News

New security guidance calls for random webcam snaps to authenticate users, adoption of VPN and MFA

India’s Securities and Exchange Board (SEBI) appears to have sent a circular to stock exchanges that calls for market participants to upgrade information security as bad actors seek to take advantage of the financial services industry’s move to working from home.…

Chocolate Factory spills beans on make-me-admin flaw

Google's Project Zero bug-hunting team has disclosed a Windows kernel flaw that's being actively exploited by miscreants to gain administrator access on compromised machines.…

Yep, it's the artists occasionally known as APT28

The US government, in full pre-presidential election high alert, has issued a warning about an evolved strain of backdoor malware from a Russian offensive cyber unit.…

UK watchdog's mooted £99m penalty comes in at just £18.4m

Your name, address, phone number, email address, passport number, date of birth, and sex are worth just £0.05 in the eyes of the UK Information Commissioner's Office, which has fined Marriott £18.4m after 339 million people's data was stolen from the hotel chain.…

And the 'acceptable company name' charset is hardcoded... in legislation

Companies House has blocked someone who registered a new biz with a name that contained the right characters arranged in the right order to trigger a cross-site scripting (XSS) attack against users of the service's API.…

CyberStart America challenge aims to find talented network defenders

Starting on Friday, US high school students can register to participate in CyberStart America, an online puzzle-solving game designed to identify cybersecurity talent and qualify participants for an opportunity to compete in the National Cyber Scholarship Competition next year.…

First, you need to prove to the budget holder that you’ve got a problem

Sponsored  Weak password security is a torment that afflicts networks in so many ways. On the user side is the certainty of hopeless and reused passwords, while on the attacker’s side are a gamut of techniques for targeting them such as phishing, credential stuffing, brute forcing, and spotting backdoors to hidden applications such as RDP, SSH, and shadow IT.…

Stark warning from SANS' Johannes Ullrich - RCE's gonna GET 'ya

Last week Oracle released one of its mammoth quarterly patch dumps - with 402 fixes. Well, it turns out that if you missed one and you're running WebLogic 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0, you've probably already been tagged by hackers.…

Big money in American politics proves chum in the water for online sharks

As America counts down to the November 3 elections, things are tense for political campaigns. There's a lot of money flying around and the online criminals have sensed blood in the water.…

'Facebook You Owe Us' wants to run a not-quite-class-action-style lawsuit

A campaign to sue Facebook over lax privacy policies that allowed Cambridge Analytica to slurp almost a million people's personal data from the social networking website hopes to become a representative action in the High Court, its instigators said today.…

And infosec firms say it's only got worse over this year

Ryuk ransomware is being aggressively deployed to target US healthcare institutions, government cyber organisations in the US have warned.…

Let us show you how to outsmart them

Webcast  If you think cybercriminals and hackers are without a shred of empathy or human understanding, you’d be wrong.…

Scheme to roll out across firm's device portfolio in coming months

Motorola will push ThinkShield onto the business end of its smartphone portfolio, as an extension of the security and management programme on Lenovo's laptop and desktop line.…

Companies are a bigger threat than governments – because they're less regulated

Interview  Cyber Privacy: Who Has Your Data and Why You Should Care is the title of a new book from April Falcon Doss, formerly associate general counsel for intelligence law at the US National Security Agency. Doss spoke to The Register about her concerns with pervasive data collection and its potential for harm.…

Challenges jury verdict immediately and offers to pay one percent of damages

French services outfit Atos has been ordered to pay $855m for pinching a rival’s trade secrets.…

Kaspersky’s License Management Portal helps MSPs and resellers get tech to users fast

Promo  Cyber-criminals never sleep, so neither should your customers’ security teams or your own managed service operations.…

Senator Wyden puts surveillance nerve-center on blast

It's said the NSA drew up a report on what it learned after a foreign government exploited a weak encryption scheme, championed by the US spying agency, in Juniper firewall software.…

Revelations triggered by previous police abuse, court hears

A former BAE Systems software engineer who allegedly leaked top-secret details about a frontline missile system also ignored orders from police to hand over passwords to his electronic devices, a court has heard.…

It's 2020 and the enemy isn't at the gate anymore. It's in your network, probing your switches and servers

Sponsored  It's 2020 and the enemy isn't at the gate anymore. It's in your network, probing your switches and servers. That makes the gate irrelevant. So what do you do now?…

Credit reference agency recycled personal details for marketing purposes, says regulator

Experian has been rapped over the knuckles by the UK's Information Commissioner's Office (ICO) after it discovered the credit reference agency was trading "millions" of people's data for marketing purposes.…