Boring! Where are teh 1337 h4x? We want 1337 h4x The Iranian cybercrime group that was expected to spearhead the rogue Middle East nation’s revenge for the US assassination of General Qasem Soleimani has quite the arsenal at its digital…
Category: The Register – Security
Sophos was gearing up for a private life – then someone remembered the bike scheme
Due dil 101 Today was meant to be Brit security biz Sophos’s last day on the London Stock Exchange following its £3bn purchase by a US venture capital company.… Advertise on IT Security News. Read the complete article: Sophos…
If you’re serious about browser privacy, you should probably pass on Edge or Yandex, claims Dublin professor
Merging search and address bar means more data for the tech giants Microsoft Edge and Yandex are “much more worrisome” compared to Brave, Chrome, Firefox and Safari, according to a paper on browser privacy (PDF) published this week.… Advertise…
Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you’re using HTTPS, SSH, VPNs… right?
Encryption keys forced to zero by chip-level KrØØk flaw A billion-plus computers, phones, and other devices are said to suffer a chip-level security vulnerability that can be exploited by nearby miscreants to snoop on victims’ encrypted Wi-Fi traffic.… Advertise…
After blowing $100m to snoop on Americans’ phone call logs for four years, what did the NSA get? Just one lead
Section 215 more useless than we suspected yet they still want to keep it The controversial surveillance program that gave the NSA access to the phone call records of millions of Americans has cost US taxpayers $100m – and resulted…
Zyxel storage, firewall, VPN, security boxes have a give-anyone-on-the-internet-root hole: Patch right now
It’s 2020 and pre-auth, superuser command injection is still a thing Zyxel’s network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware.… …
Departing MI5 chief: Break chat app crypto for us, kthxbai
Sir Andrew Parker also claims UK spies are not doing bulk surveillance British spies are once again stipulating that tech companies break their encryption so life is made easier for state-sponsored eavesdroppers.… Advertise on IT Security News. Read the…
Rotherwood Healthcare AWS bucket security fail left elderly patients’ DNR choices freely readable online
Plus birth certificates, job interview data and more A leak of 10,000 records at a Leicestershire care home provider exposed elderly patients’ wishes not to be resuscitated, detailed care plans and precisely how much councils paid for individual patients’ care.……
Mind the gap: Google patches holes in Chrome – exploit already out there for one of them after duo spot code fix
Pair engineer malicious code from public source tweak before official binary releases Google has updated Chrome for Linux, Mac, and Windows to address three security vulnerabilities – and exploit code for one of them is already public, so get patching.……
Apple tries to have VirnetX VPN patent ruling overturned again, US Supremes say no… again
Still not the last word for VirnetX after 10-year fight The United States Supreme Court has kicked out Apple’s attempt to overturn a judgement in one of the cases in its 10-year patent fight with VirnetX.… Advertise on IT…
Password killer FIDO2 comes bounding into Azure Active Directory hybrid environments
A preview of muddy paws all over your on-prem resources, or a passwordless future? Hybrid environments can now join the preview party for FIDO2 support in Azure Active Directory.… Advertise on IT Security News. Read the complete article: Password…
Microsoft uses its expertise in malware to help with fileless attack detection on Linux
Aw, how generous Hey, Linux fans! Microsoft has got your back over fileless threats. Assuming you’ve bought into the whole Azure Security Center thing.… Advertise on IT Security News. Read the complete article: Microsoft uses its expertise in malware…
Samsung cops to data breach after unsolicited ‘1/1’ Find my Mobile push notification
Tight-lipped chaebol still won’t talk about the dodgy app, though Samsung has admitted that what it calls a “small number” of users could indeed read other people’s personal data following last week’s unexplained Find my Mobile notification.… Advertise on…
Google rolls out Titan keys to Europe, Japan. Plus: Group Policy bug is a feature, not a flaw, says Microsoft
And Adobe in remote-code execution patch non-shocker Roundup It’s once again time for a security news summary. Let’s get to it.… Advertise on IT Security News. Read the complete article: Google rolls out Titan keys to Europe, Japan. Plus:…
Duped into running bogus virus scans at Office Depot? Dry your eyes with a small check from $35m settlement
Treat yourself to a meal out or a case of bevvies… or an appetizer in SF or NYC Victims of dodgy IT support from Office Depot will start receiving compensation checks, a US consumer watchdog said Thursday.… Advertise on…
