News

Just in case the Feds take an interest in your calls

Zoom today said it will make end-to-end (E2E) encryption available to all of its users, regardless of whether they pay for it or not.…

Think like your enemies to defeat them

Webcast  You know your attack surface don’t you? You mapped all of it? Are you sure?…

North Korea's Lazarus Group at it again: Watch out for .rar files coming and going from your networks

Threat intel researchers have uncovered a phishing and malware campaign that targeted "a large European aerospace company" and which was run by the same North Koreans behind the hack of Sony Pictures.…

Then again, cloud providers aren't exactly playing the smart game either

Infosec pros and hackers regularly abuse cloud service providers to conduct reconnaissance and attacks, despite efforts by cloud providers to limit such activity.…

Cybercriminals are forever honing their skills and techniques. If you’re not doing the same, there can only be one winner

Sponsored  Falling for an impostor’s email is easier than you might think. The recent attack which saw Norway’s state-owned investment fund, Norfund, lose an eye-watering USD 10 million (approx. 100 million NOK) was down to a simple but devastatingly effective tactic used by cybercriminals: a spoofed email address.…

Internal report confirms what we all feared: Lax controls led to WikiLeaks Vault 7 hack tools blab

The CIA was so focused on developing whizzbang exploit code, it left any thought of basic computer security principles on the kitchen counter before dashing off to work each morning.…

Adobe emits bonus security fixes for creative software including Premier Pro, Campaign Classic

Adobe has emitted security patches for six of its most prominent software bundles, including Illustrator, After Effects, and Premier Pro.…

It was a fraudster! Finally an excuse for why there's a £250 Lycra bodysuit on your bank statement

Updated  Brit cycling equipment shop Wiggle confirmed to The Reg today it was delinking customers' payment cards from their accounts, two weeks after first receiving complaints that orders were appearing on customers' accounts that they had not made themselves.…

We've kept this story safe for work... which is perhaps a little odd because you're all working from home anyway

Hundreds of thousands of sensitive dating-app profiles – including images of "a graphic, sexual nature" – were exposed online for anyone stumbling across them to download.…

Upgrade your security protection for the new normal

Webcast  Is your organization in the middle of a work-from-home trial-by-fire? If so, you are learning all about the security risks of this abrupt change already, and so are your users.…

Security biz, academics, tech advocacy groups ask Supreme Court to review ruling

Analysis  Last week, fourteen cybersecurity experts, infosec biz ESET, and tech advocacy groups the Internet Association and TechFreedom filed friend-of-the-court briefs urging the US Supreme Court to review a 2019 appeals court ruling against antivirus maker Malwarebytes.…

Perp had previous conviction for obtaining property by deception

An IT support bod who reportedly stole more than £30,000 in Bitcoin, Litecoin and Ethereum has been jailed.…

Memory corruption exploitation about to get a lot harder on Chipzilla silicon

After years in development, Intel is set to debut security mechanisms in its microprocessors that it hopes will block, at the silicon level, exploitation of a class of software vulnerabilities.…

... and more in this rapid-fire summary of infosec news

Roundup  We all made it through another week – and here's a treat: another Register security roundup.…

This story also mentions QR codes for maximum facepalm effect

An infosec researcher reckons Whatsapp was a bit too quick off the mark to blame its users when hundreds of thousands of phone numbers, names and profile pictures were found to be easily accessible via Google.…

Networked devices work just fine, however

Windows 10 users woke up to borked printers following the monthly Microsoft bugfix party, Patch Tuesday.…

♫ Now don't go wasting my precious time! Pay the ransom quickly and we'll be just fine ♫ (no, don't)

The Maze ransomware gang has struck again – this time targeting an American M&A practice which counts former Spice Girl Victoria Beckham as one of its clients.…

Because IT service providers use ConnectWise to run your IT and this is its first-ever bug report

ConnectWise isn’t a vendor most Reg readers deal with directly, but the fact the company has just issued its first-ever security advisory deserves attention.…

Some bugs prove very persistant

Trend Micro has pulled the Privacy Browser from its Dr Safety Android security suite following the discovery of a reoccurring flaw that could be abused to trick people into thinking malicious pages were legit.…

Because nothing says freedom like a Predator circling overhead

Following weeks of heated protests in American cities – and criticism of law enforcement's use of force, surveillance, and drone aircraft in the skies above – the US government has belatedly asked the public what it thinks.…