World recoils in horror as smartphone maker accused of helping government snoops read encrypted texts, track device whereabouts

The Register - Thu, 15/08/2019 - 07:29
Thinking US again? You'd be wrong

Comment  In a report that has left lawmakers across the globe reeling, the Wall Street Journal on Wednesday claimed a smartphone maker helped government officials in Uganda access encrypted texts on a handset used by one of its own citizens, and track the device's whereabouts.…

Categories: News

Intel: Listen up, you NUC-leheads! Mini PCs and compute sticks just got a major security fix

The Register - Wed, 14/08/2019 - 22:59
Chipzilla patches firmware, drivers, SDKs

Hot on the heels of Patch Tuesday fixes from Microsoft, Apple, Adobe, and SAP, Intel has dropped its monthly security bundle to address a series of seven CVE-listed vulnerabilities in its firmware and software.…

Categories: News

Chin up, CapitalOne: You may not have been the suspected hacker's only victim. Feds fear 30-plus organizations hit

The Register - Wed, 14/08/2019 - 22:06
Prosecutors file papers to keep Paige Thompson behind bars while awaiting trial

The ex-Amazon software engineer accused of stealing the personal information of 106 million people from Capital One's cloud-hosted databases may have hacked dozens of other organizations.…

Categories: News

Not very Suprema: Biometric access biz bares 27 million records and plaintext admin creds

The Register - Wed, 14/08/2019 - 13:34
Biostar 2 goes supernova after Israeli duo's probings

Two infosec researchers found 27 million personal data records, including a million people's fingerprints, exposed to the public along with plaintext admin credentials for the Suprema Biostar 2 system they were associated with.…

Categories: News

HTTP/2, Brute! Then fall, server. Admin! Ops! The server is dead

The Register - Wed, 14/08/2019 - 10:02
Beware the denials of service: Netflix warns of eight networking bugs

On Tuesday, Netflix, working in conjunction with Google and CERT/CC, published a security advisory covering a series of vulnerabilities that enable denial of service attacks against servers running HTTP/2 services.…

Categories: News

This summer's hottest sequels: BlueKeep II, III, IV and V – the latest wormable RDP holes in Microsoft Windows

The Register - Tue, 13/08/2019 - 22:51
Plus special guest stars Adobe and SAP in this month's security fixes

Patch Tuesday  Microsoft, Adobe, and SAP may have just ruined more than a few summer vacation plans, thanks to a massive and critical Patch Tuesday bundle of security fixes this month.…

Categories: News

We checked and yup, it's no longer 2001. And yet you can pwn a Windows box via Notepad.exe

The Register - Tue, 13/08/2019 - 21:40
Google guru shows how WinXP-era text code grants total control

Patch Tuesday  Software buried in Windows since the days of WinXP can be abused to take complete control of a PC with the help of good ol' Notepad and some crafty code.…

Categories: News

An Army Watchkeeper drone tried to land. Then meatbags took over from the computers

The Register - Tue, 13/08/2019 - 17:54
Operators cut throttle during go-around. Aircraft crashed

A British Army Watchkeeper drone that crashed near its home base of Aberporth in north Wales did so after its crew overrode its autopilot, causing the unmanned aircraft to hit a tree.…

Categories: News

US insurers face SEC probe over web-access bungle that exposed 'up to 885 million' files

The Register - Tue, 13/08/2019 - 12:57
But it claims just 32 people had 'non-public' info disclosed. Eh?

