Here's 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ

The Register - Fri, 30/07/2021 - 17:24
Biden-Putin summit went well, then

Details of 30 servers thought to be used by Russia's SVR spy agency (aka APT29) as part of its ongoing campaigns to steal Western intellectual property were made public today by RiskIQ.…

Categories: News

Malware and Trojans, but there's only one horse the boss man wants to hear about

The Register - Fri, 30/07/2021 - 08:30
The company's IT might be on fire, but my needs trump those of the many

On Call  A call from the executive floor is rarely a harbinger of happiness, especially when one is wading knee-deep through the molasses of malware. Welcome to one Register reader's experience in On Call.…

Categories: News

We can't believe people use browsers to manage their passwords, says maker of password management tools

The Register - Fri, 30/07/2021 - 07:27
You just save it in Chrome or Firefox? Ugh. And then it autofills when you need it again? Oh the horror

It seems some of us are, in the year of our lord 2021, still reusing the same password for multiple sites, plugging personal gear into work networks, and perhaps overly relying on browser-managed passwords, judging from this poll.…

Categories: News

Spam is Chipotle's secret ingredient: Marketing email hijacked to dish up malware

The Register - Thu, 29/07/2021 - 17:00
More than 120 messages caught trying to filch credentials from customers of USAA Bank, Microsoft

Between July 13 and July 16, someone took over the Mailgun account owned by restaurant chain Chipotle Mexican Grill and placed an order for login credentials using misappropriated marketing messages.…

Categories: News

Upcoming Android privacy changes include ability to blank advertising ID, and 'safety section' in Play store

The Register - Thu, 29/07/2021 - 16:30
New policies give users more control, but ad tracking still on by default

Google has shared details of upcoming changes to Android including the ability to blank a device's advertising ID, and a new safety section for apps in the Play store.…

Categories: News

Israeli authorities investigate NSO Group over Pegasus spyware abuse claims

The Register - Thu, 29/07/2021 - 08:00
Reason for probe unknown, but CEO claims it will vindicate company's claims

Israel's Ministry of Defense says the nation's government has visited spyware-for-governments developer NSO Group to investigate allegations its wares have been widely – and perhaps willingly – misused.…

Categories: News

Here's a list of the flaws Russia, China, Iran and pals exploit most often, say Five Eyes infosec agencies

The Register - Thu, 29/07/2021 - 07:26
And you've patched them all, haven't you, diligent readers?

Western cybersecurity agencies have published a list of 30 of the most exploited vulnerabilities abused by hostile foreign states in 2020, urging infosec bods to ensure their networks and deployments are fully patched against them.…

Categories: News

'Woefully insufficient': Biden administration's assessment of critical infrastructure infosec protection

The Register - Thu, 29/07/2021 - 06:15
Memorandum details plans to turn that around with rapid development of security baselines, not mandates

The Biden administration has issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems to address what it describes as a "woefully insufficient" security posture.…

Categories: News

Over 100 Taiwanese political figures' messages leaked outta LINE app

The Register - Thu, 29/07/2021 - 05:34
Attack turned off encryption function, which made snooping rather easier

Law enforcement agencies in Taiwan are investigating a cyberattack on over 100 local political figures and dignitaries who used the messaging app LINE.…

Categories: News

Security breaches where working from home is involved are costlier, claims IBM report

The Register - Wed, 28/07/2021 - 20:47
Great, it's not like employers need more reasons to haul you back to the office

Firms looking to save money by shifting to more flexible ways of working will need to think carefully about IT security and the additional cost of breaches linked to staff working from home.…

Categories: News

Iranian state-backed hackers posed as flirty Scouser called Marcy to target workers in defence and aerospace

The Register - Wed, 28/07/2021 - 17:45
Recognise this one? Oh dear...

Iranian state-backed hackers posed as a flirty Liverpudlian aerobics instructor in order to trick defence and aerospace workers into revealing secrets, according to a newly-published study.…

Categories: News

UK's National Cyber Security Centre needs its posh Westminster digs, says Cabinet Office, because of WannaCry

The Register - Wed, 28/07/2021 - 08:30
May need to upgrade 'bunfight' into 'cake-flinging war' over this one

Parliamentary criticism of the National Cyber Security Centre's "image over cost" London HQ is being shrugged off by the government because of the GCHQ offshoot's successful response to the WannaCry ransomware outbreak.…

Categories: News

Google revamps bug bounty program

The Register - Wed, 28/07/2021 - 07:58
Announces that it's paid out for 11,000 bugs in under eleven years

Google has revealed that its bug bounty program – which it styles a "Vulnerability Reward Program" – has paid out for 11,055 bugs found in its services since 2010.…

Categories: News

Biden warns 'real shooting war' will be sparked by severe cyber attack

The Register - Wed, 28/07/2021 - 05:58
Suggests incident 'of great consequence' in the real world could be a tipping point

United States President Joe Biden has shared his view that a "real shooting war" could be sparked by a severe cyber attack.…

Categories: News

Tencent suspends signups to WeChat, citing 'security upgrade' and need to comply with Chinese laws

The Register - Wed, 28/07/2021 - 02:30
Promises everything will be back to normal sometime in early August

Chinese web giant Tencent has suspended new signups to its WeChat messaging service.…

Categories: News

eBay ex-security boss sent down for 18 months for cyber-stalking, witness tampering

The Register - Wed, 28/07/2021 - 01:26
Four others at online tat bazaar admit trying to silence newsletter couple, two senior execs fight charges

The former global security manager for eBay was sentenced on Tuesday to 18 months in prison and was ordered to pay a $15,000 fine for his role in the cyber-stalking and harassment of a Massachusetts couple who published a newsletter critical of the internet yard sale.…

Categories: News

Misconfigured Azure Blob at Raven Hengelsport exposed records of 246,000 anglers – and took months to tackle, claim infosec researchers

The Register - Tue, 27/07/2021 - 21:49
18GB of Dutch fishing supplier's data left in unsecured server

Dutch fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months.…

Categories: News

Scam-baiting YouTube channel Tech Support Scams taken offline by tech support scam

The Register - Tue, 27/07/2021 - 20:44
'It was pretty convincing until the very end,' says host Jim Browning

The Tech Support Scams YouTube channel has been erased from existence in a blaze of irony as host and creator Jim Browning fell victim to a tech support scam that convinced him to secure his account – by deleting it.…

Categories: News

Tech biz must tell us about more security breaches, says as it ponders lowering report thresholds

The Register - Tue, 27/07/2021 - 19:15
Breach reporting law might have effect on overseas operators too

The British government wants to make Amazon, Google, and other digital service providers report cybersecurity breaches to the Information Commissioner, according to newly published plans.…

Categories: News

Compsci student walks off with $50,000 after bug bounty report blows gaping hole in Shopify software repos

The Register - Tue, 27/07/2021 - 13:14
First-timer wins maximum payout through HackerOne programme

Shopify has forked out $50,000 (£36,150) in a bug bounty payment to computer science student Augusto Zanellato following the discovery of a publicly available access token which gave world+dog read-and-write access to the company's source code repositories.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News