News

Coronavirus outbreak triggered a rush of online attacks against retail loyalty schemes, Akamai reckons

The Register - Wed, 21/10/2020 - 21:25
Digital souks are sitting ducks for identity fraudsters

Hackers are breaking into online loyalty card accounts using stolen credentials or easily obtainable information, and then not only ransacking the profiles' balances but also harvesting victims' personal data for subsequent identity theft, Akamai has warned.…

Categories: News

How much does Oracle love you? Thiiiis much: Latest patch bundle has 402 fixes

The Register - Wed, 21/10/2020 - 19:32
How many times do you want to read the CVSS rating 9.8 today?

Oracle has released its final quarterly batch of patches for the year for security flaws in its products. The total this time? 402 fixes, the bulk of which are rated critical in terms of severity.…

Categories: News

How cybercriminals play the domain game

The Register - Wed, 21/10/2020 - 07:00
And why AI tools will make you less vulnerable

Sponsored  Conventional email security tools are losing the battle against phishing attacks. The cause? Instead of registering a handful of domains from which to conduct their phishing campaigns, many cybercriminals now buy them by the thousand. This approach makes it harder for traditional email protection tools to spot phishing emails among the ‘noise’. Thanks to bulk domain registration services, malicious spammers can tip the balance in their favour through sheer volume.…

Categories: News

OpenStack haven OpenDev yanks Gerrit code review tool after admin account compromised for two weeks

The Register - Wed, 21/10/2020 - 03:08
Source warehouse asks users to verify recent project commits to ensure they’re not malicious

OpenDev.org, which hosts the official OpenStack source code, on Tuesday tore down its Gerrit deployment after realizing it had been secretly hacked two weeks ago.…

Categories: News

Top tip, everyone: Chinese hackers are hitting these 25 vulns, so make sure you patch them ASAP, says NSA

The Register - Wed, 21/10/2020 - 00:40
Plus this Chrome one being exploited in the wild, we note

The NSA has blown the lid off 25 computer security vulnerabilities Chinese government hackers are using to break into networks, steal data, and so on. The US super-spies said they went public with their list to help IT staff prioritize bug fixing. That is to say: if you're unsure of which patches to apply, do these first.…

Categories: News

VMware patches, among other things, ESXi flaw that can be abused by miscreants on the network to hijack hosts

The Register - Tue, 20/10/2020 - 21:14
Adobe issues out-of-band patches, too, for Photoshop, Illustrator, InDesign, After Effects, etc

Sysadmins responsible for VMware deployments should test and apply the latest security updates for the software.…

Categories: News

Remember insider threat? Old news now. Focus on malware detection, says EU infosec agency

The Register - Tue, 20/10/2020 - 16:25
ENISA annual report also calls for better use of threat intel by frontline bods

Insider threats, ransomware and cyber espionage were all in decline in the early part of 2020, according to the EU’s cybersecurity agency – though the risk of an “uncontrolled cyber arms race” among nation states is growing.…

Categories: News

You’ve open sourced your relational database manager with PostgreSQL – but how can you keep it secure?

The Register - Tue, 20/10/2020 - 07:00
We'll help you manage risk while chasing your RDBMS dreams

Webcast  There was a time when open source was still – no matter how many decades it had driven software projects – regarded as the playground of hippies and utopians. Bold and brave, yet thrown together, inconsistent and unsecured when compared to more established products.…

Categories: News

Notpetya, Olympics hacking, Novichok probe meddling... America throws the book at six alleged Kremlin hackers

The Register - Mon, 19/10/2020 - 21:47
While the UK says Russia probed 2020 Games systems, too

Six men have been named as Russian military hackers and accused of spreading malware, disrupting the Olympics in retaliation for Russia's doping ban, and meddling with elections as well as probes into Novichok poisonings.…

Categories: News

UK test and trace data can be handed to police, reveals memorandum

The Register - Mon, 19/10/2020 - 16:29
Oh great. 'Police involvement' could deter testing, says doctors' union

As if things were not going badly enough for the UK's COVID-19 test and trace service, it now seems police will be able to access some test data, prompting fear that the disclosure could deter people who should have tests from coming forward.…

