Tag: The Register – Security

Don’t want to incriminate yourself? Tough luck, you terrorist The Government Reviewer of Terrorism Laws has declared that safeguards protecting Britons from police workers demanding passwords for their devices must be watered down.…   Advertise on IT Security News. Read…

Read more →

Yep, the Verizon that sold subscribers’ location data Verizon has slung out a new, privacy-focused search engine in an effort to win over customers who prefer not to have their browsing habits tracked by ad-slingers and the like.…   Advertise…

Read more →

Handy FireEye tool roots out indicators of compromise Citrix and FireEye have released a new security tool to help admins find out if their servers have been hacked via the high-profile CVE-2019-19781 flaw that was disclosed in December but only…

Read more →

Rapporteurs call for investigation, technical security report leaks The Crown Prince of Saudi Arabia, Mohammad Bin Salman, has been officially fingered as the man responsible for hacking Amazon CEO Jeff Bezos’ phone, causing a massive stir in diplomatic circles.…  …

Read more →

Chocolate Factory boffins doubt Apple can fix it, either Google security researchers have published details about the flaws they identified last year in Intelligent Tracking Protection (ITP), a privacy scheme developed by Apple’s WebKit team for the company’s Safari browser.……

Read more →

Chocolate Factory boffins doubt Apple can fix it, either Google security researchers have published details about the flaws they identified last year in Intelligent Tracking Protection (ITP), a privacy scheme developed by Apple’s WebKit team for the company’s Safari browser.……

Read more →

Quickly shuttered partially redacted exposed DB, which included ‘internal notes marked as confidential’ Five identical Elasticsearch databases containing 250 million records of Microsoft customer support incidents were exposed on the internet for all to see for at least two days…

Read more →

Report suggests public interest defences for infosec professionals, academics and journalists Britain’s main anti-hacker law, the Computer Misuse Act 1990, is “confused”, “outdated” and “ambiguous”, according to a group of pro-reform academics.…   Advertise on IT Security News. Read the…

Read more →

Quickly shuttered partially redacted exposed DB, which included ‘internal notes marked as confidential’ Five identical Elasticsearch databases containing 250 million records of Microsoft customer support incidents were exposed on the internet for all to see for at least two days…

Read more →

Emailing stuff is hard, m’kay? Capita Education Services had a bit of an oopsie yesterday as a new helpdesk system spurted potentially thousands of email addresses at unsuspecting users.…   Advertise on IT Security News. Read the complete article: Capita…

Read more →

Source of Amazon boss’s steamy pics might not be what was first thought Candid pictures used to threaten Amazon boss Jeff Bezos were exposed not by his current parmour’s brother, as some have suggested, but through a sophisticated hacking operation…

Read more →

Convenient timing for this story to emerge Apple ditched plans to fully encrypt its iCloud backups two years ago after being pressured by the FBI, it is claimed.…   Advertise on IT Security News. Read the complete article: No backdoors…

Read more →

Redmond’s own security tools could be abused to create hard-to-scrub infections The encryption technology Microsoft uses to protect its own file system could also be turned into a weapon for ransomware attackers.…   Advertise on IT Security News. Read the…

Read more →

Finding sparks debate over bug disclosure – and how to secure a local gateway’s web control panel Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment’s web-based admin interfaces.…  …

Read more →

Finding sparks debate over bug disclosure – and how do you secure a local gateway’s web control panel Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment’s web-based admin interfaces.……

Read more →

SD-WAN WANOP will have to wait a few days, though Citrix has rushed out official fixes for the well-publicised vuln in some of its server products after miscreants were seen deploying their own custom patches that left a backdoor open…

Read more →

SD-WAN WANOP will have to wait a few days, though Citrix has rushed out official fixes for the well-publicised vuln in some of its server products after miscreants were seen deploying their own custom patches that left a backdoor open…

Read more →

Two Germans, a Nigerian, and a Dutchman walk into a bar. What happens next? A lawsuit, of course Game developer Ubisoft has lodged a claim against the owners of a website that allegedly sells DDoS attacks against the servers of…

Read more →

Login management service sulks in days-long TITSUP* for some Password manager LastPass appears to have had a big night out on Friday, to the point where the service needed a lenghty lie down over the weekend. In fact, for some…

Read more →

NHS working with cops and ICO to determine if patients must be told A Stoke-on-Trent hospital administrator has avoided prison after hacking his NHS trust and helping himself to almost 9,000 heart scan images.…   Advertise on IT Security News.…

