News

Which is just dandy seeing as deliveries are just a wee bit important right now

Transport company Toll Group has been slugged by ransomware for the second time in three months.…

Late-night notifications come as opposition labels app ‘surveillance system with no oversight’

The Indian government has acknowledged “potential security issues” in the Aarogya Setyu contact-tracing app which its opposition labels as a ‘surveillance system with no oversight,’ but says the code issues are not that big a deal.…

Just ask us if you need help, urge NCSC and CISA

Foreign state hackers are trying to brute-force their way into pharmaceutical and medical research agencies hunting for a COVID-19 vaccine, British and American infosec agencies are warning.…

Now might be a good time to change your passwords, folks

Hosting biz GoDaddy has admitted a hacker tampered with an SSH file on its servers, leading to the theft of 28,000 users' SSH credentials.…

Survey finds 66% of lazy gits don't change between sites

Two-thirds of people recycle the same password or use variations on the same basic one, according to LogMeIn.…

Hahaha, we were pretty gullible

Twenty years have passed since cybercrooks demonstrated the role exploiting human psychology could play in spreading malware. Remember "ILOVEYOU"?…

Miscreants too busy mining for crypto to notice the gold lying around them?

DigiCert, slinger of SSL/TLS certificates, has warned that it too has suffered at the hands of Salty miscreants as a key used for Signed Certificate Timestamps (SCT) was potentially compromised.…

Herd immunity all over again

Comment  Britain is sleepwalking into another coronavirus disaster by failing to listen to global consensus and expert analysis with the release of the NHS COVID-19 contact-tracking app.…

Renamed 'ExposureNotification' will only only one app per nation

Apple and Google will ban location-tracking by apps using their new coronavirus contract-tracing API, newly renamed ExposureNotification.…

I have no mouth, and I must scream

Video  Israeli cyber-security side-channel expert Mordechai Guri has devised a way to pilfer data from devices that have been air-gapped and silenced.…

Pen Test Partners probes auto collision avoidance system

Not only can malicious people make airliners climb and dive without pilot input – they can also control where and when they do so, research from Pen Test Partners (PTP) has found.…

Want to opt out of that part? No chance, says NHSX chief

Britons will not be able to ask NHS admins to delete their COVID-19 tracking data from government servers, digital arm NHSX's chief exec Matthew Gould admitted to MPs this afternoon.…

Ah oh, SaltStack's frightnin' (with apologies to Howlin' Wolf)

If your kit is affected, don't wait: unpatched vulnerabilities in Salt claimed two high profile victims over the weekend in the form of popular Google-free Android-based LineageOS and online publisher Ghost.…

Plus: Other infosec news from around the internet

Roundup  Congratulations, everyone. We made it through April. Here's a handy mop-up of bits and bytes of security news beyond what we covered in The Reg.…

Tech minister says app is 'foolproof'! We imagine Black Hats probably don't agree. And some may have time on their hands at present

India has made use of a COVID-19 contact-tracing app compulsory in some parts of the nation.…

Even parks and train stations encouraged to pop up tracking QR codes

Singapore will from May 12th require all businesses to adopt a system that logs visitors to their premises using their smartphones, in the name of tracking COVID-19 cases.…

Malware maker urges judge to dump lawsuit over WhatsApp phone snooping

Israeli spyware maker NSO Group has rubbished Facebook's claim it can be sued in California because it allegedly uses American IT services and has a business presence in the US.…

Researchers analysing samples submitted to VirusTotal find new strain

Researchers have analysed a new strain of Android malware that does not yet exist in the wild.…

Bug can be exploited to hijack server, meddle with block lists

Netsweeper's internet filter has a nasty security vulnerability that can be exploited to hijack the host server and tamper with lists of blocked websites. There are no known fixes right now.…

From URL to UR-Hell

Short-video biz Quibi, airline JetBlue, shopping site Wish, and several other companies leaked million of people's email addresses to ad-tracking and analytics firms through HTTP request headers, it is claimed.…