News

'You targeted a large charitable organisation' thundered judge

A Londoner who hacked the National Lottery using Sentry MBA and made off with just £5 will spend up to nine months in prison for his crimes.…

The main event is next week

Cisco has released a fresh batch of security updates for its networking and comms gear lines.…

To make matters worse, uninstalling it could cause even more pain

On Wednesday, more than 50 advocacy groups accused Google of exploiting poor people by failing to police misbehaving Android apps on cheap phones.…

If CheckPeople could take a look at this, that would be great

Exclusive  A database containing the personal details of 56.25m US residents – from names and home addresses to phone numbers and ages – has been found on the public internet, served from a computer with a Chinese IP address, bizarrely enough.…

Malware loaded onto more than 5k cash tills but pre-GDPR screw-up means retailer dodged bigger financial bullet

Dixons Retail is facing a £500,000 penalty from the Information Commissioner’s Office (ICO) after a hacker installed malware that infected thousands of point of sale tills and scooped up 5.6 million payment card details.…

Unsafe hashing algorithm really is unsafe

SHA-1 stands for Secure Hash Algorithm but version 1, developed in 1995, isn't secure at all. It has been vulnerable in theory since 2004 though it took until 2017 for researchers at CWI Amsterdam and Google to demonstrate a practical if somewhat costly collision attack.…

Nork cash grab nasty gets stealthier

Malware hunters are sounding the alarm over a new, more effective version of the North Korean "Apple Jeus" macOS software nasty.…

Uploads, deletions, private-to-public switcharoos, all bad stuff

TikTok, a mobile video app popular with teens, was vulnerable to SMS spoofing attacks that could have led to the extraction of private information, according to infosec researchers.…

Privacy is nearly dead, but we're not even close to getting over it

Column  Sitting quietly in the upper corner of my browser's address bar, a counter rises as Disconnect thwarts requests to track me. Visiting well-behaved sites (such as El Reg), those numbers tick up more slowly.…

We can rebuild him, we have the backups... er, right?

More than a week after its website and online services were taken offline by malware, foreign currency super-exchange Travelex continues to battle through what has become an increasingly damaging outage that may have unpatched VPN servers at its heart.…

FBI, open up!

Comment  The FBI has asked Apple to unlock two iPhones belonging to a murderer, potentially reviving a tense battle over encryption and the rights of law enforcement to digital devices.…

Plug this security bypass... if you can even find the boxes running it

Hackers are taking advantage of unpatched enterprise VPN setups ‒ specifically, a long-known bug in Pulse Secure's code ‒ to spread ransomware and other nasties.…

The Chocolate Factory's bug hunters revise 90-day disclosure rules

Patting itself on its back for motivating software makers to fix 97.7 per cent of the vulnerabilities it identifies within its 90-day disclosure deadline, Google's bug-hunting unit Project Zero has decided to ease up on those racing to patch their flawed products.…

Price tag undisclosed but we're guessing it won't have made seller rich

Symantec’s parent Broadcom has offloaded its Cyber Security Services (CSS) operation to Accenture for an undisclosed sum.…

CEO confirms servers, software locked by perps

German cycle-maker Canyon Bicycles GmbG has confirmed it was the victim of a security break-in over the holiday period that has all the hallmarks of a ransomware attack with parts of the infrastructure padlocked by the perpetrators.…

Run sqlmap, edit online statutes, gain immunity for life?

Exclusive  A SQL injection vulnerability on the Government of Gibraltar's website paved the way for any old Joe to rewrite official web versions of the British Overseas Territory's laws.…

Apps spotted abusing use-after-free() bug seven months before patch

At least three malicious apps with device-hijacking exploits have made it onto the Google Play Store in recent weeks.…

Experts reckon regional infrastructure is in the cross-hairs

With tensions soaring between America and Iran following the drone strike that killed top Persian general Qassem Soleimani, experts are weighing in on what the US could face should the Mid-East nation fully mobilize its cyber resources.…

Despite 'people familiar with matter' claiming otherwise to US news

GCHQ and its cyber-defence offshoot NCSC have both denied that they are investigating a cyber-attack on the London Stock Exchange, contrary to reports.…

Watch online and find out how to strengthen your arsenal of security measures with F-Secure

Webcast  Miscreants are constantly on the lookout for new ways to get at your data, becoming more dangerous all the time as a result.…