News

DNS config snafu bares Jenkins instance contents to world+dog

GE Aviation managed to expose a pile of its private keys on a misconfigured Jenkins instance that was exposed to the public internet, according to a security researcher who found it through Shodan.…

From elephants to fish, there's no GDPR in the animal kingdom

Boffins at the Max Planck Institute for Ornithology are finally ready to switch on Icarus – a system that will track the migration of animals by using an antenna installed at the International Space Station (ISS).…

'A legitimate solution to a poor user experience'

Zoom Video Communications, whose web conferencing service is used by millions, is under fire for installing a hidden web server on Macs in order to bypass user consent when joining a meeting.…

Forgive the sins of the fathers: Mozilla to have another go at tackling teenage flaw

Mozilla has been sitting on a new variant of an age-old flaw for almost a year, even with public disclosure happening back in January.…

DLL or no DLL?

Microsoft has lifted the lid on the inner-workings of a particularly nasty piece of fileless malware that aims to pilfer user data without needing to install software on the victim's machine.…

In summary: Nice try, Redmond, but you'll have to try harder to upset folks

Microsoft's latest official Windows 10 update, OS Build 18362.207, from June 27, 2019, can potentially break your VPN. But it probably won't because it's an edge case that can be expected to affect very few people.…

Digital project had gaping holes. On the bright side, here's Craig David all over your *boink*

Medway council in Kent has corked a hole in its website that spat out residents' names, mailing addresses, phone numbers and email addresses after a Reg reader got in touch to complain.…

Half a million records lost? £183m GDPR fine lined up

The UK Information Commissioner's Office has warned BA it faces a whopping £183.39m following the theft of million customer records from its website and mobile app servers.…

Plus, Florida Man out of a job for paying off hackers

Between the plentiful beverages and copious amounts of meat, pretty much everyone in the US is hung over from Independence Day in one form or another, so let's jump right into the security news.…

Unified Comms, Jabber among targets for clean-up

Cisco has delivered a bundle of 17 security updates to address 18-CVE-listed vulnerabilities in its networking and communications gear.…

It was a game of two halves

The Football Association of Ireland (FAI) has confirmed it suffered a security breach of its payroll systems, which was discovered last month, saying no staff data had been compromised.…

Experts offer their advice on staying safe and secure online

Promo  If worries about cybersecrity threats to your business and private data are keeping you awake at night, soothe your nerves by tuning into the Sophos SOS Security Week series of podcasts from 8-12 July, and find out what you need to know to be better prepared.…

It’s all lulz until someone goes to prison

Austin Thompson, aka DerpTrolling, who came to prominence in 2013 by launching Distributed Denial of Service (DDoS) attacks against major video game companies, has been sentenced to 27 months in prison by a federal court.…

'Cyber stuff is still happening and some businesses are taking it more seriously'

UK businesses have reported a significant fall in cyber attacks over the last 12 months.…

Government-backed campaign going after bug that was patched in 2017

An ongoing Iranian government-backed hacking campaign is now trying to exploit a Microsoft Outlook flaw from 2017.…

We talk to one CEO about why bans aren't the answer but federal regulation is

Facial recognition is having a rough time of it lately. Just six months ago, people were excited about Apple allowing you to open your phone just by looking at it. A year ago, Facebook users joyfully tagged their friends in photos. But then the tech got better, and so did the concerns.…

Recent policy remains unclear about what's disallowed

Updated  YouTube, under fire since inception for building a business on other people's copyrights and in recent years for its vacillating policies on irredeemable content, recently decided it no longer wants to host instructional hacking videos.…

No admission of guilt, but plenty of new rules to follow

Taiwanese networking equipment vendor D-Link will have to submit to a decade of product security audits after agreeing to settle a lawsuit brought by the US Federal Trade Commission.…

Dutch Bangla falls victim to coordinated ATM scam

A prominent Russian hacker crew is seemingly expanding its reach – having just pulled off a multi-million dollar cyber-heist in Bangladesh, we're told.…

Another day, another appalling Internet of S**t security flaw

Smart home company Zipato hardcoded the same private SSH key into every one of its hubs, leaving its system open to hacking, researchers revealed this week.…