Make sure you're up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out

The Register - Tue, 11/01/2022 - 22:46
Nothing like topping off unauth'd remote code execution with a su password of ... password

Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances.…

Categories: News

EU data watchdog to Europol: You've helped yourself to too much data

The Register - Tue, 11/01/2022 - 11:47
Law enforcement agency now has one year to delete any data older than 6 months not related to criminal activity

The European Data Protection Supervisor (EDPS) has ordered European Union law enforcement agency Europol to delete any data it has on individuals that's over six months old, provided there's no link to criminal activity.…

Categories: News

Secure boot for UK electric car chargers isn't mandatory until 2023 – but why the delay?

The Register - Tue, 11/01/2022 - 10:17
Good: New requirements in new law. Bad: Grace period

Electric car chargers will have to include secure boot and automatic network disconnection if unsigned software runs on the smart devices – but only from 2023, the British government has said.…

Categories: News

Four million outdated Log4j downloads were served from Apache Maven Central alone despite vuln publicity blitz

The Register - Tue, 11/01/2022 - 08:27
It's not as though folks haven't been warned about this

There have been millions of downloads of outdated, vulnerable Log4j versions despite the emergence of a serious security hole in December 2021, according to figures compiled by the firm that runs Apache Maven's Central Repository.…

Categories: News

Signal CEO Moxie Marlinspike resigns, leaves WhatsApp co-founder to run things until a successor is named

The Register - Tue, 11/01/2022 - 01:02
Departure comes as app courts controversy by integrating private cryptocurrency scheme

Moxie Marlinspike, the creator of the Signal secure messaging app, on Monday announced his resignation as CEO of the company.…

Categories: News

Avira also mines imaginary internet money on customers' PCs

The Register - Mon, 10/01/2022 - 18:36
Who should your PC work for: you, or your antivirus vendor?

Germany-based security biz Avira's antivirus has enabled a new feature: "Avira Crypto". It's opt-in, but if you click "yes", the AV will use your computer to mine Ethereum.…

Categories: News

China puts Walmart in the naughty corner, citing 19 alleged cybersecurity 'violations'

The Register - Mon, 10/01/2022 - 13:35
Warning comes weeks after govt body accused subsidiary Sam’s Club of 'ulterior motive' in goods stocking spat

American budget retailer Walmart was cited for 19 alleged cybersecurity breaches in China, state-sponsored media reported last week.…

Categories: News

GCHQ was rebuked for ignoring spy law safeguards as pandemic hit Britain

The Register - Mon, 10/01/2022 - 12:47
Auditor IPCO flagged it up – but then approved 99.94% of state snooping

Former foreign secretary Dominic Raab rebuked GCHQ for secretly halting internal compliance audits that ensured the spy agency was obeying the law, a government report has revealed – while just 0.06 per cent of spying requests made by Britain's public sector were refused by its supposed overseer.…

Categories: News

No defence for outdated defenders as consumer AV nears RIP

The Register - Mon, 10/01/2022 - 10:00
How sad would you be to see AV go? Us neither

Opinion  Game knows game. Thus it came as little surprise that Norton's consumer security software not only sprouted a cryptominer that slurps your computer's life essence and skims a cut, but that it's hard to turn it off.…

Categories: News

WebSpec, a formal framework for browser security analysis, reveals new cookie attack

The Register - Sat, 08/01/2022 - 08:45
Boffins in Vienna devise way to make software prove how it behaves

Folks at Technische Universität Wien in Austria have devised a formal security framework called WebSpec to analyze browser security.…

Categories: News

Salesforce mandates MFA by default

The Register - Fri, 07/01/2022 - 07:30
Thales: ‘Significant change in security culture'

Paid Feature  Of all the cybersecurity developments in 2021, a relatively low-key announcement made by software company (SFDC) in March might eventually turn out to be one of the most significant.…

Categories: News

Your backups can save you from ransomware. But how do you protect your backups?

The Register - Thu, 06/01/2022 - 18:15
Immutability, analytics, and a complete lack of trust…

Webinar  When it comes to cybersecurity, your backup data is no longer your last line of defence.…

Categories: News

You better have patched those Log4j holes or we'll see what a judge has to say – FTC

The Register - Wed, 05/01/2022 - 22:30
Apply fixes responsibly in a timely manner or face the wrath of Lina Khan

The US Federal Trade Commission on Tuesday warned companies that vulnerable Log4j software needs to be patched … or else.…

Categories: News

US Army journal's top paper from 2021 says Taiwan should destroy TSMC if China invades

The Register - Wed, 05/01/2022 - 19:01
No more chip factories would surely change Beijing's mind about unification

A top US Army War College paper suggests Taiwan should credibly threaten to eradicate its semiconductor industry if threatened by China so that Beijing would no longer be interested in unification.…

Categories: News

Remember Norton 360's bundled cryptominer? Irritated folk realise Ethereum app is tricky to delete

The Register - Wed, 05/01/2022 - 15:56
Disable anti-tamper features first and you'll be alright

Norton antivirus's inbuilt cryptominer has re-entered the public consciousness after a random Twitter bod expressed annoyance at how difficult it is to uninstall.…

Categories: News

Windows giant seeks Pluton-ic relationship with chip maker: AMD first out of the gates with Microsoft's security processor

The Register - Wed, 05/01/2022 - 12:11
Yes, you're going to have to get a new CPU (again)

It's been a while coming, but it looks like PCs with Microsoft's Pluton security processor are just around the corner. So long as your silicon of choice comes from AMD, for the time being at least.…

Categories: News

How ransomware gangs went pro

The Register - Wed, 05/01/2022 - 08:30
They're developing new techniques 'in every area' says Darktrace

Paid Feature  Ransomware has come a long way since the early days. When it first started out, it spread indiscriminately and often used poor code. Over the years, it has become more sophisticated and is now an efficient business. How did it become so professional?…

Categories: News

SlimPay fined €180k after 12 million customers' bank data publicly accessible for 5 years

The Register - Tue, 04/01/2022 - 17:33
French regulator's investigation finds multiple breaches of GDPR

SlimPay, a Paris-based subscription payment services company, has been fined €180,000 by the French CNIL regulatory body after it was found to have held sensitive customer data on a publicly accessible server for five years.…

Categories: News

John Edwards takes the reins at the UK's data protection watchdog

The Register - Tue, 04/01/2022 - 13:58
Information Commissioner faces a year of upheaval in data law

The Information Commissioner's Office has confirmed that former New Zealand privacy commissioner John Edwards has started his new role as the UK's Information Commissioner.…

Categories: News

Four years: that’s how long Azure’s App Service had a source code leak bug

The Register - Fri, 24/12/2021 - 06:01
Firm that found the flaw also spotted ChaosDB and OMIGOD, confident this one’s been exploited

Microsoft has revealed a vulnerability in its Azure App Service for Linux allowed the download of files that users almost certainly did not intend to be made public.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News