News

Patch ASAP: Holes used to raid top-tier targets and stash info in Kim Dotcom's old cloud file locker

Microsoft says Beijing-backed hackers are exploiting four zero-day vulnerabilities in Exchange Server to steal data from defense contractors, law firms, and infectious disease research centers.…

And they're getting into the ransomware game too, warns Sophos

Gootkit financial malware has been resurrected to fling ransomware payloads at unwitting marks, according to Sophos.…

Network Solutions hasn't confirmed what happened, though

The short-lived theft of Perl.com in late January is believed to have been the result of a social engineering attack that convinced registrar Network Solutions to alter the domain's records without valid authorization.…

Hong Kong-based suspect wanted to create rival startup using pilfered silicon carbide MOSFET blueprints – claim

A Chinese businessman has been accused by the US government of trying to steal silicon secrets from General Electric (GE).…

The fun started at the same time as border skirmishes

Security intelligence firm Recorded Future's Insikt Group has written a paper alleging China was behind attacks on India's electricity grid.…

If you want the lowdown on managed detection and response, clock this

Promo  One thing you can say about cyber-attackers. They don’t keep office hours. They – or their code – will chip away at your systems, all day, every day, looking for a way in before quietly exploiting it for as long as possible.…

Plus: Critical Cisco flaw, NSA advice, and someone hacked Gab?

In Brief  The murder of Washington Post columnist Jamal Khashoggi, which is said to be have been aided by digital surveillance, was ordered by the head of the Saudi Arabian government, US intelligence has publicly asserted.…

Uh huh... it's a good time to be in enterprise security analytics

Tired of keeping up with security alerts from your system? Worried that your Security Operations Centre (SOC) is getting deluged in low-level reporting? Fear not: Imperva has produced an aggregator aggregation product that sits over the top of all your other alert-generating security software.…

Engineers write off GC abuse because Spectre broke everything anyway

In early November, a developer contributing to Google's open-source Chromium project reported a problem with Oilpan, the garbage collector for the browser's Blink rendering engine: it can be used to break a memory defense known as address space layout randomization (ASLR).…

A bitter pill best swallowed with eight gallons of swimming pool water

Something for the Weekend, Sir?  Those files I promised you? Oh, I'm sorry, they accidentally got taken out with the recycling. A gull swooped down and snatched them out of my hands. They were lost in a tsunami. No, a forest fire. An earthquake. Actually, to tell the truth, my mum put them in the washing machine.…

Announced rules also require fast takedowns of content, online profile verification, and more

After a three-year review process, India has announced strict regulations for instant chat services, social network operators, and video-streaming companies.…

Third-party code in security-critical apps is obviously suboptimal, but company says you can opt out

A security researcher has recommended against using the LastPass password manager Android app after noting seven embedded tracking signatures. The company says users can opt out if they want.…

Plus: User passwords were stored in plain text after all

The UK's National Cyber Security Centre is now helping IoT gadget firm FootfallCam Ltd secure product lines following the recent digital burglary of its nursery webcam operation.…

Experimental blocking of sites that load resources from four big companies makes the web unusable

A new extension for Google Chrome has made explicit how most popular sites on the internet load resources from one or more of Google, Facebook, Microsoft and Amazon.…

Boffins find those developing apps for the chatty AI assistant can bypass security measures

Computer security bods based in Germany and the US have analyzed the security measures protecting Amazon's Alexa voice assistant ecosystem and found them wanting.…

Not a great day for Bombardier, Leonardo and Seaspray customers

A CAD drawing of a radar antenna stolen and leaked online by criminals is of a military radar system produced by defense contractor Leonardo and fitted to a number of UK, US, and UAE aircraft, The Register has learned.…

Plus: Why the Chocolate Factory only uses code it builds from source

Interview  Worried about the security of Linux and open-source code, Google is sponsoring a pair of full-time developers to work on the kernel's security.…

New GIAC qual shows you can put the Sec into DevSecOps and quantify the risk in SRE

Promo  On the face of it, cloud penetration testing might appear a complex undertaking involving very different architectures, such as containers and Kubernetes, to those found in traditional on-prem infrastructure.…

Hey man, are your cookies trackin' me? Take 'em out. You gotta keep 'em separated

Mozilla has revised the way the latest build of the Firefox browser handles HTTP cookies to prevent third-parties from using them to track people online, as part of improvements in build 86 of the code.…

Study sees increasing adoption of cloaking to bypass cookie barriers

Boffins based in Belgium have found that a DNS-based technique for bypassing defenses against online tracking has become increasingly common and represents a growing threat to both privacy and security.…