The Register - Security

Sat, 19 Aug 2017 07:26:06 GMT

And how to avoid making the same mistakes

BSides Minor blunders in reverse web proxies can result in critical security vulnerabilities on internal networks, the infosec world was warned this week.…

Fri, 18 Aug 2017 22:59:13 GMT

Judges frown upon fishing for incriminating data on phones

It's a ruling sending shockwaves through the worlds of privacy, device security, and law enforcement in America.…

Fri, 18 Aug 2017 20:12:54 GMT

Machine learning and code to detect and alert attempts to extract passwords from staff

Security researchers from UC Berkeley and the Lawrence Berkeley National Laboratory in the US have come up with a way to mitigate the risk of spear-phishing in corporate environments.…

Fri, 18 Aug 2017 14:06:48 GMT

Pen-testers face new challenges as defences evolve

BSides The opening talk at BSides Manchester on Thursday examined how red team tactics are evolving beyond phishing to include a wider variety of methods.…

Fri, 18 Aug 2017 13:23:36 GMT

But the MoD will happily tell you how many manned jets we're using to do that exact thing

The UK's Information Tribunal has rejected an appeal by campaigners trying to find out how many British Reaper drones are being used for warlike missions in the Middle East.…

Fri, 18 Aug 2017 11:57:12 GMT

Security researchers pick up angle grinder, drop £2k-plus in B-sides chat

BSides Weighing in at 800kg secondhand, freestanding ATMs - a “safe with a computer on top” - are a logistical nightmare to own and research, security boffin Leigh-Anne Galloway warned delegates at the BSides Manchester infosec conference yesterday.…

Fri, 18 Aug 2017 01:57:09 GMT

Federal agency addresses the new world of Alexa, smart cameras and IoT

A draft of new IT security measures by the US National Institute of Standards and Technology (NIST) has for the first time pulled privacy into its core text as well as expanded its scope to include the internet of things and smart home technology.…

Thu, 17 Aug 2017 23:52:46 GMT

Verizon says basestation dumps increasingly popular

US telecoms giant Verizon says police are increasingly asking it to cough up massive dumps of cellphone data rather than individual records.…

Thu, 17 Aug 2017 22:48:07 GMT

Ladies and gentlemen, start your ARM disassemblers

Apple's Secure Enclave, an ARM-based coprocessor used to enhance iOS security, became a bit less secure on Thursday with the publication of a firmware decryption key.…

Thu, 17 Aug 2017 20:47:40 GMT

Personal info spills from another poorly secured Amazon service

A voting machine supplier for dozens of US states left records on 1.8 million Americans in public view for anyone to download – after misconfiguring its AWS-hosted storage.…

Thu, 17 Aug 2017 12:55:04 GMT

Authority fined £70k after missing URL manipulation

A London council has been fined £70,000 after design faults in its TicketViewer app allowed unauthorised access to 119 documents containing sensitive personal information.…

Thu, 17 Aug 2017 06:03:09 GMT

Contract ignores lack of strategy, growing criticism

The UK Home Office has put out to tender a £4.6m ($5.9m) contract for facial recognition software – despite the fact its biometrics strategy and retention systems remain embroiled in controversy.…

Thu, 17 Aug 2017 05:03:12 GMT

Consultant was all too app-y to break law, claim investigators

A banking IT expert orchestrated an insider-trading caper that raked in millions of dollars for him and his pals, it was claimed on Wednesday.…

Thu, 17 Aug 2017 04:27:10 GMT

Project Zero's two-year-old dog learns a new trick

It's Rowhammer, Jim, but not as we know it: IBM boffins have taken the DRAM-bit-flipping-as-attack-vector trick found by Google and applied it to MLC NAND Flash.…

Wed, 16 Aug 2017 22:15:38 GMT

IT crippled so badly firm relied on WhatsApp

The world's largest container shipping biz has revealed the losses it suffered after getting hit by the NotPetya ransomware outbreak, and the results aren't pretty.…

Wed, 16 Aug 2017 19:04:20 GMT

Fox, meet henhouse

An ex-Secret Service agent who stole Bitcoins from the Silk Road dark web drugs bazaar he was supposed to be investigating has admitted stealing even more sacks of the digital currency.…

Wed, 16 Aug 2017 13:27:09 GMT

GoT suspects cuffed

Four arrests connected with the leak of an unaired Game of Thrones episode have been made in India.…

Wed, 16 Aug 2017 10:59:08 GMT

65,000 tonnes and 4.5 acres of British sovereign territory – but is she worth it?

