Is it still possible to run malware in a browser using JavaScript and Rowhammer? Yes, yes it is (slowly)

The Register - Thu, 15/04/2021 - 01:18
Firefox 'fully compromised' in 15 minutes via SMASH attack

Boffins from Vrije Universiteit in Amsterdam and ETH in Zurich have bypassed memory chip defenses to execute a successful browser-based Rowhammer side-channel attack dubbed SMASH.…

Categories: News

Nigerian email scammer sent down for 40 months in the US, ordered to pay back $2.7m to victims

The Register - Wed, 14/04/2021 - 23:32
Among the victims: the United Nations

A Nigerian email scammer based in New York was on Tuesday sentenced to 40 months in prison, and ordered to pay back $2.7m in stolen money.…

Categories: News

Report: Aussie biz Azimuth cracked San Bernardino shooter’s iPhone, ending Apple-FBI privacy standoff

The Register - Wed, 14/04/2021 - 22:37
Mozilla-authored code in iOS exploited, since patched, it is claimed

Australian security firm Azimuth has been identified as the experts who managed to crack a mass shooter's iPhone that was at the center of an encryption standoff between the FBI and Apple.…

Categories: News

What the FLoC? Browser makers queue up to decry Google's latest ad-targeting initiative as invasive tracking

The Register - Wed, 14/04/2021 - 20:33
'Federated Learning of Cohorts' groups users together and is already being tested in Chrome

Updated  Google's FLoC (Federated Learning of Cohorts) mechanism for ad personalisation, currently being trialled in the Chrome browser, has been rejected as privacy-invasive tracking by other browser makers including Vivaldi and Brave.…

Categories: News

Chrome and Chromium updated after yet another exploit is found in browser's V8 JavaScript engine

The Register - Wed, 14/04/2021 - 18:02
JS component seems to be focus of researchers and miscreants alike

Google has announced new updates to Chrome 89 following the discovery of yet another live exploit for a vulnerability in the V8 JavaScript engine.…

Categories: News

Spy agency GCHQ told me Gmail's more secure than Microsoft 365, insists British MP as facepalming security bods tell him to zip it

The Register - Wed, 14/04/2021 - 10:16
Keep using the provided tools, NCSC says

Conservative MP Tom Tugendhat has publicly claimed GCHQ sources told him Gmail was more secure than Parliament’s own Microsoft Office 365 deployment – but both Parliament and a GCHQ offshoot have told him to stop being silly.…

Categories: News

FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins

The Register - Wed, 14/04/2021 - 03:26
Remote-control malware wiped, deployments must still be patched

The FBI deleted web shells installed by criminals on hundreds of Microsoft Exchange servers across the United States, it was revealed on Tuesday.…

Categories: News

Google Sites blight: Over 100,000 web pages for business form searches overrun with backdoor RATs

The Register - Wed, 14/04/2021 - 02:22
eSentire warns of remote-access trojans masquerading as PDFs

More than 100,000 web pages hosted by Google Sites are being used to trick netizens into opening business documents booby-trapped with a remote-access trojan (RAT) that takes over victims' PCs and hands control to miscreants.…

Categories: News

1Password targets developers with Secrets Automation, acquisition of SecretHub

The Register - Tue, 13/04/2021 - 21:53
Existing users covered until 2022

Password specialist 1Password has acquired SecretHub, a secrets management platform aimed at IT engineers, and made a new service called Secrets Automation, previously in beta, generally available.…

Categories: News

NSA helps out Microsoft with critical Exchange Server vulnerability disclosures in an April shower of patches

The Register - Tue, 13/04/2021 - 20:47
114 fixes for the Windows world – plus fixes from SAP, Adobe, FreeBSD, etc

Patch Tuesday  April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA).…

Categories: News

Cracked copies of Microsoft Office and Adobe Photoshop steal your session cookies, browser history, crypto-coins

The Register - Tue, 13/04/2021 - 18:12
It's like the 2000s all over again, sighs Bitdefender

Cracked copies of Microsoft Office and Adobe Photoshop are stealing browser session cookies and Monero cryptocurrency wallets from tightwads who install the pirated software, Bitdefender has warned.…

Categories: News

Average British computer criminal is young, male and not highly skilled, researcher finds

The Register - Tue, 13/04/2021 - 10:27
Analysis of Computer Misuse Act cases also draws heavily on El Reg archives

An academic researcher has analysed more than 100 Computer Misuse Act cases to paint a picture of the sort of computer-enabled criminals who plague Great Britain’s digital doings in the 21st Century.…

Categories: News

Want to turbo-charge your cybersec skills? It’s time to put yourself on the SPOT

The Register - Tue, 13/04/2021 - 03:00
That’s Self-Paced Online Training, says SANS Institute

Promo  Working in cybersecurity means always keeping your skills bang up to date. But what are your options when the challenges of blocking out time for traditional in person training are compounded by pandemic-related restrictions?…

Categories: News

Mike Lynch-backed Darktrace to file for London IPO in aftermath of Deliveroo flop

The Register - Mon, 12/04/2021 - 17:15
LSE document confirms AI infosec company's plans

British AI-powered infosec biz Darktrace is to go public in England's capital city, the company told the London Stock Exchange this morning.…

Categories: News

Stuxnet sibling theory surges after Iran says nuke facility shut down by electrical fault

The Register - Mon, 12/04/2021 - 07:57
Evidence is thin, but Natanz enrichment facility is offline

Iran has admitted that one of its nuclear facilities went offline over the weekend, and a single report claiming Israeli cyber-weapons were the cause has been widely accepted as a credible explanation for the incident.…

Categories: News

United States' plan to beat China includes dominating tech standards groups, especially for 5G

The Register - Mon, 12/04/2021 - 02:40
'Strategic Competition Act' calls for appointment of a new ambassador-at-large for tech

America's plan to compete with China includes a call for the land of the free to dominate tech standards bodies, especially for 5G, and to appoint an ambassador level official to lead a new “Technology Partnership Office” that Washington will use to drive tech collaboration among like-minded nations.…

Categories: News

Texan's alleged Amazon bombing effort fizzles: Militia man wanted to take out 'about 70 per cent of the internet'

The Register - Fri, 09/04/2021 - 22:57
Someone hasn't heard of redundancy

The US Justice Department on Friday announced the arrest of Seth Aaron Pendley, 28, for allegedly planning to blow up a single Amazon data center in Ashburn, Virginia, which he thought would knock out around 70 per cent of the internet.…

Categories: News

UK's National Cyber Security Centre recommends password generation idea suggested by El Reg commenter

The Register - Fri, 09/04/2021 - 16:58
Who says everything below the line is a cesspit of useless filth?

Nearly a third of Britons use the name of their pet or a family member as a password, the National Cyber Security Centre has said as it advised folk to adopt what looks very much like a Register forum user's suggestion for secure password generation.…

Categories: News

CyberBattleSim: Microsoft's open-source Holodeck in which autonomous attackers, defenders duke it out

The Register - Fri, 09/04/2021 - 12:06
Very 2021 to have AI bots fight in simulated networks for our entertainment (and science)

Microsoft has open-sourced software that pits machine-learning-powered network intruders against automated defenders inside virtual networks.…

Categories: News

How do we stamp out the ransomware business model? Ban insurance payouts for one, says ex-GCHQ director

The Register - Fri, 09/04/2021 - 11:02
New laws needed to cut off incentive to crooks, argues Marcus Willett

Increasing numbers of senior ex-GCHQ people have called for laws preventing businesses using cyber insurance to buy off ransomware attackers – with the money merely perpetuating the criminals' business model.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News