News

Powerful code signed by Microsoft littered with vulns

DEF CON  Too many trusted Windows 10 peripheral drivers, signed off by Microsoft and running with powerful kernel-level privileges, are riddled with exploitable security vulnerabilities, according to infosec biz Eclypsium.…

Plus: The spambot that actually DOES record screens of pr0n users

Roundup  Here is your friendly summary of recent news from the front lines of information security beyond everything else we've already reported.…

Politicians appeal to hackers to take up the fight

DEF CON  Despite some progress, the US is still massively underprepared for a serious cyber attack and the current administration isn't helping matters, according to politicians visiting the DEF CON hacking conference.…

Faulty F-15s, at-risk airbases and much more

DEF CON  For the first time, Vegas's annual DEF CON hacking conference has an "aviation hacking village", and the US military is scouting around there for a few good hackers to find bugs that its own hackers have missed.…

More unregulated creepycams blight London

Britons working for Google at its London HQ are being secretly spied on by creepy facial recognition cameras – but these ones aren't operated by the ad-tech company.…

Thousands of tons of metal and iPads don't mix, it would seem

The US Navy is ditching touchscreens and going back to physical throttles after an investigation into the USS John S McCain collision partly blamed poor design of control systems for the incident.…

You've heard of ROP? Now get a load of QOP

DEF CON  At the DEF CON hacking conference in Las Vegas on Saturday, infosec gurus from Check Point are scheduled to describe a technique for exploiting SQLite, a database used in applications across every major desktop and mobile operating system, to gain arbitrary code execution.…

Elaborate browser break-out betrayed by unusual behavior

Coinbase chief information security officer Philip Martin this week published an incident report covering the recent attack on the cryptocurrency exchange, revealing a phishing campaign of surprising sophistication.…

The benefits of outsourcing your IT's infosec – and what to look for. Here's our gentle guide for you

Backgrounder  Managed security services are – by revenue – the fastest expanding field of cyber security, according to IDC, which reckons they should grow at a compound annual growth rate of 14.2 per cent to 2022. Gartner says managed and subscription-based security services will account for half of all cyber-security spending by 2020.…

Maybe Douglas Adams was right about mice

Black Hat  Deepfakes, the AI-generated talking heads that can say whatever their creator wants them to, are getting harder to detect. But boffins have enlisted an unlikely ally in the quest for truth – mice.…

Revenge plan morphs into data leak discovery

Black Hat  When Europe introduced the General Data Protection Regulation (GDPR) it was supposed to be a major step forward in data safety, but sloppy implementation and a little social engineering can make it heaven for identity thieves.…

As it emerges non-internet-connected election systems are actually connected to the internet

Black Hat  While various high-tech solutions to secure electronic voting systems are being touted this week to election officials across the United States, according to infosec guru Bruce Schneier there is only one tried-and-tested approach that should be considered: pen and paper.…

Apple expands bug bounties, and more from Vegas this week

Black Hat  Here's a quick summary of some important infosec happenings from inside and outside the Black Hat USA conference in Las Vegas on Thursday.…

Moscow's 'sovereign internet' effort means new rules for the bad guys too

Black Hat  The introduction of Russia's Sovereign Internet rules is having an impact on the way criminal hackers around the world do business.…

Public sector bods blame users recycling logins

Exclusive  Transport for London's online Oyster travel smartcard system has been accessed by miscreants using customer credentials, The Reg can reveal, as the transport authority keeps the website offline for a second day.…

Fears of cyber-hijackings? That's plane crazy, says Dreamliner maker

Black Hat  A Black Hat presentation on how to potentially hijack a 787 – by exploiting bugs found in internal code left lying around on a public-facing server – was last night slammed as "irresponsible and misleading" by Boeing.…

Now that's what we call a joint task force: Uncle Sam chills out, relaxes recruitment rules on drugs

Black Hat  America's crime-fighters, desperate to recruit white-hat hackers to collar spies and cyber-crooks, have been quietly and slightly relaxing the ban on hiring anyone who has used illegal drugs.…

Exploit an 3l33t zero-day and reverse-shell that backend DB proxy server... or simply pay this farmer off

Black Hat  Black Hat founder Jeff Moss opened this year's shindig in Las Vegas with tales of quite how odd the hacking culture in China is.…

Maybe, maybe not. These hack-in-a-box widgets are something to think about at least, says Big Blue

Black Hat  IBM's X-Force hacking team have come up with an interesting variation on wardriving – you know, when you cruise a neighborhood scouting for Wi-Fi networks. Well, why not try using the postal service instead, and called it "warshipping," Big Blue's eggheads suggested earlier today.…

Including: Microsoft spins up Azure security lab, offers more bug bounty cash

Roundup  Before letting the IT staff clock out early this week, make sure they read up on the following security notices out this week.…