News

You say broker, I say trojan, let's call the whole thing off

Those wondering when the Microsoft love-in with Citrix might end will be relieved to learn that Microsoft Defender decided yesterday that Citrix Broker and High Availability Services bore all the hallmarks of a trojan.…

Case to be filed in the Netherlands and London

Salesforce and Oracle are to face a GDPR lawsuit in London and the Netherlands that could cost them up to €10bn in fines, a legally aggressive privacy campaign group has claimed to The Register.…

Infosec cert body looking into it as under-fire firm starts its own probe

Exclusive  British infosec accreditation body CREST has changed some of its exams after cheat sheets containing exam answers and practical walkthroughs were posted on GitHub in a repo that NCC Group confirmed included its own documents.…

Ponders giving 'em immunity too for countermeasures up to hacking back.

Australia’s government has proposed giving itself the power to take over private enterprises’ response to cyber-attacks on critical infrastructure.…

From Russia, with love

The NSA and FBI are sounding the alarm over a dangerous new strain of Linux malware being employed by Russian government hackers often dubbed the Fancy Bear crew.…

Oslo outfit ups ante to show off privacy prowess in 3.2

Oslo-based Vivaldi has released an update to its Android browser replete with additional weaponry for the ongoing Tracker and Ad Blocker arms race.…

Three little words: Patches, passwords, policies

The continued inability of organizations to patch security vulnerabilities in a timely manner, combined with guessable passwords and the spread of automated hacking tools, is making it pretty easy for miscreants, professionals, and thrill-seekers to break into corporate networks.…

Names, email addresses, phone numbers, job titles, company names, country of residence etc. pinched

Updated  Cybersecurity training organisation the SANS Institute suffered the loss of 28,000 items of personally identifiable information (PII) after a staffer's email account was accessed by malicious people.…

Full details of security vuln plus proof-of-concept exploits revealed

We hope you've patched CVE-2020-6262, aka note 2835979, that affects SAP NetWeaver Application Server ABAP, because the folks who found and reported the vulnerability are going public with the details.…

Cash-strapped privacy devs face determined miscreants who keep coming back for more

The Tor Project has confirmed someone, or some group, is in control of a large number of Bitcoin-snaffling exit nodes in its anonymizing network, and it's battling to boot them off.…

Expect Citrix Endpoint Management gear to come under attack soon

With the world+dog releasing patches today, Citrix has another serious security situation it needs users’ help to smother.…

Please, thanks, good show, cheers, ta

Patch Tuesday  Patch Tuesday used to be Microsoft's day to release patches. Now Adobe, Intel, and SAP are routinely joining the fun – with special guest star Red Hat this month.…

'Inhouse crt rigs to solve... book before ur exam' as firm claims 'some' of the content wasn't theirs

Exclusive  British infosec biz NCC Group has admitted to The Register that its internal training data was leaked on Github after folders purporting to help people pass the Crest pentest certification exams appeared online.…

Judges went out of their way not to set a nationwide precedent, though

In a shock ruling today, the UK Court of Appeal has declared that South Wales Police broke the law with an indiscriminate deployment of automated facial-recognition technology in Cardiff city centre.…

And needs a very blunt instrument to do the job, because the protocol works as planned

China is now blocking encrypted HTTPS traffic that uses TLS 1.3 with ESNI enabled, according to observers at the Great Firewall Report (GFR).…

In-depth dive into protocols exposing countless gadgets to miscreants

DEF CON  More than 3.7 million. That's the latest number of surveillance cameras, baby monitors, doorbells with webcams, and other internet-connected devices found left open to hijackers via two insecure communications protocols globally, we're told.…

Now that's a stretch: 'Work Yoga' memo tells folks to ignore calls, emails to 'stay in the zone'

The British offices of Barclays Bank are under investigation over allegations that managers spied upon their own staff as part of a workplace productivity improvement drive.…

Industry binning old aircraft is an opportunity for aviation infosec

DEF CON  Boeing 747-400s still use floppy disks for loading critical navigation databases, Pen Test Partners has revealed to the infosec community after poking about one of the recently abandoned aircraft.…

Plus: Sec wizard shows another way to pwn Mac users

In brief  A city in Colorado, USA, has swallowed its pride and paid off a malware gang after deciding the cost of a network nuke-and-pave was too high.…

Start the clock on those patches – they'll be coming any day, week, month soon

DEF CON  In July, the makers of millions of smartphones powered by Qualcomm's Snapdragon system-on-chips received mitigation recommendations to address a bevy of security flaws in their products, all introduced by Qualcomm's technology.…