Enjoyed the US Labor Day weekend? Because it's September 2020 and Exchange Server can be pwned via email

The Register - Tue, 08/09/2020 - 23:02
Don't be so smug, Mac users, you're open to an InDesign project file

A nightmare flaw for Exchange Server headlines this month's Patch Tuesday lineup from Microsoft and others.…

Categories: News

Newcastle University, neighbouring Northumbria hit by ransomware attacks

The Register - Tue, 08/09/2020 - 16:30
Doppelpaymer gang publishes Geordie institution's stolen files online

A cyber attack at Newcastle University has turned out to be a ransomware infection courtesy of the Doppelpaymer gang.…

Categories: News

China proposes ‘Global Initiative on Data Security’ forbidding stuff it and Huawei are accused of doing already

The Register - Tue, 08/09/2020 - 07:29
State-sponsored infrastructure hacking, backdoors-by-fiat and even lock-in all out of bounds in draft code

China has proposed a “Global Initiative on Data Security” that it hopes the world will adopt to govern the collection and use of data by governments and the private sector alike.…

Categories: News

US Appeal court rules Snowden right - US data grab was illegal, but you're still guilty and going down

The Register - Mon, 07/09/2020 - 07:01
And no good deed (for drug dealers) goes unpunished

In Brief  The US Court of Appeals for the Ninth Circuit ruled last week that the activities of American intelligence agencies unmasked by Edward Snowden were illegal.…

Categories: News

What price security? Well, for the US ban on Huawei/ZTE kit it's around $1.8bn, and you're going to pay most of it

The Register - Sat, 05/09/2020 - 00:10
Ripping and replacing Chinese-made gear won't be cheap

The US Federal Communications Commission (FCC) says that performing a full replacement of all Huawei and ZTE hardware on American wireless networks will cost $1.837bn in total.…

Categories: News

Old and busted: Targeting servers and web bugs. New hotness: Pwning devs with targeted poisoned stacks

The Register - Fri, 04/09/2020 - 12:15
'Most developers are highly intelligent, but also highly stupid'

Hard-working but naive developers are a little known but highly dangerous soft spot in an organisation that attackers can exploit.…

Categories: News

Facebook to blab bugs it finds if it thinks code owners aren’t fixing fast enough

The Register - Fri, 04/09/2020 - 07:41
And reveals half a dozen WhatsApp bugs into the bargain

Facebook has published its first Vulnerability Disclosure Policy and given itself grounds to blab the existence of bugs to the world if it thinks that’s the right thing to do.…

Categories: News

Surprise! Voting app maker roasted by computer boffins for poor security now begs US courts to limit flaw finding

The Register - Fri, 04/09/2020 - 02:13
We should be able to outlaw unauthorized inquiry, Voatz argues

Voatz, the maker of a blockchain-based mobile election voting app pilloried for poor security earlier this year, has urged the US Supreme Court not to change the 1986 Computer Fraud and Abuse Act (CFAA), a law that critics say inhibits security research because it's overly broad.…

Categories: News

When classes are online, how do you get out of school? Florida teen cuffed, charged after crashing cyber-lessons

The Register - Fri, 04/09/2020 - 01:06
Eight DDoS attacks targeted networks, virtual classrooms, say officials

A teenager in America has apparently admitted knocking virtual learning classes offline with a string of distributed denial-of-service (DDoS) attacks.…

Categories: News

Sigh. Another day, another reason for WordPress users to get patching: Hackers abuse bug in popular plugin

The Register - Fri, 04/09/2020 - 00:20
Sites with WP File Manager should update ASAP – exploits in the wild

A critical vulnerability in a popular WordPress plugin called WP File Manager was spotted on Tuesday and was quickly patched by the plugin's developers.…

Categories: News

US court deems NSA bulk phone-call snooping illegal, possibly unconstitutional, and probably pointless anyway

The Register - Thu, 03/09/2020 - 16:02
Snowden, privacy campaigners cheer ruling 7 years in the making

The United States Court of Appeals for the Ninth Circuit has ruled [PDF] that the National Security Agency's phone-call slurping was indeed naughty, seven years after former contractor Edward Snowden blew the whistle on the tawdry affair.…

Categories: News

Homeland Security demands a 911 for reporting security holes in federal networks: 'Vulns in internet systems cause real-world impacts'

The Register - Thu, 03/09/2020 - 01:58
Great – and who will be the first responders?

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday ordered US federal agencies outside the defense and intelligence communities to develop a working vulnerability disclosure policy.…

Categories: News

Things are getting back to normal: Chinese hackers revert to bugging Tibetans after brief Euro campaign

The Register - Wed, 02/09/2020 - 12:30
APT phishing crew had COVID-themed fling with the west during height of pandemic, claim researchers

Malware pathologists have noted a return to "business as usual" as groups associated with Chinese state interests turned their attentions back to Tibetan matters after a European dalliance earlier this year.…

Categories: News

Samsung supremo Lee Jae-yong indicted for fraud over role in 2015 merger deal that made him heir apparent

The Register - Tue, 01/09/2020 - 13:01
Transaction 'disturbed the order of the capital market', claim Seoul prosecutors

South Korea has indicted Samsung Group vice chairman Lee Jae-yong over his role in a 2015 merger that made him heir apparent to the multinational's empire.…

Categories: News

Someone's getting a free trip to the US – well, not quite free. Brit bloke extradited to face $2m+ cyber-scam charges

The Register - Tue, 01/09/2020 - 07:01
That's certainly one way to get around COVID-19 travel restrictions

A British citizen has been extradited to the US to face charges he oversaw a series of business email compromise attacks to steal over $2m from unwary accounts departments and individuals.…

Categories: News

Critical vuln that lets miscreants hijack people's computers via Slack *sucks in air* We'll give you $1,750 for it

The Register - Mon, 31/08/2020 - 22:28
Chat app chaps, Electron security, Microsoft Teams under fire

A critical remote-code-execution vulnerability affecting past versions of the Slack desktop app was disclosed on Friday after the software maker fixed its app.…

Categories: News

Microsoft reprieves SHA-1 deprecation in Edge 85 security baseline

The Register - Mon, 31/08/2020 - 12:01
Wait! What? Aaah ... legacy systems strike again, but won't get another bite

Microsoft has published a new security baseline for Microsoft Edge and one of the new rules is titled “Allow certificates signed using SHA-1 when issued by local trust anchors.”…

Categories: News

Before you head off for the weekend, you have patched your Pulse Secure VPNs, right? Wouldn't want you to be pwned via a phishing link

The Register - Sat, 29/08/2020 - 00:49
Perl clutching time again

Stop us if you've heard this one before: a remote-code execution vulnerability needs patching in Pulse Secure VPNs.…

Categories: News

Southern Water customers could view others' personal data by tweaking URL parameters

The Register - Fri, 28/08/2020 - 12:40
A quick lesson in how not to deploy Sharepoint as a 'my account' file retrieval system

Southern Water - British supplier of the liquid of life - botched its internal Sharepoint implementation so badly that a customer was able to view other people’s account details.…

Categories: News

BeagleBoyz: 2020's hottest country-rap band, or N. Korea hackers stealing millions. Only one way to find out...

The Register - Fri, 28/08/2020 - 02:36 the article, of course

North Korean government hackers dubbed the BeagleBoyz are trying to electronically rob banks, the United States warned this week.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News