The American Securities and Exchange Commission is said to be investigating a US insurance company that allegedly left 885 million personal records accessible "without authentication to anyone with a web browser".…

Categories: News

Header aches in Firefox, Tor, Brave and Chrome as HTTP opens new security holes

The Register - Tue, 13/08/2019 - 11:11
Alternative Services spec bungled by browser makers

The HTTP Alternative Services header can be abused to conduct network reconnaissance and attacks, to bypass malware protection services, and to foil tracking defenses and privacy assumptions, according to a paper scheduled to be presented at the WOOT '19 security conference on Tuesday.…

Categories: News

Web body mulls halving HTTPS cert lifetimes. That screaming in the distance is HTTPS cert sellers fearing orgs will bail for Let's Encrypt

The Register - Tue, 13/08/2019 - 02:43
Expensive renewals once a year... or free certificates any time? Tough choice

CA/Browser Forum – an industry body of web browser makers, software developers, and security certificate issuers – is considering slashing the lifetime of HTTPS certs from 27 months to 13 months.…

Categories: News

Tor pedos torpedoed again, this time Feds torpedo four Tor pedos – and keep how they unmasked dark-web scumbags under wraps

The Register - Mon, 12/08/2019 - 23:33
Child abuse swap-shop admins to spend decades behind bars

The FBI is keeping quiet how exactly it brought down a Tor-hidden pedophile haven, having secured decades-long prison sentences for four of the website's administrators.…

Categories: News

What do Windows 10 and Uber or Lyft have in common? One bad driver can really ruin your day. And 40 can totally ruin your month

The Register - Mon, 12/08/2019 - 21:51
Powerful code signed by Microsoft littered with vulns

DEF CON  Too many trusted Windows 10 peripheral drivers, signed off by Microsoft and running with powerful kernel-level privileges, are riddled with exploitable security vulnerabilities, according to infosec biz Eclypsium.…

Categories: News

Printer pwnage, phone poppage, and apparently US Homeland Security needs security help

The Register - Mon, 12/08/2019 - 19:57
Plus: The spambot that actually DOES record screens of pr0n users

Roundup  Here is your friendly summary of recent news from the front lines of information security beyond everything else we've already reported.…

Categories: News

US still 'not prepared' in event of a serious cyber attack and Congress can't help if it happens

The Register - Mon, 12/08/2019 - 19:02
Politicians appeal to hackers to take up the fight

DEF CON  Despite some progress, the US is still massively underprepared for a serious cyber attack and the current administration isn't helping matters, according to politicians visiting the DEF CON hacking conference.…

Categories: News

US military swoops into DEF CON seeking a few good hackers for debut aviation pwning village

The Register - Mon, 12/08/2019 - 17:01
Faulty F-15s, at-risk airbases and much more

DEF CON  For the first time, Vegas's annual DEF CON hacking conference has an "aviation hacking village", and the US military is scouting around there for a few good hackers to find bugs that its own hackers have missed.…

Categories: News

Plot twist: Google's not spying on King's Cross with facial recognition tech, but its landlord is

The Register - Mon, 12/08/2019 - 16:17
More unregulated creepycams blight London

Britons working for Google at its London HQ are being secretly spied on by creepy facial recognition cameras – but these ones aren't operated by the ad-tech company.…

Categories: News

I could throttle you right about now: US Navy to ditch touchscreens after kit blamed for collision

The Register - Mon, 12/08/2019 - 09:59
Thousands of tons of metal and iPads don't mix, it would seem

The US Navy is ditching touchscreens and going back to physical throttles after an investigation into the USS John S McCain collision partly blamed poor design of control systems for the incident.…

Categories: News

SELECT code_execution FROM * USING SQLite: Eggheads lift the lid on DB security hi-jinks

The Register - Sat, 10/08/2019 - 22:00
You've heard of ROP? Now get a load of QOP

DEF CON  At the DEF CON hacking conference in Las Vegas on Saturday, infosec gurus from Check Point are scheduled to describe a technique for exploiting SQLite, a database used in applications across every major desktop and mobile operating system, to gain arbitrary code execution.…

Categories: News

Anatomy of an attack: How Coinbase was targeted with emails booby-trapped with Firefox zero-days

The Register - Sat, 10/08/2019 - 00:56
Elaborate browser break-out betrayed by unusual behavior

Coinbase chief information security officer Philip Martin this week published an incident report covering the recent attack on the cryptocurrency exchange, revealing a phishing campaign of surprising sophistication.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News