‘Don’t tell anyone but I have a secret.’ There, that’s my security sorted
The inevitable return of Norbert Spankmonkey Something for the Weekend, Sir? Where’s my free promo tat? Fellow convention attendees have no such problem being showered with promotional gifts from all sides as they totter up and down the rows of…
Google exiles 600 apps from Play Store for ‘disruptive advertising’ amid push to clean up Android souk’s image
Purge is the latest in a series of similar store scourings On Thursday Google confirmed it has removed nearly 600 Android apps from the Google Play Store and banned them from its ad services for violating its policies on disruptive…
Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months
Keep your crypto to less than 398 days after September 1 and you’re all good Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date. That means websites using…
Stuffing nonsense: Persistent cyberpunks are pummelling banks’ public APIs, warns Akamai
Security biz clocked 55 million malicious login attempts on a client Financial services firms’ public APIs are becoming the target du jour for internet ne’er-do-wells, reckons Akamai, which also said that one of its customers was firehosed with 55 million…
RSA Conference loses one more abbreviated tech giant after AT&T disconnects over Wuhan coronavirus fears
Alternative headline: Killer bio-nasty linked to former alien vault and cyber-hacker gathering Yet another big brand has pulled out of RSA Conference, due to take place next week, amid the ongoing novel coronavirus panic.… Advertise on IT Security News.…
We know what you did last summer: MGM’s hotel spinoff lost 10.7m guest records and now they’re on hacker forums
What happens in Vegas… gets leaked on the internet Casino and hotel chain MGM Resorts lost almost 10.7 million guest records last summer, including the data of Jack Dorsey and Justin Bieber, which was duly posted to hacker forums.… …
GRU won’t believe it: UK and US call out Russia for cyber-attacks on Georgia last year
It’s APT28 again! Public attribution names and shames state-backed crew The same Russian state hackers who unleashed NotPetya on the world’s computers were behind destructive cyberattacks on Georgia during 2019, the governments of Britain and the US have said –…
Keen to check for ‘abnormal’ user behaviours? Microsoft talks insider risk, AWS imports and compliance at infosec shindig RSA
Before you remove the mote from thy hacker’s eye, remove the beam from the eyes of your, er, Teams RSA As IBM’s crew cancels their hotel rooms, Microsoft’s infosec staffers are still set to attend the decades-old RSA conference and…
Samsung will be Putin dreaded Kremlin-approved shovelware on its phones, claims Russia
Now Ru? The Russian government, via mouthpiece RIA Novosti, has claimed Korean tech giant Samsung will comply with a controversial Russian law passed in November that forces smartphones and computers to come pre-installed with domestic-made shovelware.… Advertise on IT…
Oi, Cisco! Who left the ‘high privilege’ login for Smart Software Manager just sitting out in the open?
Critical fix for static login headlines latest patch rollout Cisco has released fixes to address 17 vulnerabilities across its networking and unified communications lines.… Advertise on IT Security News. Read the complete article: Oi, Cisco! Who left the ‘high…
Assange lawyer: Trump offered WikiLeaker a pardon in exchange for denying Russia hacked Democrats’ email
America wanted a cover-up of Kremlin ties to DNC intrusion, court told Julian Assange was offered a pardon by the White House only if he publicly said Russia did not hack the Democratic National Committee, according to the WikiLeaks supremo’s…
When the air gap is the space between the ears: A natural gas plant let ransomware spread from office IT to ops
Mystery facility hit by ‘commodity’ infection thought to be Ryuk America’s Homeland Security this week disclosed it recently responded to a ransomware infection at an unnamed natural gas plant.… Advertise on IT Security News. Read the complete article: When…
Don’t use natwest.co.uk for online banking, Natwest bank tells baffled customer
Dot-com is all the rage, yo British customers of High Street banking brand Natwest are being advised not to use the domain natwest.co.uk – by none other than Natwest itself.… Advertise on IT Security News. Read the complete article:…
What do a Lenovo touch pad, an HP camera and Dell Wi-Fi have in common? They’ll swallow any old firmware, legit or saddled with malware
Are we doing panic about software updates again? Really? OK Some of the biggest names in the technology world still ship hardware that can be possibly hijacked by well-placed miscreants, thanks to poor or non-existent checks for firmware updates.… …
