News

Autodesk was one of the 18,000 firms breached in SolarWinds attack, firm admits

The Register - Thu, 02/09/2021 - 18:33
Door was opened but nobody stepped inside, luckily

Autodesk, makers of computer-aided design (CAD) software for manufacturing, has told the US stock market it was targeted as part of the the supply chain attack on SolarWinds' Orion software.…

Categories: News

In space, no one can hear cyber security professionals scream

The Register - Thu, 02/09/2021 - 14:22
Miscreants hacking vulnerable orbital hardware could set living standards back by decades in seconds

"Space is an invaluable domain, but it is also increasingly crowded and particularly susceptible to a range of cyber vulnerabilities and threats."…

Categories: News

UK VoIP telco receives 'colossal ransom demand', reveals REvil cybercrooks suspected of 'organised' DDoS attacks on UK VoIP companies

The Register - Thu, 02/09/2021 - 11:32
One firm hit with at least 2 attacks as outages continue

Two UK VoIP operators have had their services disrupted over the last couple of days by ongoing, aggressive DDoS attacks.…

Categories: News

Dissected: A dropper-as-a-service miscreants pay to push their malware onto potentially 1,000s of victims

The Register - Thu, 02/09/2021 - 05:27
Sophos gazes into the abyss

A dropper-as-a-service, which cyber-crime newbies can use to easily get their malware onto thousands of victims' PCs, has been dissected and documented this week.…

Categories: News

Fired credit union employee admits: I wiped 21GB of files from company's shared drive in retaliation

The Register - Thu, 02/09/2021 - 00:34
Access should have been revoked ... but wasn't, court told

On Tuesday, a woman from Brooklyn, New York, pleaded guilty to destroying computer data at an unidentified credit union from which she had recently been fired.…

Categories: News

NSA: We 'don't know when or even if' a quantum computer will ever be able to break today's public-key encryption

The Register - Wed, 01/09/2021 - 19:21
Then again, it would say that

America's National Security Agency has published an FAQ about quantum cryptography, saying it does not know "when or even if" a quantum computer will ever exist to "exploit" public-key cryptography.…

Categories: News

Indonesian authorities probe million-record leak from national COVID app

The Register - Wed, 01/09/2021 - 06:16
Someone didn't secure an Elasticsearch database, researchers allege

Indonesia's Ministry of Communications and Informatics is investigating a leak of over a million records from the nation's COVID-19 quarantine management app.…

Categories: News

Singapore adds a third bug bounty program – this time to fortify government digital services

The Register - Wed, 01/09/2021 - 05:14
HackerOne gets the gig

Singapore's governmental digital services arm, GovTech, has launched a "rewards programme" to further crowdsource tests of the nation's cybersecurity.…

Categories: News

US officials, experts fear China ransacked Exchange servers for data to train AI systems

The Register - Tue, 31/08/2021 - 20:23
Plus: T-Mobile US apologizes, security holes found in medical pumps, and more

In brief  The massive attack on Microsoft Exchange servers in March may have been China harvesting information to train AI systems, according to US government officials and computer-security experts who talked to NPR.…

Categories: News

Leaked Guntrader firearms data file shared. Worst case scenario? Criminals plot UK gun owners' home addresses in Google Earth

The Register - Tue, 31/08/2021 - 15:19
Bang out of order

The names and home addresses of 111,000 British firearm owners have been dumped online as a Google Earth-compatible .csv file that pinpoints domestic homes as likely firearm storage locations – a worst-case scenario for victims of the breach.…

Categories: News

Drowning in cybersecurity info? Make a dash to Security SOS Week 2021

The Register - Tue, 31/08/2021 - 07:30
Dive deep into key topics – and still have time for lunch

Sponsored  Tapping into leading edge cyber security knowledge can be like listening to the radio. There’s a lot of great stuff out there, the trick is tuning out the noise.…

Categories: News

Bangkok Airways hit by LockBit ransomware attack, loses lotsa data after refusing to pay

The Register - Tue, 31/08/2021 - 06:15
Partial credit card numbers appear and, worse still, passengers' meal preferences

Bangkok Airways has revealed it was the victim of a cyberattack from ransomware group LockBit on August 23rd, resulting in the publishing of stolen data.…

Categories: News

Boffins find if you torture AMD Zen+, Zen 2 CPUs enough, they are vulnerable to Meltdown-like attack

The Register - Mon, 30/08/2021 - 22:49
Chip biz's fix involves performance-inhibiting LFENCE, if warranted

Computer scientists at TU Dresden in Germany have found that AMD's Zen processor family is vulnerable to a data-bothering Meltdown-like attack after all.…

Categories: News

Microsoft warns of widespread open redirection phishing attack – which Defender can block, coincidentally

The Register - Fri, 27/08/2021 - 22:59
Some tactics never change much

Microsoft has warned that it has been tracking a widespread credential-phishing campaign that relies on open redirector links, while simultaneously suggesting it can defend against such schemes.…

Categories: News

Slap on wrist for NCC Group over CREST exam-cheating scandal as infosec org agrees to rewrite NDAs and more

The Register - Fri, 27/08/2021 - 16:55
Two 'historic' incidents nearly a decade ago, says statement

British infosec firm NCC Group has been rapped over the knuckles after infosec accreditation body CREST found it was "vicariously responsible" for employees who helped staff cheat certification exams.…

Categories: News

Azure's now-fixed Cosmos DB flaw could have been exploited to read, write any database

The Register - Fri, 27/08/2021 - 02:16
Microsoft today warns thousands of customers of ChaosDB security hole that lay dormant for months

Infosec outfit Wiz has revealed that Microsoft’s flagship Azure database Cosmos DB could have been exploited to grant any Azure user full admin access – including the ability to read, write, and delete data – to any Cosmos DB instance on Azure. Without authorization. For months.…

Categories: News

Surveillance tech company sues Police Digital Service over 'flawed' scoring of bids on £18m contract

The Register - Thu, 26/08/2021 - 10:27
Excession chief exec testifies in High Court of England and Wales

A company is suing the Police Digital Service (PDS) over a framework worth up to £18m after losing a bid to provide a mass surveillance platform, claiming police managers broke laws on the awarding of public contracts.…

Categories: News

Big tech proud as punch about cameos in Joe Biden's security theatre

The Register - Thu, 26/08/2021 - 08:59
After White House summit, AWS promises MFA tokens, Google and Microsoft spray money, IBM 'announces' snapshots against ransomware

US President Joe Biden staged a cyber security summit at the White House, and it's produced quick results in the form of big tech making vague promises about stuff they think will improve the nation's security…

Categories: News

Atlassian warns of critical Confluence flaw

The Register - Thu, 26/08/2021 - 07:00
9.8-rated bug allows arbitrary code execution – possibly without authentication

Atlassian has warned users of its Confluence Server that they need to patch the product to remedy a Critical-rated flaw.…

Categories: News

Israeli firm Bright Data named as enabler of Philippines government DDOS attacks on opposition groups

The Register - Thu, 26/08/2021 - 05:00
This one has it all: a leaky VPN, creepy proxy networks, 8Chan, clouds hosting wonky workloads, and Swedish digital rights org Qurium

Looks like a case of abuse of the service and/or being careless with what your customers get up to. Swedish digital rights organisation Qurium has alleged that an Israeli company called Bright Data has helped the government of the Philippines to DDOS local human rights organisation Karapatan.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News