Ex-US intel, military trio were cyber-mercenaries for UAE, say prosecutors

The Register - Wed, 15/09/2021 - 07:45
Three men charged with breaking export, security laws, agree to deal after infiltrating smartphones with zero-click exploits

Three former US intelligence and military operatives broke America's weapons export and computer security laws by, among other things, helping the United Arab Emirates hijack and siphon data from people's iPhones, it emerged on Tuesday.…

Categories: News

Microsoft's end-of-summer software security cleanse crushes more than 80 bugs

The Register - Wed, 15/09/2021 - 01:00
Azure agent in Linux guests fixed, MSHTML exploit tackled, and much more – Plus: Adobe and SAP issue updates

Patch Tuesday  For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities alongside 20 Chromium security bugs in Microsoft Edge.…

Categories: News

Krita art app users targeted by ransomware posing as paid 'collaboration' opportunities

The Register - Tue, 14/09/2021 - 20:27
Artists advised to delete emails asking them to download 'media bundle'

Krita, an open-source cross-platform digital painting application, has become the latest victim of ransomware – but rather than being attacked directly, its name is being used to spread malware among users via emails offering advertising revenue.…

Categories: News

Security bods boost Apple iPhone hardware attack research with iTimed toolkit

The Register - Tue, 14/09/2021 - 17:45
'The first complete infrastructure to enable general-purpose hardware security experiments on the Apple iPhone SoCs,' they claim

A trio of researchers at North Carolina State University (NC State) have released what they describe as a "novel research toolkit" for Apple's iDevices - and to prove its functionality, have disclosed side-channel attacks against the company's A10 Fusion system-on-chip.…

Categories: News

Brits open doors for tech-enabled fraudsters because they 'don't want to seem rude'

The Register - Tue, 14/09/2021 - 16:15
Impersonation scams and smishing rocket, say UK Finance and Which?

Brits are too polite to tell phone scammers to "get stuffed", "take a hike" or "sling yer 'ook" when they impersonate so-called "trusted organisations" such as banks.…

Categories: News

Thousands of internet-connected databases contain high or critical CVEs, says report by cloud security biz

The Register - Tue, 14/09/2021 - 12:30
Put your data on someone else's computer to keep it safe, urges Imperva

After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet.…

Categories: News

ExpressVPN bought for $1bn by Brit biz with an intriguing history in adware

The Register - Tue, 14/09/2021 - 08:39
'Kape has moved on from those times'

UK-headquartered Kape Technologies announced on Monday it has acquired ExpressVPN in a $936m (£675m) cash and stocks deal, a move it claims will double its customer base to at least six million.…

Categories: News

Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware

The Register - Tue, 14/09/2021 - 00:06
Separate flaw in WebKit also under attack squashed, too – and two zero-days in Chrome, as well

Updated  Apple on Monday issued security patches for its mobile and desktop operating systems, and for its WebKit browser engine, to address two security flaws, at least one of which was, it is said, used by autocratic governments to spy on human rights advocates.…

Categories: News

How a glitch in the Matrix led to apps potentially exposing encrypted chats

The Register - Mon, 13/09/2021 - 21:22
Forget Agent Smith, we want to see Neo fighting implementation bugs

The Foundation, which oversees the Matrix decentralized communication protocol, said on Monday multiple Matrix clients and libraries contain a vulnerability that can potentially be abused to expose encrypted messages.…

Categories: News

Open redirect on UK council website was being used for Royal Mail-themed parcel payments scam

The Register - Mon, 13/09/2021 - 16:15
Homes4Wiltshire, aka Homes4Spammers

An open redirect on a UK council-backed property website allowed low-level miscreants to evade filters.…

Categories: News

You can 'go your own way' over GDPR, says UK's new Information Commissioner

The Register - Mon, 13/09/2021 - 10:15
Tells committee: I know I said Facebook was 'morally bankrupt' but...

The incoming head of the UK's data watchdog has "gone on the record" to say he will be fair and impartial in his dealings with tech companies despite once describing Facebook as "morally bankrupt pathological liars."…

Categories: News

WhatsApp to offer end-to-end encrypted backups in iCloud, Google Drive with user-managed keys

The Register - Sat, 11/09/2021 - 02:21
Funny how 'privacy-focused' Apple and Google haven't managed that

Facebook's WhatsApp on Friday said users will soon be able to store end-to-end (E2E) encrypted backups of their chat history on Google Drive in Android or Apple iCloud in iOS, with an option to self-manage the encryption key.…

Categories: News

Hey – how did you get in here? Number one app security weakness of 2021 was borked access control, says OWASP

The Register - Fri, 10/09/2021 - 19:35
Org releases its top ten list of bad things software vendors do

The Open Web App Security Project has released its Top Ten list of vulnerabilities in web software, as part of the general movement to make software less painfully insecure at the design stage.…

Categories: News

McDonald's email blunder broadcasts database creds to comedy competition winners

The Register - Thu, 09/09/2021 - 13:58
Finder tells El Reg of struggle to report snafu

McDonald's customers who won a prize draw competition got more than they hoped for after the burger chain emailed them login credentials for development and production databases used to power the campaign.…

Categories: News

LA cops told to harvest social media handles from people they stop, suspect or not

The Register - Thu, 09/09/2021 - 04:50
Policies revealed after long battle for transparency and accountability

Los Angeles police are instructed to collect social media details from people they stop and talk to, even if those civilians aren’t suspected of breaking the law, according to documents finally revealed after a lengthy legal battle.…

Categories: News

Microsoft fixes flaw that could leak data between users of Azure container services

The Register - Thu, 09/09/2021 - 03:56
No data went awry, Cosmos DB had a similar bug just two weeks ago

Microsoft today revealed it fixed a vulnerability in its Azure Container Instances services that could have been exploited by a malicious user "to access other customers' information."…

Categories: News

New Zealand DDoS wave targets banks, post offices, weather forecasters and more

The Register - Wed, 08/09/2021 - 20:36
Nobody from government will say a word about who's behind it

Banks and post offices in New Zealand have been hit by a cyber offensive, according to reports, consisting of sustained DDoS attacks against a number of critical online services.…

Categories: News

Proton welcomes Sir Tim Berners-Lee to its advisory board – as ProtonMail suffers a privacy backlash

The Register - Wed, 08/09/2021 - 19:55
'I am a firm supporter of privacy,' Sir Tim declares - even as the service is lambasted over IP logging

Privacy-centric communications specialist Proton, best known for its ProtonMail encrypted email platform, has announced the appointment of web daddy Sir Tim Berners-Lee to its advisory board.…

Categories: News

3 years, 17 alphas, 2 betas, and over 7,500 commits later, OpenSSL version 3 is here

The Register - Wed, 08/09/2021 - 18:27
What have we learned during that time? Quite a bit, it appears

The OpenSSL team has released version 3.0 of its eponymous secure communications library after a lengthy gestation period.…

Categories: News is launching an anti-Facebook encryption push. Don't think of the children: Think of the nuances and edge cases instead

The Register - Wed, 08/09/2021 - 14:44
You can't reduce such a vital issue to concern over paedophiles and terrorists

Opinion  The British government is preparing to launch a full-scale policy assault against Facebook as the company gears up to introduce end-to-end encryption across all of its services.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News