Apple is about to start scanning iPhone users' devices for banned content, warns professor

The Register - Thu, 05/08/2021 - 23:00
For now it's child abuse material but the tech has mission creep written in

Apple is about to announce a new technology for scanning individual users' iPhones for banned content. While it will be billed as a tool for detecting child abuse imagery, its potential for misuse is vast based on details entering the public domain.…

Categories: News

Got a cheap Cisco router in your home office? If it's one of these, there's an exposed RCE hole you need to plug

The Register - Thu, 05/08/2021 - 14:28
Patches issued for two CVE-rated vulns

Cisco has published patches for critical vulns affecting the web management interface for some of its Small Business Dual WAN Gigabit routers – including a 9.8-rated nasty.…

Categories: News

Das tut mir leid! Germany's ruling party sorry for calling cops on researcher after she outed canvassing app flaws

The Register - Thu, 05/08/2021 - 11:31
Party denies naming activist to police but apologises anyway

A "left-wing" German infosec researcher was this week threatened with criminal prosecution after revealing that an app used by Angela Merkel's political party to canvass voters was secretly collecting personal data.…

Categories: News

Not all authentication is created equal – and that’s a good thing

The Register - Thu, 05/08/2021 - 07:30
Identity management and access management problems are different and distinct

Sponsored  The pandemic has been an arduous time for businesses, but many have learned some important lessons about remote access security along the way.…

Categories: News

Worried your data protection strategy is dated? Don’t let a ransomware infection prove you right

The Register - Wed, 04/08/2021 - 19:00
Trust us – you need to tune into this

Webcast  Some say the best form of defense is offense. But when it comes to modern ransomware from cyber-crime orgs that are well-funded, possibly have state actor backing, and have your data under their control, just how offensive can you afford to be?…

Categories: News

SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break

The Register - Wed, 04/08/2021 - 16:34
Company says it didn't skimp on security before everything went wrong

SolarWinds is urging a US federal judge to throw out a lawsuit brought against it by aggrieved shareholders who say they were misled about its security posture in advance of the infamous Russian attack on the business.…

Categories: News

Google: Linux kernel and its toolchains are underinvested by at least 100 engineers

The Register - Wed, 04/08/2021 - 13:29
Security not good enough, claims Chocolate Factory engineer

Google's open security team has claimed the Linux kernel code is not good enough, with nearly 100 new fixes every week, and that at least 100 more engineers are needed to work on it.…

Categories: News

UK data watchdog sees its approach to government health tech during COVID-19 outbreak as 'pragmatic'

The Register - Wed, 04/08/2021 - 09:28
Pandemic also behind fall in breaches, according to ICO annual reaport

The UK's data watchdog has defended its approach to regulating government health technologies during the pandemic as "pragmatic."…

Categories: News

Legacy EDR. Yes, it’s a thing

The Register - Wed, 04/08/2021 - 07:30
Don’t let your endpoints become a sitting target, says Fortinet

Sponsored  Thirty years ago, the industry birthed networked antivirus (NAV), which later morphed into endpoint protection (EP), managed using endpoint protection platforms (EPPs). More recently, this era has faded as endpoint protection and response (EDR) and managed detection and response (MDR) services become the industry standard.…

Categories: News

Russia tells UN it wants vast expansion of cybercrime offenses, plus network backdoors, online censorship

The Register - Tue, 03/08/2021 - 21:15
And said entirely with a straight face, too

Russia has put forward a draft convention to the United Nations ostensibly to fight cyber-crime.…

Categories: News

Do you have a grip on the lifecycle security of your AWS-deployed applications?

The Register - Tue, 03/08/2021 - 19:00
Learn how to manage the risks of cloud native environments with Aqua and AWS

Promo  There’s no doubt that adopting DevOps methodologies and CI/CD pipelines, and extending cloud native technologies like containerization can massively accelerate your application development and deployment.…

Categories: News

UK's Ministry of Defence coughs up bug bounties for public-facing web pentesting

The Register - Tue, 03/08/2021 - 15:20
Small steps could lead to bigger strides

The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed its websites for vulnerabilities, according to a cheery missive from HackerOne.…

Categories: News

Shopping for execs: ID management biz Okta poaches Google's veep of engineering to run product dev activities

The Register - Tue, 03/08/2021 - 12:19
Head techie for Chocolate Factory's search ad biz departs Mountain View

Identity-as-a-service slinger Okta has poached Google veep of engineering Sagnik Nandy to become its president and chief tech officer.…

Categories: News

Research finds attack groups working for 'Chinese state interests' lurking in SE Asian telco networks since 2017

The Register - Tue, 03/08/2021 - 05:01
Handy way to keep tabs on 'activists, politicians, business leaders, and more'

Attack protection specialist Cybereason has fingered threat actors working on behalf of "Chinese state interests" as being behind attacks on telcos operating in Southeast Asia – with some having been prowling the penetrated networks for information on high-value targets since 2017.…

Categories: News

Credit-card-stealing, backdoored packages found in Python's PyPI library hub

The Register - Mon, 02/08/2021 - 19:58
Plus: SolarWinds cyber-spies hit US prosecutors' email systems, and more

In brief  Malicious libraries capable of lifting credit card numbers and opening backdoors on infected machines have been found in PyPI, the official third-party software repository for Python.…

Categories: News

Nuisance call-blocking firm fined £170,000 for making almost 200,000 nuisance calls

The Register - Mon, 02/08/2021 - 16:12
Irony, thy name is Yes Consumer Solutions Ltd

A firm that sells nuisance call-blocking systems is itself nursing a £170,000 fine from the UK's data watchdog, ironically for cold calling almost 200,000 people registered with the Telephone Preference Service (TPS).…

Categories: News

PwnedPiper vulns have potential to turn Swisslog's PTS hospital products into Swiss cheese, says Armis

The Register - Mon, 02/08/2021 - 12:36
Hardcoded passwords, unencrypted connections and unauthenticated firmware updates... patches released

Security specialist Armis has discovered vulnerabilities, collectively dubbed PwnedPiper, in pneumatic tube control systems used in thousands of hospitals worldwide – including 80 per cent of the major hospitals found in the US.…

Categories: News

Huawei to America: You're not taking cyber-security seriously until you let China vouch for us

The Register - Mon, 02/08/2021 - 07:15
Slams Biden's Executive Order on improving infosec, calls for multilateral trust framework

Huawei has decided to school America on cyber-security, and its lesson is to co-operate with China so its vendors – including Huawei – can be trusted around the world.…

Categories: News

Zoom agrees to pay subscribers $25 to put its security SNAFUs behind it

The Register - Mon, 02/08/2021 - 06:29
Zoombombing class action offers US$85m in payments, meaning even free accounts get a few bucks

US-based Zoom users may have a little cash coming their way after the video meeting outfit lodged a preliminary settlement in a class action related to some of its less-than-brilliant security and data protection practices.…

Categories: News

Sysadmins: Why not simply verify there's no backdoor in every program you install, and thus avoid any cyber-drama?

The Register - Sat, 31/07/2021 - 08:14
Just 'validate third-party code before using it', says Euro body

Half of publicly reported supply chain attacks were carried out by "well known APT groups", according to an analysis by EU infosec agency ENISA, which warned such digital assaults need to drive "new protective methods."…

Categories: News


Subscribe to Sec Tec Limited aggregator - News