News

Three words to ruin an Apple engineer's day: 'Patrick Wardle disclosure'

Malware can bypass protections in macOS Mojave, and potentially access user data as well as the webcam and mic – by exploiting a hole in Apple's legacy app support.…

No data nicked in weekend attack but systems and server pulled to contain infection

Bio-analytical testing biz Eurofins Scientific today admitted it was the subject of a ransomware attack at the weekend.…

Another week of security mishaps is in the books

Roundup  Here's a quick summary of news in the world of information security beyond everything we've already covered.…

Now they're withdrawing co-operation too

Following disquiet over the IEEE's decision to block Huawei-linked researchers from doing various academic tasks, a Chinese computer research body has reportedly severed ties with the IEEE in retaliation.…

If you've bought a Foxes shirt lately, check your statements

Leicester City Football Club has quietly told people who bought stuff from its website that their financial details have been stolen by hackers – and those details include credit card numbers and CVVs.…

Ad giant's site slurping tech complicates web security model, could give more power to search engines and social networks, Firefox maker warns

Mozilla has published a series of objections to web packaging, a content distribution scheme proposed by engineers at Google that the Firefox maker considers harmful to the web in its current form.…

No policy to stop use of dodgy foreign network providers. You'd hope common sense would prevail, but...

US government workers may be placing America's national security at risk as there is no official policy banning them from running their smartphones' personal and official internet traffic through untrustworthy foreign-hosted VPN services.…

Brit spies' idea would backdoor WhatsApp et al without breaking the crypto

Bruce Schneier, Richard Stallman and a host of western tech companies including Microsoft and WhatsApp are pushing back hard against GCHQ proposals that to add a "ghost user" to encrypted messaging services.…

Nanshou malware hijacked more than 50,000 MS-SQL boxes with rootkits

More than 50,000 servers around the world have been infected with malware that installs crypto-coin-mining scripts and advanced rootkits, it is claimed.…

Your repo's dependencies need updating to close a hole? We're way ahead of you, pal

GitHub can now automagically offer security patches for projects' third-party dependencies.…

Secure comms biz says it simply follows the law – plus, there's always Tor

ProtonMail, a provider of encrypted email, has denied claims that it voluntarily provides real-time surveillance to authorities.…

Angry boffins start questioning standards body's independence

Compsci academics are startled by how the US-based IEEE is complying with American sanctions on Huawei. That includes halting peer review by anyone connected to the Chinese company – and banning them from buying IEEE-branded coffee mugs.…

Over half a billion installs? This one's not over yet, we reckon

News aggregation app Flipboard has publicly confessed that hackers accessed personal data about its members.…

Mindgeek left him totally unsatisfied, he says

An irate infosec researcher has accused Pornhub owners Mindgeek of out-of-scoping what he described as "critical" vulns in a cartoon pornography-themed mobile games site.…

Just a 16% chance of being banged up for computer misuse

Analysis  Nearly 90 per cent of hacking prosecutions in the UK last year resulted in convictions, though the odds of dodging prison remain high, an analysis by The Register has revealed.…

Tricky to exploit in the real world, which is good because no official fix is available yet

A vulnerability in all versions of Docker can be potentially exploited by miscreants to escape containers' security protections, and read and write data on host machines, possibly leading to code execution.…

If you haven't patched CVE-2019-0708 aka BlueKeep, then, well, now would be a good time

The critical Windows Remote Desktop flaw that emerged this month may have set the stage for the worst malware attack in years.…

Officials want to upgrade rules from device searching to message interception

Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.…

Immersive training covering ethical hacking to intrusion detection, and more, comes to UK capital this June

Promo  IT security training specialist SANS Institute is bringing a major event to London this summer, offering a bumper programme of intensive courses designed to arm security professionals with the skills they need to defend against database breaches and malicious attacks.…

Your two-minute guide to all the other security news this week

Roundup  It's a bumper three-day weekend in the US and UK, so we won't keep you long. Here's a rapid summary of information security news from the past week beyond what El Reg has already covered.…