Brit retailer Furniture Village confirms 'cyber-attack' as systems outage rolls into Day 7

The Register - Fri, 04/06/2021 - 09:15
Sofa, not-so-good: Angry customers still can't access systems, phones, and deliveries delayed

Furniture Village – the UK's largest independent furniture retailer with 54 stores nationwide – has been hit by a "cyber-attack", the company confirmed to The Register.…

Categories: News

How to use Google's new dependency mapping tool to find security flaws buried in your projects

The Register - Fri, 04/06/2021 - 03:59
Millions of Rust, JavaScript, Go, Maven repositories scanned and visualized

Google has built an online tool that maps out all the dependencies in millions of open-source software libraries and flags up any unpatched vulnerabilities.…

Categories: News

Supreme Court narrows Computer Fraud and Abuse Act: Misusing access not quite the same as breaking in

The Register - Thu, 03/06/2021 - 21:45
We'll explain everything for you

The US Supreme Court on Thursday limited the scope of the 1986 Computer Fraud and Abuse Act (CFAA) in a ruling that found a former sergeant did not violate the law by misusing his access to a police database.…

Categories: News

FireEye sold to McAfee's new owners for $1.2bn as Mandiant split into standalone firm again

The Register - Thu, 03/06/2021 - 13:55
Another big name buyout by STG

FireEye has been sold for $1.2bn to the same American private equity fund that bought McAfee’s enterprise security business, severing it from infosec stablemate Mandiant.…

Categories: News

European Parliament's data adequacy objection: Doubts cast on UK's commitment to data protection

The Register - Thu, 03/06/2021 - 09:30
Plus: Judgement in immigration exemption case makes things worse

Comment  Almost two weeks ago, the European Parliament took the step of objecting to the Commission decisions to grant the UK data adequacy.…

Categories: News

Antivirus that mines Ethereum sounds a bit wrong, right? Norton has started selling it

The Register - Thu, 03/06/2021 - 07:51
Down continues to be the new up

NortonLifeLock, the company that offers the consumer products Broadcom didn’t want when it bought Symantec, has started to offer Ethereum mining as a feature of its Norton 360 security suite.…

Categories: News

Deadline draws near to avoid auto-joining Amazon's mesh network Sidewalk

The Register - Thu, 03/06/2021 - 00:05
'A stalker can abuse it to stalk people better. There are no mitigations mentioned'

Owners of Amazon Echo assistants and Ring doorbells have until June 8 to avoid automatically opting into Sidewalk, the internet giant's mesh network that taps into people's broadband and may prove to be a privacy nightmare.…

Categories: News

Ahem, Huawei, your USB LTE stick has a vuln. I SAID AHEM, Huawei, are you listening?

The Register - Wed, 02/06/2021 - 19:35
Embarrassing flaw in E3372 device finally patched

Huawei has belatedly fixed a mild vulnerability in a USB connectivity dongle spotted by Trustwave after The Register intervened.…

Categories: News

JBS Foods ransomware gang: White House 'engaging directly' with Russia about attack on massive meat producer

The Register - Wed, 02/06/2021 - 16:57
Aussie cops start probe and FBI and USDA lend a hand

Australian police are investigating a ransomware attack at the facilities of JBS Foods — one of the largest producers of meat in the world – as the White House fingers Russia-based cybercriminals.…

Categories: News

UK Special Forces soldiers' personal data was floating around WhatsApp in a leaked Army spreadsheet

The Register - Wed, 02/06/2021 - 15:28
Bizarre promotion practice leads to near-inevitable breach

Exclusive  An astonishing data security blunder saw the personal data of Special Forces soldiers circulating around WhatsApp in a leaked British Army spreadsheet.…

Categories: News

OpenPGP library RNP updates after Thunderbird decrypt-no-recrypt bug squashed

The Register - Wed, 02/06/2021 - 11:44
Not the obvious function, the other obvious function

OpenPGP project RNP has patched its flagship product after Mozilla Thunderbird, a major user, was found to be saving users’ private keys in plain text.…

Categories: News

Feds seize two domains used by SolarWinds intruders for malware spear-phishing op

The Register - Wed, 02/06/2021 - 01:23
Info-stealing scheme, attributed to Russia-affiliated crew, relied on spoof USAID marketing messages

Uncle Sam on Tuesday said it had seized two web domains used to foist malware on victims using spoofed emails from the US Agency for International Development (USAID).…

Categories: News

There's a lesson here for us all: A third of healthcare orgs in Sophos survey 'hit with ransomware in 2020'

The Register - Tue, 01/06/2021 - 19:00
What’s the remedy? Read on…

Promo  The thought of ransomware gripping the corporate systems we manage is enough to give any of us sleepless nights. The thought of a ransomware attack crippling the healthcare infrastructure all of us rely on is terrifying.…

Categories: News

Remember those wacky cyberpunk costumes in <i>Hackers</i>? They're on display in London this week

The Register - Tue, 01/06/2021 - 15:32
'Medieval mixed with athletic wear' chic from 1995

Fans of 'cyber' flick Hackers can amuse themselves by visiting an exhibition of the characters’ costumes in London – but time is running short if you want to catch a glimpse of Angelina Jolie’s bizarre getups.…

Categories: News

Increase confidence in public cloud security: Integrate Intel SGX, says G-Core Labs Cloud

The Register - Tue, 01/06/2021 - 08:30
Hear from one of the first providers to support this security functionality

Sponsored  Cloud infrastructure has many advantages over a corporate server. It’s easier to set it up and to get access to almost any resources in a matter of minutes, and you only pay for the capacity used. However, businesses are often concerned about how secure cloud solutions are.…

Categories: News

Have I Been Pwned goes open source, bags help from FBI

The Register - Tue, 01/06/2021 - 02:47
Plus: More Rowhammer research, Feds warn of Fortinet attacks, etc

In brief  The creator of the Have I Been Pwned (HIBP) website, which alerts you if it turns out your credentials have been swiped and leaked from an account database, has open sourced the project's internals.…

Categories: News

Online flashcard sites spill security details of US nuclear weapon bunkers since 2013

The Register - Fri, 28/05/2021 - 19:51
Leaked data proves very educational

Details of some US nuclear missile bunkers in Europe, which contain live warheads, along with secret codewords used by guards to signal that they’re being threatened by enemies, were exposed for nearly a decade through online flashcards used for education, but which were left publicly available.…

Categories: News

Russian gang behind SolarWinds hack returns with phishing attack disguised as mail from US aid agency

The Register - Fri, 28/05/2021 - 08:57
Microsoft says Nobelium scored access to Constant Contact email marketing tool

Nobelium, the Russia-aligned gang identified as the perpetrators of the supply chain attack on SolarWinds' Orion software, has struck again, Microsoft vice president Tom Burt in a blogpost Thursday.…

Categories: News

Hong Kong recorded phishing surge in 2020 as scum sought to cash in on viral worries

The Register - Fri, 28/05/2021 - 05:56
Special Administrative Region recorded plunge in ransomware attacks

Criminals tried to exploit Hong Kong residents' COVID-related anxiety, according to new security data released yesterday by the Special Administrative Region's secretary for innovation and technology Alfred Sit.…

Categories: News

Fujitsu pulls ProjectWEB tool offline after apparent supply chain attack sees Japanese infosec agency data stolen

The Register - Thu, 27/05/2021 - 13:29
No sign of ransomware - or attacker's identity, so far

A Fujitsu project management suite is causing red faces at the Japanese company’s HQ after “unauthorised access” resulted in data being stolen from government agencies, local reports say.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News