Category: The Register – Security

Boring! Where are teh 1337 h4x? We want 1337 h4x The Iranian cybercrime group that was expected to spearhead the rogue Middle East nation’s revenge for the US assassination of General Qasem Soleimani has quite the arsenal at its digital…

Read more →

Due dil 101 Today was meant to be Brit security biz Sophos’s last day on the London Stock Exchange following its £3bn purchase by a US venture capital company.…   Advertise on IT Security News. Read the complete article: Sophos…

Read more →

Merging search and address bar means more data for the tech giants Microsoft Edge and Yandex are “much more worrisome” compared to Brave, Chrome, Firefox and Safari, according to a paper on browser privacy (PDF) published this week.…   Advertise…

Read more →

Encryption keys forced to zero by chip-level KrØØk flaw A billion-plus computers, phones, and other devices are said to suffer a chip-level security vulnerability that can be exploited by nearby miscreants to snoop on victims’ encrypted Wi-Fi traffic.…   Advertise…

Read more →

Section 215 more useless than we suspected yet they still want to keep it The controversial surveillance program that gave the NSA access to the phone call records of millions of Americans has cost US taxpayers $100m – and resulted…

Read more →

It’s 2020 and pre-auth, superuser command injection is still a thing Zyxel’s network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware.…  …

Read more →

Sir Andrew Parker also claims UK spies are not doing bulk surveillance British spies are once again stipulating that tech companies break their encryption so life is made easier for state-sponsored eavesdroppers.…   Advertise on IT Security News. Read the…

Read more →

Plus birth certificates, job interview data and more A leak of 10,000 records at a Leicestershire care home provider exposed elderly patients’ wishes not to be resuscitated, detailed care plans and precisely how much councils paid for individual patients’ care.……

Read more →

Pair engineer malicious code from public source tweak before official binary releases Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities – and exploit code for one of them is already public, so get patching.……

Read more →

Still not the last word for VirnetX after 10-year fight The United States Supreme Court has kicked out Apple’s attempt to overturn a judgement in one of the cases in its 10-year patent fight with VirnetX.…   Advertise on IT…

Read more →

A preview of muddy paws all over your on-prem resources, or a passwordless future? Hybrid environments can now join the preview party for FIDO2 support in Azure Active Directory.…   Advertise on IT Security News. Read the complete article: Password…

Read more →

Aw, how generous Hey, Linux fans! Microsoft has got your back over fileless threats. Assuming you’ve bought into the whole Azure Security Center thing.…   Advertise on IT Security News. Read the complete article: Microsoft uses its expertise in malware…

Read more →

Tight-lipped chaebol still won’t talk about the dodgy app, though Samsung has admitted that what it calls a “small number” of users could indeed read other people’s personal data following last week’s unexplained Find my Mobile notification.…   Advertise on…

Read more →

And Adobe in remote-code execution patch non-shocker Roundup  It’s once again time for a security news summary. Let’s get to it.…   Advertise on IT Security News. Read the complete article: Google rolls out Titan keys to Europe, Japan. Plus:…

Read more →

Treat yourself to a meal out or a case of bevvies… or an appetizer in SF or NYC Victims of dodgy IT support from Office Depot will start receiving compensation checks, a US consumer watchdog said Thursday.…   Advertise on…

Read more →

The inevitable return of Norbert Spankmonkey Something for the Weekend, Sir?  Where’s my free promo tat? Fellow convention attendees have no such problem being showered with promotional gifts from all sides as they totter up and down the rows of…

Read more →

Purge is the latest in a series of similar store scourings On Thursday Google confirmed it has removed nearly 600 Android apps from the Google Play Store and banned them from its ad services for violating its policies on disruptive…

Read more →

Keep your crypto to less than 398 days after September 1 and you’re all good Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date. That means websites using…

Read more →

Security biz clocked 55 million malicious login attempts on a client Financial services firms’ public APIs are becoming the target du jour for internet ne’er-do-wells, reckons Akamai, which also said that one of its customers was firehosed with 55 million…

Read more →

Alternative headline: Killer bio-nasty linked to former alien vault and cyber-hacker gathering Yet another big brand has pulled out of RSA Conference, due to take place next week, amid the ongoing novel coronavirus panic.…   Advertise on IT Security News.…

Read more →

What happens in Vegas… gets leaked on the internet Casino and hotel chain MGM Resorts lost almost 10.7 million guest records last summer, including the data of Jack Dorsey and Justin Bieber, which was duly posted to hacker forums.…  …

