Tencent research team scores free powerups for electric cars with Raspberry Pi-powered X-in-the-middle attack

The Register - Tue, 11/05/2021 - 05:04
Another auto-exploit saw rPi push Telegram messages over CAN bus to brick a car

Black Hat Asia  Researchers have used the Black Hat Asia conference to demonstrate the awesome power of the Raspberry Pi as a car-p0wning platform.…

Categories: News

Indian government says 5G doesn’t cause COVID-19. Also points out India has no 5G networks

The Register - Tue, 11/05/2021 - 03:58
But won’t reveal who it wants banned from social media over less obvious disinformation

As COVID-19 continues to ravage India, the nation’s government has told it populace that 5G signals have nothing to do with the spread of the virus – if only because no 5G networks operate in India.…

Categories: News

Trend Micro hosted email service is down, inboxes still stuck in cloudy limbo

The Register - Tue, 11/05/2021 - 02:13
Blames spam filters for brownout, warns fix could be 'disruptive'

Trend Micro’s hosted email security product is experiencing a global brownout.…

Categories: News

Kubecon 2021: A largely dry and corporate affair where the best bits involved a spot of Kubernetes-hacking roleplay

The Register - Mon, 10/05/2021 - 20:12
But we heard the message loud and clear – it's pretty much the standard runtime platform now

Kubecon  A session on how to hack into a Kubernetes cluster was among the highlights of a Kubecon where the main events were generally bland and corporate affairs, perhaps indicative of the technology now being a de facto infrastructure standard among enterprises.…

Categories: News

Uncle Sam wants 'ethical hackers' to crack its planetary defenses, but don't expect a pay-day from this bug bounty

The Register - Mon, 10/05/2021 - 12:32
Plus: Student cripples EU bio lab and IRS goes after cryptocurrency

In brief  The United States' Department of Defense has opened up all of its publicly facing systems and apps to investigation under a bug bounty program.…

Categories: News

Namecheap hosted 25%+ of fake UK govt phishing sites last year – NCSC report

The Register - Mon, 10/05/2021 - 09:30
Also we fixed SS7 use by British telcos. How? Why? Not saying

Domains'n'hosting outfit Namecheap harboured more than a quarter of all known phishing sites that falsely posed as UK government web presences during 2020, according to the National Cyber Security Centre today.…

Categories: News

Ransomware shuts US oil pipeline that pumps 100 million gallons a day

The Register - Mon, 10/05/2021 - 01:15
Colonial Pipeline says damage contained, some smaller lines already back, but has no timetable for resumption

One of the USA’s largest oil pipelines has been shut by ransomware .…

Categories: News

Russian cyber-spies changed tactics after the UK and US outed their techniques – so here's a list of those changes

The Register - Fri, 07/05/2021 - 19:49
Plus: NCSC warns of how hostile powers may exploit smart city infrastructure

Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets' networks as a legitimate pentesting exercise.…

Categories: News

Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away

The Register - Fri, 07/05/2021 - 16:20
Software giant vows data processing of EU cloud services to stay in EU, which means that currently...

Microsoft has announced plans to ensure data processing of EU cloud services within the borders of the political bloc in a move that expert observers claim reveals problems with the firm's existing setup.…

Categories: News

Cisco HyperFlex web interface has critical flaw that lets attackers get <code>root</code> and execute arbitrary commands

The Register - Fri, 07/05/2021 - 06:52
You know the drill: shake your head in disbelief, then figure out if patching will wipe out a weekend or be merely inconvenient

Cisco has revealed a pair of critical bugs in its HyperFlex hyperconverged infrastructure product.…

Categories: News

Kids in Hong Kong and other highly surveilled states worry infosec careers are just asking for trouble

The Register - Fri, 07/05/2021 - 06:11
Asia is already short millions of trainees; expert warns talent pipeline will dry up in response to government snooping

Black Hat Asia  Asian nations in which governments are keen on citizen surveillance struggle to develop ethical hackers, as prospective workers fear their activities may be misunderstood, according to security specialist Mika Devonshire.…

Categories: News

Google Play to require privacy labels on apps in 2022, almost two years after Apple

The Register - Fri, 07/05/2021 - 03:57
Developers want to do this, says Google. Ummm ... guys, you do remember the thousands of malware nightmares you’ve hosted and sold?

Google has decided the time has come to require app developers to disclose the data their wares collect, and their security practices, in their Play Store listings.…

Categories: News

Google will make you use two-step verification to login

The Register - Fri, 07/05/2021 - 01:52
World Password Day returns to remind us how much passwords suck

Google has marked World Password Day by declaring "passwords are the single biggest threat to your online security," and announcing plans to automatically add multi-step authentication to its users' accounts.…

Categories: News

Vulnerability in Snapdragon 855 SoCs could pwn Android modems, allow baddies to snoop on conversations

The Register - Thu, 06/05/2021 - 17:11
Good thing researchers spotted it, but no evidence of exploit in the wild

A heap overflow vulnerability in Qualcomm Snapdragon 855 modem system-on-chips used in Android devices could let malicious people run arbitrary code on unsuspecting users' devices, according to Check Point.…

Categories: News

Crane horror <i>Reg</i> reader uses his severed finger to unlock Samsung Galaxy phone

The Register - Thu, 06/05/2021 - 10:15
On the other hand he was fine

Graphic images  Everyone knows the trope. The baddies smash their way in and gun down the guard standing in front of the vault. "Dammit," says the lead bad guy, "it's a biometric scanner, we'll never get in!" His most grizzled henchman turns round, holding up the dead guard's lifeless arm. "Oh yes we will…"…

Categories: News

Chrome on Windows turns on Intel, AMD chip-level defenses against malicious websites

The Register - Thu, 06/05/2021 - 08:23
Terms and conditions apply

Version 90 of Google's Chrome browser includes a bit of extra security for users of recent versions of Windows and the latest x86 processors, in the form of hardware-enforced stack protection.…

Categories: News

JET engine flaws can crash Microsoft's IIS, SQL Server, say Palo Alto researchers

The Register - Thu, 06/05/2021 - 05:59
Trio claim database queries can lead to remote code execution

Black Hat Asia  A trio of researchers at Palo Alto Networks has detailed vulnerabilities in the JET database engine, and demonstrated how those flaws can be exploited to ultimately execute malicious code on systems running Microsoft’s SQL Server and Internet Information Services web server.…

Categories: News

21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk

The Register - Wed, 05/05/2021 - 18:20
Nearly 4 million to be exact, say researchers

Researchers at security biz Qualys discovered 21 vulnerabilities in Exim, a popular mail server, which can be chained to obtain "a full remote unauthenticated code execution and gain root privileges on the Exim Server."…

Categories: News

East London council blurts thousands of residents' email addresses in To field blunder

The Register - Wed, 05/05/2021 - 15:01
'Was a Mailchimp sub too hard?!' asks Reg reader

A local authority in East London has committed a classic privacy blunder by emailing what appear to be thousands of residents – while forgetting to use the BCC field and exposing all of the email addresseses to each recipient.…

Categories: News

Twilio's private GitHub repositories cloned by Codecov attacker, cloud comms platform confirms

The Register - Wed, 05/05/2021 - 13:27
Used the GitHub Codecov Action? Credentials may have been pilfered

Cloud comms platform Twilio has confirmed its private GitHub repositories were cloned after it became the latest casualty of the compromised credential-stealing Codecov script.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News