News

Japan draws a LINE: web giants must reveal where they store user data

The Register - Thu, 16/12/2021 - 06:46
Looks a lot like a response to messaging services passing data through China

Social media and search engine operators in Japan will be required to specify the countries in which users' data is physically stored, under a planned tweak to local laws.…

Categories: News

Facebook expands bug bounty program to include scraping attacks, two years after it was scraped – hard

The Register - Thu, 16/12/2021 - 01:33
But still allows limited harvesting

Meta has expanded its bug bounty program to include payouts for reports of scraping attacks on Facebook – but hold your applause.…

Categories: News

As CISA tells US govt agencies to squash Log4j bug by Dec 24, fingers start pointing at China, Iran, others

The Register - Wed, 15/12/2021 - 23:31
Microsoft says cyber-spies linked to Beijing, Tehran are getting busy with security flaw along with world + dog

Microsoft reckons government cyber-spies in China, Iran, North Korea, and Turkey are actively exploiting the Log4j 2.x remote-code execution hole.…

Categories: News

US lawmakers want to put NSO Group, 3 other spyware makers out of business with fresh severe sanctions

The Register - Wed, 15/12/2021 - 20:50
Export controls aren't enough, Dems say: Bring on the Global Magnitsky Act

Eighteen US Democratic lawmakers have asked the Treasury Department and State Department to punish Israel-based spyware maker NSO Group and three other surveillance software firms for enabling human rights abuses.…

Categories: News

Pen Test Partners: Anyone could view Gumtree users' GPS location by pressing F12

The Register - Wed, 15/12/2021 - 15:31
And online flea market had IDOR in an iOS-focused API

UK online used goods bazaar Gumtree exposed its users' home addresses in the source code of its webpages, and then tried to squirm out of a bug bounty after infosec bods alerted it to the flaw.…

Categories: News

Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild

The Register - Wed, 15/12/2021 - 03:29
Round off the year with a large crop of fixes for programming blunders

Patch Tuesday  It's not just Log4j you need to worry about this week. It's the final Patch Tuesday of the year.…

Categories: News

Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16

The Register - Tue, 14/12/2021 - 23:30
Now open-source logging library's JNDI disabled entirely by default, message lookups removed

Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet.…

Categories: News

You may have cracked serverless development, but it’s almost certain you haven’t solved serverless security

The Register - Tue, 14/12/2021 - 18:00
Here’s how to secure that ever-expanding attack surface

Paid Post  Serverless is revolutionizing software development, allowing organizations to produce applications which consume cloud resources only when they need to. Developing applications this way also dramatically reduces the amount of code to write while increasing the velocity of completed applications.…

Categories: News

Popular password manager LastPass to be spun out from LogMeIn

The Register - Tue, 14/12/2021 - 17:11
Private equity owners play pass the parcel

One of the biggest beasts in the password management world, LastPass, is being spun out from parent LogMeIn as a "standalone cloud security" organisation.…

Categories: News

MPs charged with analysing Online Safety Bill say end-to-end encryption should be called out as 'specific risk factor'

The Register - Tue, 14/12/2021 - 16:00
Too far? Committee thinks it doesn't go far enough

Britain's Online Safety Bill is being enthusiastically endorsed in a "manifesto" issued today by MPs who were tasked with scrutinising its controversial contents.…

Categories: News

Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching

The Register - Mon, 13/12/2021 - 23:07
This might be the bug that deserves the website, logo and book deal

Miscreants are wasting no time in using the widespread Log4j vulnerability to compromise systems, with waves and waves of live exploit attempts focused mainly – for now – on turning infected devices into cryptocurrency-mining botnet drones.…

Categories: News

When disaster strikes, data recovery really is a race against time

The Register - Mon, 13/12/2021 - 18:00
But exactly how much time are we talking about?

Webinar  When it comes to recovering after a catastrophic event such as a ransomware attack or data center failure, time is necessarily of the essence.…

Categories: News

Is VPOTUS Bluetooth-phobic or sensible? The answer's pretty clear

The Register - Mon, 13/12/2021 - 17:01
Plus: bugs found on Mars! Of the software kind, of course

In Brief  The vice president of the US, Kamala Harris, was mocked by commentators this week for her aversion to Bluetooth on security grounds. Security professionals think she has a point – given her position.…

Categories: News

Timekeeping biz Kronos hit by ransomware and warns customers to engage biz continuity plans

The Register - Mon, 13/12/2021 - 15:07
Big implications for millions of Britons' Christmas pay packets

Kronos Private Cloud has been hit by a ransomware attack. The company, also known as Ultimate Kronos Group (UKG), provides timekeeping services to companies employing millions across the UK.…

Categories: News

Ooh, an update. Let's install it. What could possibly go wro-

The Register - Mon, 13/12/2021 - 08:30
Patching the patch

Who, Me?  Welcome to another Who, Me? confession from the Register readership, and a reminder of the unexpected side effects of software updates.…

Categories: News

Irish Health Service ransomware attack happened after one staffer opened malware-ridden email

The Register - Fri, 10/12/2021 - 21:05
PWC report shows long list of missed opportunities to shut out extortion crims

Ireland's Health Service Executive (HSE) was almost paralysed by ransomware after a single user opened a malicious file attached to a phishing email, a consultancy's damning report has revealed.…

Categories: News

Log4j RCE: Emergency patch issued to plug critical auth-free code execution hole in widely-used logging utility

The Register - Fri, 10/12/2021 - 16:04
Prepare to have a very busy weekend of mitigating and patching

An unauthenticated remote code execution vulnerability in Apache's Log4j Java-based logging tool is being actively exploited, researchers have warned after it was used to execute code on Minecraft servers.…

Categories: News

Revealed: Remember the Sony rootkit rumpus? It was almost oh so much worse

The Register - Fri, 10/12/2021 - 14:02
That time Rootkitting for Dummies might as well have been in Microsoft's Plus! Pack

Retired Microsoft engineer, Dave Plummer, offered a blast from the past last week with a look back at the infamous Sony Windows "rootkit" scandal.…

Categories: News

Ransomwared payroll provider leaks data on 38,000 Australian government workers

The Register - Fri, 10/12/2021 - 05:58
Frontier Software admitted attack three weeks ago, said data was safe … now it's on the dark web

Personal information describing names, addresses, bank account details, and taxation IDs of 38,000 Australian government employees has been leaked to the dark web after a ransomware attack.…

Categories: News

A third of you slackers out there still aren't using HTTPS by default

The Register - Thu, 09/12/2021 - 19:46
And it's really bad news for EV cert vendors in Top 1 Million report

Almost a third of the world wide web's top million sites are still not using HTTPS by default, according to infosec researcher Scott Helme's analysis.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News