Myanmar’s new military government bans Facebook

The Register - Thu, 04/02/2021 - 00:24
Oh look, Cloudflare spots a sudden surge in use of other messaging apps

The new self-appointed military government of Myanmar has temporarily banned Facebook.…

Categories: News

More patches for SolarWinds Orion after researchers find flaw allowing low-priv users to execute code, among others

The Register - Wed, 03/02/2021 - 21:25
Probably not used by last year's US government-busting attackers, though

As if that supply chain attack wasn't bad enough, SolarWinds has had to patch its Orion software again after eagle-eyed researchers discovered fresh vulnerabilities – including one that can be exploited to achieve remote code execution.…

Categories: News

Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET

The Register - Wed, 03/02/2021 - 12:30
Linux variant studied, dissected in detail in case you want to look out for it

ESET researchers say they have found a lightweight strain of malware that targets multiple OSes and has hit supercomputers, an ISP, and other organisations.…

Categories: News

Location tracking report: X-Mode SDK still in wide use in Android apps despite Google ban

The Register - Wed, 03/02/2021 - 10:15
450 Android apps track location, 1.7bn downloads, 44% use X-Mode code: only 10% pulled off Play Store

A report on Android apps that do location tracking identified 450 apps that use tracker SDKs, many of which use an SDK called X-Mode, which Apple and Google have banned, but are still in Google's Play Store.…

Categories: News

Rubbish software security patches responsible for a quarter of zero-days last year

The Register - Wed, 03/02/2021 - 08:03
Google wants researchers, vendors to stop making attacks easy

Enigma  To limit the impact of zero-day vulnerabilities, Google security researcher Maddie Stone would like those developing software fixes to stop delivering shoddy patches.…

Categories: News

Spanish banished: Google Chrome to snub Camerfirma for lax cert management

The Register - Tue, 02/02/2021 - 08:02
Mozilla meanwhile wants to continue compliance discussions with security certificate vendor

When Google Chrome 90 arrives in April, visitors to websites that depend on TLS server authentication certificates from AC Camerfirma SA, a digital certificate authority based in Madrid, Spain, will find that those sites no longer present the secure lock icon.…

Categories: News

In wake of Apple privacy controls, Facebook mulls just begging its iOS app users to let it track them over the web

The Register - Mon, 01/02/2021 - 23:42
I am once again asking for your financial support, says Zuckerberg's empire

Facebook has created a new screen in its iOS app that will urge people to allow it to continue stalking their online activities for targeted advertising.…

Categories: News

US court system ditches electronic filing, goes paper-only for sensitive documents following SolarWinds hack

The Register - Mon, 01/02/2021 - 21:25
Lawyers required to hand in dead-tree copies. No, seriously

The US court system has banned the electronic submission of legal documents in sensitive cases out of concern that Russian hackers have compromised the filing system.…

Categories: News

Chrome 89 beta: Google presses on with 'advanced hardware interactions' that Mozilla, Apple see as harmful

The Register - Mon, 01/02/2021 - 17:54
Adding Serial API, Web NFC support, richer human interface device support

Google has released a beta of Chrome 89, adding further hardware interaction APIs even though Mozilla and Apple consider many of these features harmful, as well as introducing a desktop-sharing API for Windows and Chrome OS.…

Categories: News

Ransomware attack takes out UK Research and Innovation's Brussels networking office

The Register - Mon, 01/02/2021 - 16:24
'Sensitive' personal data not accessed – so what about names and contact deets?

UK Research and Innovation, the British government's science and research organisation, has temporarily turned off a couple of its web-facing services after an apparent ransomware attack.…

Categories: News

£30m in contracts awarded in Post Office's £357m ATM overhaul

The Register - Mon, 01/02/2021 - 12:22
New network will have 600 fewer cash machines

The UK Post Office has awarded two contracts worth a total of £30m for a banking network and ATMs system in a procurement expected to be worth £357m once all contracts are awarded.…

Categories: News

Countless emails wrongly blocked as spam after Cisco's SpamCop failed to renew domain name at the weekend

The Register - Mon, 01/02/2021 - 07:04
Plus: Second ransomware operation in the sights of Uncle Sam – and the insurance industry under fire for fueling extortionware rise

In brief  Cisco's anti-spam service SpamCop failed to renew over weekend, causing it to lapse, which resulted in countless messages being falsely labeled and rejected as spam around the world.…

Categories: News

Google QUIC-ly left privacy behind in its quest for a speedier internet, boffins find

The Register - Sat, 30/01/2021 - 00:10
Promising protocol much easier to fingerprint than HTTPS

Google's QUIC (Quick UDP Internet Connections) protocol, announced in 2013 as a way to make the web faster, waited seven years before being implemented in the ad giant's Chrome browser. But it still arrived before privacy could get there.…

Categories: News

Severe bug in Libgcrypt – used by GPG and others – is a whole heap of trouble, prompts patch scramble

The Register - Fri, 29/01/2021 - 20:21
Recently released cryptography code easily undone by trivial buffer overflow

Google Project Zero researcher Tavis Ormandy on Thursday reported a severe flaw in Libgcrypt 1.9.0, an update to the widely used cryptographic library that was released ten days ago.…

Categories: News

European Commission redacts AstraZeneca vaccine contract – but forgets to wipe the bookmarks tab

The Register - Fri, 29/01/2021 - 17:09
Open that little box and bingo, clear text of the whole PDF

The European Commission's war of words against pharma company AstraZeneca over COVID-19 virus vaccines has descended into farce after Brussels accidentally published an unredacted version of a disputed supply contract.…

Categories: News

If you want to leg it through China’s Great Firewall, don't forget to pull on your newly darned Shadowsocks

The Register - Thu, 28/01/2021 - 02:22
Censorship-busting tool updated, advice on how to use it to evade blockades published

China’s recent upgrades to its content-blocking Great Firewall can be circumvented, according to the censorship fighters of the Great Firewall Report.…

Categories: News

Knock, knock. Who's there? NAT. Nat who? A NAT URL-borne killer

The Register - Wed, 27/01/2021 - 20:26
Last year's slipstream technique revived to pierce vulnerable firewalls – browsers patched to thwart bypass attempts

Video  Ben Seri and Gregory Vishnepolsky, threat researchers at Armis, have found a way to expand upon the NAT Slipstream attack disclosed last year by Samy Kamkar, CSO of Openpath Security.…

Categories: News

Stack Overflow 2019 hack was guided by advice from none other than... Stack Overflow

The Register - Wed, 27/01/2021 - 19:31
Vulnerabilities in build systems, secrets in source code: developer environments are an attack target

Developer site Stack Overflow has published details of a breach dating back to May 2019, finding evidence that an intruder in its systems made extensive use of Stack Overflow itself to determine how to make the next move.…

Categories: News

Command 'n' control botnet of notorious Emotet Windows ransomware shut down in multinational police raid

The Register - Wed, 27/01/2021 - 17:13
Europol-led op knocks offline 700 servers used to infect 'millions of computers'

EU police agency Europol has boasted of taking down the main botnet powering the Emotet trojan-cum-malware dropper, as part of a multinational police operation that included raids on the alleged operators’ homes in the Ukraine.…

Categories: News

Today's 'sophisticated cyber attack' victim is the Woodland Trust: Pre-Xmas breach under investigation

The Register - Wed, 27/01/2021 - 15:30
Potentially 250,000 reasons UK nature conservation charity was targeted

The Woodland Trust, a peaceful British charity that looks after trees, was struck by a “cyber attack” before Christmas.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News