Read more →

Investigators ask Chocolate Factory to help them connect the geographic dots At 1030 on April 27, 2019, four unidentified individuals attempted to rob a Brinks armored truck parked outside of Michaels, an art supply and home decor store at the…

Read more →

Plus, WeLeakInfo? Not anymore! Roundup  Welcome to another Reg roundup of security news.…   Advertise on IT Security News. Read the complete article: It’s Friday, the weekend has landed… and Microsoft warns of an Internet Explorer zero day exploited in…

Read more →

Congratulations, you’ve won a secret backdoor Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out.…   Advertise on IT Security News. Read the complete article: ‘Friendly’ hackers are seemingly…

Read more →

Leave the backdoor. Take the exploit. Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw are now patching the servers to keep others out.…   Advertise on IT Security News. Read the complete article: ‘Nice guy’ hackers are seemingly fixing the Citrix…

Read more →

One Irishman and one Dutchman both nicked Two men have been arrested after Britain’s National Crime Agency and its international pals claimed the takedown of breached credentials-reselling website WeLeakInfo.…   Advertise on IT Security News. Read the complete article: Stolen…

Read more →

New perspective on FBI, Interpol demands for backdoors Vid  Police Scotland to roll out encryption bypass technology, as one publication reported this week, causing some Register readers to silently mouth: what the hell?…   Advertise on IT Security News. Read…

Read more →

Good news: There is none. Well, apart from you can at least fully patch the Microsoft blunder Vid  Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole.…

Read more →

Execs don’t care to keep things shipshape if they don’t see a return…. so let’s MAKE them Column  On New Year’s Eve 2019, the good ship Travelex struck the iceberg of ransomware. That’s not a good metaphor, to be honest:…

Read more →

Sign up now: The UK government’s scheme to help new companies grow and scale is back Promo  If you need to get your new IT security company noticed, the Tech Nation Cyber programme is back, opening its doors for another…

Read more →

Decision is preliminary and unenforced, though a good start Analysis  In a massive win for privacy rights, a preliminary ruling from the European Court of Justice (ECJ) has made clear that national security concerns do not override citizens’ data privacy.…

Read more →

Exposed: Intimate… personal details belonging to thousands of folks A pair of misconfigured cloud-hosted file silos have left thousands of peoples’ sensitive info sitting on the open internet.…   Advertise on IT Security News. Read the complete article: What do…

Read more →

House of Larry delivers massive update for 93 products Oracle has released a sweeping set of security patches across the breadth of its software line.…   Advertise on IT Security News. Read the complete article: Yo, sysadmins! Thought Patch Tuesday…

Read more →

EDR is an SMB’s best friend, says F-Secure Webcast  We don’t want to spook anyone, but… cyber-criminals have been busy.…   Advertise on IT Security News. Read the complete article: Today’s webcast: Hackers don’t care if you’re big or small.…

Read more →

Another day, another critical set of flaws A pair of widely used WordPress plugins need to be patched on more than 320,000 websites to close down vulnerabilities that can be exploited to gain admin control of the web publishing software.……

Read more →

Grab your Microsoft, Adobe, SAP, Intel, and VMware fixes now Patch Tuesday  In the first Patch Tuesday of the year, Microsoft finds itself joined by Adobe, Intel, VMware, and SAP in dropping scheduled security updates.…   Advertise on IT Security…

Read more →

Grab your Microsoft, Adobe, SAP, Intel, and VMware fixes now Patch Tuesday  In the first Patch Tuesday of the year, Microsoft finds itself joined by Adobe, Intel, VMware, and SAP in dropping scheduled security updates.…   Advertise on IT Security…

Read more →

This isn’t the way to make the Cook(ie) crumble Analysis  Apple has responded to a demand from the United States’ Attorney General William Barr that it grant the FBI access to two iPhones used in a recent shooting by carefully…

Read more →

This isn’t the way to make the Cook(ie) crumble Analysis  Apple has responded to a demand from the United States’ Attorney General William Barr that it grant the FBI access to two iPhones used in a recent shooting by carefully…

Read more →

That’s not the way to try and make the Cook(ie) crumble Analysis  Apple has responded to a demand from the United States’ Attorney General William Barr that it grant the FBI access to two iPhones used in a recent shooting…

Read more →

American security officials fly to London to ‘brief’ Boris It would be “nothing short of madness” to use Huawei gear in Britain’s 5G mobile networks, an American national security adviser has reportedly told UK Prime Minister Boris Johnson.…   Advertise…