What does a Lenovo touch pad, an HP camera and Dell Wi-Fi have in common? They’ll swallow any old firmware, legit or saddled with malware
Are we doing panic about software updates again? Really? OK Some of the biggest names in the technology world still ship hardware that can be possibly hijacked by well-placed miscreants, thanks to poor or non-existent checks for firmware updates.… …
$2.07bn? That’s one Dell of a deal to offload infosec biz RSA
Texan tech giant hacks off part of security real estate, sells to consortium Dell Technologies is flogging its infosec business RSA for $2.075bn as it tries to reduce its longstanding debt.… Advertise on IT Security News. Read the complete…
$2.07bn? That’s one Dell of a deal offloads infosec biz RSA
Texan tech giant hacks off part of security real estate, sells to consortium Dell Technologies is flogging its infosec business RSA for $2.075bn as it tries to reduce its longstanding debt.… Advertise on IT Security News. Read the complete…
Shipping is so insecure we could have driven off in an oil rig, says Pen Test Partners
Not many stranger things happen at sea Penetration testers looking at commercial shipping and oil rigs discovered a litany of flaws and vulnerabilities – including one set that would have let them take full control of a rig at sea.……
Tutanota cries ‘censorship!’ after secure email biz blocked – for real this time – in Russia
Move over, there’s plenty of room on Putin’s naughty step Fresh from last week’s controversy with a US telco, German secure email biz Tutanota has declared today that the Russian authorities have pulled the plug on its services.… Advertise…
Severe vuln in WordPress plugin Profile Builder would happily hand anyone the keys to your kingdom
Remote attackers were able create their own admin accounts A vulnerability in a popular WordPress user role plugin lets any random person create an admin-level account on targeted websites.… Advertise on IT Security News. Read the complete article: Severe…
It is with a heavy heart we must inform you, once again, folks are accidentally spilling thousands of sensitive pics, records onto the internet
Plus: Iranians accused of hacking IT service providers to get at their customers Roundup Everything is insecure and everything is broken, exhibits A through Z:… Advertise on IT Security News. Read the complete article: It is with a heavy…
Roses are red, IBM is Big Blue. It’s out of RSA Conference after coronavirus review: IBMers will not attend infosec event over ‘health concerns’
Who will join the IT giant in staying away from San Francisco? IBM has pulled out of annual security shindig RSA Conference, due to be held in San Francisco at the end of this month, to avoid its staff catching…
Roses are red, IBM is Big Blue. It’s out of RSA Conference after coronavirus review
Who’ll join the IT giant in staying away from San Francisco? IBM has pulled out of annual security shindig RSA Conference, due to be held in San Francisco at the end of this month, to avoid its staff catching the…
Google burns down more than 500 private-data-stealing, ad-defrauding Chrome extensions installed by 1.7m netizens
Malvertising campaign makes big bucks for online criminals Google has removed more than 500 Chrome extensions in response to a report from a security researcher, who found the browser plugins distributed through the Chrome Web Store facilitated ad fraud and…
Austrian foreign ministry: ‘State actor’ hack on government IT systems is over
Russia denies claims from well-informed broadcaster that it was homegrown Turla malware baddies Austria’s foreign ministry has said a weeks-long cyber attack from a “state actor” against its systems has ended – amid local reports that pin the blame on…
Call us immediately if your child uses Kali Linux, squawks West Mids Police
Maybe stick to walking the beat instead of infosec advice, eh? The National Crime Agency has publicly distanced itself from a poster urging parents to call police if their child has installed Kali Linux, Tor or – brace yourself –…
AT&T insists it’s not blocking Tutanota after secure email biz calls foul, cites loss of net neutrality as cause
Monster telco says it’s working to resolve whatever’s going on Encrypted email service Tutanota on Thursday accused US mega-telco AT&T of blocking its service in some parts of America, and cited the service interruption, ongoing for more than two weeks,…
Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy
Shoddy code allegations are just FUD, software maker insists Only a week after the mobile app meltdown in Iowa’s Democratic Caucus, computer scientists at MIT have revealed their analysis of the Voatz app used in West Virginia’s 2018 midterm election.……
A dirty dozen of Bluetooth bugs threaten to reboot, freeze, or hack your trendy gizmos from close range