Read more →

It’s APT28 again! Public attribution names and shames state-backed crew The same Russian state hackers who unleashed NotPetya on the world’s computers were behind destructive cyberattacks on Georgia during 2019, the governments of Britain and the US have said –…

Read more →

Before you remove the mote from thy hacker’s eye, remove the beam from the eyes of your, er, Teams RSA  As IBM’s crew cancels their hotel rooms, Microsoft’s infosec staffers are still set to attend the decades-old RSA conference and…

Read more →

Now Ru? The Russian government, via mouthpiece RIA Novosti, has claimed Korean tech giant Samsung will comply with a controversial Russian law passed in November that forces smartphones and computers to come pre-installed with domestic-made shovelware.…   Advertise on IT…

Read more →

Critical fix for static login headlines latest patch rollout Cisco has released fixes to address 17 vulnerabilities across its networking and unified communications lines.…   Advertise on IT Security News. Read the complete article: Oi, Cisco! Who left the ‘high…

Read more →

America wanted a cover-up of Kremlin ties to DNC intrusion, court told Julian Assange was offered a pardon by the White House only if he publicly said Russia did not hack the Democratic National Committee, according to the WikiLeaks supremo’s…

Read more →

Mystery facility hit by ‘commodity’ infection thought to be Ryuk America’s Homeland Security this week disclosed it recently responded to a ransomware infection at an unnamed natural gas plant.…   Advertise on IT Security News. Read the complete article: When…

Read more →

Dot-com is all the rage, yo British customers of High Street banking brand Natwest are being advised not to use the domain natwest.co.uk – by none other than Natwest itself.…   Advertise on IT Security News. Read the complete article:…

Read more →

Are we doing panic about software updates again? Really? OK Some of the biggest names in the technology world still ship hardware that can be possibly hijacked by well-placed miscreants, thanks to poor or non-existent checks for firmware updates.…  …

Read more →

Are we doing panic about software updates again? Really? OK Some of the biggest names in the technology world still ship hardware that can be possibly hijacked by well-placed miscreants, thanks to poor or non-existent checks for firmware updates.…  …

Read more →

Texan tech giant hacks off part of security real estate, sells to consortium Dell Technologies is flogging its infosec business RSA for $2.075bn as it tries to reduce its longstanding debt.…   Advertise on IT Security News. Read the complete…

Read more →

Texan tech giant hacks off part of security real estate, sells to consortium Dell Technologies is flogging its infosec business RSA for $2.075bn as it tries to reduce its longstanding debt.…   Advertise on IT Security News. Read the complete…

Read more →

Not many stranger things happen at sea Penetration testers looking at commercial shipping and oil rigs discovered a litany of flaws and vulnerabilities – including one set that would have let them take full control of a rig at sea.……

Read more →

Move over, there’s plenty of room on Putin’s naughty step Fresh from last week’s controversy with a US telco, German secure email biz Tutanota has declared today that the Russian authorities have pulled the plug on its services.…   Advertise…

Read more →

Remote attackers were able create their own admin accounts A vulnerability in a popular WordPress user role plugin lets any random person create an admin-level account on targeted websites.…   Advertise on IT Security News. Read the complete article: Severe…

Read more →

Plus: Iranians accused of hacking IT service providers to get at their customers Roundup  Everything is insecure and everything is broken, exhibits A through Z:…   Advertise on IT Security News. Read the complete article: It is with a heavy…

Read more →

Who will join the IT giant in staying away from San Francisco? IBM has pulled out of annual security shindig RSA Conference, due to be held in San Francisco at the end of this month, to avoid its staff catching…

Read more →

Who’ll join the IT giant in staying away from San Francisco? IBM has pulled out of annual security shindig RSA Conference, due to be held in San Francisco at the end of this month, to avoid its staff catching the…

Read more →

Malvertising campaign makes big bucks for online criminals Google has removed more than 500 Chrome extensions in response to a report from a security researcher, who found the browser plugins distributed through the Chrome Web Store facilitated ad fraud and…

Read more →

Russia denies claims from well-informed broadcaster that it was homegrown Turla malware baddies Austria’s foreign ministry has said a weeks-long cyber attack from a “state actor” against its systems has ended – amid local reports that pin the blame on…

Read more →

Maybe stick to walking the beat instead of infosec advice, eh? The National Crime Agency has publicly distanced itself from a poster urging parents to call police if their child has installed Kali Linux, Tor or – brace yourself –…

