Contract killer: Certified PDFs can be secretly tampered with during the signing process, boffins find

The Register - Wed, 26/05/2021 - 07:46
24 out of 26 tools vulnerable – with bonus JavaScript attack for Adobe

A pair of techniques to surreptitiously alter the content of certified PDFs have been detailed by researchers in Germany.…

Categories: News

VMware reveals critical vCenter hole it says ‘needs to be considered at once’

The Register - Wed, 26/05/2021 - 03:04
Unauthenticated remote code execution possible thanks to vSphere Client bug

VMware has revealed a critical bug that can be exploited to achieve unauthenticated remote code execution in the very core of a virtualised system – vCenter Server.…

Categories: News

Snowden was right, rules human rights court as it declares UK spy laws broke ECHR

The Register - Tue, 25/05/2021 - 18:08
Says privacy and freedom of expression breached, but upholds sending surveillance product to foreign countries

Surveillance laws permitting GCHQ to operate its Tempora dragnet mass surveillance system broke the law, the European Court of Human Rights has ruled.…

Categories: News

Brit watchdog shows some teeth over McAfee antivirus auto-renewals

The Register - Tue, 25/05/2021 - 16:46
Refund rights for customers

The UK's Competition and Markets Authority (CMA) has reached agreement with antivirus vendor McAfee that means some customers whose software subscription was automatically renewed will be able to get a refund.…

Categories: News

South Korea plans large scale quantum cryptography adoption, thanks in part to tech partnership with USA

The Register - Tue, 25/05/2021 - 09:33
Also steps into future by allowing plug to be pulled on 2G networks

The Republic of Korea took two bold steps into the future on Tuesday, by announcing that the last of its 2G networks will go offline in June and that it will initiate large-scale adoption of communications protected by quantum encryption.…

Categories: News

Hard cheese: Stilton snap shared via EncroChat leads to drug dealer's downfall

The Register - Tue, 25/05/2021 - 07:30
Brit thrown in the clink for 13 years after palm-print lifted from internet photo

A drug dealer's ham-handed OPSEC allowed British police to identify him from a picture of him holding a block of cheese, which led to his arrest, guilty plea, and a sentence of 13 years and six months in prison.…

Categories: News

China’s Digital Yuan not aimed at challenging US dollar, says former People’s Bank governor

The Register - Tue, 25/05/2021 - 06:59
It’s all about domestic efficiency, and if that helps China to become a bigger player then so be it

A former governor of the People’s Bank of China has given a speech in which he suggested that China’s Digital Yuan is not intended to increase China’s influence over global financial systems.…

Categories: News

Apple patches macOS flaw exploited by malware to secretly snap screenshots

The Register - Mon, 24/05/2021 - 22:43
Bug can also be abused to record audio and video, access files – and iOS, iPadOS updated, too

Apple has patched a hole in macOS that has been exploited by malware to secretly take screenshots on victims' Macs.…

Categories: News

Legacy data protection and modern ransomware? The odds are not in your favor

The Register - Mon, 24/05/2021 - 20:00
Join us to learn how to frustrate extortionists in the 2020s

Webcast  On the face of it, blunting a ransomware attack should be straightforward if you’ve got a solid data protection plan in place.…

Categories: News

Icarus moment: Mozilla Thunderbird was saving OpenPGP keys in plaintext after encryption snafu

The Register - Mon, 24/05/2021 - 18:15
Cockup has since been patched in latest release

Mozilla Thunderbird spent the last couple of months saving some users’ OpenPGP keys in plain text – but that’s now been patched, the author of both the bug and the patch fixing it has told The Register.…

Categories: News

Apple is happy to diss the desktop – it knows who's got the most to lose

The Register - Mon, 24/05/2021 - 10:01
Also: The basic utility of the general purpose OS cannot be sanitised into total safety. Nor should it

Column  You will have noticed that Apple just pushed MacOS under the wolves, thrown it to the bus and left it hanging out to dry like a post-Brexit fishing net.…

Categories: News

Air India admits to data breach impacting 4.5m customers, sat on the news for five weeks

The Register - Mon, 24/05/2021 - 06:58
While my SITA gently leaks, customers were unaware their credit card numbers had flown away

India’s flag carrier, Air India, has admitted it fell foul of the data breach at aviation information services provider SITA, and that its disclosure comes five weeks after it was notified of the situation.…

Categories: News

Indonesia’s national health insurance scheme leaks at least a million citizens' records

The Register - Mon, 24/05/2021 - 03:28
Tech Ministry trying to figure out just how much personal info has made it onto notorious RaidForums data-mart

Indonesia’s government has admitted to leaks of personal data from the agency that runs its national health insurance scheme…

Categories: News

American insurance giant CNA reportedly pays $40m to ransomware crooks

The Register - Sat, 22/05/2021 - 11:22
Plus: Stalkerware even more scummy and ExifTool needs patching

In brief  CNA Finaincial, the US insurance conglomerate, has apparently paid $40m to ransomware operators to gets its files back.…

Categories: News

UK Computer Misuse Act convictions declined last year despite pandemic explosion in online criminal activity

The Register - Fri, 21/05/2021 - 16:32
And less than a fifth of CMA crims copped jail terms

Prosecutions under the UK's Computer Misuse Act (CMA) dropped by a fifth in 2020 even as conviction rates soared to 95 per cent during the year of the pandemic, new statistics have revealed.…

Categories: News

Here's how we got persistent shell access on a Boeing 747 – Pen Test Partners

The Register - Fri, 21/05/2021 - 12:50
In-flight entertainment system ran Windows NT4 – and almost defied access attempts

Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after using a vulnerability dating back to 1999.…

Categories: News

Google's 'Ask me anything' on Privacy Sandbox was more about questions than answers

The Register - Fri, 21/05/2021 - 11:59
FLoC is not for our benefit, says Chocolate Factory, it's for everyone else

Google conducted an "Ask me anything" panel on its controversial Privacy Sandbox proposals at its online I/O event.…

Categories: News

Doncaster insurance firm One Call hit by not-dead-at-all Darkside ransomware gang

The Register - Fri, 21/05/2021 - 10:15
Local paper reports £15m heist demand amid Colonial Pipeline chaos

A Doncaster insurance company has been hit by ransomware from the Darkside crew – whose "press release" declaring it was shutting down its operations last week was taken at face value by some pundits.…

Categories: News

Toyota rear-ended by twin cyber attacks that left ransomware-shaped dents

The Register - Fri, 21/05/2021 - 06:05
Oh what a feeling, and in the same week as automaker announced new production pauses

Toyota has admitted to a pair of cyber-attacks.…

Categories: News

UK data regulator fines American Express 0.14p per email after opted-out folk spammed 50 million times

The Register - Thu, 20/05/2021 - 14:45
Bank made $1.4bn in profits alone last quarter

American Express has been fined 0.009 per cent of its annual profits by the Information Commissioner's Office (ICO) after spamming people who opted out of its marketing emails with 50 million unwanted messages.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News