VMware warns of critical remote code execution flaw in vSphere HTML5 client

The Register - Tue, 23/02/2021 - 23:35
If you don’t patch, the hosts driving all your virty servers are at risk. So maybe your to-do list needs a tickle?

VMware has revealed a critical-rated bug in the HTML5 client for its flagship vSphere hybrid cloud suite.…

Categories: News

They break into your network but do nothing themselves: 'Initial access brokers' resell stolen creds for $7k a pop

The Register - Tue, 23/02/2021 - 22:53
So says Digital Shadows as it puts a price on illicit access methods

A growing category of cyber-crime consists of breaking into corporate networks and doing nothing else – except selling that illicit access to others for about $7,000 a go, says infosec biz Digital Shadows.…

Categories: News

Clop ransomware gang leaks online what looks like stolen Bombardier blueprints of GlobalEye radar snoop jet

The Register - Tue, 23/02/2021 - 21:22
And what may be CAD drawing of a military radar antenna

The Clop ransomware gang claims to have stolen documents from aerospace giant Bombardier’s defense division – and has leaked what appears to be a CAD drawing of one of its military aircraft products, raising fears over what else they’ve got.…

Categories: News

Linux Mint users in hot water for being slow with security updates, running old versions

The Register - Tue, 23/02/2021 - 13:33
Automatic updates? 'We have ideas on how to improve this,' says founder

Linux Mint founder Clem Lefebvre has complained that too many users are slow to apply updates or run unsupported versions of the operating system.…

Categories: News

The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made public

The Register - Tue, 23/02/2021 - 00:50
Check Point says Beijing 'reconstructed' Equation Group's hacking tool long before leak

A zero-day exploit said to have been developed by the NSA was cloned and used by Chinese government hackers on Windows systems years before the cyber-weapon was leaked online, it is claimed.…

Categories: News

NurseryCam hacked, company shuts down IoT camera service

The Register - Mon, 22/02/2021 - 17:30
Real names, usernames, and what appears to be SHA-1 hashed passwords exposed

Daycare camera product NurseryCam was hacked late last week with the person behind the digital break-in coming forward to tip us off.…

Categories: News

Planespotters’ weekends turn traumatic as engine pieces fall from the sky in the Netherlands and the US

The Register - Mon, 22/02/2021 - 13:03
It’s a bird, it’s a plane… holy crap there’s a nacelle in my kitchen

In what can only be described as a bad day for Boeing, not one but two of its planes suffered engine fire and began shedding parts along their respective flight paths.…

Categories: News

Brave browser leaks visited Tor .onion addresses in DNS traffic, fix released after bug hunter raises alarm

The Register - Mon, 22/02/2021 - 07:14
Plus: IBM's lawyers hacked, Kia denies ransomware hit, France declares war on hackers, and more

In brief  Brave has patched up its privacy-focused web browser after it was spotted leaking its Tor users' dark-web habits.…

Categories: News

Malware monsters target Apple’s M1 silicon with ‘Silver Sparrow’

The Register - Mon, 22/02/2021 - 00:00
Behaves like a legit software installer and phones home for instructions, but lacks a payload

US security consultancy Red Canary says it’s found MacOS malware written specifically for the shiny new M1 silicon that Apple created to power its post-Intel Macs.…

Categories: News

Happy birthday, Python, you're 30 years old today: Easy to learn, and the right tool at the right time

The Register - Sat, 20/02/2021 - 13:10
Popular programming language, at the top of its game, still struggles to please everyone

Feature  February 20, 2021, the 30th anniversary of Python, finds the programming language at the top of its game but not without challenges.…

Categories: News

Atheists warn followers of unholy data leak, hint dark deeds may have tried to make it go away

The Register - Fri, 19/02/2021 - 06:04
Rival atheists accused of not believing in privacy law

The Atheist Alliance International, an organisation that works to demystify atheism and advocate for secular governance, has warned members their personal information appears to have been leaked.…

Categories: News

Microsoft admits some Azure, Exchange, Intune source code snaffled in SolarWinds schemozzle

The Register - Fri, 19/02/2021 - 02:32
We’ll be fine, says Redmond security crew. No word on whether you will be too once crims analyse their haul

Microsoft has admitted that as a result of installing backdoored SolarWinds tools in some parts of its corporate network, portions of its source code was obtained and exfiltrated by parties unknown.…

Categories: News

Just 2.6% of 2019's 18,000 tracked vulnerabilities were actively exploited in the wild

The Register - Thu, 18/02/2021 - 18:00
So says Kenna Security in a refreshing piece of counter-FUD analysis

While the infosec industry is used to reading (and pumping out) FUD about software vulnerabilities, eye-catching research suggests about 500 vulns were exploited in 2019 – despite 18,000 new CVEs being created.…

Categories: News

Nurserycam horror show: 'Secure' daycare video monitoring product beamed DVR admin creds to all users

The Register - Thu, 18/02/2021 - 12:01
Company has a habit of reacting badly to vuln disclosures

Updated  A parental webcam targeted at nursery schools was so poorly designed that anyone who downloaded its mobile app gained access to admin credentials, bypassing intended authentication, according to security pros – with one dad saying its creators brushed off his complaints about insecurities six years ago.…

Categories: News

Has your cloud app suite left you feeling insecure? There’s a reason for that

The Register - Thu, 18/02/2021 - 08:30
Tune in next week and discover how to tighten that gap in your remote worker security

Webcast  You’ve seen large parts of your workforce take to the hills over the past year with nothing but a laptop and a Microsoft 365 account for company.…

Categories: News

Cred-stealing trojan harvests logins from Chromium browsers, Outlook and more, warns Cisco Talos

The Register - Thu, 18/02/2021 - 07:25
Masslogger evolution rears its ugly head, $30 gets you three month license to cause carnage

Cisco Talos has uncovered a credential-stealing trojan that lifts your login details from the Chrome browser, Microsoft's Outlook and instant messengers.…

Categories: News

Uncle Sam accuses three suspected North Korean govt hackers of stealing $1.3bn+ from banks, crypto orgs

The Register - Wed, 17/02/2021 - 22:22
Oh yes, and hacking Hollywood, allegedly

Three suspected North Korean military intelligence hackers have been charged with, among other things, conspiring to loot more than $1.3bn (£938m) from banks, ATMs, and cryptocurrency companies, according to an indictment unsealed by the US Department of Justice on Wednesday.…

Categories: News

You’ve got millions of open-source software components to choose from... and so do cybercriminals

The Register - Wed, 17/02/2021 - 20:00
Just who is running your favourite project these days?

Sponsored  In November 2020, the JavaScript registry npm flashed a security advisory that a library called twilio-npm harboured malicious code which could backdoor any machine it was downloaded to. Perhaps the most troubling aspect of this tale is that this was the seventh such malicious package found on npm within a month, a stark illustration of the effort that cybercriminals are making to insert themselves into the open source software supply chain.…

Categories: News

You don't have clearance for that: Microsoft ups the paranoia with a preview of Azure Firewall Premium

The Register - Wed, 17/02/2021 - 16:30
Reassuring the regulators

Microsoft has unveiled a preview of Azure Firewall Premium, aimed at highly sensitive and regulated environments.…

Categories: News

Think your backups will protect you from ransomware? What do you think the malware attacked first?

The Register - Wed, 17/02/2021 - 15:00
Immutablity or vulnerability – it’s your choice

Webcast  If you think your backup strategy means you’re protected from the worst that cyber-criminals can throw at you, we’ve got some bad news. Ransomware creators know all about backups, too.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News