NHS-backed org reacted to GitHub leak disclosure with legal threats and police call, complains IT pro

The Register - Fri, 14/05/2021 - 11:02
Retention of now-deleted security breach evidence sparks spat

+Comment  IT pro Rob Dyke says an NHS-backed company not only threatened him with legal action after he flagged up an exposed GitHub repository containing credentials and insecure code, it even called the police on him.…

Categories: News

Cloudflare launches campaign to ‘end the madness’ of CAPTCHAs

The Register - Fri, 14/05/2021 - 04:29
Testing dongle-driven ‘Cryptographic Attestation of Personhood’ and WebAuthn as alternative

Poll  Cloudflare has called on the world to “end this madness” by consigning CAPTCHAS to the dustbin of history.…

Categories: News

Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway – report

The Register - Thu, 13/05/2021 - 18:44
Anonymous sources get into war-by-media counterbriefing

Colonial Pipeline's operators reportedly paid $5m to regain control of their digital systems and get the pipeline pumping oil following last week's ransomware infection.…

Categories: News

Colonial Pipeline was looking to hire cybersecurity manager before ransomware attack shut down operations

The Register - Thu, 13/05/2021 - 13:35
Good luck to whoever got that gig

Stricken US bulk hydrocarbon conveyor Colonial Pipeline advertised for a new cybersecurity manager a month before that ransomware attack forced operators to shut down the pipeline as a pre-emptive safety measure.…

Categories: News

Oops, says Manchester City Council after thousands of number plates exposed in parking ticket spreadsheet

The Register - Thu, 13/05/2021 - 11:01
They are personal data, you know. Wait – you did know that, right?

Exclusive  Manchester City Council exposed online the number plates of more than 60,000 cars slapped with parking tickets, breaking data protection laws as it did so.…

Categories: News

When it comes to cybersecurity, there's always time for summer school or winter training

The Register - Thu, 13/05/2021 - 01:22
Get ready for SANS Institute's biggest ever Asia-Pacific training event

Promo  Whatever your plans for the third quarter of 2021, an emerging security vulnerability or a network security breach has the potential to throw them into disarray. Unless, of course, you’ve made the effort to hone your existing skills or expand your knowledge into new areas ahead of time.…

Categories: News

Apple's Find My network can be abused to leak secrets to the outside world via passing devices

The Register - Wed, 12/05/2021 - 21:28
You gotta work hard for those three-bytes-a-second transfers, though

Apple's Find My network, used to locate iOS and macOS devices – and more recently AirTags and other kit – also turns out to be a potential espionage tool.…

Categories: News

Happy to pay out to ransomware masterminds? Yup, we thought so

The Register - Wed, 12/05/2021 - 17:00
Join us online and learn about modern extortionware and how to frustrate it

Webcast  It’s shocking how blasé ransomware-toting criminals can be about freezing the operations of any organisation they can insinuate themselves into, including critical utilities or medical facilities.…

Categories: News

Britain to spend £22m influencing Indo-Pacific nations' cybersecurity policies against 'authoritarian regimes'

The Register - Wed, 12/05/2021 - 13:15
So says Foreign Secretary in lacklustre speech to NCSC faithful

CyberUK 21  Britain is to spend £22m on training African and Indo-Pacific nations to stave off cyber influences from "authoritarian regimes", foreign secretary Dominic Raab said today.…

Categories: News

Blessed are the cryptographers, labelling them criminal enablers is just foolish

The Register - Wed, 12/05/2021 - 08:31
Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons

Column  Nearly a decade ago I decided to try my hand as a cryptographer. It went about as well as you might expect. I’d gotten the crazy idea to write a tool that would encrypt Twitter’s direct messages - sent in the clear - so that your private communications would truly be private, visible to no one, including Twitter.…

Categories: News

Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data

The Register - Wed, 12/05/2021 - 06:19
Online lending apps and more given fifteen days to ‘rectify’ behaviour

China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…

Categories: News

South Korea orders urgent review of energy infrastructure cybersecurity

The Register - Wed, 12/05/2021 - 04:38
No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week

South Korea’s Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation’s energy infrastructure.…

Categories: News

Tech industry quietly patches FragAttacks Wi-Fi flaws that leak data, weaken security

The Register - Wed, 12/05/2021 - 01:58
Dozen design, implementation blunders date back 24 years

A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef.…

Categories: News

SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach

The Register - Tue, 11/05/2021 - 20:59
'This can happen to anybody. There's always learning in any crisis. And we were no exception'

CyberUK 21  SolarWinds’ chief exec has described the 18,000 customers who downloaded backdoored versions of its Orion software as a “very small” number while giving a speech to an infosec event.…

Categories: News

Microsoft emits more fixes for Exchange Server plus patches for remote-code exec holes in HTTP stack, Visual Studio

The Register - Tue, 11/05/2021 - 20:08
Plus: Grab your updates for Adobe, SAP, Android, Intel

Patch Tuesday  Microsoft's May Patch Tuesday brought a lighter-than-usual load of 55 fixes for 32 of the Windows giant's applications and services, which is about half what was served up in April.…

Categories: News

UK's Computer Misuse Act to be reviewed, says Home Secretary as she condemns ransomware payoffs

The Register - Tue, 11/05/2021 - 17:00
Priti Patel doesn't say a word about encryption, though

CyberUK 21  Priti Patel has promised a government review of the UK's 30-year-old Computer Misuse Act "this year" as well as condemning companies that buy off ransomware criminals.…

Categories: News

NHS App gets go-ahead for UK vaccine passport use despite protest from privacy groups

The Register - Tue, 11/05/2021 - 16:15
Big Brother Watch warns app contains too much sensitive medical information

The UK will next week begin using the NHS App to confer an individual's vaccination status, in the face of warnings that the technology could lead to identifiable medical information being exposed.…

Categories: News

App Tracking: Apps plead for users to press allow, but 85% of Apple iOS consumers are not opting in

The Register - Tue, 11/05/2021 - 14:45
The data is in: most users do not opt in to third-party tracking

Mobile app analytics company Flurry is measuring how many users of iOS 14.5 are opting in to allow apps to request to track them - and so far only 15 per cent worldwide have done so.…

Categories: News

Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine

The Register - Tue, 11/05/2021 - 10:15
Patch your devi... oh, hang on a sec

A computer science professor from Sweden has discovered an arbitrary code execution vuln in the Universal Turing Machine, one of the earliest computer designs in history – though he admits it has "no real-world implications".…

Categories: News

Train operator phlunks phishing test by teasing employees with non-existent COVID bonus

The Register - Tue, 11/05/2021 - 08:58
Someone at West Midlands Trains approved nasty cybersecurity drill

UK rail operator West Midlands Trains sent an email to 2,500 employees to thank them for hard work during COVID and promised a one-time bonus as a reward, but that lovely news turned out to be phishing training. Needless to say, it did not go over well.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News