Danger zone! Brit research supercomputer ARCHER hit with SSH-nixing cyber attack

The Register - Wed, 13/05/2020 - 16:45
Assault on TOP500-listed machine may have hit Euro HPC too, warn sysops

One of Britain's most powerful academic supercomputers has fallen victim to a "security exploitation" of its login nodes, forcing the rewriting of all user passwords and SSH keys.…

Categories: News

Sadly, 111 in this story isn't binary. It's decimal. It's the number of security fixes emitted by Microsoft this week

The Register - Wed, 13/05/2020 - 06:31
Nothing too scary. Plus updates from SAP, Adobe, VMware

The May edition of Patch Tuesday landed this week. And there are scores of security fixes to install.…

Categories: News

Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases

The Register - Tue, 12/05/2020 - 18:32
Take care what data you enter into apps, it may be stored insecurely

Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases.…

Categories: News

India releases data-use protocols for its contact-tracing app... after five weeks and 100 million downloads

The Register - Tue, 12/05/2020 - 05:10
Cart, meet horse, and you can both worry about 180-day data retention

India's government has released the protocol for using data gathered by its Aarogya Setu COVID-19 tracing app, weeks after its April 2nd release and after it was downloaded almost 100 million times.…

Categories: News

Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm 'hack'

The Register - Tue, 12/05/2020 - 02:43
Miscreants threaten to leak 756GB of allegedly stolen paperwork

Hackers are threatening to release 756GB of A-list celebs' contracts, recording deals, and other personal info allegedly stolen from a New York law firm.…

Categories: News

Incredible how you can steal data via Thunderbolt once you've taken the PC apart, attached a flash programmer, rewritten the firmware...

The Register - Tue, 12/05/2020 - 00:42
Full mitigation is buy a newer computer – or don't use suspend-to-RAM

It's possible to extract data from a computer via its Thunderbolt port – once you've got the case off, plugged in a flash programmer, and reprogrammed the controller's firmware to grant access.…

Categories: News

Mama mia! Nintendo in need of a plumber after leak sprays N64, GameCube, Wii code

The Register - Mon, 11/05/2020 - 12:43
Plus: Cognizant cogisant of whopping $70m in damage, malware creeps hit hospital firm, phishing campaigns, and much more

Roundup  It has been a full week in infosec news. Here are a few things you should know about, beyond what we've already covered.…

Categories: News

One malicious MMS is all it takes to pwn a Samsung smartphone: Bug squashed amid Android patch batch

The Register - Sat, 09/05/2020 - 00:42
Zero-click remote-code exec hole found by Googler, updates emitted

Samsung has patched a serious security hole in its smartphones that can be exploited by maliciously crafted text messages to hijack devices.…

Categories: News

DEF CON is canceled... No, for real. The in-person event is canceled. We're not joking. It's canceled. We mean it

The Register - Fri, 08/05/2020 - 21:18
Virus knocks hackers online: Show will try going virtual amid pandemic

Annual Las Vegas hacker gathering DEF CON has officially called off its physical conference for this year due to the coronavirus pandemic.…

Categories: News

If you miss the happier times of the 2000s, just look up today's SCADA gear which still have Stuxnet-style holes

The Register - Fri, 08/05/2020 - 11:56
Schneider Electric patches vulns after Trustwave raises alarm

Two Schneider Electric SCADA products had vulnerabilities similar to the ones exploited in the Iran-bothering Stuxnet worm, an infosec outfit has claimed.…

Categories: News

Bored at home? Cisco has just the thing: A shed-load of security fixes to install, from a Kerberos bypass to crashes

The Register - Fri, 08/05/2020 - 00:13
Switchzilla issues a whopping 30+ patches in time for the long UK weekend

Cisco has emitted a fresh round of software updates to address nearly three dozen security holes in its products.…

Categories: News

FYI: Your browser can pick up ultrasonic signals you can't hear, and that sounds like a privacy nightmare to some

The Register - Thu, 07/05/2020 - 22:24
High-frequency audio could be used to stealthily track netizens

Technical folks looking to improve web privacy haven't been able to decide whether sound beyond the range of human hearing poses enough of a privacy risk to merit restriction.…

Categories: News

More and more organizations are falling to ransomware – will you be next?

The Register - Thu, 07/05/2020 - 18:00
Tune in online this month to find out how to protect your business from data extortionists

Webcast  It's been "the year of ransomware" for about the past three years. And while you may be tired of hearing about the trend and just getting used to the reality, you may also like to remember: instances of attacks are climbing – quickly – and we’re now reaching a level where more than half of ransomware schemes result in a business paying out.…

Categories: News

Senior MP tells UK Defence Committee on 5G security: Russia could become China's cyber-attack dog

The Register - Thu, 07/05/2020 - 11:30
One has the vulns, the other has the brass neck to pull off heists. Right?

Russia might begin carrying out cyber attacks against Britain's 5G networks "at the behest of China", the chairman of a Parliamentary Select Committee has ventured.…

Categories: News

So you've set up MFA and solved the Elvish riddle, but some still think passwords alone are secure enough

The Register - Thu, 07/05/2020 - 01:31
OK, a third agreed with Thales when it asked the question

About a third of firms and organisations in Europe, the Middle East and Africa still believe the humble password is a good enough security measure, according to a survey carried out by French firm Thales.…

Categories: News

California’s privacy warriors are back – and this time they want to take their fight all the way to the ballot box

The Register - Wed, 06/05/2020 - 23:53
Politicos watered down earlier efforts, so data defenders will fight to the end

The small group of policy wonks that forced California’s legislature to rush through privacy legislation two years ago are back – and this time they want a ballot.…

Categories: News

Fake crypto-wallet extensions appear in Chrome Web Store once again, siphoning off victims' passwords

The Register - Wed, 06/05/2020 - 21:55
'Seriously sometimes seems Google's moderators are only optimized to respond to social media outrage'

Three weeks after Google removed 49 Chrome extensions from its browser's software store for stealing crypto-wallet credentials, 11 more password-swiping add-ons have been spotted – and some are still available to download.…

Categories: News

GitHub blasts code-scanning tool into all open-source projects

The Register - Wed, 06/05/2020 - 19:30
Rub-a-dub-dub, give your buggy code a scrub

GitHub has made its automated code-scanning tools available to all open-source projects free of charge.…

Categories: News

Help us understand the shifting sands of network security: What's working for you – and what's not?

The Register - Wed, 06/05/2020 - 19:00
Last chance to have your say and share your experiences

Reader survey  With the IT world turned upside-down for many organisations, it’s a good time to talk network security. Or at least, it ought to be. Because while it’s something we all need more than ever, there’s almost always a gap between demand and budget, or between need and the ability to service that need.…

Categories: News

Now we know what the P really stands for in PwC: X-rated ads plastered over derelict corner of accountants' website

The Register - Wed, 06/05/2020 - 07:03
Naughty posters on hijacked subdomain show up in search results

A forgotten subdomain on PricewaterhouseCoopers' dot-com has been hijacked to host ads for porno websites and apps, neatly demonstrating why you should not neglect your corporate DNS records.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News