Read more →

Monster telco says it’s working to resolve whatever’s going on Encrypted email service Tutanota on Thursday accused US mega-telco AT&T of blocking its service in some parts of America, and cited the service interruption, ongoing for more than two weeks,…

Read more →

Shoddy code allegations are just FUD, software maker insists Only a week after the mobile app meltdown in Iowa’s Democratic Caucus, computer scientists at MIT have revealed their analysis of the Voatz app used in West Virginia’s 2018 midterm election.……

Read more →

Over the air? More like over the aarrrggghhh A trio of boffins at Singapore University this week disclosed 12 security vulnerabilities affecting the Bluetooth Low Energy (BLE) SDKs offered by seven system-on-a-chip (SoC) vendors.…   Advertise on IT Security News.…

Read more →

And the company reaction is: not even ‘meh’ An infosec researcher has published a JavaScript-based proof of concept for the Netgear routerlogin.com vulnerability revealed at the end of January.…   Advertise on IT Security News. Read the complete article: Netgear’s…

Read more →

Meanwhile, we’re still squashing bugs in Adobe Flash Player… plus stuff from Intel and SAP Patch Tuesday  It’s going to be a busy month for IT administrators as Microsoft, Intel, Adobe, and SAP have teamed up to deliver a bumper…

Read more →

So says Malwarebytes, anyway Software nasties targeted at MacOS are on the increase faster than ones for Windows, according to antivirus biz Malwarebytes.…   Advertise on IT Security News. Read the complete article: B-but it doesn’t get viruses! Not so,…

Read more →

So says Malwarebytes, anyway Software nasties targeted at MacOS are on the increase faster than ones for Windows, according to antivirus biz Malwarebytes.…   Advertise on IT Security News. Read the complete article: B-but it doesn’t really get viruses! Not…

Read more →

One for the Cold War infosec veterans: CIA and BND literally owned the firm Swiss encryption machine company Crypto AG was secretly owned by the US CIA and a West German spy agency at the height of the Cold War,…

Read more →

If you don’t have auto-update switched on, time to patch Dell has copped to a flaw in SupportAssist – a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS – that allows local hackers…

Read more →

Old Gigabyte code lets file-scrambling RobbinHood go undetected A kernel-level driver for old PC motherboards has been abused by criminals to hijack Windows computers, disable antivirus, and hold files to ransom.…   Advertise on IT Security News. Read the complete…

Read more →

And shares with guessable passwords A new variant of the notorious Emotet Windows malware is able to spread wirelessly by brute-forcing Wi-Fi network passwords and scanning for shared drives to infect.…   Advertise on IT Security News. Read the complete…

Read more →

Mozilla’s browser will, from March, require manual override Mozilla Firefox will require user intervention to connect to websites using the TLS 1.0 or 1.1 protocol from March 2020 – and plans to eventually block those weak HTTPS connections entirely.…  …

Read more →

It was a state-sponsored attack, declares US Attorney General The United States has announced criminal charges against four Chinese Army soldiers who, it is claimed, are the hackers who stole 145 million Americans’ personal data from credit scorer Equifax.…  …

Read more →

Including: Why was #RootGoat2020 trending on Twitter? It is as silly as you think Roundup  It’s time yet again to recap the latest security happenings.…   Advertise on IT Security News. Read the complete article: Facebook loses control of its…

Read more →

‘I’m sorry, Dave, I’m afraid I can’t fetch that document’ Continuing to drop flame retardant on the dumpster fire that is web security, Google on Thursday said it will soon prevent Chrome users from downloading files over insecure, plain old,…

Read more →

Plus: Move to Agile is ‘high risk’ and infosec snafus still not fixed British F-35Bs deploying to the South China Sea next year may not meet key reliability metrics set by an American government watchdog, its annual report has revealed.……

Read more →

It may or not involve office stationery Greater Manchester Police is struggling with a partial outage of a Capita-built computer system used by frontline officers to input information.…   Advertise on IT Security News. Read the complete article: Day 4…

Read more →

‘Pwned with a broadcast’ bug among 25 to be patched by Google Google has posted the February security updates for Android, including for a potentially serious remote code execution flaw in Bluetooth.…   Advertise on IT Security News. Read the…

Read more →

Bad: The other 20 per cent are still wide open. Also bad: Some of those patched machines may have been hacked Roughly a fifth of the public-facing Citrix devices vulnerable to the CVE-2019-19781 remote-hijacking flaw, aka Shitrix, remain unpatched and…

