Legacy app whitelist can be abused to bypass latest macOS security features, expert warns

The Register - Mon, 03/06/2019 - 13:10
Three words to ruin an Apple engineer's day: 'Patrick Wardle disclosure'

Malware can bypass protections in macOS Mojave, and potentially access user data as well as the webcam and mic – by exploiting a hole in Apple's legacy app support.…

Categories: News

Pharma-testing biz Eurofins Scientific says it fell victim to 'new version' of malware

The Register - Mon, 03/06/2019 - 12:15
No data nicked in weekend attack but systems and server pulled to contain infection

Bio-analytical testing biz Eurofins Scientific today admitted it was the subject of a ransomware attack at the weekend.…

Categories: News

Nginx will need patches, hotels exposed by their own security tools, Docker containers dinged, and more

The Register - Mon, 03/06/2019 - 07:03
Another week of security mishaps is in the books

Roundup  Here's a quick summary of news in the world of information security beyond everything we've already covered.…

Categories: News

You go that way, we'll go Huawei: China Computer Federation kicks back at IEEE in tit-for-tat spat

The Register - Fri, 31/05/2019 - 12:55
Now they're withdrawing co-operation too

Following disquiet over the IEEE's decision to block Huawei-linked researchers from doing various academic tasks, a Chinese computer research body has reportedly severed ties with the IEEE in retaliation.…

Categories: News

Own goal for Leicester City FC after fan credit card details snatched in merch store breach

The Register - Fri, 31/05/2019 - 12:18
If you've bought a Foxes shirt lately, check your statements

Leicester City Football Club has quietly told people who bought stuff from its website that their financial details have been stolen by hackers – and those details include credit card numbers and CVVs.…

Categories: News

Mozilla returns crypto-signed website packaging spec to sender – yes, it's Google

The Register - Thu, 30/05/2019 - 21:58
Ad giant's site slurping tech complicates web security model, could give more power to search engines and social networks, Firefox maker warns

Mozilla has published a series of objections to web packaging, a content distribution scheme proposed by engineers at Google that the Firefox maker considers harmful to the web in its current form.…

Categories: News

Senator: US govt staff may be sending their smartphone web traffic 'wrapped in a bow' to Russia, China via VPNs

The Register - Thu, 30/05/2019 - 20:49
No policy to stop use of dodgy foreign network providers. You'd hope common sense would prevail, but...

US government workers may be placing America's national security at risk as there is no official policy banning them from running their smartphones' personal and official internet traffic through untrustworthy foreign-hosted VPN services.…

Categories: News

We ain't afraid of no 'ghost user': Infosec world tells GCHQ to GTFO over privacy-busting proposals

The Register - Thu, 30/05/2019 - 13:35
Brit spies' idea would backdoor WhatsApp et al without breaking the crypto

Bruce Schneier, Richard Stallman and a host of western tech companies including Microsoft and WhatsApp are pushing back hard against GCHQ proposals that to add a "ghost user" to encrypted messaging services.…

Categories: News

Chinese software nasty enslaves stadium-load of servers, puts them to work digging up digital dosh in crypto-mines

The Register - Thu, 30/05/2019 - 10:04
Nanshou malware hijacked more than 50,000 MS-SQL boxes with rootkits

More than 50,000 servers around the world have been infected with malware that installs crypto-coin-mining scripts and advanced rootkits, it is claimed.…

Categories: News

Git your patches here! GitHub offers to brew automatic pull requests loaded with vuln fixes

The Register - Thu, 30/05/2019 - 08:12
Your repo's dependencies need updating to close a hole? We're way ahead of you, pal

GitHub can now automagically offer security patches for projects' third-party dependencies.…

Categories: News

ProtonMail filters this into its junk folder: New claim it goes out of its way to help cops spy

The Register - Wed, 29/05/2019 - 20:58
Secure comms biz says it simply follows the law – plus, there's always Tor

ProtonMail, a provider of encrypted email, has denied claims that it voluntarily provides real-time surveillance to authorities.…

Categories: News

IEEE tells contributors with links to Chinese corp: Don't let the door hit you on Huawei out

The Register - Wed, 29/05/2019 - 17:32
Angry boffins start questioning standards body's independence

Compsci academics are startled by how the US-based IEEE is complying with American sanctions on Huawei. That includes halting peer review by anyone connected to the Chinese company – and banning them from buying IEEE-branded coffee mugs.…

Categories: News

News aggregator app Flipboard breached: All passwords reset after hackers pinch user data

The Register - Wed, 29/05/2019 - 12:31
Over half a billion installs? This one's not over yet, we reckon

News aggregation app Flipboard has publicly confessed that hackers accessed personal data about its members.…

Categories: News

Infosec bloke claims: Pornhub owner shafted me after I exposed gaping holes in its cartoon smut platform

The Register - Wed, 29/05/2019 - 11:07
Mindgeek left him totally unsatisfied, he says

An irate infosec researcher has accused Pornhub owners Mindgeek of out-of-scoping what he described as "critical" vulns in a cartoon pornography-themed mobile games site.…

Categories: News

Guilty of hacking in the UK? Worry not: Stats show prison is unlikely

The Register - Wed, 29/05/2019 - 09:10
Just a 16% chance of being banged up for computer misuse

Analysis  Nearly 90 per cent of hacking prosecutions in the UK last year resulted in convictions, though the odds of dodging prison remain high, an analysis by The Register has revealed.…

Categories: News

Contain yourself, Docker: Race-condition bug puts host machines at risk... sometimes, ish

The Register - Wed, 29/05/2019 - 03:05
Tricky to exploit in the real world, which is good because no official fix is available yet

A vulnerability in all versions of Docker can be potentially exploited by miscreants to escape containers' security protections, and read and write data on host machines, possibly leading to code execution.…

Categories: News

Two weeks after Microsoft warned of Windows RDP worms, a million internet-facing boxes still vulnerable

The Register - Tue, 28/05/2019 - 23:07
If you haven't patched CVE-2019-0708 aka BlueKeep, then, well, now would be a good time

The critical Windows Remote Desktop flaw that emerged this month may have set the stage for the worst malware attack in years.…

Categories: News

Germany mulls giving end-to-end chat app encryption das boot: Law requiring decrypted plain-text is in the works

The Register - Tue, 28/05/2019 - 20:35
Officials want to upgrade rules from device searching to message interception

Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.…

Categories: News

Seize the chance to boost your IT security skills: SANS London has plenty of courses for you

The Register - Tue, 28/05/2019 - 07:03
Immersive training covering ethical hacking to intrusion detection, and more, comes to UK capital this June

Promo  IT security training specialist SANS Institute is bringing a major event to London this summer, offering a bumper programme of intensive courses designed to arm security professionals with the skills they need to defend against database breaches and malicious attacks.…

Categories: News

Millions of personal files exposed by insurance biz, serial web hacker strikes again, and more from infosec land

The Register - Sat, 25/05/2019 - 07:52
Your two-minute guide to all the other security news this week

Roundup  It's a bumper three-day weekend in the US and UK, so we won't keep you long. Here's a rapid summary of information security news from the past week beyond what El Reg has already covered.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News