Pics Britain’s newest warship, its biggest warship of all time, HMS Queen Elizabeth, entered Portsmouth Harbour for the first time this morning.…

Wed, 16 Aug 2017 10:37:12 GMT

Unidentified hackers attempt to bust open email accounts

Hackers are trying to break into Scottish Parliament email accounts weeks after similar campaigns against Westminster.…

Wed, 16 Aug 2017 10:03:06 GMT

Wed, 16 Aug 2017 08:03:08 GMT

Yet 'alternative' UK financial service has complied with law

Customers of UK financial services firm FFrees said they were unaware of a breach that took place there four months ago until a security researcher got in touch with them.…

Wed, 16 Aug 2017 01:56:12 GMT

Unpatched browser, plug-in bugs targeted by and with 'Disdain' kit

WebEx on Firefox is among the targets of a new exploit kit that's started circulating on Russian nastyware exchanges.…

Tue, 15 Aug 2017 22:58:08 GMT

Do you use this suite? If yes: A July 18 update screwed over your security

Researchers at Kaspersky Lab have found a well-hidden backdoor in NetSang's server management software.…

Tue, 15 Aug 2017 19:33:43 GMT

FTC forces taxi app upstart to let in auditors after complaints of data security cockups

Uber and America's trade watchdog have reached a settlement following claims the taxi app maker lied about the extent to which its staff can mine customers' personal info for fun.…

Tue, 15 Aug 2017 15:30:59 GMT

Exploit combo fails to dodge Word warning prompts

Updated A booby-trapped .RTF file is doing the rounds that combines two publicly available Microsoft Office exploits.…

Tue, 15 Aug 2017 13:01:07 GMT

'Get rich or die trying' seems to be working out for this fellow

A seemingly state-sponsored cyberattack aimed at more than 4,000 infrastructure companies has been blamed on a lone Nigerian cybercriminal.…

Tue, 15 Aug 2017 11:59:07 GMT

Apple has already smote JSPatch once this year

Updated Chinese drone firm DJI appears to have baked a hot-patching framework into its Go app that breaks Apple's App Store terms and conditions, according to drone hacker sources.…

Tue, 15 Aug 2017 00:22:39 GMT

Collateral damage in 3, 2, 1…

The US Defense Intelligence Agency has vowed to capture enemy malware, study and customize it, and then turn the software nasties on their creators.…

Mon, 14 Aug 2017 16:34:54 GMT

Trial scheduled for October

Marcus Hutchins, the WannaCry kill-switch hero, has today pleaded not guilty to charges of creating and selling malware at a hearing in Milwaukee, Wisconsin.…

Mon, 14 Aug 2017 14:32:08 GMT

More likely damage control after host GoDaddy pulled plug

Doubts have been cast over claims that hacktivists have taken control of neo-Nazi website the Daily Stormer.…

Mon, 14 Aug 2017 11:00:13 GMT

Yes, it’s time for another reader poll

Study Phishing is the attempt to obtain personal, private, or commercially sensitive information or funds by impersonating a trustworthy source. Fraudsters commonly use email to quarry their pray, but messaging apps, social media, fake websites, and phone calls are frequently used too. Consumer phishing attacks still outnumber those specifically targeting businesses and institutions, but this should not lull IT and business managers into a false sense of security.…

Mon, 14 Aug 2017 03:04:45 GMT

Privilege escalation is baked in to mobile OSes, if you look for it

Oxford researchers reckon they've spotted the next emerging trend in Android advertising (and possibly malware): using common libraries to “collude” between apps with different privilege levels.…

Sun, 13 Aug 2017 23:58:09 GMT

DBAs: strap on your patching boots. Every DB in your clusters needs work

PostgreSQL has released three security patches for versions 9.6.4, 9.5.8, 9.4.13, 9.3.18, and 9.2.22.…

