Breaker, breaker. Apple's iOS 12.4 update breaks jailbreak break, un-breaks the break. 10-4

The Register - Tue, 20/08/2019 - 02:58
File under: 'Breaking' news

iPhone hackers have discovered Apple's most recent iOS update, 12.4, released in July, accidentally reopened a code-execution vulnerability that was previously patched – a vulnerability that can be abused to jail-break iThings.…

Categories: News

The Pwn Star State: Nearly two dozen Texas towns targeted by tiresome ransomware

The Register - Tue, 20/08/2019 - 01:02
Officials suspect a coordinated extortion campaign

Twenty-three towns in Texas have been targeted with ransomware in what appears to be a coordinated attack.…

Categories: News

Dear Planet Earth: Patch Webmin now – zero-day exploit emerges for potential hijack hole in server control panel

The Register - Mon, 19/08/2019 - 21:28
Flawed code traced to home build system, vulnerability can be attacked in certain configs

The maintainers of Webmin – an open-source application for system administration tasks on Unix-flavored systems – have released Webmin version 1.930 and the related Usermin version 1.780 to patch a vulnerability that can be exploited to achieve remote code execution in certain configurations.…

Categories: News

Teen TalkTalk hacker ordered to pay £400k after hijacking popular Instagram account

The Register - Mon, 19/08/2019 - 14:03
Sanitised browser history sparked another investigation

One of the crew who hacked TalkTalk has been ordered to hand over £400,000 after seizing control of a high-profile Instagram account following a hack on Aussie telco Telstra.…

Categories: News

KNOB turns up the heat on Bluetooth encryption, hotels leak guest info, city hands $1m to crook, and much, much more

The Register - Mon, 19/08/2019 - 11:08
Spec design flaw stiffs security of gizmos

Roundup  Let's run through all the bits and bytes of security news beyond what we've already covered. Also, don't forget our articles from this year's Black Hat, DEF CON, and BSides Las Vegas conferences in the American desert.…

Categories: News

iFrame clickjacking countermeasures appear in Chrome source code. And it only took *checks calendar* three years

The Register - Mon, 19/08/2019 - 10:04
After inaction, technical changes promise better fraud defense

Three years ago, Google software engineer Ali Juma proposed that Chrome should be modified to ignore recently moved iframe elements on web pages as a defense against clickjacking.…

Categories: News

Subcontractor's track record under spotlight as London Mayoral e-counting costs spiral

The Register - Mon, 19/08/2019 - 09:11
Bill approaching £9m compared to £4.1m for the system in 2016

Concerns have been raised over a key supplier of an e-counting system for the London Mayoral elections in 2020.…

Categories: News

Chrome add-on warns netizens when they use a leaked password. Sometimes, they even bother to change it

The Register - Fri, 16/08/2019 - 21:57
Alerted to exposed credentials, users do something about it roughly a quarter of the time

Between February and March this year, after Google released a Chrome extension called Password Checkup to check whether people's username and password combinations had been stolen and leaked from website databases, computer scientists at the biz and Stanford University gathered anonymous telemetry from 670,000 people who installed the add-on.…

Categories: News

NSA asks Congress to permanently reauthorize spying program that was so shambolic, the snoops had shut it down

The Register - Fri, 16/08/2019 - 21:09
You never know, we might figure out how not to screw up in future

Analysis  In the clearest possible sign that the US intelligence services live within their own political bubble, the director of national intelligence has asked Congress to reauthorize a spying program that the NSA itself decided to shut down after it repeatedly – and illegally – gathered the call records of millions of innocent Americans.…

Categories: News

Top tip: Don't upload your confidential biz files to free malware-scanning websites – everything is public

The Register - Fri, 16/08/2019 - 19:45
Sandbox services are bursting with sensitive info from unwitting companies

Companies are inadvertently leaving confidential files on the internet for anyone to download – after uploading the documents to malware-scanning websites that make everything public.…

