News

India securities regulator and stock exchanges worry that crims are exploiting lax work from home security

The Register - Mon, 02/11/2020 - 01:07
New security guidance calls for random webcam snaps to authenticate users, adoption of VPN and MFA

India’s Securities and Exchange Board (SEBI) appears to have sent a circular to stock exchanges that calls for market participants to upgrade information security as bad actors seek to take advantage of the financial services industry’s move to working from home.…

Categories: News

Windows kernel zero-day disclosed by Google's Project Zero after bug exploited in the wild by hackers

The Register - Fri, 30/10/2020 - 21:26
Chocolate Factory spills beans on make-me-admin flaw

Google's Project Zero bug-hunting team has disclosed a Windows kernel flaw that's being actively exploited by miscreants to gain administrator access on compromised machines.…

Categories: News

The Russians are at it again: Zebrocy backdoor malware is evolving, Uncle Sam warns close to eve of presidential election

The Register - Fri, 30/10/2020 - 18:30
Yep, it's the artists occasionally known as APT28

The US government, in full pre-presidential election high alert, has issued a warning about an evolved strain of backdoor malware from a Russian offensive cyber unit.…

Categories: News

Marriott fined £0.05 for each of the 339 million hotel guests whose data crooks were stealing for four years

The Register - Fri, 30/10/2020 - 14:08
UK watchdog's mooted £99m penalty comes in at just £18.4m

Your name, address, phone number, email address, passport number, date of birth, and sex are worth just £0.05 in the eyes of the UK Information Commissioner's Office, which has fined Marriott £18.4m after 339 million people's data was stolen from the hotel chain.…

Categories: News

Why, yes, you can register an XSS attack as a UK company name. How do we know that? Someone actually did it

The Register - Fri, 30/10/2020 - 13:00
And the 'acceptable company name' charset is hardcoded... in legislation

Companies House has blocked someone who registered a new biz with a name that contained the right characters arranged in the right order to trigger a cross-site scripting (XSS) attack against users of the service's API.…

Categories: News

On Friday the US starts Ender's hacking game: All local teens can compete for scholarships in cybersecurity

The Register - Fri, 30/10/2020 - 10:00
CyberStart America challenge aims to find talented network defenders

Starting on Friday, US high school students can register to participate in CyberStart America, an online puzzle-solving game designed to identify cybersecurity talent and qualify participants for an opportunity to compete in the National Cyber Scholarship Competition next year.…

Categories: News

How to plan a password security project

The Register - Fri, 30/10/2020 - 07:00
First, you need to prove to the budget holder that you’ve got a problem

Sponsored  Weak password security is a torment that afflicts networks in so many ways. On the user side is the certainty of hopeless and reused passwords, while on the attacker’s side are a gamut of techniques for targeting them such as phishing, credential stuffing, brute forcing, and spotting backdoors to hidden applications such as RDP, SSH, and shadow IT.…

Categories: News

If you haven't patched WebLogic server console flaws in the last eight days 'assume it has been compromised'

The Register - Thu, 29/10/2020 - 22:35
Stark warning from SANS' Johannes Ullrich - RCE's gonna GET 'ya

Last week Oracle released one of its mammoth quarterly patch dumps - with 402 fixes. Well, it turns out that if you missed one and you're running WebLogic 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0, you've probably already been tagged by hackers.…

Categories: News

Days before the US election, phishers net $2.3m from Wisconsin Republicans

The Register - Thu, 29/10/2020 - 20:58
Big money in American politics proves chum in the water for online sharks

As America counts down to the November 3 elections, things are tense for political campaigns. There's a lot of money flying around and the online criminals have sensed blood in the water.…

Categories: News

Google Safari Workaround case inspires campaign to sue Facebook in UK's High Court over Cambridge Analytica app

The Register - Thu, 29/10/2020 - 20:00
'Facebook You Owe Us' wants to run a not-quite-class-action-style lawsuit

A campaign to sue Facebook over lax privacy policies that allowed Cambridge Analytica to slurp almost a million people's personal data from the social networking website hopes to become a representative action in the High Court, its instigators said today.…

Categories: News

Ryuk this for a game of soldiers: Ransomware-flingers actively targeting hospitals in the US, cyber agencies warn

The Register - Thu, 29/10/2020 - 18:15
And infosec firms say it's only got worse over this year

Ryuk ransomware is being aggressively deployed to target US healthcare institutions, government cyber organisations in the US have warned.…

Categories: News

Looking for good news on COVID-19? That’s exactly what cyber attackers want you to do

The Register - Thu, 29/10/2020 - 17:00
Let us show you how to outsmart them

Webcast  If you think cybercriminals and hackers are without a shred of empathy or human understanding, you’d be wrong.…

Categories: News

Lenovo to slap ThinkShield security standard for laptop line-up on its Motorola mobiles

The Register - Thu, 29/10/2020 - 13:41
Scheme to roll out across firm's device portfolio in coming months

Motorola will push ThinkShield onto the business end of its smartphone portfolio, as an extension of the security and management programme on Lenovo's laptop and desktop line.…

Categories: News

Can we stop megacorps from using and abusing our data? That ship has sailed, ex-NSA lawyer argues in new book

The Register - Thu, 29/10/2020 - 09:30
Companies are a bigger threat than governments – because they're less regulated

Interview  Cyber Privacy: Who Has Your Data and Why You Should Care is the title of a new book from April Falcon Doss, formerly associate general counsel for intelligence law at the US National Security Agency. Doss spoke to The Register about her concerns with pervasive data collection and its potential for harm.…

Categories: News

French services outfit Atos told to pay $855m in trade secret pinching case

The Register - Thu, 29/10/2020 - 07:02
Challenges jury verdict immediately and offers to pay one percent of damages

French services outfit Atos has been ordered to pay $855m for pinching a rival’s trade secrets.…

Categories: News

Malware never switches off – so why should your security supplier?

The Register - Thu, 29/10/2020 - 06:01
Kaspersky’s License Management Portal helps MSPs and resellers get tech to users fast

Promo  Cyber-criminals never sleep, so neither should your customers’ security teams or your own managed service operations.…

Categories: News

NSA: We've learned our lesson after foreign spies used one of our crypto backdoors – but we can't say how exactly

The Register - Wed, 28/10/2020 - 23:44
Senator Wyden puts surveillance nerve-center on blast

It's said the NSA drew up a report on what it learned after a foreign government exploited a weak encryption scheme, championed by the US spying agency, in Juniper firewall software.…

Categories: News

Software engineer leaked UK missile system secrets and refused to hand cops his passwords, Old Bailey told

The Register - Wed, 28/10/2020 - 17:31
Revelations triggered by previous police abuse, court hears

A former BAE Systems software engineer who allegedly leaked top-secret details about a frontline missile system also ignored orders from police to hand over passwords to his electronic devices, a court has heard.…

Categories: News

Three steps to data-centric security: Discovery, protection, and control

The Register - Wed, 28/10/2020 - 14:00
It's 2020 and the enemy isn't at the gate anymore. It's in your network, probing your switches and servers

Sponsored  It's 2020 and the enemy isn't at the gate anymore. It's in your network, probing your switches and servers. That makes the gate irrelevant. So what do you do now?…

Categories: News

Experian vows to drag UK's Information Commissioner's Office to court after being told off for data-slurping practices

The Register - Wed, 28/10/2020 - 13:29
Credit reference agency recycled personal details for marketing purposes, says regulator

Experian has been rapped over the knuckles by the UK's Information Commissioner's Office (ICO) after it discovered the credit reference agency was trading "millions" of people's data for marketing purposes.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News