Microsoft Defender casts a jaundiced eye over Citrix, slams services in quarantine on suspicion of being malware

The Register - Fri, 14/08/2020 - 15:26
You say broker, I say trojan, let's call the whole thing off

Those wondering when the Microsoft love-in with Citrix might end will be relieved to learn that Microsoft Defender decided yesterday that Citrix Broker and High Availability Services bore all the hallmarks of a trojan.…

Categories: News

Oracle and Salesforce targeted in €10bn GDPR lawsuit backed by profit-making litigation fund

The Register - Fri, 14/08/2020 - 12:20
Case to be filed in the Netherlands and London

Salesforce and Oracle are to face a GDPR lawsuit in London and the Netherlands that could cost them up to €10bn in fines, a legally aggressive privacy campaign group has claimed to The Register.…

Categories: News

CREST: We are investigating NCC Group certification cheat sheet scandal – and not with NCC personnel

The Register - Fri, 14/08/2020 - 10:51
Infosec cert body looking into it as under-fire firm starts its own probe

Exclusive  British infosec accreditation body CREST has changed some of its exams after cheat sheets containing exam answers and practical walkthroughs were posted on GitHub in a repo that NCC Group confirmed included its own documents.…

Categories: News

Australian government wants power to run cyber-response for businesses under attack

The Register - Fri, 14/08/2020 - 03:55
Ponders giving 'em immunity too for countermeasures up to hacking back.

Australia’s government has proposed giving itself the power to take over private enterprises’ response to cyber-attacks on critical infrastructure.…

Categories: News

This NSA, FBI security advisory has four words you never want to see together: Fancy Bear Linux rootkit

The Register - Fri, 14/08/2020 - 00:48
From Russia, with love

The NSA and FBI are sounding the alarm over a dangerous new strain of Linux malware being employed by Russian government hackers often dubbed the Fancy Bear crew.…

Categories: News

Vivaldi composes sweet ad-blocking symphony for users of browser's Android version

The Register - Thu, 13/08/2020 - 19:02
Oslo outfit ups ante to show off privacy prowess in 3.2

Oslo-based Vivaldi has released an update to its Android browser replete with additional weaponry for the ongoing Tracker and Ad Blocker arms race.…

Categories: News

You weren't hacked because you lacked space-age network defenses. Nor because cyber-gurus picked on you. It's far simpler than that

The Register - Thu, 13/08/2020 - 08:06
Three little words: Patches, passwords, policies

The continued inability of organizations to patch security vulnerabilities in a timely manner, combined with guessable passwords and the spread of automated hacking tools, is making it pretty easy for miscreants, professionals, and thrill-seekers to break into corporate networks.…

Categories: News

Irony, thy name is SANS: 28k records nicked from infosec training org after staffer's email account phished

The Register - Wed, 12/08/2020 - 15:13
Names, email addresses, phone numbers, job titles, company names, country of residence etc. pinched

Updated  Cybersecurity training organisation the SANS Institute suffered the loss of 28,000 items of personally identifiable information (PII) after a staffer's email account was accessed by malicious people.…

Categories: News

If you haven't yet patched this critical hole in SAP NetWeaver Application Server, today is not your day

The Register - Wed, 12/08/2020 - 10:59
Full details of security vuln plus proof-of-concept exploits revealed

We hope you've patched CVE-2020-6262, aka note 2835979, that affects SAP NetWeaver Application Server ABAP, because the folks who found and reported the vulnerability are going public with the details.…

Categories: News

This is node joke. Tor battles to fend off swarm of Bitcoin-stealing evil exit relays making up about 25% of outgoing capacity at its height

The Register - Wed, 12/08/2020 - 07:14
Cash-strapped privacy devs face determined miscreants who keep coming back for more

The Tor Project has confirmed someone, or some group, is in control of a large number of Bitcoin-snaffling exit nodes in its anonymizing network, and it's battling to boot them off.…

Categories: News

Citrix warns of patch-ASAP-grade bugs in its working-from-home products, just as we're all working from home