Read more →

Study shows top telcos are naff at fending off cellphone number hijackings Four Princeton University eggheads have published a report showing that the five major US mobile carriers implement weak authentication techniques, leaving customers vulnerable to SIM-swapping attacks that transfer…

Read more →

FBI probes massive fraud A miscreant managed to swipe $2.3m from a Texas school district after staff inadvertently wired large sums of public money to the crook’s bank account.…   Advertise on IT Security News. Read the complete article: Someone…

Read more →

Open letter to Chocolate Factory’s Sundar Pichai penned by 50 campaign groups For much of Android’s existence, Google has adopted a relatively hands-off approach that lets manufacturers ship units with pre-installed bloatware which, in many cases, cannot be easily removed.…

Read more →

His helicopter costs £550/hour to fly, don’t you know The managing director of a Manchester-based infosec firm has been fined for flying his helicopter into an air traffic control zone without permission, having first launched a rant at air traffic…

Read more →

His helicopter costs £550/hour to fly, don’t you know The managing director of a Manchester-based infosec firm has been fined for flying his helicopter into an air traffic control zone without permission, having first launched a rant at air traffic…

Read more →

Info Commish has £2m annual legal budget to face off with multinationals The UK Information Commissioner’s Office has kicked £280m in data breach fines against British Airways and US hotel chain Marriott into the long grass.…   Advertise on IT…

Read more →

Plus: TikTok clocked, Honey in a sticky situation, Arm’s PAN mechanisms sidestepped Roundup  Welcome to another Register security roundup. Here are a few stories that caught our eye.…   Advertise on IT Security News. Read the complete article: If you…

Read more →

It’s got a name and logo so it’s serious, you guys A vulnerability in Broadcom’s cable modem firmware has left as many as 200 million home broadband gateways in Europe, and potentially more worldwide, at risk of remote hijackings.…  …

Read more →

‘You targeted a large charitable organisation’ thundered judge A Londoner who hacked the National Lottery using Sentry MBA and made off with just £5 will spend up to nine months in prison for his crimes.…   Advertise on IT Security…

Read more →

‘You targeted a large charitable organisation’ thundered judge A Londoner who hacked the National Lottery using Sentry MBA and made off with just £5 will spend up to nine months in prison for his crimes.…   Advertise on IT Security…

Read more →

The main event is next week Cisco has released a fresh batch of security updates for its networking and comms gear lines.…   Advertise on IT Security News. Read the complete article: Ding-dong: Cisco delivers your Patch Tuesday warm-up with…

Read more →

To make matters worse, uninstalling it could cause even more pain On Wednesday, more than 50 advocacy groups accused Google of exploiting poor people by failing to police misbehaving Android apps on cheap phones.…   Advertise on IT Security News.…

Read more →

To make matters worse, uninstalling it could cause even more pain On Wednesday, more than 50 advocacy groups accused Google of exploiting poor people by failing to police misbehaving Android apps on cheap phones.…   Advertise on IT Security News.…

Read more →

If CheckPeople could take a look at this, that would be great Exclusive  A database containing the personal details of 56.25m US residents – from names and home addresses to phone numbers and ages – has been found on the…

Read more →

Malware loaded onto more than 5k cash tills but pre-GDPR screw-up means retailer dodged bigger financial bullet Dixons Retail is facing a £500,000 penalty from the Information Commissioner’s Office (ICO) after a hacker installed malware that infected thousands of point…

Read more →

Unsafe hashing algorithm really is unsafe SHA-1 stands for Secure Hash Algorithm but version 1, developed in 1995, isn’t secure at all. It has been vulnerable in theory since 2004 though it took until 2017 for researchers at CWI Amsterdam…

Read more →

Nork cash grab nasty gets stealthier Malware hunters are sounding the alarm over a new, more effective version of the North Korean “Apple Jeus” macOS software nasty.…   Advertise on IT Security News. Read the complete article: In a desperate…

Read more →

Uploads, deletions, private-to-public switcharoos, all bad stuff TikTok, a mobile video app popular with teens, was vulnerable to SMS spoofing attacks that could have led to the extraction of private information, according to infosec researchers.…   Advertise on IT Security…

Read more →

Privacy is nearly dead, but we’re not even close to getting over it Column  Sitting quietly in the upper corner of my browser’s address bar, a counter rises as Disconnect thwarts requests to track me. Visiting well-behaved sites (such as…

Read more →

We can rebuild him, we have the backups… er, right? More than a week after its website and online services were taken offline by malware, foreign currency super-exchange Travelex continues to battle through what has become an increasingly damaging outage…

