News
Shock Exchange: Microsoft patches 4 zero-day flaws exploited by China's ‘Hafnium’ crew to steal sensitive data
Microsoft says Beijing-backed hackers are exploiting four zero-day vulnerabilities in Exchange Server to steal data from defense contractors, law firms, and infectious disease research centers.…
Gootkit malware crew using SEO to get pwned websites in front of unwitting marks
Gootkit financial malware has been resurrected to fling ransomware payloads at unwitting marks, according to Sophos.…
Perl.com theft blamed on social engineering attack: Registrar 'convinced' to alter DNS records by miscreants
The short-lived theft of Perl.com in late January is believed to have been the result of a social engineering attack that convinced registrar Network Solutions to alter the domain's records without valid authorization.…
Chinese businessman plotted with GE insider to steal transistor secrets, say Feds
A Chinese businessman has been accused by the US government of trying to steal silicon secrets from General Electric (GE).…
Malware attack that crippled Mumbai's power system came from China, claims infosec intel outfit Recorded Future
Security intelligence firm Recorded Future's Insikt Group has written a paper alleging China was behind attacks on India's electricity grid.…
Cyber-attackers work 24/7 … but what about your security team?
Promo One thing you can say about cyber-attackers. They don’t keep office hours. They – or their code – will chip away at your systems, all day, every day, looking for a way in before quietly exploiting it for as long as possible.…
Mobile spyware fan Saudi Crown Prince accused by US intel of Khashoggi death
In Brief The murder of Washington Post columnist Jamal Khashoggi, which is said to be have been aided by digital surveillance, was ordered by the head of the Saudi Arabian government, US intelligence has publicly asserted.…
Imperva pretty adamant that security analytics aggregator product Sonar is not 'one dashboard to rule them all'
Tired of keeping up with security alerts from your system? Worried that your Security Operations Centre (SOC) is getting deluged in low-level reporting? Fear not: Imperva has produced an aggregator aggregation product that sits over the top of all your other alert-generating security software.…
Google looks at bypass in Chromium's ASLR security defense, throws hands up, won't patch garbage issue
In early November, a developer contributing to Google's open-source Chromium project reported a problem with Oilpan, the garbage collector for the browser's Blink rendering engine: it can be used to break a memory defense known as address space layout randomization (ASLR).…
Half a million stolen French medical records, drowned in feeble excuses
Something for the Weekend, Sir? Those files I promised you? Oh, I'm sorry, they accidentally got taken out with the recycling. A gull swooped down and snatched them out of my hands. They were lost in a tsunami. No, a forest fire. An earthquake. Actually, to tell the truth, my mum put them in the washing machine.…
India's demand to identify people on chat apps will 'break end-to-end encryption', say digital rights warriors
After a three-year review process, India has announced strict regulations for instant chat services, social network operators, and video-streaming companies.…
1Password has none, KeyPass has none... So why are there seven embedded trackers in the LastPass Android app?
A security researcher has recommended against using the LastPass password manager Android app after noting seven embedded tracking signatures. The company says users can opt out if they want.…
UK's National Cyber Security Centre sidles in to help firm behind hacked NurseryCam product secure itself
The UK's National Cyber Security Centre is now helping IoT gadget firm FootfallCam Ltd secure product lines following the recent digital burglary of its nursery webcam operation.…
Ever felt that a few big tech companies are following you around the internet? That's because ... they are
A new extension for Google Chrome has made explicit how most popular sites on the internet load resources from one or more of Google, Facebook, Microsoft and Amazon.…
Alexa, swap out this code that Amazon approved for malware... Installed Skills can double-cross their users
Computer security bods based in Germany and the US have analyzed the security measures protecting Amazon's Alexa voice assistant ecosystem and found them wanting.…
Revealed: The military radar system swiped from aerospace biz, leaked online by Clop ransomware gang
A CAD drawing of a radar antenna stolen and leaked online by criminals is of a military radar system produced by defense contractor Leonardo and fitted to a number of UK, US, and UAE aircraft, The Register has learned.…
'We're finding bugs way faster than we can fix them': Google sponsors 2 full-time devs to improve Linux security
Interview Worried about the security of Linux and open-source code, Google is sponsoring a pair of full-time developers to work on the kernel's security.…
Think you know all about security pen-testing in the cloud? Here’s how to prove it
Promo On the face of it, cloud penetration testing might appear a complex undertaking involving very different architectures, such as containers and Kubernetes, to those found in traditional on-prem infrastructure.…
Mozilla Firefox keeps cookies kosher with quarantine scheme, 86s third-party cookies in new browser build
Mozilla has revised the way the latest build of the Firefox browser handles HTTP cookies to prevent third-parties from using them to track people online, as part of improvements in build 86 of the code.…
What's CNAME of your game? This DNS-based tracking defies your browser privacy defenses
Boffins based in Belgium have found that a DNS-based technique for bypassing defenses against online tracking has become increasingly common and represents a growing threat to both privacy and security.…
Pages