Over the air? More like over the aarrrggghhh A trio of boffins at Singapore University this week disclosed 12 security vulnerabilities affecting the Bluetooth Low Energy (BLE) SDKs offered by seven system-on-a-chip (SoC) vendors.… Advertise on IT Security News.…
Netgear’s routerlogin.com HTTPS cert snafu now has a live proof of concept
And the company reaction is: not even ‘meh’ An infosec researcher has published a JavaScript-based proof of concept for the Netgear routerlogin.com vulnerability revealed at the end of January.… Advertise on IT Security News. Read the complete article: Netgear’s…
If you’re running Windows, I feel bad for you, son. Microsoft’s got 99 problems, better fix each one
Meanwhile, we’re still squashing bugs in Adobe Flash Player… plus stuff from Intel and SAP Patch Tuesday It’s going to be a busy month for IT administrators as Microsoft, Intel, Adobe, and SAP have teamed up to deliver a bumper…
B-but it doesn’t get viruses! Not so, Apple fanbois: Mac malware is growing faster than nasties going for Windows
So says Malwarebytes, anyway Software nasties targeted at MacOS are on the increase faster than ones for Windows, according to antivirus biz Malwarebytes.… Advertise on IT Security News. Read the complete article: B-but it doesn’t get viruses! Not so,…
B-but it doesn’t really get viruses! Not so, Apple fanbois: Mac malware is growing faster than nasties targeting Windows
So says Malwarebytes, anyway Software nasties targeted at MacOS are on the increase faster than ones for Windows, according to antivirus biz Malwarebytes.… Advertise on IT Security News. Read the complete article: B-but it doesn’t really get viruses! Not…
Crypto AG backdooring rumours were true, say German and Swiss news orgs after explosive docs leaked
One for the Cold War infosec veterans: CIA and BND literally owned the firm Swiss encryption machine company Crypto AG was secretly owned by the US CIA and a West German spy agency at the height of the Cold War,…
Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool
If you don’t have auto-update switched on, time to patch Dell has copped to a flaw in SupportAssist – a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS – that allows local hackers…
Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks
Old Gigabyte code lets file-scrambling RobbinHood go undetected A kernel-level driver for old PC motherboards has been abused by criminals to hijack Windows computers, disable antivirus, and hold files to ransom.… Advertise on IT Security News. Read the complete…
Game over, LAN, game over! Windows software nasty Emotet spotted spreading via brute-forced Wi-Fi networks
And shares with guessable passwords A new variant of the notorious Emotet Windows malware is able to spread wirelessly by brute-forcing Wi-Fi network passwords and scanning for shared drives to infect.… Advertise on IT Security News. Read the complete…
These truly are the end times for TLS 1.0, 1.1: Firefox hopes to ‘eradicate’ weak HTTPS standard by blocking it
Mozilla’s browser will, from March, require manual override Mozilla Firefox will require user intervention to connect to websites using the TLS 1.0 or 1.1 protocol from March 2020 – and plans to eventually block those weak HTTPS connections entirely.… …
US govt accuses four Chinese army soldiers of hacking Equifax and siphoning 145m Americans’ personal info
It was a state-sponsored attack, declares US Attorney General The United States has announced criminal charges against four Chinese Army soldiers who, it is claimed, are the hackers who stole 145 million Americans’ personal data from credit scorer Equifax.… …
Facebook loses control of its own Twitter account in hacker attack – and more news
Including: Why was #RootGoat2020 trending on Twitter? It is as silly as you think Roundup It’s time yet again to recap the latest security happenings.… Advertise on IT Security News. Read the complete article: Facebook loses control of its…
Google Chrome to block file downloads – from .exe to .txt – over HTTP by default this year. And we’re OK with this
‘I’m sorry, Dave, I’m afraid I can’t fetch that document’ Continuing to drop flame retardant on the dumpster fire that is web security, Google on Thursday said it will soon prevent Chrome users from downloading files over insecure, plain old,…
Uncle Sam tells F-35B allies they’ll have to fly the things a lot more if they want to help out around South China Sea
Plus: Move to Agile is ‘high risk’ and infosec snafus still not fixed British F-35Bs deploying to the South China Sea next year may not meet key reliability metrics set by an American government watchdog, its annual report has revealed.……
Day 4 of outage: UK’s Manchester police deploy exciting new carbon-based method to record crime
It may or not involve office stationery Greater Manchester Police is struggling with a partial outage of a Capita-built computer system used by frontline officers to input information.… Advertise on IT Security News. Read the complete article: Day 4…