Read more →

FBI, open up! Comment  The FBI has asked Apple to unlock two iPhones belonging to a murderer, potentially reviving a tense battle over encryption and the rights of law enforcement to digital devices.…   Advertise on IT Security News. Read…

Read more →

Plug this security bypass… if you can even find the boxes running it Hackers are taking advantage of unpatched enterprise VPN setups ‒ specifically, a long-known bug in Pulse Secure’s code ‒ to spread ransomware and other nasties.…   Advertise…

Read more →

The Chocolate Factory’s bug hunters revise 90-day disclosure rules Patting itself on its back for motivating software makers to fix 97.7 per cent of the vulnerabilities it identifies within its 90-day disclosure deadline, Google’s bug-hunting unit Project Zero has decided…

Read more →

Price tag undisclosed but we’re guessing it won’t have made seller rich Symantec’s parent Broadcom has offloaded its Cyber Security Services (CSS) operation to Accenture for an undisclosed sum.…   Advertise on IT Security News. Read the complete article: Accenture…

Read more →

CEO confirms servers, software locked by perps German cycle-maker Canyon Bicycles GmbG has confirmed it was the victim of a security break-in over the holiday period that has all the hallmarks of a ransomware attack with parts of the infrastructure…

Read more →

Run sqlmap, edit online statutes, gain immunity for life? Exclusive  A SQL injection vulnerability on the Government of Gibraltar’s website paved the way for any old Joe to rewrite official web versions of the British Overseas Territory’s laws.…   Advertise…

Read more →

Apps spotted abusing use-after-free() bug seven months before patch At least three malicious apps with device-hijacking exploits have made it onto the Google Play Store in recent weeks.…   Advertise on IT Security News. Read the complete article: Here we…

Read more →

Experts reckon regional infrastructure is in the cross-hairs With tensions soaring between America and Iran following the drone strike that killed top Persian general Qassem Soleimani, experts are weighing in on what the US could face should the Mid-East nation…

Read more →

Despite ‘people familiar with matter’ claiming otherwise to US news GCHQ and its cyber-defence offshoot NCSC have both denied that they are investigating a cyber-attack on the London Stock Exchange, contrary to reports.…   Advertise on IT Security News. Read…

Read more →

Watch online and find out how to strengthen your arsenal of security measures with F-Secure Webcast  Miscreants are constantly on the lookout for new ways to get at your data, becoming more dangerous all the time as a result.…  …

Read more →

Including: Tesla and a town hit hard by spear-phish bridge scammers Roundup  Welcome to the New Year: here are some security headlines that may have slipped past you during the gorging season.…   Advertise on IT Security News. Read the…

Read more →

And now he faces up to 20 years in the slammer A now-former senior IT exec has admitted conning his employer out of $6m – by setting up a fake tech services biz that billed his bosses for bogus services.……

Read more →

Data Center Network Manager bugapalooza with three must-fix flaws Cisco is kicking off 2020 with the release of a crop of patches for its Data Center Network Manager.…   Advertise on IT Security News. Read the complete article: New year,…

Read more →

Yorkshire and Clydesdale latest to join ongoing game of TITSUP*manship It appears the UK banking system is playing a fiscal game of Top Trumps as both Yorkshire and Clydesdale Bank followed yesterday’s example set by Lloyds by not processing payments…

Read more →

Redditor finds security camera capturing stills from strangers’ cribs Google has plonked Xiaomi on the naughty step, blocking the Chinese tech conglomerate’s devices from its Nest Hub and Assistant, it has confirmed.…   Advertise on IT Security News. Read the…

Read more →

Systems still toast since NYE compromise, manual processing only Foreign currency mega-exchange Travelex said on Thursday it was forced offline by a “software virus” infection, bring down a number of currency-exchange websites with it.…   Advertise on IT Security News.…

Read more →

Cupertino says its software is being ripped off, virty cloud biz says jailbreaks are under attack Corellium and Apple are once again trading allegations in a legal brouhaha over the former’s virtual-iPhones-as-a-service operation.…   Advertise on IT Security News. Read…

Read more →

Dash 8? More like dash for the maintenance hangar A small Alaskan airline has suffered a curiously specific “cyber attack” that mostly affected its De Havilland Dash 8 airliners.…   Advertise on IT Security News. Read the complete article: Oddly…

Read more →

Guess they’ll have to attract new recruits on the ‘Gram TikTok is one of the fastest growing social apps, with more than 1.5 billion downloads. However, its Chinese origins have caused controversy in the US, leading some lawmakers to declare…

Read more →