pwn machines, and lead users to technical support scams.…

Graduate recruitment site exposed 50,000 CVs sent to Virgin Media UK

Tue, 25 Oct 2016 06:33:13 GMT

Kid schools telco: 'So have you heard of access controls?'

Virgin Media has shuttered a kindergarten-grade bug in a third party website that exposed up to 50,000 résumés it's received over the years, complete with names, street and email addresses of applicants.…

MedSec's St Jude pacemaker hacks confirmed by pen-tester

Tue, 25 Oct 2016 02:58:12 GMT

Bishop Fox report says Merlin@Home vulns are real and deadly

St Jude Medical has suffered another setback in its lawsuit against Muddy Waters and security company MedSec.…

Joomla! readies patch for core vulnerability so critical it isn't talking

Tue, 25 Oct 2016 02:36:32 GMT

Patch to drop 1400 UTC, Tuesday. And the haste of its release suggests this is scary

The world's second-favourite content management system, Joomla!, is warning of a critical security hole so bad its developers aren't saying what it fixes.…

Judge orders FBI to reveal whether White House launched 'Tor pedo' torpedo exploits

Tue, 25 Oct 2016 00:56:07 GMT

Alleged Playpen perverts win a concession

A US judge overseeing an FBI “Playpen case” has told agents to reveal whether or not their investigative hacking was approved by the White House.…

LinkedIn, Dropbox hack suspect named as Yevgeniy Nikulin by US prosecutors

Mon, 24 Oct 2016 22:32:39 GMT

Russia hoping to block accused miscreant's extradition

The US Department of Justice has unsealed its indictment against a Russian bloke accused of hacking high-profile websites.…

It's nearly 2017 and JPEGs, PDFs, font files can hijack your Apple Mac, iPhone, iPad

Mon, 24 Oct 2016 21:41:09 GMT

Get patching now

Apple has distributed a fresh round of security updates to address remote-code execution holes in iOS, macOS, Safari, and the firmware for Apple Watch and AppleTV.…

App proves Rowhammer can be exploited to root Android phones – and there's little Google can do to fully kill it

Mon, 24 Oct 2016 18:31:00 GMT

Hardware vuln strikes 18 of 27 tested mobes

Security researchers have demonstrated how to gain root privileges from a normal Android app without relying on any software bug.…

Chinese electronics biz recalls webcams at heart of botnet DDoS woes

Mon, 24 Oct 2016 14:01:06 GMT

US products compromised by Mirai mischief in another Internet of Things success

Chinese electronics firm Hangzhou Xiongmai is set to recall swathes of webcams after they were compromised by the Mirai botnet.…

Hacktivist crew claims it launched last week's DDoS mega-attack

Mon, 24 Oct 2016 11:09:10 GMT

Dyn-Dyn-Dyn... it's a knockout!

A group called New World Hackers has claimed responsibility for a DDoS attack that rendered significant portions of the web unreachable last Friday.…

Ageing GSM crypto cracked on commodity graphics rig

Mon, 24 Oct 2016 07:02:06 GMT

A*STAR Singapore shows how easy it is

The crypto scheme applied to second generation (2G) mobile phone data can be hacked within seconds, security researchers have demonstrated.…

Hackers pop top 'secure' wireless keyboard and mouse kits, gain RCE

Mon, 24 Oct 2016 04:56:04 GMT

Patch? Nah, we'll just remove 'secure' from the tin: vendor

Ruxcon Wireless keyboard and mouse manufacturers including Microsoft, Fujitsu, and Logitech have been forced to fix borked encryption in peripherals that allow physical attackers to hijack computers.…

Thanks, IoT vendors: your slack attitude will get regulators moving

Mon, 24 Oct 2016 03:54:04 GMT

Networks also need to grab a mirror and look at themselves

Last Friday's Mirai botnet attack against Dyn must force everybody's hands – vendors, regulators, and Internet infrastructure operators.…

Brute force cred crunchers gifted Username Anarchy

Mon, 24 Oct 2016 01:58:09 GMT

dpauli, darren.pauli, darrenp, pauli.darren, paulid

Ruxcon Melbourne security bod Andrew Horton has created a tool to automate the generation of usernames in a bid to round-out brute force account attacks.…

Every LTE call, text, can be intercepted, blacked out, hacker finds

Sun, 23 Oct 2016 22:59:33 GMT

Emergency fail over provisions abused

Ruxcon Hacker Wanqiao Zhang of Chinese security house Qihoo 360 has blown holes in 4G LTE networks by detailing how to intercept and make calls, send text messages and even force phones offline.…