Android owners – you’ll want to get these latest security patches, especially for this nasty Bluetooth hijack flaw
‘Pwned with a broadcast’ bug among 25 to be patched by Google Google has posted the February security updates for Android, including for a potentially serious remote code execution flaw in Bluetooth.… Advertise on IT Security News. Read the…
Good: IT admins scrambled to patch 80 per cent of public-facing Citrix boxes to close nightmare hijack hole
Bad: The other 20 per cent are still wide open. Also bad: Some of those patched machines may have been hacked Roughly a fifth of the public-facing Citrix devices vulnerable to the CVE-2019-19781 remote-hijacking flaw, aka Shitrix, remain unpatched and…
Researchers reckon 500k PCs infested with malware after dodgy downloads install even more nasties from Bitbucket
That ‘free’ Adobe or Microsoft software isn’t all it’s cracked up to be, eh? We don’t know who needs to hear this, but don’t download cracked commercial software. Researchers claim more than 500,000 PCs have been left wriggling with malware…
LCD pwn System: How to modulate screen brightness to covertly transmit data from an air-gapped computer… slowly
To be honest, it was the impracticality and inefficiency that first attracted us to this otherwise cunning exfiltration Boffins from Ben-Gurion University of the Negev and Shamoon College of Engineering in Israel have come up with yet another TEMPEST-style attack…
Yahoo! hack! payout! nearly! approved! and! the! question! is! how! to! spend! 60! cents!?
Now all you have to do is remember what your Y! email address was amid sounds of lawyers popping champagne Long-suffering Yahoo! customers may finally get some compensation for having their personal details exposed to hackers not once, not twice,…
Terrifying bug in WhatsApp allows hackers to steal files. So get patching all nine of you using it on the desktop
Dear Facebook, please keep up with Electron and Chromium fixes, ta A vulnerability in WhatsApp could be exploited to remotely access a victim’s files on their computer – if they use the desktop client paired with the iPhone app. A…
Sketchy behavior? Wacom tablet drivers phone home with names, times of every app opened on your computer
‘Why does a device that is essentially a mouse need a privacy policy?’ FYI: Wacom’s official tablet drivers leak to the manufacturer the names of every application opened, and when, on the computers they are connected to.… Advertise on…
Time to patch your lightbulb? Researchers demonstrate Philips Hue exploit
First the lightbulb. Then the controller. Then your internal network. Researchers at Check Point have demonstrated how to infect a network with malware via a simple IoT device, a Philips Hue smart lightbulb.… Advertise on IT Security News. Read…
RIP FTP? File Transfer Protocol switched off by default in Chrome 80
You can turn it back on, but why? Chrome 80 emerged from Google this week with a few more nails to hammer into the coffin of the venerable File Transfer Protocol (FTP).… Advertise on IT Security News. Read the…
Oh ****… Sudo has a ‘make anyone root’ bug that needs to be patched – if you’re unlucky enough to enable pwfeedback
Most distros unaffected unless defaults were changed, but do check Sudo, a standard tool on Unix-y operating systems that lets select users run some or all commands as root, can be exploited to give superpowers to any logged-in user –…
They can’t collect your bins or fix your roads. They let Google stalk visitors to their websites. Yes, it’s UK local government
So use our browser, Brave implies A new report by privacy-focused browser Brave suggests UK local authorities are sharing information about their website users with dozens of private companies.… Advertise on IT Security News. Read the complete article: They…
Google Takeout a bit too true to its name after potentially 1000s of private videos shared with complete strangers
1% of 1% of users affected, but as it’s Google that’s still in the six figures A bug in Google’s Photo software caused potentially 100,000 or more netizens to have their personal videos exposed to complete strangers last Thanksgiving.… …
Is Chrome really secretly stalking you across Google sites using per-install ID numbers? We reveal the truth
El Reg digs into claims by Kiwi browser maker that ad giant is not GDPR compliant Analysis Google is potentially facing a massive privacy and GDPR row over Chrome sending per-installation ID numbers to the mothership.… Advertise on IT…
This is not Huawei to reassure people about Beijing’s spying eyes: Trivial backdoor found in HiSilicon’s firmware for net-connected cams, recorders