Sun, 13 Aug 2017 22:56:03 GMT

Git, Mercurial, SVN patched; CVS hasn't got around to it yet

Users of the world's most popular software version control systems can be attacked when cloning a repository over SSH.…

Sat, 12 Aug 2017 11:21:09 GMT

Putin's favorite attack dogs APT28 fingered by FireEye

Russian hackers accused of ransacking the US Democratic party's servers last year may now be targeting hotels in Europe and the Middle East, it is claimed.…

Fri, 11 Aug 2017 20:41:31 GMT

Malicious gadgets can snoop on keypresses, other data, through ports, it is claimed

Malicious USB gadgets can secretly spy on data flowing in and out of devices plugged into adjacent USB ports, security researchers in Australia have warned.…

Fri, 11 Aug 2017 15:38:13 GMT

Local photographer took pics of 'ghost ship' deck, then flew off unchallenged

An amateur photographer has reportedly landed his £475 drone aboard the largest warship ever built for the Royal Navy – without permission and completely unchallenged.…

Fri, 11 Aug 2017 12:36:32 GMT

'Counter-terrorism not the only national security threat we face'

A former boss at UK domestic spy arm MI5 has cautioned against a crackdown on encrypted messaging apps.…

Fri, 11 Aug 2017 11:39:51 GMT

Sergey Neverov accused of posting Petya-A tutorial + ransomware links

A middle-aged Ukrainian has been arrested on suspicion of acting as an agent in distributing the infamous NotPetya ransomware.…

Fri, 11 Aug 2017 03:57:06 GMT

Boffins had to break gene-reading software but were able to remotely exploit a computer

Scientists from the University of Washington have created synthetic DNA that produced malware of a sort.…

Thu, 10 Aug 2017 21:14:47 GMT

Nice birthday gift for clever kid who found a way to access web giant's confidential info

A teenager in Uruguay has scored big after finding and reporting a bug in Google's App Engine to view confidential internal Google documents.…

Thu, 10 Aug 2017 16:45:08 GMT

Builtin antivirus will make room for rival products

Kaspersky Labs is dropping its antitrust complaints against Microsoft in Russia and Europe.…

Thu, 10 Aug 2017 11:45:23 GMT

Take a plea deal and come home quick, opines East London meeting

Marcus Hutchins’ British supporters believe his best chance of getting home within the next few years is to accept a plea deal with US prosecutors, some of them opined last night.…

Thu, 10 Aug 2017 10:35:20 GMT

21,000 accounts handled by Indian outsourcing biz exposed

Blighty's Information Commissioner’s Office has whacked TalkTalk with a £100,000 fine after the data of the records of 21,000 people were exposed to fraudsters in an Indian call centre.…

Thu, 10 Aug 2017 08:27:11 GMT

UK Home Office's response to concerns are a riddle wrapped in an enigma

Analysis The UK Home Office's ambiguous response to whether or not the Investigatory Powers Act gives the British government the authority to pressure or force people to work for GCHQ is troubling.…

Thu, 10 Aug 2017 06:29:11 GMT

Some insights from the HBO hack and bomb threat claims

It's something every aspiring crook needs to consider before they attempt to break into the world of cyber-crime: what's the business plan?…

Thu, 10 Aug 2017 05:01:03 GMT

Revealing penetration-testing tool sealed staffers' fate

Salesforce fired two of its senior security engineers after they revealed details of an internal tool for testing IT defenses at DEF CON last month.…

Thu, 10 Aug 2017 03:03:04 GMT

WoSign and StartCom banished from Windows 10

Microsoft's decided not to support digital certificates issued by Chinese outfits WoSign and StartCom, but the first-mentioned CA disputes the decision.…

Thu, 10 Aug 2017 00:45:08 GMT

Not a bug, it's a clearly labelled switched-off feature, we're told

Security firms are, understandably, quite sensitive about claims that their products are insecure, so accusations of this sort tend to cause a kerfuffle.…

Wed, 09 Aug 2017 23:44:07 GMT

It's 2017 and cross-site forgery vulnerabilities are still a thing

A cross-site forgery vulnerability in the American court system's document archive PACER has been fixed. The bug could have been exploited to hijack accounts and retrieve civil and criminal lawsuit files on victims' dime.…