News

James Bond? Inspector Gadget? Yup, all here

A Soviet equivalent of Nazi Germany's Enigma cipher machine has sold for more than double its auction asking price – while a secret camera disguised as a pack of cigarettes went for nearly $20,000.…

Open-source stuff stays for now, company promises

Palo Alto Networks (PAN) has described its $156m buy of cloudy DevSecOps biz Bridgecrew as a "key bet" at a time when the world has never been more reliant on off-premises computing.…

Cough up if you want to use it with your laptop and phone

Password manager LastPass has changed its terms and conditions to limit the free version of its code work on a single device type only per user, seemingly in an effort to force free folks into paying for its service.…

Trend Micro claims software is full of security flaws that allow data out and malware in

Trend Micro has published a report claiming that data-sharing Android app SHAREit, which has over a billion downloads, contains multiple vulnerabilities after the app's maker ignored advice to fix the flaws.…

Web hosts infiltrated for up to three years in attack that somewhat resembles SolarWinds mess

France’s Agence nationale de la sécurité des systèmes d'information (ANSSI), the nation’s cyber-security agency, has identified a years-long campaign to infiltrate IT monitoring platform Centreon.…

Ah, the old 'liquidate your company' trick. Classic

Another month and two more British companies behind nuisance marketing calls are collectively facing a £270,000 penalty for breaking the law by calling people registered by the Telephone Preference Service (TPS).…

Plus: SentinelOne picks up Scalyr, fatal flaws in TCP, and a view on Supermicro

In brief  Internet Security Research Group nonprofit Let's Encrypt has massively upgraded its certification hardware and software so that it can delete and reissue all its certs in less than 24 hours.…

As FireEye reveals how suspicious second phone signed up for 2FA gave the game away

Microsoft president Brad Smith says the software giant’s analysis of the SolarWinds hack suggests the code behind the crack was the work of a thousand or more developers.…

Server maker says latest article is 'a mishmash of disparate allegations'

Following up on a disputed 2018 claim in its BusinessWeek publication that tiny spy chips were found on Supermicro server motherboards in 2015, Bloomberg on Friday doubled down by asserting that Supermicro's products were targeted by Chinese operatives for over a decade, that US intelligence officials have been aware of this, and that authorities kept this information quiet while crafting defenses in order to study the attack.…

Accusations of grey hat infosec consultancy extortion ring drop away after El Reg intervenes

A cautionary tale about the dangers posed by affordable Internet of Things devices turned into a much more sinister story after a company threatened an infosec bod with a police report (since retracted) unless he deleted a Twitter thread highlighting shortcomings in one of its products.…

Another privacy improvement from Cupertino, just a small one

Apple's forthcoming iOS 14.5 release, currently in beta, will conceal the IP address of Safari web surfers from Google's Safe Browsing service, integrated into Safari to spot fraudulent websites.…

Antisocial network sued by Proofpoint in scrap over domain names

Security biz Proofpoint and its subsidiary Wombat Security Technologies have sued Facebook and its Instagram subsidiary to prevent the seizure of internet domain names used for security testing.…

I always feel like somebody's watching me

An Azure customer has expressed outrage after finding himself on the receiving end of an unexpected LinkedIn message from Ubuntu last night.…

Google Cloud Platform account required, API key comes with Ts&Cs

Hands On  Google has big ambitions for its new Open Source Vulnerabilities database, but getting started requires a Google Cloud Platform account and there are other obstacles that may add friction to adoption.…

Nicholas Faber joins accomplice Michael Fish in admitting he raided university portal for sensitive info

A college graduate has admitted hacking into the email and social media accounts of female students, stealing their nude photos and videos, and trading them with others.…

Biden-era Dept of Justice forced to make call after UK judge blocks on mental health grounds

The US Dept of Justice will continue pushing for the extradition of WikiLeaks founder Julian Assange, a spokesperson confirmed on Wednesday.…

National Crime Agency nabbed network that stole money, Bitcoin, personal data

Brit cops have cuffed eight men in England and Scotland amid a probe into SIM-swapping attacks on high-profile US targets – including sports stars, musicians, and "influencers" – that had money and personal data stolen.…

No downtime for major updates

CloudLinux has added the Raspberry Pi to its KernelCare patching service, although only if you're running Ubuntu.…

Soon may the phisherman come to leave our inbox quite undone

Kind old Google has published data on targeted email attacks and dispensed advice to help users separate friend from foe.…

United Nations sanctions made silly by sloppy security

North Korean attacks on crypto exchanges reportedly netted $316m United Nations sanctions made silly by sloppy security North Korean cyber-attacks harvested $316m in cryptocurrency across 2019 and 2020, according to a report by Japan’s Nikkei.…