FBI boss: Never mind Russia and social media, China ransacks US biz for blueprints, secrets at 'surprisingly' huge scale

The Register - Tue, 05/03/2019 - 20:42
'Espionage and criminal investigations ... almost all of which lead back to Beijing'

RSA  While Russian hackers, Kremlin-backed or otherwise, grab the headlines, China remains the biggest cyber-security threat to America, FBI director Christopher Wray warned today.…

Categories: News

Adi Shamir visa snub: US govt slammed after the S in RSA blocked from his own RSA conf

The Register - Tue, 05/03/2019 - 19:41
'If someone like me can't get in to give a keynote, perhaps it's time we rethink where we organize our events'

RSA  Adi Shamir, the S in the renowned RSA encryption system, didn't take his usual place on the Cryptographers Panel at this year's RSA Conference in San Francisco – because he couldn't get a visa from the US government. And he's not alone.…

Categories: News

RSAC 2019: Joomla! Mail Flaw Exploited to Create Mass Phishing Infrastructure

Kapersky Labs - Tue, 05/03/2019 - 14:00
The Jmail Breaker attack leverages an old vulnerability in Joomla! along with a newly found flaw in the mail module.
Categories: News

RSAC 2019: Most Consumers Say ‘No’ to Cumbersome Data Privacy Practices

Kapersky Labs - Tue, 05/03/2019 - 13:00
Consumer confidence in companies keeping their data safe is at an all-time low, but password hygiene and not reading EULAs and app permissions remain big problems.
Categories: News

Huawei opens Brussels code-check office: Hey! EU've got our guide – love Huawei

The Register - Tue, 05/03/2019 - 12:17
Here I stand, infosec in hand... turn my face to the wall

Huawei stopped fighting metaphorical fires today to lift the curtain on its Brussels Cyber Security Transparency Centre in a move to position the Chinese company as a driving force for new global security standards.…

Categories: News

RSAC 2019: Picking Apart the Foreshadow Attack

Kapersky Labs - Tue, 05/03/2019 - 11:40
Raoul Strackx, one of the researchers who discovered the Foreshadow speculative execution vulnerability, talks at RSA about the Catch-22 issue when it comes to fixing speculative execution flaws.
Categories: News

RSAC 2019: Malicious Emailed URLs See Triple-Digit Increase

Kapersky Labs - Tue, 05/03/2019 - 11:00
At least 463,546 malicious URLs contained in the 28.4 million analyzed emails made it through to corporate in-boxes in Q4 of 2018.
Categories: News

RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes

Kapersky Labs - Tue, 05/03/2019 - 11:00
Researchers say that Microsoft won't issue a patch for the issue.
Categories: News

That's a nice ski speaker you've got there. Shame if it got pwned

The Register - Tue, 05/03/2019 - 09:28
If you own Outdoor Tech's CHIPS, there's a live vuln in your winter sports headset

A set of smart speakers intended for ski helmets are a terrible data-leaking pit of badness, according to a Pen Test Partners researcher who innocently bought himself one of the devices.…

Categories: News

Bad news: Google drops macOS zero-day after Apple misses bug deadline. Good news: It's fiddly to exploit

The Register - Tue, 05/03/2019 - 06:43
Step one: Run malware on your victim's machine. Step two: Mount some storage...

Google has publicly disclosed a zero-day flaw in Apple's macOS after the Cupertino mobe-maker failed to fix the security shortcoming within the ad giant's 90-day deadline.…

Categories: News

SPOILER alert: Intel chips hit with another speculative execution flaw

The Register - Tue, 05/03/2019 - 06:34
Memory operations leak data that simplifies known attack techniques

Further demonstrating the computational risks of looking into the future, boffins have found another way to abuse speculative execution in Intel chips.…

Categories: News

BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained

Kapersky Labs - Tue, 05/03/2019 - 05:02
Users of Logitech’s Harmony Hub get long-awaited answers about the critical bugs that left their home networks wide open to attack.
Categories: News

Alphabet snoop: If you're OK with Google-spawned Chronicle, hold on, hold on, dipping into your intranet traffic, wait, wait

The Register - Tue, 05/03/2019 - 02:04
No, no, it's not an April Fools. Backstory wants to sniff your packets for hackers

RSA  Google-spawned security outfit Chronicle this week unveiled a service that analyzes telemetry data from customers' networks to detect cyber-attacks lurking among the rivers of packets.…

Categories: News

Oh no Xi didn't?! China's hackers nick naval tech blueprints, diddle with foreign elections to boost trade – new claim

The Register - Tue, 05/03/2019 - 01:32
In the Navy, you can sail the 7 seas! In the Navy, you'll get hacked by the Chinese!

RSA  Researchers claim to have uncovered a five-year Chinese hacking operation aimed at bolstering Beijing's naval might and trade deals to the detriment of the world's democracies and maritime hardware makers.…

Categories: News

Teen Becomes First to Earn $1M in Bug Bounties with HackerOne

Kapersky Labs - Mon, 04/03/2019 - 23:36
He is also the all-time top-ranked hacker on HackerOne’s leaderboard, out of more than 330,000 hackers competing for the top spot.
Categories: News

When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security

The Register - Mon, 04/03/2019 - 22:39
'This isn’t a mistake now, this is clearly an intentional product choice' says ex-CSO Stamos

Another week, another Facebook privacy storm.…

Categories: News

Smart Ski Helmet Headphone Flaws Leak Personal, GPS Data

Kapersky Labs - Mon, 04/03/2019 - 19:41
A rash of security flaws in the Outdoor Tech CHIPS smart headphones, which fit in ski helmets, allow bad actors to collect data like emails, passwords, GPS location - and even listen to conversations in real time.
Categories: News

McAfee: Oops, our bad. Sharpshooter malware was the Norks' Lazarus Group the whole time

The Register - Mon, 04/03/2019 - 16:41
Access to C'n'C server data shows state hackers weren't smart enough for false flags

McAfee (the antivirus firm, not John the dodgy "playboy") reckons the Sharpshooter malware campaign it uncovered in late 2018 is the work of North Korean hacking crew the Lazarus Group.…

Categories: News

Project Zero Discloses High-Severity Apple macOS Flaw

Kapersky Labs - Mon, 04/03/2019 - 16:29
Google Project Zero researchers detailed a new high-severity macOS flaw after Apple failed to patch it by the 90-day disclosure deadline.
Categories: News

Armor Games admits all its users' deets slurped in mega breach as site moves to repair chink

The Register - Mon, 04/03/2019 - 14:50
We were caught in hack that bled 617 million online accounts

Armor Games (AG) has confirmed that 100 per cent of its users were caught up in the mega breach that saw the details of 617 million online accounts hacked from 16 hacked websites being sold on the dark web.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News