News

Dev fears sub-domain abuse – Plus, unofficial patches for trio of Windows zero-days

Microsoft has been accused of ignoring an IT security risk that could be exploited to create legit-looking malware-laden webpages that sport seemingly trusted Azure and Office 365 domain names. Alternatively, the domains potentially could be used to stealthily leak stolen data from networks.…

Anyone still at their posts, please stop these address takeovers... please, helloo? Anyone there?

America's Homeland Security has urged US government departments and federal agencies to shore up their DNS control panels after hackers successfully stormed the barricades.…

Open the door, get on the floor – not so fast if you've an iPhone 4

Apple has emitted a handful of software patches to address security vulnerabilities in iOS, macOS, and various peripherals.…

How many ad blocks could an ad slinger block if an ad slinger could block blocks?

Google engineers have proposed changes to the open-source Chromium browser that will break content-blocking extensions, including various ad blockers.…

Disable redirects before applying update

The Debian Project has patched a security flaw in its software manager Apt that can be exploited by network snoops to execute commands as root on victims' boxes as they update or install packages.…

Parly-vous cyber-security? No plan to surrender, military bug bounty coming

FIC2019  France’s defence secretary Florence Parly today declared “Cyber war has begun.”…

Researchers show how rogue web applications can be used to attack vulnerable browser extensions in a hack that gives adversaries access to private user data.

Pragmatic chap looks at reality of international relations

FIC2019  A French diplomat has suggested that future global regulation of cyberspace could exempt spying from regulation "as long as some specific sectors are preserved".…

The French Data Protection Authority (DPA) found a lack of transparency when it comes to how Google harvests and uses personal data for ad-targeting purposes.

White House to nominate former DocuSign boss

The US may have finally complied with the European Commission's repeated requests to name a permanent Privacy Shield ombudsperson, The Register understands.…

The patches are part of Adobe's second unscheduled update this month.

Boffins reckon they can predict what you'll say based on your friends' activity online

The phenomenon of "prescient Facebook advertising", so beloved of conspiracy theorists who think social networks listen to your microphone, might instead simply be evidence of how good Facebook's algorithms have become.…

End-of-life followed 2018 fake Website certificate drama

If you're still using TLS-SNI, stop: a year after a slip-up allowed miscreants to claim Let's Encrypt certificates for domains they didn't own, the free certificate authority has announced the final sunset of the protocol involved.…

Plus, Safari security foiled by… a finger swipe?

Roundup  This week we wrangled with alleged Russian election meddling, hundreds of millions of username-password combos spilled online, Oracle mega-patches, and cliams of RICO swap-gangs.…

Killer jailed for life after fitness kit data tips off plod

Avid runner and hitman Mark Fellows was this week found guilty of murder after being grassed up by his Garmin watch.…

Two apps on Google Play were infecting devices with the Anubis mobile banking trojan.

Лучшая защита – нападение?

Russian hackers attempted to infiltrate the Democratic National Committee (DNC) just after the US midterm elections last year, according to a new court filing.…

The Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups.

Threatpost editors break down the top headlines from the week ended Jan. 18.

A default configuration allows full admin access to unauthenticated attackers.