Transport biz Toll Group suffers second ransomware infection in just three months

The Register - Wed, 06/05/2020 - 04:20
Which is just dandy seeing as deliveries are just a wee bit important right now

Transport company Toll Group has been slugged by ransomware for the second time in three months.…

Categories: News

India acknowledges, but brushes aside, features-not-bugs in Aarogya Setyu virus contact-tracing app

The Register - Wed, 06/05/2020 - 03:34
Late-night notifications come as opposition labels app ‘surveillance system with no oversight’

The Indian government has acknowledged “potential security issues” in the Aarogya Setyu contact-tracing app which its opposition labels as a ‘surveillance system with no oversight,’ but says the code issues are not that big a deal.…

Categories: News

Surprise surprise! Hostile states are hacking coronavirus vaccine research, warn UK and USA intelligence

The Register - Tue, 05/05/2020 - 20:01
Just ask us if you need help, urge NCSC and CISA

Foreign state hackers are trying to brute-force their way into pharmaceutical and medical research agencies hunting for a COVID-19 vaccine, British and American infosec agencies are warning.…

Categories: News

GoDaddy hack: Miscreant goes AWOL with 28,000 users' SSH login creds after vandalizing server-side file

The Register - Tue, 05/05/2020 - 17:15
Now might be a good time to change your passwords, folks

Hosting biz GoDaddy has admitted a hacker tampered with an SSH file on its servers, leading to the theft of 28,000 users' SSH credentials.…

Categories: News

We beg, implore and beseech thee. Stop reusing the same damn password everywhere

The Register - Tue, 05/05/2020 - 13:40
Survey finds 66% of lazy gits don't change between sites

Two-thirds of people recycle the same password or use variations on the same basic one, according to LogMeIn.…

Categories: News

It has been 20 years since cybercrims woke up to social engineering with an intriguing little email titled 'ILOVEYOU'

The Register - Tue, 05/05/2020 - 11:53
Hahaha, we were pretty gullible

Twenty years have passed since cybercrooks demonstrated the role exploiting human psychology could play in spreading malware. Remember "ILOVEYOU"?…

Categories: News

More Salt in their wounds: DigiCert hit as hackers wriggle through (patched) holes in buggy config tool

The Register - Tue, 05/05/2020 - 09:15
Miscreants too busy mining for crypto to notice the gold lying around them?

DigiCert, slinger of SSL/TLS certificates, has warned that it too has suffered at the hands of Salty miscreants as a key used for Signed Certificate Timestamps (SCT) was potentially compromised.…

Categories: News

UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal

The Register - Tue, 05/05/2020 - 08:28
Herd immunity all over again

Comment  Britain is sleepwalking into another coronavirus disaster by failing to listen to global consensus and expert analysis with the release of the NHS COVID-19 contact-tracking app.…

Categories: News

Apple-Google COVID-19 virus contact-tracing API to bar location-tracking access

The Register - Tue, 05/05/2020 - 05:10
Renamed 'ExposureNotification' will only only one app per nation

Apple and Google will ban location-tracking by apps using their new coronavirus contract-tracing API, newly renamed ExposureNotification.…

Categories: News

OK, so you've air-gapped that PC. Cut the speakers. Covered the LEDs. Disconnected the monitor. Now, about the data-leaking power supply unit...

The Register - Mon, 04/05/2020 - 22:18
I have no mouth, and I must scream

Video  Israeli cyber-security side-channel expert Mordechai Guri has devised a way to pilfer data from devices that have been air-gapped and silenced.…

Categories: News

Sweet TCAS! We can make airliners go up-diddly-up whenever we want, say infosec researchers

The Register - Mon, 04/05/2020 - 20:15
Pen Test Partners probes auto collision avoidance system

Not only can malicious people make airliners climb and dive without pilot input – they can also control where and when they do so, research from Pen Test Partners (PTP) has found.…

Categories: News

UK COVID-19 contact tracing app data may be kept for 'research' after crisis ends, MPs told

The Register - Mon, 04/05/2020 - 17:16
Want to opt out of that part? No chance, says NHSX chief

Britons will not be able to ask NHS admins to delete their COVID-19 tracking data from government servers, digital arm NHSX's chief exec Matthew Gould admitted to MPs this afternoon.…

Categories: News

AsSalt-ed at the weekend: Miscreants roast Ghost and LineageOS totters as Salt bug bites

The Register - Mon, 04/05/2020 - 13:02
Ah oh, SaltStack's frightnin' (with apologies to Howlin' Wolf)

If your kit is affected, don't wait: unpatched vulnerabilities in Salt claimed two high profile victims over the weekend in the form of popular Google-free Android-based LineageOS and online publisher Ghost.…

Categories: News

Xiaomi emits phone browser updates after almighty row over web activity it harvested even in incognito mode

The Register - Mon, 04/05/2020 - 11:30
Plus: Other infosec news from around the internet

Roundup  Congratulations, everyone. We made it through April. Here's a handy mop-up of bits and bytes of security news beyond what we covered in The Reg.…

Categories: News

India makes contact-tracing app compulsory in viral hot zones despite most local phones not being smart

The Register - Mon, 04/05/2020 - 08:31
Tech minister says app is 'foolproof'! We imagine Black Hats probably don't agree. And some may have time on their hands at present

India has made use of a COVID-19 contact-tracing app compulsory in some parts of the nation.…

Categories: News

Singapore to require smartphone check-ins at all businesses and will log visitors' national identity numbers

The Register - Mon, 04/05/2020 - 03:51
Even parks and train stations encouraged to pop up tracking QR codes

Singapore will from May 12th require all businesses to adopt a system that logs visitors to their premises using their smartphones, in the name of tracking COVID-19 cases.…

Categories: News

Spyware slinger NSO to Facebook: Pretty funny you're suing us in California when we have no US presence and use no American IT services...

The Register - Fri, 01/05/2020 - 21:55
Malware maker urges judge to dump lawsuit over WhatsApp phone snooping

Israeli spyware maker NSO Group has rubbished Facebook's claim it can be sued in California because it allegedly uses American IT services and has a business presence in the US.…

Categories: News

Android trojan EventBot abuses accessibility services to clear out bank accounts – fortunately, it's 'in preview'

The Register - Fri, 01/05/2020 - 10:00
Researchers analysing samples submitted to VirusTotal find new strain

Researchers have analysed a new strain of Android malware that does not yet exist in the wild.…

Categories: News

What's worse than an annoying internet filter? How about one with a pre-auth remote-command execution hole and there's no patch?

The Register - Fri, 01/05/2020 - 06:03
Bug can be exploited to hijack server, meddle with block lists

Netsweeper's internet filter has a nasty security vulnerability that can be exploited to hijack the host server and tamper with lists of blocked websites. There are no known fixes right now.…

Categories: News

Quibi, JetBlue, Wish, others accused of leaking millions of email addresses to ad orgs via HTTP referer headers

The Register - Thu, 30/04/2020 - 23:48
From URL to UR-Hell

Short-video biz Quibi, airline JetBlue, shopping site Wish, and several other companies leaked million of people's email addresses to ad-tracking and analytics firms through HTTP request headers, it is claimed.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News