Twilio's private GitHub repositories cloned by Codecov attacker, cloud comms platform confirms

The Register - Wed, 05/05/2021 - 13:27
Used the GitHub Codecov Action? Credentials may have been pilfered

Cloud comms platform Twilio has confirmed its private GitHub repositories were cloned after it became the latest casualty of the compromised credential-stealing Codecov script.…

Categories: News

What not to expect when you're expecting: Fertility apps may be selling intimate health secrets

The Register - Wed, 05/05/2021 - 08:32
Majority aren't GDPR compliant and Google Play categorises them badly, leading to lax practices

Hundreds of millions of women turn to fertility apps to conceive or prevent pregnancy, and according to a new study those apps may leak very personal information including miscarriages, abortions, sexual history, potential infertility and pregnancy.…

Categories: News

'Millions' of Dell PCs will grant malware, rogue users admin-level access if asked nicely

The Register - Tue, 04/05/2021 - 20:56
Five vulnerabilities lay undetected for almost a dozen years in Windows driver code

Dell desktops, laptops, and tablets built since 2009 and running Windows can be exploited to grant rogue users and malware system-administrator-level access to the computers. We're told this amounts of hundreds of millions of machines that can be completely hijacked.…

Categories: News

Red Hat open-sources StackRox Kubernetes security product

The Register - Tue, 04/05/2021 - 19:24
More goodies for OpenShift, plus Konveyor to Kubernetes in association with IBM

Kubecon Europe  As Kubecon Europe gets under way, Red Hat has pushed out StackRox, the Kubernetes security product it acquired earlier this year, as an open-source project which will be the upstream for its Advanced Cluster Security for OpenShift.…

Categories: News

Apple patches iOS, macOS, iPadOS, watchOS, kitchen-sinkOS bugs said to be exploited in the wild

The Register - Tue, 04/05/2021 - 02:35
Plus: Micro-op CPU caches abused to leak data, and more

In Brief  Apple on Monday patched security flaws in its software said to have been exploited in the wild by miscreants to hijack gear.…

Categories: News

Bill to protect UK against harmful foreign investment becomes law

The Register - Fri, 30/04/2021 - 17:52
Act gives government powers to scrutinise, alter, and block transactions where there is a risk to national security

In a move akin to calling the fire brigade after your house has burned down, the UK government today announced the passage of a bill that would afford it powers to intervene in potentially hostile direct investment.…

Categories: News

Happy Friday? Darktrace gets 40 per cent boost on London IPO debut

The Register - Fri, 30/04/2021 - 16:10
AI infosec start-up avoids same opening day peril as Deliveroo

British AI-powered security startup Darktrace has enjoyed a bumper IPO Friday as its shares climbed 40 per cent on its London Stock Exchange debut.…

Categories: News

Australia proposes teaching cyber-security to five-year-old kids

The Register - Fri, 30/04/2021 - 03:33
By eight they should be telling you not to upload geo-tagged photos of them in school uniform

Australia has decided that six-year-old children need education on cyber-security, even as it removes other material from the national curriculum.…

Categories: News

Stealthy Linux backdoor malware spotted after three years of minding your business

The Register - Fri, 30/04/2021 - 00:40
'RotaJakiro' now on infosec world's radar, its impact has yet to be determined

Chinese security outfit Qihoo 360 Netlab on Wednesday said it has identified Linux backdoor malware that has remained undetected for a number of years.…

Categories: News

BadAlloc: Microsoft looked at memory allocation code in tons of devices and found this one common security flaw

The Register - Thu, 29/04/2021 - 23:03
Integer overflows leave IoT, OT, medical gear vulnerable to heap-seeking missiles

Microsoft has taken a look at memory management code used in a wide range of equipment, from industrial control systems to healthcare gear, and found it can be potentially exploited to hijack devices.…

Categories: News

Vivaldi update unleashes the 'Cookie Crumbler' to simply block any services asking for consent (sites may break)

The Register - Thu, 29/04/2021 - 13:26
Plus: Browser sends Google's FLoC straight to the blacklist

The latest release of Chromium-based browser Vivaldi has extended ad blocking to handle cookie warning dialogs and sent a shot across the bows of Google's ad technology, FLoC.…

Categories: News

Billions in data protection lawsuits rides on Google's last-ditch UK Supreme Court defence for Safari Workaround sueball

The Register - Thu, 29/04/2021 - 12:30
Biggest data protection case for years teeters on brink

Google has urged the UK's Supreme Court to throw out a £3bn lawsuit brought by an ex-Which director over secretly planted tracking cookies on devices running Safari, on the grounds that local law doesn’t allow for opt-out class action lawsuits.…

Categories: News

48 ways you can avoid file-scrambling, data-stealing miscreants – or so says the Ransomware Task Force

The Register - Thu, 29/04/2021 - 11:00
No, not the US government's task force ... the other one

The Institute for Security and Technology's Ransomware Task Force (RTF) on Thursday published an 81-page report presenting policy makers with 48 recommendations to disrupt the ransomware business and mitigate the effect of such attacks.…

Categories: News

When you’re building a cybersecurity pro, you need to get the foundations right

The Register - Thu, 29/04/2021 - 09:00
New starter or mid-career switcher? Here’s where to start

Promo  Cyber attackers are a diverse lot. They can strike from anywhere in the world, and may be motivated by greed, politics, status, or pure malevolence. And their techniques range from the dazzlingly sophisticated to the frankly crude, technically speaking.…

Categories: News

Digital Ocean springs a leak: Miscreant exploits hole to peep on unlucky customers' billing details for two weeks

The Register - Thu, 29/04/2021 - 06:05
First that IPO and now this

Digital Ocean on Wednesday said someone was able to snoop on some of its cloud subscribers' billing information via a now-patched vulnerability.…

Categories: News

Ransomware crooks who broke into Merseyrail used director's email address to brag about it – report

The Register - Wed, 28/04/2021 - 17:45
Hasn't stopped the trains, though

Brit railway company Merseyrail is understood to have suffered a ransomware attack – and the crooks responsible reportedly pwned a director's Office 365 account to email employees and journalists about it.…

Categories: News

Brit MPs and campaigners come together to oppose COVID status certificates as 'divisive and discriminatory'

The Register - Wed, 28/04/2021 - 15:32
Transport minister confirms use of the NHS app for just that when citizens travel abroad

With Minister for the Cabinet Office Michael Gove expected to announce app-based "COVID status certificates", the UK's post-lockdown plan looks set to come under fierce attack.…

Categories: News

Here's what Russia's SVR spy agency does when it breaks into your network, says US CISA infosec agency

The Register - Tue, 27/04/2021 - 18:03
Email provider called out for harbouring snooping personas

Following attribution of the SolarWinds supply chain attack to Russia's APT29, the US CISA infosec agency has published a list of the spies' known tactics – including a penchant for using a naughtily named email provider.…

Categories: News

Washington DC police force confirms data breach after ransomware upstart Babuk posts trophies to Tor blog

The Register - Tue, 27/04/2021 - 13:25
Newish criminal gang 'trying to make a name for themselves'

Ransomware criminals have posted trophy pictures on their Tor blog after attacking the police force for US capital Washington DC.…

Categories: News

Patched Exchange to head off Hafnium? You might only be halfway to safety

The Register - Tue, 27/04/2021 - 08:00
Office 365 shop? You may be exposed too. Here’s why – according to Sophos

Promo  If you’re running Microsoft Exchange anywhere in your organisation and you’re not extremely concerned about the threat from Hafnium, you haven’t been paying attention this year.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News