News

Moscow's 'sovereign internet' effort means new rules for the bad guys too

Black Hat  The introduction of Russia's Sovereign Internet rules is having an impact on the way criminal hackers around the world do business.…

Public sector bods blame users recycling logins

Exclusive  Transport for London's online Oyster travel smartcard system has been accessed by miscreants using customer credentials, The Reg can reveal, as the transport authority keeps the website offline for a second day.…

Fears of cyber-hijackings? That's plane crazy, says Dreamliner maker

Black Hat  A Black Hat presentation on how to potentially hijack a 787 – by exploiting bugs found in internal code left lying around on a public-facing server – was last night slammed as "irresponsible and misleading" by Boeing.…

Now that's what we call a joint task force: Uncle Sam chills out, relaxes recruitment rules on drugs

Black Hat  America's crime-fighters, desperate to recruit white-hat hackers to collar spies and cyber-crooks, have been quietly and slightly relaxing the ban on hiring anyone who has used illegal drugs.…

Exploit an 3l33t zero-day and reverse-shell that backend DB proxy server... or simply pay this farmer off

Black Hat  Black Hat founder Jeff Moss opened this year's shindig in Las Vegas with tales of quite how odd the hacking culture in China is.…

Maybe, maybe not. These hack-in-a-box widgets are something to think about at least, says Big Blue

Black Hat  IBM's X-Force hacking team have come up with an interesting variation on wardriving – you know, when you cruise a neighborhood scouting for Wi-Fi networks. Well, why not try using the postal service instead, and called it "warshipping," Big Blue's eggheads suggested earlier today.…

Including: Microsoft spins up Azure security lab, offers more bug bounty cash

Roundup  Before letting the IT staff clock out early this week, make sure they read up on the following security notices out this week.…

SWAPGS can be abused to siphon sensitive secrets from kernel memory, patches already available

Spectre – a family of data-leaking side-channel vulnerabilities arising from speculative execution that was disclosed last year and affects various vendors' chips – has a new sibling that bypasses previous mitigations.…

Trojan devs give up after seeing hard work ripped off, copied between crooks

BSides LV  Life’s tough as a malware developer. If the cops or Feds don't collar you, your fellow scumbags will screw you over – or perhaps both will happen.…

Pakistani bloke extradited to US, accused of masterminding telco hack caper

AT&T staff were bribed $1m to slip the codes to unlock two million smartphones to a gang operating out of Pakistan, US prosecutors have claimed.…

11m other leaked users' p-words hashed with SHA-1

Passwords were among the 23 million customer records siphoned from CafePress by hackers – and the site was using the less secure SHA-1 hashing algorithm to store half of its users' credentials.…

Wget's? I've had a few.... but then again, it's better to cryptographically check the contents of that executable

Brandon Philips, a member of the technical staff at Red Hat, has created a software tool called rget for Linux, macOS, and Windows, to make it easier to determine whether downloaded files can be trusted.…

Grab security patches now from chip designer, Google

Black Hat  It is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices.…

Why bother go for databases when insecure log files appears to be where all the data is at

Trendy online-only Brit bank Monzo is telling hundreds of thousands of its customers to pick a new PIN – after it discovered it was storing their codes as plain-text in log files.…

Of all the places to allegedly try this, the J Edgar Hoover HQ ain't one. In fact, no, no building is good. None of them

An FBI contractor has pleaded not guilty to charges that he installed a camera under a coworker's desk to satisfy his "voyeur" fetish.…

Three key words: File, write, benchmark

A week ago, Google released Chrome 76, which included a change intended to prevent websites from detecting when browser users have activated Incognito mode.…

The noob's guide to Hacker Summer Camp in Las Vegas

Black Hat  It's that time of year again and the world's white, grey and the occasional black-hat hackers descends into the fetid hell that is Las Vegas in August for a week of conferences, community conflabs and catching up with old friends.…

UK.gov offers £990k for pilotless pilot

The UK's Maritime and Coastguard Agency (MCA) is coughing up just shy of a million quid to see how drones could help with sea rescue and surveillance operations.…

Data loss is lawyers' gain

Code repository GitHub and credit card flinger Capital One are facing down a potential class action suit in the US accusing them of negligence over the loss of 106 million individuals' personal data.…

Three-quarters of email addys already in breach database

Twee T-shirts 'n' merch purveyor CafePress had 23 million user records swiped – reportedly back in February – and this morning triggered a mass password reset, calling it a change in internal policy.…