News

Fisher Price's Bluetooth reboot of pre-school play phone has adult privacy flaw

The Register - Thu, 23/12/2021 - 08:02
‘Chatter’ can be bugged thanks to kindergarten-grade security

A Bluetooth phone designed to evoke the carefree days of early childhood has been found to instead threaten the very adult prospect of being surveilled in your home.…

Categories: News

Alibaba Cloud slapped by Chinese ministry for mishandling Log4j

The Register - Thu, 23/12/2021 - 05:58
Beijing's not saying what cloudy contender did wrong

China's Ministry of Industry and Information Technology has suspended Alibaba Cloud's membership of an influential security board to protest its handling of the Log4j flaw.…

Categories: News

Of course a Bluetooth-using home COVID test was cracked to fake results

The Register - Wed, 22/12/2021 - 03:58
The Ellume COVID-19 Home Test was connected to the internet of woefully insecure things for a while

Security vendor F-Secure has faked a COVID test result on a Bluetooth-equipped home COVID Test. Thankfully the vendor’s since fixed the device.…

Categories: News

How to tackle hybrid cloud security and DevSecOps

The Register - Tue, 21/12/2021 - 20:29
Putting the Sec into DevOps is key, says Red Hat

Paid Feature  Of all the ideas to surface in the 20-year history of cloud computing, few have proved as compelling as the hybrid cloud. Organizations understand on-premises data centers and how computing power can be rented through public clouds or accessed through dedicated private clouds.…

Categories: News

Belgian defence ministry admits attackers accessed its computer network by exploiting Log4j vulnerability

The Register - Tue, 21/12/2021 - 12:33
Perpertrators' ID unknown, however

The Belgian Ministry of Defence has suffered a cyber attack after miscreants exploited one of the vulnerabilities in Log4j. The attack marks the first occasion that a NATO country's defence ministry has fallen victim to the flaws.…

Categories: News

UK National Crime Agency finds 225 million previously unexposed passwords

The Register - Tue, 21/12/2021 - 07:10
Shares them with Troy Hunt’s Have I Been Pwned after sweeping them up from ‘compromised cloud storage’

The United Kingdom’s National Crime Agency and National Cyber Crime Unit have uncovered a colossal trove of stolen passwords.…

Categories: News

US bags Russian accused of stealing millions after stealing per-release financial filings

The Register - Mon, 20/12/2021 - 22:23
Swiss cough up accused crim while Russia is 'deeply disappointed'

The US Attorney's Office of Massachusetts on Monday announced the extradition of Vladislav Klyushin, a Russian business executive with ties to the Kremlin, on charges of hacking US computer networks and committing securities fraud by trading on undisclosed financial data.…

Categories: News

Police National Computer not pwned by Clop ransomware crims, insists Home Office

The Register - Mon, 20/12/2021 - 15:51
Scottish MSP Dacoll was hit, however

The Clop ransomware gang pwned a managed service provider with access to the UK's Police National Computer, dumping data on its dark web leaks site – but officials deny that police data was compromised.…

Categories: News

How to keep on top of cloud security best practices

The Register - Mon, 20/12/2021 - 08:30
Trend Micro outlines common misconfigurations and how to avoid them

Paid Feature  In an era beset by hackers at every turn, it’s no small irony that the fastest growing security threat to business data might now be the self-inflicted wound of cloud service misconfiguration.…

Categories: News

VMware 2FA flaw can divulge that vital second credential to malicious actors

The Register - Mon, 20/12/2021 - 07:02
Plus: Deep dive into the NSO Group's zero-click exploit and 'Hack the DHS!'

In Brief  VMware has warned users a flaw in its VMware Verify two-factor authentication product could allow a malicious actor with a first-factor authentication credential to obtain a second factor from its VMware Verify product.…

Categories: News

Bad things come in threes: Apache reveals <i>another</i> Log4J bug

The Register - Sun, 19/12/2021 - 22:57
Third major fix in ten days is an infinite recursion flaw rated 7.5/10

The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j.…

Categories: News

US distrust of Huawei linked in part to malicious software update in 2012

The Register - Sat, 18/12/2021 - 11:01
Report claims Huawei techs working for Chinese intelligence compromised Australian telco

Suspicions about the integrity of Huawei products among US government officials can be attributed in part to a 2012 incident involving a Huawei software update that compromised the network of a major Australian telecom company with malicious code, according to a report published by Bloomberg.…

Categories: News

CISA issues emergency directive to fix Log4j vulnerability

The Register - Fri, 17/12/2021 - 21:29
Federal agencies have a week to get their systems patched

The US government's Cybersecurity and Infrastructure Security Agency (CISA) on Friday escalated its call to fix the Apache Log4j vulnerability with an emergency directive requiring federal agencies to take corrective action by 5 pm EST on December 23, 2021.…

Categories: News

RAF shoots down 'terrorist drone' over US-owned special ops base in Syria

The Register - Fri, 17/12/2021 - 15:29
£200k Anglo-French heat-seeking missile does its thing

The RAF has scored its first air-to-air "kill" – where an aircraft downs an enemy aircraft – for almost 40 years after shooting down a drone over Syria.…

Categories: News

Over Log4j? VMware has another critical flaw for you to patch

The Register - Fri, 17/12/2021 - 02:28
Workspace ONE Unified Endpoint Management can leak info via server-side request forgery

VMware customers have probably had a busy week because more than 100 of the IT giant's products are impacted by the Log4j bug.…

Categories: News

Facebook locks out 1,500 fake accounts used by cyber-spy firms to snoop on people, alerts 50k potential targets

The Register - Fri, 17/12/2021 - 01:41
Meta adverse to internet mercenaries using its social networks to help governments violate human rights

Facebook successor Meta on Thursday said it canceled 1,500 social media accounts used by seven surveillance-for-hire firms to conduct online attacks against government critics and members of civil society.…

Categories: News

Why ransomware attacks happen out of hours or during the holidays

The Register - Thu, 16/12/2021 - 18:00
Security teams have a choice to make – and doing nothing is not an option

Paid Feature  Time waits for no one. But ransomware attackers do. Increasingly, cybercriminals are timing their attacks, detonating them when their victims are out of the office. This gives them the chance to inflict maximum damage, and explains why ransomware attacks surge on public holidays like Thanksgiving and Christmas. How do they do it, and what can under-staffed security teams do about it?…

Categories: News

East Londoners nicked under Computer Misuse Act after NHS vaccine passport app sprouted clump of fake entries

The Register - Thu, 16/12/2021 - 16:04
App runs off a database, and databases are run by humans

British police have made a series of arrests over the past few months after people with apparent access to NHS databases allegedly sold fake vaccination status entries on the NHS vaccine passport app.…

Categories: News

Move fast, break security: Why CISOs must push back against Agile IT

The Register - Thu, 16/12/2021 - 08:30
The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them

Advertorial  The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them.

Categories: News

National Cyber Strategy will lead to BritChip for mobile devices by 2025, claims UK.gov

The Register - Thu, 16/12/2021 - 07:29
And potentially an increase in UK state-backed hacks

The British government has launched a £2.6bn National Cyber Strategy, intended to steer the state's thinking on cyber attack, defence and technology for the next three years – and there's some good news if you run a tech company.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News