Avast's AntiTrack promised to protect your privacy. Instead, it opened you to miscreant-in-the-middle snooping

The Register - Tue, 10/03/2020 - 00:43
HTTPS traffic could be intercepted, manipulated, thanks to sloppy proxy

You'd think HTTPS certificate checking would be a cinch for a computer security toolkit – but no so for Avast's AntiTrack privacy tool.…

Categories: News

AMD, boffins clash over chip data-leak claims: Side-channel holes revealed in decade of processors

The Register - Mon, 09/03/2020 - 21:10
Maybe don't be quite so smug, security researchers warn

AMD processors sold between 2011 to 2019 are vulnerable to two side-channel attacks that can extract kernel data and secrets, according to a new research paper.…

Categories: News

NSO Group fires back at Facebook: You lied to the court claims spyware slinger, and we've got the proof

The Register - Mon, 09/03/2020 - 19:33
Israeli firm says Social Network didn't properly serve legal docs

Facebook has been accused of lying to a US court in its ongoing legal battle against government malware maker NSO Group.…

Categories: News

Months-long trial of alleged CIA Vault 7 exploit leaker ends with hung jury: Ex-sysadmin guilty of contempt, lying to FBI

The Register - Mon, 09/03/2020 - 18:01
Mystery still surrounds saga of top-secret tools spillage

The extraordinary trial of a former CIA sysadmin accusing of leaking top-secret hacking tools to WikiLeaks has ended in a mistrial.…

Categories: News

UK Defence Committee probe into national security threat of Huawei sure to uncover lots of new and original insights

The Register - Mon, 09/03/2020 - 15:53
Are they? Aren't they? Will they? Won't they? Yes, no, kind of, a bit

UK Parliament's Defence Committee is to open an investigation into 5G and Huawei with a special focus on national security concerns.…

Categories: News

Spyware maker NSO runs scared from Facebook over WhatsApp hacking charges, fails to show up in court

The Register - Mon, 09/03/2020 - 11:39
Meanwhile, Broadcom and Symantec have merger woes

Roundup  It's that time again – the week's security news in digestible chunks beyond what we've already covered. Let's get into it.…

Categories: News is not sharing Brits' medical data among different agencies... but it's having a jolly good think about it

The Register - Mon, 09/03/2020 - 11:10
Ministry of Fun under pressure to admit it's going to happen

Who'd be a head of data policy for the British government? You spend all your time talking about data transparency, but it is so hard to be transparent.…

Categories: News

Check Point chap: Small firms don't invest in infosec then hope they won't get hacked. Spoiler alert: They get hacked

The Register - Mon, 09/03/2020 - 10:00
One vendor's security controls aren't enough, says Dan Riley

Interview  "I don't want to have a job any more," said Check Point's Dan Wiley, sitting in a fashionably nondescript London coffee shop. "I don't want to have to do my job. It means that we failed."…

Categories: News

Don't be fooled, experts warn, America's anti-child-abuse EARN IT Act could burn encryption to the ground

The Register - Fri, 06/03/2020 - 22:17
Wait, a proposed law tackling the sexual abuse of kids and they name it... the EARN IT Act? Seriously?

On Thursday, a bipartisan group of US senators introduced legislation with the ostensible purpose of combating child sexual abuse material (CSAM) online – at the apparent cost of encryption.…

Categories: News

FYI: When Virgin Media said it leaked 'limited contact info', it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more

The Register - Fri, 06/03/2020 - 21:03
Infosec biz that found the database spill raises eyebrow at UK ISP's advisory to subscribers

A Virgin Media server left facing the public internet contained more than just 900,000 people's "limited contact information" as the Brit cable giant's CEO put it yesterday.…

Categories: News

UK spy auditor gives state snoops a big pat on the back for job well done – except MI5

The Register - Fri, 06/03/2020 - 19:44
Domestic intel agency's cloud server continues to get them into hot water

The UK's spy agency auditor has given public sector snoopers a clean bill of health – except for domestic surveillance specialists MI5, whose cloud data storage blunder is still under investigation.…

Categories: News

NordVPN quietly plugged vuln where an HTTP POST request without authentication would return detailed customer data

The Register - Fri, 06/03/2020 - 13:21
Fiddle with some numbers and voila

A vulnerability in NordVPN's payments platform allowed anyone to view users' payment information and email addresses, a startling HackerOne entry has revealed.…

Categories: News

More than a billion hopelessly vulnerable Android gizmos in the wild that no longer receive security updates – research

The Register - Fri, 06/03/2020 - 11:30
Consumer mag Which? calls for manufacturers to be open about how long they will support devices

File this one under "well, duh." Consumer mag Which? today published research estimating that over a billion Android devices are vulnerable to hackers and malware as they are not receiving security updates.…

Categories: News

Like a Virgin, hacked for the very first time... UK broadband ISP spills 900,000 punters' records into wrong hands from insecure database

The Register - Thu, 05/03/2020 - 23:59
Contact info and more, perfect for phishing

Virgin Media, one of the UK's biggest ISPs, on Thursday admitted it accidentally spilled 900,000 of its subscribers' personal information onto the internet via a poorly secured database.…

Categories: News

Android users, if you could pause your COVID-19 panic buying for one minute to install these critical security fixes, that would be great

The Register - Thu, 05/03/2020 - 22:35
MediaTek chipset flaw already exploited in the wild

Google has emitted its latest monthly batch of Android security fixes, addressing a total of 70 CVE-listed vulnerabilities.…

Categories: News

Let's Encrypt: OK, maybe nuking three million HTTPS certs at once was a tad ambitious. Let's take time out

The Register - Thu, 05/03/2020 - 20:58
Online security initiative halts hurried purge to accommodate reality

Let's Encrypt has halted its plans to cancel all three million flawed web security certificates – after fearing the super-revocation may effectively break a chunk of the internet for netizens.…

Categories: News

Staffer emails compromised and customer details exposed in T-Mobile US's third data whoopsie in as many years

The Register - Thu, 05/03/2020 - 19:00
And there it is – exactly what telco was fretting over in FY'19 results

US telco giant T-Mobile has suffered an attack that could have spaffed customer information far and wide.…

Categories: News

'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc

The Register - Thu, 05/03/2020 - 14:00
Although exploitation is like shooting a lone fish in a tiny barrel 1,000 miles away

A slit in Intel's security – a tiny window of opportunity – has been discovered, and it's claimed the momentary weakness could be one day exploited to wreak "utter chaos."…

Categories: News

Enable that MF-ing MFA: 1.2 million Azure Active Directory accounts compromised every month, reckons Microsoft

The Register - Thu, 05/03/2020 - 11:30
'Really high number' could be fixed by using multi-factor authentication

Microsoft reckons 0.5 per cent of Azure Active Directory accounts as used by Office 365 are compromised every month.…

Categories: News

Sadly, the web has brought a whole new meaning to the phrase 'nothing is true; everything is permitted'

The Register - Thu, 05/03/2020 - 10:00
Well, isn't this a lovely paranoid bed we've made for ourselves

Column  "Hey there," the message begins. Out of the blue over Skype, someone I hadn't communicated with in nearly a year reaches out.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News