News

Time to limber up in the battle against cybercriminals

The Register - Thu, 05/03/2020 - 07:00
Building a culture of security

Sponsored  Ask anyone in IT what it is that keeps them awake at night and most will probably reply “security”. Drill down into what specifically worries them and you’ll probably discover that it’s not the technology part but, rather, how to get the workforce to take security more seriously.…

Categories: News

Alleged Vault 7 leaker trial finale: Want to know the CIA's password for its top-secret hacking tools? 123ABCdef

The Register - Thu, 05/03/2020 - 00:47
Tales of terrible security, poor compartmentalization, and more, emerge from the Schulte hearings

Analysis  The fate of the man accused of leaking top-secret CIA hacking tools – software that gave the American spy agency access to targets' phones and computer across the world – is now in the hands of a jury. And, friend, do they have their work cut out for them.…

Categories: News

Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops

The Register - Wed, 04/03/2020 - 19:04
Lax DNS leaves door wide open for miscreants to impersonate Windows giant on its own websites

If you saw a link to mybrowser.microsoft.com, would you have trusted it? Downloaded and installed an Edge update from it? How about identityhelp.microsoft.com to change your password?…

Categories: News

If Tesco was breached, your data could be being flogged for just £2.70 – research

The Register - Wed, 04/03/2020 - 16:30
600,000 Clubcards at risk earlier this week, said supermarket

Data stolen from Tesco clubcards could be resold for just £2.70 a pop, reckons a price comparison website that appears to have strayed into the dark web.…

Categories: News

It has been 15 years, and we're still reporting homograph attacks – web domains that stealthily use non-Latin characters to appear legit

The Register - Wed, 04/03/2020 - 14:00
More than a dozen dodgy websites spotted masquerading as the real deal, HTTPS certs and all

What's old is new again as infosec bods are sounding the alarm over a fresh wave of homoglyph characters being used to lure victims to malicious fake websites.…

Categories: News

UK data watchdog slaps a £500,000 fine on Cathay Pacific for 2018 9.4m customer data leak

The Register - Wed, 04/03/2020 - 12:30
ICO probe found backup files not password-protected, unpatched web-facing servers, out-of-date OS and more

The Information Commissioner's Office has fined Cathay Pacific Airways £500,000 for leaky security that exposed the personal data of 9.4 million passengers - 111,578 of whom were from the UK.…

Categories: News

Fancy that: Hacking airliner systems doesn't make them magically fall out of the sky

The Register - Wed, 04/03/2020 - 11:30
Study finds most A320 pilots shrug, ignore dodgy systems and land safely

Airline pilots faced with hacked or spoofed safety systems tend to ignore them – but could cost their airlines big sums of money, an infosec study has found.…

Categories: News

Let's Encrypt? Let's revoke 3 million HTTPS certificates on Wednesday, more like: Check code loop blunder strikes

The Register - Tue, 03/03/2020 - 19:44
Tons of TLS certs need to be tossed immediately after Go snafu

On Wednesday, March 4, Let's Encrypt – the free, automated digital certificate authority supported by the Internet Security Research Group (ISRG) – will briefly become Let's Revoke, to undo the issuance of more than three million flawed HTTPS certs.…

Categories: News

GCHQ's infosec arm has 3 simple tips to secure those insecure smart home gadgets

The Register - Tue, 03/03/2020 - 15:30
UK.gov tries the KISS approach to infosec advice for the public

Britain's National Cyber Security Centre (NCSC) wants owners of baby monitors and smart CCTV cameras to take some basic security precautions.…

Categories: News

Have I Been S0ld? No, trusted security website HIBP off the table, will remain independent

The Register - Tue, 03/03/2020 - 12:30
Owner Troy Hunt staying in the saddle after potential deal falls through

The popular security website Have I Been Pwned (HIBP) will remain independent – despite owner Troy Hunt's decision last year to put the business up for sale.…

Categories: News

Maersk prepares to lay off the Maidenhead staffers who rescued it from NotPetya super-pwnage

The Register - Tue, 03/03/2020 - 10:45
Staff found out after seeing their own jobs advertised in India

Exclusive  Maersk is preparing to make 150 job cuts at its UK command-and-control centre (CCC) in Maidenhead – the one that rebuilt the global shipping company's IT infrastructure after the infamous 2017 NotPetya ransomware attack.…

Categories: News

Wi-Fi kit spilling data with bad crypto – Huawei, eh? No, it's Cisco. US giant patches Krook spy-hole bug in network gear

The Register - Mon, 02/03/2020 - 18:16
Meanwhile, Sophos finds nasty rootkit, OnlyFans says massive archive not a hack

Roundup  Here's El Reg's fresh slice of all the infosec news – beyond what we've already covered – that you'll need to know as you start your week. Ready? Here we go.…

Categories: News

Delicious irony: Credit rating builder Loqbox lets customer details and card numbers slip after 'sophisticated attack'

The Register - Mon, 02/03/2020 - 14:31
'We are truly sorry'

Fintech startup Loqbox has fessed up to suffering an "attack" which potentially revealed its customers' names, postal addresses, dates of birth, email addresses and phone numbers.…

Categories: News

Southern Water not such a phisherman's phriend, hauls itself offline to tackle email lure

The Register - Fri, 28/02/2020 - 14:00
UK utility biz suspends internet services

British utility biz Southern Water was the victim of a phishing attack on Wednesday, resulting in a hurried shutdown of some of the company's systems.…

Categories: News

Your phone wakes up. Its assistant starts reading out your text messages. To everyone around. You panic. How? Ultrasonic waves

The Register - Fri, 28/02/2020 - 00:38
Not OK Google: Android, Siri sink in SurfingAttack

Video  Voice commands encoded in ultrasonic waves can, best case scenario, silently activate a phone's digital assistant, and order it to do stuff like read out text messages and make phone calls, we're told.…

Categories: News

Cyber-wrath of Iran for top general's assassination hasn't progressed beyond snooping and nicking logins... yet

The Register - Thu, 27/02/2020 - 16:09
Boring! Where are teh 1337 h4x? We want 1337 h4x

The Iranian cybercrime group that was expected to spearhead the rogue Middle East nation's revenge for the US assassination of General Qasem Soleimani has quite the arsenal at its digital fingertips.…

Categories: News

Sophos was gearing up for a private life – then someone remembered the bike scheme

The Register - Thu, 27/02/2020 - 11:57
Due dil 101

Today was meant to be Brit security biz Sophos's last day on the London Stock Exchange following its £3bn purchase by a US venture capital company.…

Categories: News

If you're serious about browser privacy, you should probably pass on Edge or Yandex, claims Dublin professor

The Register - Thu, 27/02/2020 - 09:15
Merging search and address bar means more data for the tech giants

Microsoft Edge and Yandex are "much more worrisome" compared to Brave, Chrome, Firefox and Safari, according to a paper on browser privacy (PDF) published this week.…

Categories: News

Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you're using HTTPS, SSH, VPNs... right?

The Register - Thu, 27/02/2020 - 00:29
Encryption keys forced to zero by chip-level KrØØk flaw

A billion-plus computers, phones, and other devices are said to suffer a chip-level security vulnerability that can be exploited by nearby miscreants to snoop on victims' encrypted Wi-Fi traffic.…

Categories: News

After blowing $100m to snoop on Americans' phone call logs for four years, what did the NSA get? Just one lead

The Register - Wed, 26/02/2020 - 22:29
Section 215 more useless than we suspected yet they still want to keep it

The controversial surveillance program that gave the NSA access to the phone call records of millions of Americans has cost US taxpayers $100m – and resulted in just one useful lead over four years.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News