Categories: News

First, Patch Tuesday. Now, Oh Hell, Monday: Microsoft emits bonus fixes for Visual Studio, Windows 10 security bugs

The Register - Mon, 19/10/2020 - 15:43
Plus: A warning to SharePoint operators

In brief  Just days after issuing fixes for scores of bugs in its products for this month's Patch Tuesday, Microsoft has issued two more patches for security holes that can be exploited by maliciously crafted files to run malware on victims' computers.…

Categories: News

Will there be no end to govt attempts to break encryption? Hand over your data or the kiddies get it, threaten Five Eyes spies

The Register - Mon, 19/10/2020 - 11:30
The Great Unicorn Prayer of security services: Stay secure, but - ya know - give us backdoors

In a move as predictable as it is wearisome, a bunch of government security agencies have got together and demanded we let them have our data. This latest spooky manifestation is a collection of the Five Eyes - the US, the UK, Canada, Australia and New Zealand - and for some reason Japan and India. Let’s call this coalition of the chilling, JIANUSCUK.…

Categories: News

If you want to practice writing exploits and worms, there's a big hijacking hole in SonicWall firewall VPNs

The Register - Fri, 16/10/2020 - 21:01
And some 800,000 installations facing the internet, patches are available

A critical vulnerability in a SonicWall enterprise VPN firewall can be exploited to crash the device or remotely execute code on it, reverse engineers said this week.…

Categories: News

To stop web giants abusing privacy, they must be prevented from respawning. Ever

The Register - Fri, 16/10/2020 - 16:00
History tells us tech companies just get bigger, even after being broken up or battered

Column  Thriving amidst the pervasive chaos of 2020, the world’s largest technology companies - the FAANGs*, as we’ve come to know them - have managed to grow larger, richer and more powerful.…

Categories: News

British Airways fined £20m for Magecart hack that exposed 400k folks' credit card details to crooks

The Register - Fri, 16/10/2020 - 13:15
Airline was saving domain admin creds and card details alike in plaintext

British Airways is to pay a £20m data protection fine after its 2018 Magecart hack – even though the Information Commissioner’s Office discovered the airline had been saving credit card details in plain text since 2015.…

Categories: News

One alleged Dridex money-launderer set for US extradition, beams UK's National Crime Agency

The Register - Thu, 15/10/2020 - 20:28
They nicked six alleged perps last year but only one was charged

Britain’s National Crime Agency arrested six men in London on suspicion of laundering “tens of millions” for the Trickbot and Dridex banking malware gangs, the not-quite-police agency declared today.…

Categories: News

COVID-19 security tips: Ensure you sack your staff without leaving their IT access enabled, says Secureworks

The Register - Thu, 15/10/2020 - 18:30
Infosec biz issues mildly off-the-wall guidance for incident responders

The global switch to remote working in early 2020 gave hackers a whole new set of juicy ransomware targets.…

Categories: News

Security much? Twitter should have had a CISO to prevent Bitcoin hack, says US state financial body

The Register - Thu, 15/10/2020 - 15:15
Plus: Platform censors US newspaper and triggers ordure tsunami

American financial regulators in New York have demanded Twitter be subject to harsher rules following the July hacks of prominent users' accounts – as CEO Jack Dorsey furiously backpedals after his website censored a news article from a US newspaper.…

Categories: News

Microsoft would love to hear about 'critical bugs' in .NET 5.0 ahead of the 'unified' platform's November launch

The Register - Thu, 15/10/2020 - 09:04
Dare ye use RC2 in production?

The version of .NET formerly called .NET Core is crawling closer to its November launch with .NET 5.0 Release Candidate 2 packing updates for key frameworks ASP.NET Core and Entity Framework Core, and a go-live licence.…

Categories: News

Remember when Zoom was rumbled for lousy crypto? Six months later it says end-to-end is ready

The Register - Thu, 15/10/2020 - 08:33
But it’s a tech preview and requires opt-in for every meeting

The world’s plague-time video meeting tool of choice, Zoom, says it’s figured out how to do end-to-end encryption sufficiently well to offer users a tech preview.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News