The Register - Wed, 12/08/2020 - 02:24
Expect Citrix Endpoint Management gear to come under attack soon

With the world+dog releasing patches today, Citrix has another serious security situation it needs users’ help to smother.…

Categories: News

We spent way too long on this Microsoft, Intel, Adobe, SAP, Red Hat Patch Tuesday article. Just click on it, pretend to read it, apply updates

The Register - Wed, 12/08/2020 - 00:02
Please, thanks, good show, cheers, ta

Patch Tuesday  Patch Tuesday used to be Microsoft's day to release patches. Now Adobe, Intel, and SAP are routinely joining the fun – with special guest star Red Hat this month.…

Categories: News

NCC Group admits its training data was leaked online after folders full of Crest pentest certification exam notes posted to Github

The Register - Tue, 11/08/2020 - 15:58
'Inhouse crt rigs to solve... book before ur exam' as firm claims 'some' of the content wasn't theirs

Exclusive  British infosec biz NCC Group has admitted to The Register that its internal training data was leaked on Github after folders purporting to help people pass the Crest pentest certification exams appeared online.…

Categories: News

Police face-recog tech use in Welsh capital of Cardiff was unlawful – Court of Appeal

The Register - Tue, 11/08/2020 - 12:53
Judges went out of their way not to set a nationwide precedent, though

In a shock ruling today, the UK Court of Appeal has declared that South Wales Police broke the law with an indiscriminate deployment of automated facial-recognition technology in Cardiff city centre.…

Categories: News

China now blocking TLS 1.3 with ESNI enabled, say Great-Firewall-watchers

The Register - Tue, 11/08/2020 - 06:53
And needs a very blunt instrument to do the job, because the protocol works as planned

China is now blocking encrypted HTTPS traffic that uses TLS 1.3 with ESNI enabled, according to observers at the Great Firewall Report (GFR).…

Categories: News

Peer-to-peer takes on a whole new meaning when used to spy on 3.7 million or more cameras, other IoT gear

The Register - Mon, 10/08/2020 - 22:28
In-depth dive into protocols exposing countless gadgets to miscreants

DEF CON  More than 3.7 million. That's the latest number of surveillance cameras, baby monitors, doorbells with webcams, and other internet-connected devices found left open to hijackers via two insecure communications protocols globally, we're told.…

Categories: News

Brit bank Barclays probed amid claims bosses used high-tech to spy on staff, measure productivity

The Register - Mon, 10/08/2020 - 20:06
Now that's a stretch: 'Work Yoga' memo tells folks to ignore calls, emails to 'stay in the zone'

The British offices of Barclays Bank are under investigation over allegations that managers spied upon their own staff as part of a workplace productivity improvement drive.…

Categories: News

Pen Test Partners: Boeing 747s receive critical software updates over 3.5" floppy disks

The Register - Mon, 10/08/2020 - 15:01
Industry binning old aircraft is an opportunity for aviation infosec

DEF CON  Boeing 747-400s still use floppy disks for loading critical navigation databases, Pen Test Partners has revealed to the infosec community after poking about one of the recently abandoned aircraft.…

Categories: News

Pay ransomware crooks, or restore the network? Guess which way this city chose after weighing up the costs

The Register - Mon, 10/08/2020 - 11:04
Plus: Sec wizard shows another way to pwn Mac users

In brief  A city in Colorado, USA, has swallowed its pride and paid off a malware gang after deciding the cost of a network nuke-and-pave was too high.…

Categories: News

What happens when holes perfect for spyware are found in the engine room of millions of Qualcomm-based phones? Let's find out

The Register - Sat, 08/08/2020 - 00:46
Start the clock on those patches – they'll be coming any day, week, month soon

DEF CON  In July, the makers of millions of smartphones powered by Qualcomm's Snapdragon system-on-chips received mitigation recommendations to address a bevy of security flaws in their products, all introduced by Qualcomm's technology.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News