Microsoft forked out $13.7m in bug bounties. The reward program's architect thinks the money could be better spent

The Register - Wed, 05/08/2020 - 00:43
'A secure dev lifecycle has a much higher ROI than letting the public do the bug detection work for you'

Microsoft's bug bounty program has exploded in terms of scope and payouts.…

Categories: News

As the world descends into madness, it's good to see some things never change: Monthly Android patches

The Register - Tue, 04/08/2020 - 21:15
Qualcomm bugs among the worst – including a critical hole in wireless networking

Google has emitted the August edition of its Android software security updates.…

Categories: News

They say the tooth will set you free... so Brit dentist trade union tells members: 'Bad news; we've been hacked'

The Register - Tue, 04/08/2020 - 17:32
Bank account numbers and sort codes may have been accessed by intruders

Hackers who accessed the servers of the British Dental Association (BDA) may have made off with members' bank account numbers and sort codes, according to reports.…

Categories: News

Uncle Sam blames best pal China as Taidoor crew's dirty RAT takes aim at Western orgs, but others are less sure

The Register - Tue, 04/08/2020 - 15:06
Hello, 2009 called, they said they've got an email for you

A Chinese state-backed hacking crew named Taidoor is deploying a custom remote access trojan (RAT) against Western organisations, according to US authorities.…

Categories: News

Doctor, doctor, got some sad news, there's been a bad case of hacking you: UK govt investigates email fail

The Register - Tue, 04/08/2020 - 08:01
Former trade minister Dr. Liam Fox named as source of leaked trade docs

Former UK trade minister and current Conservative MP Dr. Liam Fox has been named as the source of hacked trade documents released during last year's British elections.…

Categories: News

Leaky S3 buckets have gotten so common that they're being found by the thousands now, with lots of buried secrets

The Register - Tue, 04/08/2020 - 00:47
When will this madness end?

The massive amounts of exposed data on misconfigured AWS S3 storage buckets is a catastrophic network breach just waiting to happen, say experts.…

Categories: News

Days after Trump suggests pausing election over security, US House passes $500m for states to do just that

The Register - Mon, 03/08/2020 - 21:51
Chances of it getting enacted in time for the election - slim to almost nil

The US House of Representatives has passed a spending bill which includes a $500m election security provision.…

Categories: News

UK Defence Committee chair muses treating TikTok like Huawei: So eyeball its code then ban it from the country?

The Register - Mon, 03/08/2020 - 18:36
Chinese-owned vid app reportedly moving HQ to London

The chairman of UK Parliament's Defence Committee has suggested making popular app TikTok subject to Huawei-style code reviews by GCHQ, if its reported move to a new London HQ comes true.…

Categories: News

Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns

The Register - Mon, 03/08/2020 - 16:44
OpenSSF to take projects from CII and OSSC under its umbrella

The Linux Foundation has formed the Open Source Security Foundation (OpenSSF) with founding board members representing companies including IBM, GitHub, Google, JPMorgan Chase, Microsoft, NCC Group, and Red Hat.…

Categories: News

'We stopped ransomware' boasts Blackbaud CEO. And by 'stopped' he means 'got insurance to pay off crooks'

The Register - Mon, 03/08/2020 - 15:02
CRM biz doesn't 'anticipate any kind of material financial impact' but can't say same for those whose data was nicked

"We discovered and stopped a sophisticated attempted ransomware attack," Blackbaud CEO Michael Gianoni has told financial analysts – failing to mention the company simply paid off criminal extortionists to end the attack.…

Categories: News

Oh cool, more Cisco patches to apply. Happy Monday

The Register - Mon, 03/08/2020 - 07:03
Meanwhile, Linux KDE desktops can be pwned by evil archives

In Brief  Cisco customers once again find themselves needing to patch critical vulnerabilities in Switchzilla's gear.…

Categories: News

Who was behind that stunning Twitter hack? State spies? Probably this Florida kid, say US prosecutors

The Register - Fri, 31/07/2020 - 23:28
Alleged 17-year-old mastermind among trio charged over account mass hijackings

Three individuals were charged on Friday for allegedly hijacking a string of high-profile Twitter accounts after hoodwinking the social network's staff.…

Categories: News

First rule of Ransomware Club is do not pay the ransom, but it looks like Carlson Wagonlit Travel didn't get the memo

The Register - Fri, 31/07/2020 - 13:50
$4.5m may have gone into crims' pockets after bookings biz hit by Ragnar Locker nasty

Exclusive  US corporate travel management firm Carlson Wagonlit Travel has suffered an intrusion and it is believed the company paid a $4.5m ransom to get its data back.…

Categories: News

Burn baby burn, plastic inferno! Infosec researchers turn 3D printers into self-immolating suicide machines

The Register - Fri, 31/07/2020 - 11:15
Inflammatory findings from deadly serious investigation

Some 3D printers can be flashed with firmware updates downloaded directly from the internet – and an infosec research firm says it has discovered a way to spoof those updates and potentially make the printer catch fire.…

Categories: News

In the market for a second-hand phone? Check it's still supported by the vendor – almost a third sold are not

The Register - Fri, 31/07/2020 - 09:30
That means no security updates, which puts users at risk of compromise

An investigation by consumer watchdog Which? has found that nearly a third of all phones sold on second-hand sites are no longer supported by the vendor, leaving punters at risk of being hacked.…

Categories: News

EU tries to get serious on cybercrime with first sanctions against Wannacry, NotPetya, CloudHopper crews

The Register - Fri, 31/07/2020 - 08:55
Russian, Chinese, Nork groups named in bank asset freeze

The European Union has, for the first time ever, slapped sanctions on hacking crews.…

Categories: News

Fun fact: If you noticed a while ago Zoom's web client going AWOL for a week, it's because someone found a passcode-cracking hole

The Register - Fri, 31/07/2020 - 07:25
Story behind a hasty teardown, fixing of a brute-force vulnerability

Zoom has confirmed it fixed a vulnerability that could have been exploited by miscreants to crack the passcodes needed to access strangers' private chin-wagging.…

Categories: News

Twitter says spear-phishing attack hooked its staff and led to celebrity account hijack

The Register - Fri, 31/07/2020 - 06:27
Attack came in waves that probed for staff with access to the creds crims craved

Twitter has offered further explanation of the celebrity account hijack hack that saw 130 users’ timelines polluted with a Bitcoin scam.…

Categories: News

Infosec bod: I've found zero-day flaws in Tor's bridge relay defenses. Tor Project: Only the zero part is right

The Register - Thu, 30/07/2020 - 23:08
Warnings either not new or need more study, reckons open-source dev team

Neal Krawetz, a computer forensics expert, has published details on how to detect Tor bridge network traffic that he characterizes as "zero-day exploits"... which the Tor Project insists are nothing of the sort.…

Categories: News

If you own one of these 45 Netgear devices, replace it: Firm won't patch vulnerable gear despite live proof-of-concept code

The Register - Thu, 30/07/2020 - 12:28
That's one way of speeding up the tech refresh cycle

Netgear has quietly decided not to patch more than 40 home routers to plug a remote code execution vulnerability – despite security researchers having published proof-of-concept exploit code.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News