News

'RSA private keys' baked into Manchester firm's software

A hacker collective has said that it found the private keys for a Manchester bus company's QR code ticketing app embedded in the app itself – and has now released its own ride-buses-for-free code.…

Bug seller Zerodium boosts payouts for 'droid, slashes iOS prices in half

Bug-broker Zerodium says it will cough up as much as $2.5m in exchange for techniques to silently and remotely hijack Android devices via critical vulnerabilities, signaling a major change in the pricing of security holes.…

Virtual USB hub allows attackers to get into BMCs

Tens of thousands of servers around the world are believed to be hosting a vulnerability that would allow an attacker to remotely commandeer them.…

Hey, ex-Soviet state-backed threat actors, you watching?

Fresh from secretary-general Jens Stoltenberg’s repeated promises to hack back at cyber-attackers, NATO is now preparing to run a large-scale cyber exercise to test its infosec defences.…

Get your grandparents to book with someone else

Teletext Holidays managed to leave more than 200,000 customer phone call recordings exposed on an unsecured AWS server, according to reports.…

Walled-garden Android platform security easily copied

Facebook has insisted that losing control of the private key used to sign its Facebook Basics app is no biggie despite totally unrelated apps from other vendors, signed with the same key, popping up in unofficial repositories.…

Plus a Cisco bug, dentists bitten by malware, and France takes down a worm

Roundup  This week ended with a bang, thanks to some Twitter hackers.…

Cryptocurrency crooks look to siphon cycles from enterprise kit

Exclusive  A coin-mining malware infection previously only seen on ARM IoT devices has made the jump to Intel systems.…

Project Zero dissects years-long surveillance campaign

Google's Project Zero says more than a dozen iOS flaws that Apple patched back in February had been under attack for years.…

And they're imposing a 20-character limit on new ones

Users of software house Foxit's free and paid-for products, including its popular PhantomPDF editor, may have fallen victim to a data breach – with stolen data including users' website passwords.…

Ransomware strain was top customer call-out title in 2018

Kaspersky Lab reckons the number one reason its customers call them for emergency help is because of ransomware – with Wannacry still playing a large part in detections picked up by the Russian company.…

You can't patch stupid

Despite years of corporate awareness training, warning articles in The Reg and regular bollockings by frustrated IT admins, human error is still behind most personal data leaks, a newly released study says.…

How's that Boris Johnson impression working out for you?

On Call  Welcome to On Call, The Register's weekly dive into the mailbag of woe from those faced with recalcitrant users or, occasionally, an overly helpful operator.…

Payouts extended to anything with more than 100m installs

Google is expanding its Android bug-bounty program to cover not just holes in the web giant's apps but also vulnerabilities in third-party software – as long as they have more than 100 million installs.…

Ex-Amazon techie accused of cyber-looting other storage buckets, mining crypto-coins on hacked servers

The ex-Amazon engineer who allegedly stole 100 million Capital One credit applicants' personal details from AWS cloud buckets has been formally accused of swiping data from 30 other organizations.…

Small governments make up two-thirds of infection victims observed by infosec bods

Ransomware criminals have taken a particular shine to US city and state governments, infecting them with file-scrambling extorionware in hope of quick payouts.…

Uncle Sam sued by rights warriors probing claims of silent snooping on suspicious rides

The Electronic Frontier Foundation (EFF) has sued [PDF] the US Department of Homeland Security to find out more about a program where, it is claimed, officers secretly stick GPS trackers on vehicles they are suspicious of as they come through the border.…

Thousands of dollars and new kit up for grabs if you can blow a hole in Zuck's video-conf gear

Facebook is opening its Portal videoconferencing hardware to hackers for the first time at the upcoming Pwn2Own Tokyo competition.…

IoT botnets move into the home theater market in search of low-hanging fruit

Set-top tuner boxes have become the infection vector in the spread of Internet of Things malware.…

And that's why we flirted with your nemesis Symantec, Brit retailer claims

Brit retailer Dixons has lashed back at McAfee's £30m High Court broadside, saying it was entitled to promote rival antivirus (AV) tech from Symantec if McAfee's software wouldn't work on Windows 10S devices.…