Crap security? Shocked, shocked, we tell you This may shock you, but Huawei effectively built a poorly hidden, insecure backdoor into surveillance equipment that uses its HiSilicon subsidiary’s chips, it appears.… Advertise on IT Security News. Read the complete…
Malware infection attempts appear to be shrinking… possibly because miscreants are less spammy and more focused on specific targets
Or so clams this vendor’s marketing Attempts to infect computers with ransomware and other malware over networks are decreasing, reckons infosec outfit Sonicwall.… Advertise on IT Security News. Read the complete article: Malware infection attempts appear to be shrinking……
Oh buoy. Rich yacht bods’ job agency leaves 17,000 sailors’ details exposed in AWS bucket
It’s 2020 and people are still letting S3 storage leak A private yacht crew recruitment agency has left an AWS bucket containing the CVs, passports and even some drug test results for up to 17,000 people exposed to world+dog, according…
School’s out as ransomware attack downs IT systems at Scotland’s Dundee and Angus College
5,000 password resets, multi-day outage, och aye! A further education college in east Scotland has been struck by what its principal described as a cyber “bomb” in an apparent ransomware attack so bad that students have been told to stay…
Google’s OpenSK lets you BYOSK – burn your own security key
Now there’s no excuse OpenSK, a new open-source project from Google, lets folk make their own security key for less than £10.… Advertise on IT Security News. Read the complete article: Google’s OpenSK lets you BYOSK – burn your…
Twitter says a certain someone tried to discover the phone numbers used by potentially millions of twits
Exploitable API blew away anonymity, abused by systems in Iran, Israel, Malaysia Twitter has admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of twits en masse, which could lead to their…
Your mobile network broke the law by selling location data and may be fined millions… or maybe not, shrugs FCC
US watchdog struggles to do its job over illegal sale of folks’ whereabouts It’s been nearly two years since it was first revealed that US cellular networks were selling real-time location data with inadequate safeguards. Late last week, after months…
‘Cyber security incident’ takes its Toll on Aussie delivery giant as box-tracking boxen yanked offline
IT services offline for days now Australian courier company Toll has shut down several of its key systems after a “security incident” last week, prompting a backlash from frustrated customers.… Advertise on IT Security News. Read the complete article:…
iCloud hacker perv cops 4 years in jail for stealing and sharing people’s private, intimate pics
He was also secretly filming in leisure centres A perv who reportedly hacked people’s iCloud accounts to obtain sexual images before sharing them online has been sent to prison for nearly four years.… Advertise on IT Security News. Read…
Cover for ‘cyber’ attacks is risky, complex and people don’t trust us, moan insurers
Tried not suing your customers when they make claims? FIC 2020 EU companies aren’t taking out insurance against attacks on online assets because the companies selling coverage aren’t organised enough – while Brits are more likely to pay off ransomware…
WannaCry ransomware attack on NHS could have triggered NATO reaction, says German cybergeneral
Top military officers talk about response thresholds at French shindig FIC 2020 Western military alliance NATO could have reacted with force to the 2017 WannaCry ransomware outbreak that locked up half of Britain’s NHS, Germany’s top cybergeneral has said.… …
Flaws punched holes in Azure cloud, Apple patches pretty much everything, Eurocops cuff Maltese hackers, etc
Also, Wawa data surfaces on dark markets after December’s hack Roundup It has been a busy week in infosec, though here’s a few more security news bites to mull over.… Advertise on IT Security News. Read the complete article:…
Remember those infosec fellas who were cuffed while testing the physical security of a courthouse? The burglary charges have been dropped
And it only took, er, four and a half months for people to see sense Criminal charges have been dropped against two infosec professionals who were arrested during a sanctioned physical penetration test gone wrong.… Advertise on IT Security…
China’s Winnti hackers (apparently): Forget the money, let’s get political and start targeting Hong Kong students for protest info
Supply-chain hackers now taking aim at kids fighting for democracy, say researchers A Chinese hacking crew which had previously been focusing on industrial and commercial attacks has now involved itself in efforts to suppress protests in Hong Kong.… Advertise…
A year after Bank of Valletta ‘cyber heist’, cuffs applied as cash-cleansing case continues
