Parliament IT bods' fail sees server's naked OS exposed to world+dog

The Register - Tue, 18/06/2019 - 13:01
Contents were cached by Google so we can all point and giggle

Someone in the Parliamentary Digital Service managed to leave a server so completely exposed to the internet that Google indexed the Windows machine’s operating system.…

Categories: News

Freaking out about fiendish IoT exploits? Maybe stop disable telnet and change that default password first?

The Register - Tue, 18/06/2019 - 12:00
Home devices are so poorly guarded, attackers don't even need sophisticated tools

While netizens and journalists worry about criminals and spies using sophisticated cyber-weapons to hijack Internet of Things devices, basic security protections are being overlooked – and pose a far greater threat.…

Categories: News

Smash GandCrab: Free tools released to decrypt files scrambled by notorious ransomware

The Register - Tue, 18/06/2019 - 06:48
Bitdefender teams up with FBI, cops to rescue Windows PC documents

Victims of the latest incarnations of the GandCrab ransomware now have a way to reclaim their files without paying a penny to extortionists, thanks to the release of a decryption tool.…

Categories: News

Samsung reminds rabble to scan smart TVs for viruses – then tries to make them forget

The Register - Tue, 18/06/2019 - 01:07
Tweet deleted as telly maker reconsiders damning but refreshingly honest messaging

Samsung on Sunday sent out a tweet urging people to check their Sammy smart TVs for viruses – and then deleted the message, as if someone realized that highlighting the risks posed by connected TVs may be bad for business.…

Categories: News

Sad SACK: Linux PCs, servers, gadgets can be crashed by 'Ping of Death' network packets

The Register - Mon, 17/06/2019 - 20:59
Don't let miscreants play hacky-SACK with your gear. Apply these mitigations, patches now if you can

It is possible to crash network-facing Linux servers, PCs, smartphones and tablets, and gadgets, or slow down their network connections, by sending them a series of maliciously crafted packets. It is also possible to hamper FreeBSD machines with the same attack.…

Categories: News

Why are fervid Googlers making ad-blocker-breaking changes to Chrome? Because they created a monster. And are fighting to secure it

The Register - Mon, 17/06/2019 - 11:03
We said engineers made the API too powerful. We weren't wrong

Analysis  In a mild PR blitz, Google engineers this month insisted the ad giant's shake up of Chrome browser extensions won't kill advert blockers. Instead, we're told, Googlers are making the plugins safer. Those engineers have more work to do than it may seem.…

Categories: News

Black Hat USA axes anti-abortion congressman as keynote speaker after outcry – and more news from infosec land

The Register - Sat, 15/06/2019 - 08:25
Your quick guide to hacks, patches and scandal

Roundup  Here's a quick roundup of recent infosec news beyond what we've already reported.…

Categories: News

When virtual mittens sell for thousands, of course gamers are ripe targets for cyber shenanigans

The Register - Fri, 14/06/2019 - 10:15
Guys, your security hygiene stinks

Akamai Edge World  Players of games like Fortnite and Minecraft have emerged as juicy targets for cybercriminals.…

Categories: News

Yubico YubiKey lets you be me: Security blunder sparks recall of govt-friendly auth tokens

The Register - Thu, 13/06/2019 - 22:57
For FIPS sake!

Yubico is recalling one of its YubiKey lines after the authentication dongles were found to have a security weakness.…

Categories: News

Hacking these medical pumps is as easy as copying a booby-trapped file over the network

The Register - Thu, 13/06/2019 - 20:22
Uncle Sam sounds alarm after Windows CE SMB left wide open on hospital equipment

Two security vulnerabilities in medical workstations can exploited by scumbags to hijack the devices and connected infusion pumps, potentially causing harm to patients, the US government revealed today.…

Categories: News

No Telegram today, protestors: Chinese boxes DDoS chat app amid Hong Kong protest

The Register - Thu, 13/06/2019 - 16:00
That Guns N' Roses album* might be out soon... or not

Chat app Telegram has reportedly been DDoS'd, with its downtime coinciding with protests in Hong Kong against repressive new Chinese laws.…

Categories: News

Train to be a top-notch cybercrime detective at SANS DFIR Europe Summit in Prague

The Register - Thu, 13/06/2019 - 15:30
Immerse yourself in forensic training with autumn

Promo  If you work in digital forensics or incident response and would like to advance to a higher level, the annual Digital Forensics and Incident Response (DFIR) event staged by security training company SANS is a must.…

Categories: News

UK Home Sec kick-starts US request to extradite ex-WikiLeaker Assange

The Register - Thu, 13/06/2019 - 12:11
Sajid Javid inks court papers for hearing tomorrow

UK Home Secretary Sajid Javid revealed this morning that he has signed papers to have Julian Assange extradited to the US.…

Categories: News

This is grim, Vim and Neovim: Opening this crafty file in your editor may pwn your box. Patch now if not already

The Register - Wed, 12/06/2019 - 19:53
Welcome to Vim Sh*tty 2000

Proof-of-concept text files are now available that, when opened in a vulnerable installation of the Vim and Neovim text and code editors, will execute commands on the underlying machine, or even open a backdoor.…

Categories: News

Wondering where that upcoming meeting with 'Cheap Viagra' came from? Spammers beat Gmail filters by abusing Google Calendar, Forms, Photos, Analytics...

The Register - Wed, 12/06/2019 - 00:54
Kaspersky fingers pro-G filters for letting cyber-muck through

Spammers are abusing the preferential treatment Google affords its own apps to score free passes through Gmail's spam filters, it was claimed this week.…

Categories: News

RAMBleed picks up Rowhammer, smashes DRAM until it leaks apps' crypto-keys, passwords, other secrets

The Register - Tue, 11/06/2019 - 23:26
Boffins blast boards to boost bits

Bit boffins from Australia, Austria, and the US have expanded upon the Rowhammer memory attack technique to create more dangerous variation called RAMBleed that can expose confidential system memory.…

Categories: News

It is with a heavy heart that we must report that your software has bugs and needs patching: Microsoft, Adobe, SAP, Intel emit security fixes

The Register - Tue, 11/06/2019 - 22:39
And Google drops a zero-day on Windows after deadline miss

Patch Tuesday  Microsoft, Adobe, Intel, and SAP have all emitted their latest Patch Tuesday batch of security fixes. Users and admins are encouraged to test and install the updates as soon as humanly possible.…

Categories: News

Have I Been S0ld? Troy Hunt's security website is up for acquisition

The Register - Tue, 11/06/2019 - 13:30
'Time to grow up,' says geek behind breach database

Troy Hunt, inventor and operator of the popular security website Have I Been Pwned (HIBP), is putting the service up for sale.…

Categories: News

JavaScript tells all, which turns out not to be so great for privacy: Side-channel leaks can be exploited to follow you around the interweb

The Register - Tue, 11/06/2019 - 09:58
And using browser privacy extensions may just make matters worse

Boffins from Graz University of Technology in Austria have devised an automated system for browser profiling using two new side channel attacks that can help expose information about software and hardware to fingerprint browsers and improve the effectiveness of exploits.…

Categories: News

US border cops confirm: Maker of America's license-plate, driver recognition tech hacked, camera images swiped

The Register - Mon, 10/06/2019 - 23:57
That story we broke in May? It is still true – and perhaps even worse than first thought

The US Customs and Border Patrol today said hackers broke into one of its bungling technology subcontractors – and made off with images of people and their vehicle license plates as they passed through America's land border.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News