Mozilla plots TLS 1.3 future for Firefox

Sun, 23 Oct 2016 22:42:55 GMT

Quicker handshake starts encrypting data sooner

Mozilla has decided it needs to lift its HTTPS game, and will default to TLS 1.3 in next year's Firefox 52.…

Pacemaker maker St Jude faces new security flaw claims from biz short-selling its stock

Sat, 22 Oct 2016 12:30:10 GMT

This is not the way to get vulnerabilities fixed

Security startup MedSec and the financial house backing the biz have published new allegations of security flaws in pacemakers and defibrillators built by St Jude Medical – and again look set to profit from the disclosures in an unorthodox way.…

Como–D'oh! Infosec duo exploits OCR flaw to nab a website's HTTPS cert

Fri, 21 Oct 2016 20:40:31 GMT

Pair abused typo blind spot to game certificate authority

Two European security researchers exploited Comodo's crappy backend systems to obtain a HTTPS certificate for a domain they do not own.…

Dyn dinged by DDoS: US DNS firm gives web a bad hair day

Fri, 21 Oct 2016 14:23:12 GMT

Reddit, Github, Airbnb and pals affected

A denial of service attack against managed DNS provider Dyn restricted access to many US-based websites on Friday.…

Hax0rs sow Discord by using VoIP service to sling malware at gamers

Fri, 21 Oct 2016 13:31:07 GMT

Not even playtime's safe these days

Hackers abused a free VoIP service for gamers to distribute remote-access Trojans and other malware.…

Hack us and you're basically attacking America, says UK defence sec

Fri, 21 Oct 2016 11:43:11 GMT

And we'll attack you back, promises Defence Secretary

Britain is splurging £265m on military cyber security – and that includes offensive capabilities, according to Defence Secretary Sir Michael Fallon.…

Slack whacks global account hijack holes

Fri, 21 Oct 2016 06:30:05 GMT

For a while there your Slack account could be hijacked with just a username

Hipster collaboration platform Slack has shuttered an access control bypass that allowed users to hijack any account.…

Fruity hacking group juiced by Microsoft's October patch parade

Fri, 21 Oct 2016 05:29:05 GMT

Get your patching done, people, this Font-borne bug is being actively exploited

Kaspersky Labs researcher Anton Ivanov says an advanced threat group was exploiting a Windows zero day vulnerability before Microsoft patched it last week.…

Spam scum ping global blacklists to wreck rep

Fri, 21 Oct 2016 04:02:09 GMT

Email pests seek clean machines for better hit rates.

Malware authors are consulting IP blacklists designed to help fight spam in a bid to avoid detection and increase inbox hit rates.…

Dirty COW explained: Get a moooo-ve on and patch Linux root hole

Fri, 21 Oct 2016 02:21:33 GMT

Widespread flaw can be easily exploited to hijack PCs, servers, gizmos, phones

Code dive Patch your Linux-powered systems, phones and gadgets as soon as possible, if you can, to kill off a kernel-level flaw affecting nearly every distro of the open-source operating system.…

Google pays $100k to anti-malware crusader Giovanni Vigna

Fri, 21 Oct 2016 01:58:13 GMT

Prolific malware murderer bags Mountain View's Security, Privacy and Anti-Abuse award

Anti-malware machine and head of the Shellphish DARPA Grand Challenge bronze-medallist team has won US$100,000 from Google for security research efforts.…

DIY website builder Weebly was secured feebly

Fri, 21 Oct 2016 00:55:41 GMT

43m credentials lifted, plus 58m more at Modern Business Solutions and 22m from FourSquare

Another day, another three major breaches: this time at do it yourself website builder Weebly, which has been revealed as secured feebly, as were FourSquare and Modern Business Solutions.…

Three million debit cards at risk after hackers raid Indian payment systems

Thu, 20 Oct 2016 20:37:37 GMT

It wasn't us, gov! Hitachi Payment Services denies its ATMs were pwned

A suspected security breach has led banks in India to warn 3.25 million customers to replace their debit cards or change the PINs.…

US DNC hackers blew through SIX zero-days vulns last year alone

Thu, 20 Oct 2016 19:07:51 GMT

Most targets were individuals with Gmail addresses

Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed for ransacking the US Democratic National Committee's computers.…