Read more →

That ‘free’ Adobe or Microsoft software isn’t all it’s cracked up to be, eh? We don’t know who needs to hear this, but don’t download cracked commercial software. Researchers claim more than 500,000 PCs have been left wriggling with malware…

Read more →

To be honest, it was the impracticality and inefficiency that first attracted us to this otherwise cunning exfiltration Boffins from Ben-Gurion University of the Negev and Shamoon College of Engineering in Israel have come up with yet another TEMPEST-style attack…

Read more →

Now all you have to do is remember what your Y! email address was amid sounds of lawyers popping champagne Long-suffering Yahoo! customers may finally get some compensation for having their personal details exposed to hackers not once, not twice,…

Read more →

Dear Facebook, please keep up with Electron and Chromium fixes, ta A vulnerability in WhatsApp could be exploited to remotely access a victim’s files on their computer – if they use the desktop client paired with the iPhone app. A…

Read more →

‘Why does a device that is essentially a mouse need a privacy policy?’ FYI: Wacom’s official tablet drivers leak to the manufacturer the names of every application opened, and when, on the computers they are connected to.…   Advertise on…

Read more →

First the lightbulb. Then the controller. Then your internal network. Researchers at Check Point have demonstrated how to infect a network with malware via a simple IoT device, a Philips Hue smart lightbulb.…   Advertise on IT Security News. Read…

Read more →

You can turn it back on, but why? Chrome 80 emerged from Google this week with a few more nails to hammer into the coffin of the venerable File Transfer Protocol (FTP).…   Advertise on IT Security News. Read the…

Read more →

Most distros unaffected unless defaults were changed, but do check Sudo, a standard tool on Unix-y operating systems that lets select users run some or all commands as root, can be exploited to give superpowers to any logged-in user –…

Read more →

So use our browser, Brave implies A new report by privacy-focused browser Brave suggests UK local authorities are sharing information about their website users with dozens of private companies.…   Advertise on IT Security News. Read the complete article: They…

Read more →

1% of 1% of users affected, but as it’s Google that’s still in the six figures A bug in Google’s Photo software caused potentially 100,000 or more netizens to have their personal videos exposed to complete strangers last Thanksgiving.…  …

Read more →

El Reg digs into claims by Kiwi browser maker that ad giant is not GDPR compliant Analysis  Google is potentially facing a massive privacy and GDPR row over Chrome sending per-installation ID numbers to the mothership.…   Advertise on IT…

Read more →

Crap security? Shocked, shocked, we tell you This may shock you, but Huawei effectively built a poorly hidden, insecure backdoor into surveillance equipment that uses its HiSilicon subsidiary’s chips, it appears.…   Advertise on IT Security News. Read the complete…

Read more →

Or so clams this vendor’s marketing Attempts to infect computers with ransomware and other malware over networks are decreasing, reckons infosec outfit Sonicwall.…   Advertise on IT Security News. Read the complete article: Malware infection attempts appear to be shrinking……

Read more →

It’s 2020 and people are still letting S3 storage leak A private yacht crew recruitment agency has left an AWS bucket containing the CVs, passports and even some drug test results for up to 17,000 people exposed to world+dog, according…

Read more →

5,000 password resets, multi-day outage, och aye! A further education college in east Scotland has been struck by what its principal described as a cyber “bomb” in an apparent ransomware attack so bad that students have been told to stay…

Read more →

Now there’s no excuse OpenSK, a new open-source project from Google, lets folk make their own security key for less than £10.…   Advertise on IT Security News. Read the complete article: Google’s OpenSK lets you BYOSK – burn your…

Read more →

Exploitable API blew away anonymity, abused by systems in Iran, Israel, Malaysia Twitter has admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of twits en masse, which could lead to their…

Read more →

US watchdog struggles to do its job over illegal sale of folks’ whereabouts It’s been nearly two years since it was first revealed that US cellular networks were selling real-time location data with inadequate safeguards. Late last week, after months…

Read more →

IT services offline for days now Australian courier company Toll has shut down several of its key systems after a “security incident” last week, prompting a backlash from frustrated customers.…   Advertise on IT Security News. Read the complete article:…

Read more →

He was also secretly filming in leisure centres A perv who reportedly hacked people’s iCloud accounts to obtain sexual images before sharing them online has been sent to prison for nearly four years.…   Advertise on IT Security News. Read…

