NHS App gets go-ahead for UK vaccine passport use despite protest from privacy groups

The Register - Tue, 11/05/2021 - 16:15
Big Brother Watch warns app contains too much sensitive medical information

The UK will next week begin using the NHS App to confer an individual's vaccination status, in the face of warnings that the technology could lead to identifiable medical information being exposed.…

Categories: News

App Tracking: Apps plead for users to press allow, but 85% of Apple iOS consumers are not opting in

The Register - Tue, 11/05/2021 - 14:45
The data is in: most users do not opt in to third-party tracking

Mobile app analytics company Flurry is measuring how many users of iOS 14.5 are opting in to allow apps to request to track them - and so far only 15 per cent worldwide have done so.…

Categories: News

Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine

The Register - Tue, 11/05/2021 - 10:15
Patch your devi... oh, hang on a sec

A computer science professor from Sweden has discovered an arbitrary code execution vuln in the Universal Turing Machine, one of the earliest computer designs in history – though he admits it has "no real-world implications".…

Categories: News

Train operator phlunks phishing test by teasing employees with non-existent COVID bonus

The Register - Tue, 11/05/2021 - 08:58
Someone at West Midlands Trains approved nasty cybersecurity drill

UK rail operator West Midlands Trains sent an email to 2,500 employees to thank them for hard work during COVID and promised a one-time bonus as a reward, but that lovely news turned out to be phishing training. Needless to say, it did not go over well.…

Categories: News

Tencent research team scores free powerups for electric cars with Raspberry Pi-powered X-in-the-middle attack

The Register - Tue, 11/05/2021 - 05:04
Another auto-exploit saw rPi push Telegram messages over CAN bus to brick a car

Black Hat Asia  Researchers have used the Black Hat Asia conference to demonstrate the awesome power of the Raspberry Pi as a car-p0wning platform.…

Categories: News

Indian government says 5G doesn’t cause COVID-19. Also points out India has no 5G networks

The Register - Tue, 11/05/2021 - 03:58
But won’t reveal who it wants banned from social media over less obvious disinformation

As COVID-19 continues to ravage India, the nation’s government has told it populace that 5G signals have nothing to do with the spread of the virus – if only because no 5G networks operate in India.…

Categories: News

Trend Micro hosted email service is down, inboxes still stuck in cloudy limbo

The Register - Tue, 11/05/2021 - 02:13
Blames spam filters for brownout, warns fix could be 'disruptive'

Trend Micro’s hosted email security product is experiencing a global brownout.…

Categories: News

Kubecon 2021: A largely dry and corporate affair where the best bits involved a spot of Kubernetes-hacking roleplay

The Register - Mon, 10/05/2021 - 20:12
But we heard the message loud and clear – it's pretty much the standard runtime platform now

Kubecon  A session on how to hack into a Kubernetes cluster was among the highlights of a Kubecon where the main events were generally bland and corporate affairs, perhaps indicative of the technology now being a de facto infrastructure standard among enterprises.…

Categories: News

Uncle Sam wants 'ethical hackers' to crack its planetary defenses, but don't expect a pay-day from this bug bounty

The Register - Mon, 10/05/2021 - 12:32
Plus: Student cripples EU bio lab and IRS goes after cryptocurrency

In brief  The United States' Department of Defense has opened up all of its publicly facing systems and apps to investigation under a bug bounty program.…

Categories: News

Namecheap hosted 25%+ of fake UK govt phishing sites last year – NCSC report

The Register - Mon, 10/05/2021 - 09:30
Also we fixed SS7 use by British telcos. How? Why? Not saying

Domains'n'hosting outfit Namecheap harboured more than a quarter of all known phishing sites that falsely posed as UK government web presences during 2020, according to the National Cyber Security Centre today.…

Categories: News

Ransomware shuts US oil pipeline that pumps 100 million gallons a day

The Register - Mon, 10/05/2021 - 01:15
Colonial Pipeline says damage contained, some smaller lines already back, but has no timetable for resumption

One of the USA’s largest oil pipelines has been shut by ransomware .…

Categories: News

Russian cyber-spies changed tactics after the UK and US outed their techniques – so here's a list of those changes

The Register - Fri, 07/05/2021 - 19:49
Plus: NCSC warns of how hostile powers may exploit smart city infrastructure

Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets' networks as a legitimate pentesting exercise.…

Categories: News

Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away

The Register - Fri, 07/05/2021 - 16:20
Software giant vows data processing of EU cloud services to stay in EU, which means that currently...

Microsoft has announced plans to ensure data processing of EU cloud services within the borders of the political bloc in a move that expert observers claim reveals problems with the firm's existing setup.…

Categories: News

Cisco HyperFlex web interface has critical flaw that lets attackers get <code>root</code> and execute arbitrary commands

The Register - Fri, 07/05/2021 - 06:52
You know the drill: shake your head in disbelief, then figure out if patching will wipe out a weekend or be merely inconvenient

Cisco has revealed a pair of critical bugs in its HyperFlex hyperconverged infrastructure product.…

Categories: News

Kids in Hong Kong and other highly surveilled states worry infosec careers are just asking for trouble

The Register - Fri, 07/05/2021 - 06:11
Asia is already short millions of trainees; expert warns talent pipeline will dry up in response to government snooping

Black Hat Asia  Asian nations in which governments are keen on citizen surveillance struggle to develop ethical hackers, as prospective workers fear their activities may be misunderstood, according to security specialist Mika Devonshire.…

Categories: News

Google Play to require privacy labels on apps in 2022, almost two years after Apple

The Register - Fri, 07/05/2021 - 03:57
Developers want to do this, says Google. Ummm ... guys, you do remember the thousands of malware nightmares you’ve hosted and sold?

Google has decided the time has come to require app developers to disclose the data their wares collect, and their security practices, in their Play Store listings.…

Categories: News

Google will make you use two-step verification to login

The Register - Fri, 07/05/2021 - 01:52
World Password Day returns to remind us how much passwords suck

Google has marked World Password Day by declaring "passwords are the single biggest threat to your online security," and announcing plans to automatically add multi-step authentication to its users' accounts.…

Categories: News

Vulnerability in Snapdragon 855 SoCs could pwn Android modems, allow baddies to snoop on conversations

The Register - Thu, 06/05/2021 - 17:11
Good thing researchers spotted it, but no evidence of exploit in the wild

A heap overflow vulnerability in Qualcomm Snapdragon 855 modem system-on-chips used in Android devices could let malicious people run arbitrary code on unsuspecting users' devices, according to Check Point.…

Categories: News

Crane horror <i>Reg</i> reader uses his severed finger to unlock Samsung Galaxy phone

The Register - Thu, 06/05/2021 - 10:15
On the other hand he was fine

Graphic images  Everyone knows the trope. The baddies smash their way in and gun down the guard standing in front of the vault. "Dammit," says the lead bad guy, "it's a biometric scanner, we'll never get in!" His most grizzled henchman turns round, holding up the dead guard's lifeless arm. "Oh yes we will…"…

Categories: News

Chrome on Windows turns on Intel, AMD chip-level defenses against malicious websites

The Register - Thu, 06/05/2021 - 08:23
Terms and conditions apply

Version 90 of Google's Chrome browser includes a bit of extra security for users of recent versions of Windows and the latest x86 processors, in the form of hardware-enforced stack protection.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News