Would sir care for an Audi with that Jag? Nearly a year after Malta’s Bank of Valletta (BOV) yanked itself from the internet amid a “cyber intrusion”, Britain’s National Crime Agency (NCA) has made three arrests.… Advertise on IT…
Attempts to define international infosec rules of the road bogged down by endless talkshops, warn diplomats
Do you want Russia or China writing treaties on what’s cool online? FIC 2020 International progress on state-level so-called cybersecurity “norms” is hopelessly bogged down in an explosion of NGOs and internal United Nations rivalries between two overlapping groups, a…
Difficult season: Antivirus-flinger Avast decides to ‘wind down’ Jumpshot
‘Hundreds’ of staffers in marketing analytics subsidiary to be hit Avast will pull the plug on Jumpshot, its controversial data analytics business, after it was revealed the company was harvesting its users’ data.… Advertise on IT Security News. Read…
If only 3 in 100,000 cyber-crimes are prosecuted, why not train cops to bring these crooks to justice once and for all, suggests think-tank veep
‘We are focusing on defending systems over identifying and pursuing the person behind the cyber-crime’ Enigma A plague of ignorance and misplaced priorities in government and law enforcement, from neighborhood cops all the way up to international bodies, is allowing…
Anatomy of OpenBSD’s OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage
Function accidentally returns OK instead of no-way Code dive The OpenBSD project’s OpenSMTPD can be potentially hijacked by a maliciously crafted incoming email.… Advertise on IT Security News. Read the complete article: Anatomy of OpenBSD’s OpenSMTPD hijack hole: How…
UN didn’t patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it
For an organization accused of being ‘all talk, no action’, there’s not even enough talking – to its own employees The United Nations’ European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants’…
Canadian insurer paid for ransomware decryptor. Now it’s hunting the scum down
A curious tale of Bitcoin exchanges and the High Court A Canadian insurance business struck by ransomware paid off the crooks via a cyber insurance policy – and their English reinsurers, having shelled out 109.25 Bitcoins, want it back from…
Only 6 ransomware attacks on the UK’s NHS since WannaCry worm hit in 2017 – report
209 incidents since 2014, say Freedom of Information figures The NHS has suffered 209 successful ransomware attacks since 2014, according to new figures based on Freedom of Information requests, but with a dramatic improvement since 2017, the year WannaCry ransomware…
Dear friends in DevSecOps: Don’t forget, security is your responsibility, too – now learn how to do it right
Tune in to hear from Veracode on how to stay secure Webcast What is DevSecOps? Simply put, it is the merging of DevOps and security processes to ensure code is secure from development through to testing and deployment.… Advertise…
Cache flow problems continue for Intel: Yet more data-leaking processor design blunders discovered, patches due soon
Cache(me)Out(side), how ’bout dat? Intel on Monday issued a processor data leakage advisory, INTEL-SA-00329, describing two chip architecture flaws, one of which it tried to fix twice before.… Advertise on IT Security News. Read the complete article: Cache flow…
Coronavirus claims new victim: ‘DEF CON cancelled’ joke cancelled after DEF CON China actually cancelled
How about that antivirus now, huh? DEF CON is cancelled. For real this time. DEF CON China, that is.… Advertise on IT Security News. Read the complete article: Coronavirus claims new victim: ‘DEF CON cancelled’ joke cancelled after DEF…
IoT security? We’ve heard of it, says UK.gov waving new regs
Department of Fun straps on a holster, strides into the wild west of online gadget users The British government has finally woken up to the relatively lax security of IoT devices, and is lurching forward with legislation to make gadgets…
The duke of URL: Zoom meetups’ info leaked out through eavesdrop hole
Now patched, but yikes. For our next meeting, let’s dial in from a phone box Video-conferencing outfit Zoom had a major vulnerability in its URL scheme that miscreants could exploit to eavesdrop on private meetings.… Advertise on IT Security…
NetWars! Let the SANS Tournaments commence: Compete and learn all about forensics, incident response, red teaming – and much more
Challenge yourself before the enemy strikes in the real world Sponsored Attendees of SANS’ world-class courses consistently rate the hands-on exercises as the most valuable part of the experience. With NetWars, however, SANS has raised the ante with a set…
Remember the Clipper chip? NSA’s botched backdoor-for-Feds from 1993 still influences today’s encryption debates
We’ll laugh at today’s mandated holes in the same way we laugh at those from 25 years ago Enigma More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still having…