ProxyLogon flaw, evil emails, SQL injections used to open backdoors on Windows boxes

The Register - Wed, 25/08/2021 - 20:50
Multi-use toolkit deployed on victims' networks across Asia, North America

ESET and TrendMicro have identified a novel and sophisticated backdoor tool that miscreants have slipped onto compromised Windows computers in companies mostly in Asia but also in North America.…

Categories: News

Mirai-style IoT botnet is now scanning for router-pwning critical vuln in Realtek kit

The Register - Wed, 25/08/2021 - 18:11
Researchers warn of Dark.IoT's rapidly evolving nasty

A denial-of-service vulnerability affecting SDKs for Realtek chipsets used in 65 vendors' IoT devices has been incorporated into a son-of-Mirai botnet, according to new research.…

Categories: News

Fake Apple rep amasses 620,000+ stolen iCloud pics, vids in hunt for images of nude women to trade

The Register - Tue, 24/08/2021 - 22:37
Scumbag spent years tricking victims into handing over login details

A California man this month admitted he hoarded hundreds of thousands of photos and videos stolen from strangers' Apple iCloud accounts to find and share images of nude young women.…

Categories: News

Proofpoint wins $14m from ex-VP and French email security rival in IP theft court battle

The Register - Tue, 24/08/2021 - 17:57
Jury finds message-filtering tech misappropriation was 'wilful and malicious'

Infosec firm Proofpoint has won $14m from a former vice president and his new employer after a jury found they had unlawfully used its trade secrets when he moved to the other company.…

Categories: News

Chinese auto-maker accused of altering data after fatal autonomous car accident

The Register - Tue, 24/08/2021 - 09:02
Driver assistance feature was engaged in level-2 autonomous car at time of incident

Police are investigating an electrical vehicle company in China following claims that car data was tampered with following a fatal collision.…

Categories: News

Poly Network says it's got pretty much all of that $610m in stolen crypto-coins back

The Register - Mon, 23/08/2021 - 23:37
'I'm quitting the show' says mystery thief

Poly Network says virtually all of the crypto-currency funds, valued at $610m, stolen from it by a thief have been returned.…

Categories: News

Razer to fix Windows installer that grants admin powers if you plug in a mouse

The Register - Mon, 23/08/2021 - 22:22
Plus: Cloudflare tackles huge DDoS attack, Apple and CSAM, and more

In brief  Razer is working on an updated installer after it was discovered you can gain admin privileges on Windows by plugging in one of the gaming gear maker's mice or keyboards.…

Categories: News

38 million records exposed by misconfigured Microsoft Power Apps. Redmond's advice? RTFM

The Register - Mon, 23/08/2021 - 21:17
Low-code platform comes with high expectations that folks understand security

Forty-seven government entities and privacy companies, including Microsoft, exposed 38 million sensitive data records online by misconfiguring the Windows giant's Power Apps, a low-code service that promises an easy way to build professional applications.…

Categories: News

Worried ransomware merchants know more about file storage than you do? You should be…

The Register - Mon, 23/08/2021 - 18:00
Find out more at Nasuni CloudBound21

Promo  If you’re still not convinced of the need to reexamine your whole approach to file management, perhaps a ransomware attack will change your mind.…

Categories: News

Facebook sat on report that reveals most-shared post for months was questionable COVID story

The Register - Mon, 23/08/2021 - 04:31
Then published its successor and claimed that was its debut effort

Facebook has revealed a report that shows the most-shared link on the platform in the first three months of 2021 described questionable interpretation of a death attributed to a COVID-19 vaccination – but only did so after publishing a later and more flattering report.…

Categories: News

Cloud load balancer snafu leads to 3D printer user printing on a stranger's kit

The Register - Fri, 20/08/2021 - 14:47
Founder of The Spaghetti Detective apologises for config cockup

A 3D printer remote monitoring company accidentally exposed users' printers to each other after a cloud reconfiguration snafu.…

Categories: News

UK's Surveillance Camera Commissioner grills Hikvision on China human rights abuses

The Register - Fri, 20/08/2021 - 10:54
Eye-catching letter exchange revealed

The China-based surveillance equipment manufacturer accused of being linked to the human rights abuse of the Uyghur ethnic minority in Xinjiang has denied any wrongdoing in a heated exchange with the UK's Surveillance Camera Commissioner.…

Categories: News

Apple's bright idea for CSAM scanning could start 'persecution on a global basis' – 90+ civil rights groups

The Register - Thu, 19/08/2021 - 20:22
Letter to Cook & Co warns image-probing tech could also harm kids

More than ninety human rights groups from around the world have signed a letter condemning Apple's plans to scan devices for child sexual abuse material (CSAM) – and warned Cupertino could usher in "censorship, surveillance and persecution on a global basis."…

Categories: News

Buyout of British defence supplier Ultra Electronics paused by over competition concerns

The Register - Thu, 19/08/2021 - 14:54
Regulator will report back to DCMS after 5-month probe

The British government has intervened in the US buyout of defence supplier Ultra Electronics, temporarily halting the acquisition and prohibiting any tech transfer overseas.…

Categories: News

After reportedly dragging its feet, BlackBerry admits, yes, QNX in cars, equipment suffers from BadAlloc bug

The Register - Thu, 19/08/2021 - 02:35
Four months after Microsoft went public, ex-RIM biz puts its hand up

BlackBerry this week issued a critical security advisory for past versions of its QNX Real Time Operating System (RTOS), used in more than 175m cars, medical equipment, and industrial systems.…

Categories: News

OK, so you stole $600m-plus from us, how about you be our Chief Security Advisor, Poly Network asks thief

The Register - Wed, 18/08/2021 - 21:29
Could it be a trap?

The mysterious thief who stole $600m-plus in cryptocurrencies from Poly Network has been offered the role of Chief Security Advisor at the Chinese blockchain biz.…

Categories: News

Researchers find high-severity command injection vuln in Fortinet's web app firewall

The Register - Wed, 18/08/2021 - 17:38
Mitigation: Don't let randomers from the internet log in to your firewall

Updated  A command injection vulnerability exists in Fortinet's management interface for its FortiWeb web app firewall, according to infosec firm Rapid7.…

Categories: News

Un-carrier? Definitely Unsecure: T-Mobile US admits 48m customers' details stolen after downplaying reports

The Register - Wed, 18/08/2021 - 13:37
Affected users to get free McAfee ID protection, so that's OK then

T-Mobile US has begun admitting to the theft of 100 million user accounts in stages, confessing overnight that 8 million people's personal details had been stolen from its servers.…

Categories: News

China orders annual security reviews for all critical information infrastructure operators

The Register - Wed, 18/08/2021 - 08:58
Almost any org that could expose data needs a dedicated security team with an obligation to report breaches

China's government has introduced rules for protection of critical information infrastructure.…

Categories: News

Apple says its CSAM scan code can be verified by researchers. Corellium starts throwing out dollar bills

The Register - Tue, 17/08/2021 - 23:10
Here's $15,000 to make that third-party inspection happen, says Florida outfit

Last week, Apple essentially invited security researchers to probe its forthcoming technology that's supposed to help thwart the spread of known child sexual abuse material (CSAM).…

Categories: News


Subscribe to Sec Tec Limited aggregator - News