Categories: News

And you thought the cops were bad... Civil rights group warns of facial recog 'epidemic' across UK private sites

The Register - Fri, 16/08/2019 - 16:30
Shopping centres, museums and conference centres among all found to be using tech

Facial recognition is being extensively deployed on privately owned sites across the UK, according to an investigation by civil liberties group Big Brother Watch.…

Categories: News

Police costs for Gatwick drone fiasco double to nearly £900k – and still no one's been charged

The Register - Fri, 16/08/2019 - 09:03
Omnishambles just keeps on rolling and you're paying for it

Sussex Police's probe of the infamous London Gatwick airport drone fiasco of Christmas 2018 has doubled in cost to nearly £900,000 – and the bungling force still hasn't arrested the person or persons responsible.…

Categories: News

Security? We've heard of it! But why be a party pooper when there's printing to be done

The Register - Fri, 16/08/2019 - 08:04
The boss that went rogue and cocked a snook at the corporate policy he wrote

On Call  With the gateway to the weekend upon us, it is time to crack open the On Call files once again to enjoy a tale from one of those brave engineers at the front line of the tech world.…

Categories: News

Bomb-hoaxing DoSer who targeted police in revenge was caught after Twitter taunts

The Register - Thu, 15/08/2019 - 13:23
Mostly the public adversely affected

A young man who DoSed two British police forces' websites has been sentenced to 16 months in a young offenders' institution.…

Categories: News

How dodgy browser plugins, web scripts can silently rewrite that URL you were about to hit – and throw you into an internet wormhole

The Register - Thu, 15/08/2019 - 08:08
Clickjacking code found on sites with 43 million daily visits total

Analysis  Clickjacking, which came to the attention of security types more than a decade ago, continues to thrive, despite defenses deployed since then by browser makers.…

Categories: News

World recoils in horror as smartphone maker accused of helping government snoops read encrypted texts, track device whereabouts

The Register - Thu, 15/08/2019 - 07:29
Thinking US again? You'd be wrong

Comment  In a report that has left lawmakers across the globe reeling, the Wall Street Journal on Wednesday claimed a smartphone maker helped government officials in Uganda access encrypted texts on a handset used by one of its own citizens, and track the device's whereabouts.…

Categories: News

Intel: Listen up, you NUC-leheads! Mini PCs and compute sticks just got a major security fix

The Register - Wed, 14/08/2019 - 22:59
Chipzilla patches firmware, drivers, SDKs

Hot on the heels of Patch Tuesday fixes from Microsoft, Apple, Adobe, and SAP, Intel has dropped its monthly security bundle to address a series of seven CVE-listed vulnerabilities in its firmware and software.…

Categories: News

Chin up, CapitalOne: You may not have been the suspected hacker's only victim. Feds fear 30-plus organizations hit

The Register - Wed, 14/08/2019 - 22:06
Prosecutors file papers to keep Paige Thompson behind bars while awaiting trial

The ex-Amazon software engineer accused of stealing the personal information of 106 million people from Capital One's cloud-hosted databases may have hacked dozens of other organizations.…

Categories: News

Not very Suprema: Biometric access biz bares 27 million records and plaintext admin creds

The Register - Wed, 14/08/2019 - 13:34
Biostar 2 goes supernova after Israeli duo's probings

Two infosec researchers found 27 million personal data records, including a million people's fingerprints, exposed to the public along with plaintext admin credentials for the Suprema Biostar 2 system they were associated with.…

Categories: News

HTTP/2, Brute! Then fall, server. Admin! Ops! The server is dead

The Register - Wed, 14/08/2019 - 10:02
Beware the denials of service: Netflix warns of eight networking bugs

On Tuesday, Netflix, working in conjunction with Google and CERT/CC, published a security advisory covering a series of vulnerabilities that enable denial of service attacks against servers running HTTP/2 services.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News