Shock Exchange: Microsoft patches 4 zero-day flaws exploited by China's ‘Hafnium’ crew to steal sensitive data

The Register - Wed, 03/03/2021 - 00:10
Patch ASAP: Holes used to raid top-tier targets and stash info in Kim Dotcom's old cloud file locker

Microsoft says Beijing-backed hackers are exploiting four zero-day vulnerabilities in Exchange Server to steal data from defense contractors, law firms, and infectious disease research centers.…

Categories: News

Gootkit malware crew using SEO to get pwned websites in front of unwitting marks

The Register - Tue, 02/03/2021 - 09:30
And they're getting into the ransomware game too, warns Sophos

Gootkit financial malware has been resurrected to fling ransomware payloads at unwitting marks, according to Sophos.…

Categories: News theft blamed on social engineering attack: Registrar 'convinced' to alter DNS records by miscreants

The Register - Tue, 02/03/2021 - 08:25
Network Solutions hasn't confirmed what happened, though

The short-lived theft of in late January is believed to have been the result of a social engineering attack that convinced registrar Network Solutions to alter the domain's records without valid authorization.…

Categories: News

Chinese businessman plotted with GE insider to steal transistor secrets, say Feds

The Register - Mon, 01/03/2021 - 20:06
Hong Kong-based suspect wanted to create rival startup using pilfered silicon carbide MOSFET blueprints – claim

A Chinese businessman has been accused by the US government of trying to steal silicon secrets from General Electric (GE).…

Categories: News

Malware attack that crippled Mumbai's power system came from China, claims infosec intel outfit Recorded Future

The Register - Mon, 01/03/2021 - 16:05
The fun started at the same time as border skirmishes

Security intelligence firm Recorded Future's Insikt Group has written a paper alleging China was behind attacks on India's electricity grid.…

Categories: News

Cyber-attackers work 24/7 … but what about your security team?

The Register - Mon, 01/03/2021 - 07:30
If you want the lowdown on managed detection and response, clock this

Promo  One thing you can say about cyber-attackers. They don’t keep office hours. They – or their code – will chip away at your systems, all day, every day, looking for a way in before quietly exploiting it for as long as possible.…

Categories: News

Mobile spyware fan Saudi Crown Prince accused by US intel of Khashoggi death

The Register - Mon, 01/03/2021 - 06:40
Plus: Critical Cisco flaw, NSA advice, and someone hacked Gab?

In Brief  The murder of Washington Post columnist Jamal Khashoggi, which is said to be have been aided by digital surveillance, was ordered by the head of the Saudi Arabian government, US intelligence has publicly asserted.…

Categories: News

Imperva pretty adamant that security analytics aggregator product Sonar is not 'one dashboard to rule them all'

The Register - Fri, 26/02/2021 - 21:48
Uh huh... it's a good time to be in enterprise security analytics

Tired of keeping up with security alerts from your system? Worried that your Security Operations Centre (SOC) is getting deluged in low-level reporting? Fear not: Imperva has produced an aggregator aggregation product that sits over the top of all your other alert-generating security software.…

Categories: News

Google looks at bypass in Chromium's ASLR security defense, throws hands up, won't patch garbage issue

The Register - Fri, 26/02/2021 - 11:58
Engineers write off GC abuse because Spectre broke everything anyway

In early November, a developer contributing to Google's open-source Chromium project reported a problem with Oilpan, the garbage collector for the browser's Blink rendering engine: it can be used to break a memory defense known as address space layout randomization (ASLR).…

Categories: News

Half a million stolen French medical records, drowned in feeble excuses

The Register - Fri, 26/02/2021 - 09:30
A bitter pill best swallowed with eight gallons of swimming pool water

Something for the Weekend, Sir?  Those files I promised you? Oh, I'm sorry, they accidentally got taken out with the recycling. A gull swooped down and snatched them out of my hands. They were lost in a tsunami. No, a forest fire. An earthquake. Actually, to tell the truth, my mum put them in the washing machine.

Categories: News

India's demand to identify people on chat apps will 'break end-to-end encryption', say digital rights warriors

The Register - Fri, 26/02/2021 - 02:10
Announced rules also require fast takedowns of content, online profile verification, and more

After a three-year review process, India has announced strict regulations for instant chat services, social network operators, and video-streaming companies.…

Categories: News

1Password has none, KeyPass has none... So why are there seven embedded trackers in the LastPass Android app?

The Register - Thu, 25/02/2021 - 18:39
Third-party code in security-critical apps is obviously suboptimal, but company says you can opt out

A security researcher has recommended against using the LastPass password manager Android app after noting seven embedded tracking signatures. The company says users can opt out if they want.…

Categories: News

UK's National Cyber Security Centre sidles in to help firm behind hacked NurseryCam product secure itself

The Register - Thu, 25/02/2021 - 13:07
Plus: User passwords were stored in plain text after all

The UK's National Cyber Security Centre is now helping IoT gadget firm FootfallCam Ltd secure product lines following the recent digital burglary of its nursery webcam operation.…

Categories: News

Ever felt that a few big tech companies are following you around the internet? That's because ... they are

The Register - Thu, 25/02/2021 - 12:04
Experimental blocking of sites that load resources from four big companies makes the web unusable

A new extension for Google Chrome has made explicit how most popular sites on the internet load resources from one or more of Google, Facebook, Microsoft and Amazon.…

Categories: News

Alexa, swap out this code that Amazon approved for malware... Installed Skills can double-cross their users

The Register - Thu, 25/02/2021 - 07:04
Boffins find those developing apps for the chatty AI assistant can bypass security measures

Computer security bods based in Germany and the US have analyzed the security measures protecting Amazon's Alexa voice assistant ecosystem and found them wanting.…

Categories: News

Revealed: The military radar system swiped from aerospace biz, leaked online by Clop ransomware gang

The Register - Wed, 24/02/2021 - 20:04
Not a great day for Bombardier, Leonardo and Seaspray customers

A CAD drawing of a radar antenna stolen and leaked online by criminals is of a military radar system produced by defense contractor Leonardo and fitted to a number of UK, US, and UAE aircraft, The Register has learned.…

Categories: News

'We're finding bugs way faster than we can fix them': Google sponsors 2 full-time devs to improve Linux security

The Register - Wed, 24/02/2021 - 16:01
Plus: Why the Chocolate Factory only uses code it builds from source

Interview  Worried about the security of Linux and open-source code, Google is sponsoring a pair of full-time developers to work on the kernel's security.…

Categories: News

Think you know all about security pen-testing in the cloud? Here’s how to prove it

The Register - Wed, 24/02/2021 - 08:00
New GIAC qual shows you can put the Sec into DevSecOps and quantify the risk in SRE

Promo  On the face of it, cloud penetration testing might appear a complex undertaking involving very different architectures, such as containers and Kubernetes, to those found in traditional on-prem infrastructure.…

Categories: News

Mozilla Firefox keeps cookies kosher with quarantine scheme, 86s third-party cookies in new browser build

The Register - Wed, 24/02/2021 - 07:02
Hey man, are your cookies trackin' me? Take 'em out. You gotta keep 'em separated

Mozilla has revised the way the latest build of the Firefox browser handles HTTP cookies to prevent third-parties from using them to track people online, as part of improvements in build 86 of the code.…

Categories: News

What's CNAME of your game? This DNS-based tracking defies your browser privacy defenses

The Register - Wed, 24/02/2021 - 06:11
Study sees increasing adoption of cloaking to bypass cookie barriers

Boffins based in Belgium have found that a DNS-based technique for bypassing defenses against online tracking has become increasingly common and represents a growing threat to both privacy and security.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News