Read more →

Tried not suing your customers when they make claims? FIC 2020  EU companies aren’t taking out insurance against attacks on online assets because the companies selling coverage aren’t organised enough – while Brits are more likely to pay off ransomware…

Read more →

Top military officers talk about response thresholds at French shindig FIC 2020  Western military alliance NATO could have reacted with force to the 2017 WannaCry ransomware outbreak that locked up half of Britain’s NHS, Germany’s top cybergeneral has said.…  …

Read more →

Also, Wawa data surfaces on dark markets after December’s hack Roundup  It has been a busy week in infosec, though here’s a few more security news bites to mull over.…   Advertise on IT Security News. Read the complete article:…

Read more →

And it only took, er, four and a half months for people to see sense Criminal charges have been dropped against two infosec professionals who were arrested during a sanctioned physical penetration test gone wrong.…   Advertise on IT Security…

Read more →

Supply-chain hackers now taking aim at kids fighting for democracy, say researchers A Chinese hacking crew which had previously been focusing on industrial and commercial attacks has now involved itself in efforts to suppress protests in Hong Kong.…   Advertise…

Read more →

Would sir care for an Audi with that Jag? Nearly a year after Malta’s Bank of Valletta (BOV) yanked itself from the internet amid a “cyber intrusion”, Britain’s National Crime Agency (NCA) has made three arrests.…   Advertise on IT…

Read more →

Do you want Russia or China writing treaties on what’s cool online? FIC 2020  International progress on state-level so-called cybersecurity “norms” is hopelessly bogged down in an explosion of NGOs and internal United Nations rivalries between two overlapping groups, a…

Read more →

‘Hundreds’ of staffers in marketing analytics subsidiary to be hit Avast will pull the plug on Jumpshot, its controversial data analytics business, after it was revealed the company was harvesting its users’ data.…   Advertise on IT Security News. Read…

Read more →

‘We are focusing on defending systems over identifying and pursuing the person behind the cyber-crime’ Enigma  A plague of ignorance and misplaced priorities in government and law enforcement, from neighborhood cops all the way up to international bodies, is allowing…

Read more →

Function accidentally returns OK instead of no-way Code dive  The OpenBSD project’s OpenSMTPD can be potentially hijacked by a maliciously crafted incoming email.…   Advertise on IT Security News. Read the complete article: Anatomy of OpenBSD’s OpenSMTPD hijack hole: How…

Read more →

For an organization accused of being ‘all talk, no action’, there’s not even enough talking – to its own employees The United Nations’ European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants’…

Read more →

A curious tale of Bitcoin exchanges and the High Court A Canadian insurance business struck by ransomware paid off the crooks via a cyber insurance policy – and their English reinsurers, having shelled out 109.25 Bitcoins, want it back from…

Read more →

209 incidents since 2014, say Freedom of Information figures The NHS has suffered 209 successful ransomware attacks since 2014, according to new figures based on Freedom of Information requests, but with a dramatic improvement since 2017, the year WannaCry ransomware…

Read more →

Tune in to hear from Veracode on how to stay secure Webcast  What is DevSecOps? Simply put, it is the merging of DevOps and security processes to ensure code is secure from development through to testing and deployment.…   Advertise…

Read more →

Cache(me)Out(side), how ’bout dat? Intel on Monday issued a processor data leakage advisory, INTEL-SA-00329, describing two chip architecture flaws, one of which it tried to fix twice before.…   Advertise on IT Security News. Read the complete article: Cache flow…

Read more →

How about that antivirus now, huh? DEF CON is cancelled. For real this time. DEF CON China, that is.…   Advertise on IT Security News. Read the complete article: Coronavirus claims new victim: ‘DEF CON cancelled’ joke cancelled after DEF…

Read more →

Department of Fun straps on a holster, strides into the wild west of online gadget users The British government has finally woken up to the relatively lax security of IoT devices, and is lurching forward with legislation to make gadgets…

Read more →

Now patched, but yikes. For our next meeting, let’s dial in from a phone box Video-conferencing outfit Zoom had a major vulnerability in its URL scheme that miscreants could exploit to eavesdrop on private meetings.…   Advertise on IT Security…

Read more →

Challenge yourself before the enemy strikes in the real world Sponsored  Attendees of SANS’ world-class courses consistently rate the hands-on exercises as the most valuable part of the experience. With NetWars, however, SANS has raised the ante with a set…

Read more →

We’ll laugh at today’s mandated holes in the same way we laugh at those from 25 years ago Enigma  More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still having…

Read more →