I won't bother hunting and reporting more Sony zero-days, because all I'd get is a lousy t-shirt

The Register - Tue, 05/02/2019 - 23:56
It's 2019. Should billion-dollar corps do better than offer swag for vulns?

Analysis  Hunting for exploitable security bugs in software is not an easy way to make a living, and vulnerability researchers say vendors who don't pay out for reports are making life even harder while putting their own products at risk.…

Categories: News

IoT Scale Flaws Enable Denial of Service, Privacy Issues

Kapersky Labs - Tue, 05/02/2019 - 22:09
Flaws in this connected smart scale might give the diet-challenged a legitimate reason to be nervous.
Categories: News

Google: All your leaked passwords are belong to us – here's a Chrome extension to find them

The Register - Tue, 05/02/2019 - 21:38
And I'm OK with this, says chief of HaveIBeenPwned

During its incessant web crawling, Google's search engine constantly encounters credentials dumped by hackers or left exposed by the careless. And because it can, the ad confectionery copies and encrypts these spilled usernames and passwords.…

Categories: News

Google Patches Critical .PNG Image Bug

Kapersky Labs - Tue, 05/02/2019 - 16:40
Eleven critical bugs will be patched as part of the February Android Security Bulletin.
Categories: News

Webcast: Arm yourself before you go threat hunting in 2019

The Register - Tue, 05/02/2019 - 16:26
Join Carbon Black at livestreamed event based on global independent research

Promo  As cyber attackers evolve their techniques, businesses are exposed to a relentless stream of worrying data security breaches. The latest big one hit hotel group Marriott International in November 2018, and may have led to the personal information of up to 500 million guests being compromised.…

Categories: News

EU Recalls Children’s Smartwatch That Leaks Location Data

Kapersky Labs - Tue, 05/02/2019 - 15:15
The children's smartwatch allows bad actors to track their location and communicate with them, according to the alert.
Categories: News

RIP, RDP: Security house Check Point punches holes in desktop controls

The Register - Tue, 05/02/2019 - 14:07
25 bugs, three apps – endless pwnage

Security firm Check Point has found some 25 security vulnerabilities in three of the most popular remote desktop protocol (RDP) tools for Windows and Linux.…

Categories: News

Remote Desktop Protocol Clients Rife with Remote Code-Execution Flaws

Kapersky Labs - Tue, 05/02/2019 - 14:00
Several flaws in both open-source RDP clients and in Microsoft's own proprietary client make it possible for a malicious RDP server to infect a client computer – which could then allow for an intrusion into the IT network as a whole.
Categories: News

Original WWII German message decrypts to go on display at National Museum of Computing

The Register - Tue, 05/02/2019 - 13:09
Colossal intercepts are just the Bombe

Bletchley Park's National Museum of Computing will be exhibiting original, freshly discovered decrypted WWII messages to coincide with the 75th anniversary of D-Day this June – messages that were broken by the Colossus machines based on the museum's site.…

Categories: News

The APT Name Game: How Grim Threat Actors Get Goofy Monikers

Kapersky Labs - Tue, 05/02/2019 - 11:00
How do advanced persistent threat groups such as Double Secret Octopus and Anchor Panda get their ridiculous names?
Categories: News

Fake fuse: Bloke admits selling counterfeit chips for use in B-1 bomber, other US military gear

The Register - Tue, 05/02/2019 - 00:58
E-waste partly to blame for proliferation of deceptively marketed silicon

Rogelio Vasquez, the owner of California-based PRB Logics Corporation, has pleaded guilty to selling fake branded semiconductor chips from China, some of which made their way into US military systems.…

Categories: News

Hi, Jack'd: A little PSA for anyone using this dating-hook-up app... Anyone can slurp your private, public snaps

The Register - Tue, 05/02/2019 - 00:06
Talk about a security cock-up – vuln exposing intimate snaps left wide open for 'months'

Dating-slash-hook-up app Jack'd is exposing to the public internet intimate snaps privately swapped between its users, allowing miscreants to download countless X-rated selfies without permission.…

Categories: News

Boffin suggests Trappist monk approach for Spectre-Meltdown-grade processor flaws, other security holes: Don't say anything public – zip it

The Register - Mon, 04/02/2019 - 22:36
Prof asks: What good comes from letting everyone know a vulnerability exists?

A computer engineering professor has an interesting idea for how to handle the public disclosure of serious vulnerabilities: don't.…

Categories: News

Spy Campaign Spams Pro-Tibet Group With ExileRAT

Kapersky Labs - Mon, 04/02/2019 - 20:45
Referencing the Dalai Lama, the spam campaign is targeting recipients of a mailing list run by the Central Tibetan Administration.
Categories: News

LibreOffice patches malicious code-execution bug, Apache OpenOffice... wait for it, wait for it... doesn't

The Register - Mon, 04/02/2019 - 20:07
Remote scripting flaw in open-source productivity suites is at least partly fixed

A security flaw affecting LibreOffice and Apache OpenOffice has been fixed in one of the two open-source office suites. The other still appears to be vulnerable.…

Categories: News

European Commission orders mass recall of creepy, leaky child-tracking smartwatch

The Register - Mon, 04/02/2019 - 17:16
Hackers can talk to and locate the wearer, warns notice

The European Commission has ordered the recall of a smartwatch aimed at kids that allows miscreants to pinpoint the wearer's location, posing a potentially "serious risk".…

Categories: News

‘Collection #1’ Data Dump Hacker Identified

Kapersky Labs - Mon, 04/02/2019 - 16:00
Despite several threat actors stating they are behind a massive 773M credential dump, researchers believe they have found the real distributor.
Categories: News

SpeakUp Linux Backdoor Sets Up for Major Attack

Kapersky Labs - Mon, 04/02/2019 - 14:00
Armed with an impressive bag of exploits and other tricks for propagation, researchers believe the new trojan could be the catalyst for an upcoming, major cyber-offensive.
Categories: News


Subscribe to Sec Tec Limited aggregator - News