This is not Huawei to reassure people about Beijing's spying eyes: Trivial backdoor found in HiSilicon's firmware for net-connected cams, recorders

The Register - Tue, 04/02/2020 - 22:26
Crap security? Shocked, shocked, we tell you

This may shock you, but Huawei effectively built a poorly hidden, insecure backdoor into surveillance equipment that uses its HiSilicon subsidiary's chips, it appears.…

Categories: News

Malware infection attempts appear to be shrinking... possibly because miscreants are less spammy and more focused on specific targets

The Register - Tue, 04/02/2020 - 21:18
Or so clams this vendor's marketing

Attempts to infect computers with ransomware and other malware over networks are decreasing, reckons infosec outfit Sonicwall.…

Categories: News

Oh buoy. Rich yacht bods' job agency leaves 17,000 sailors' details exposed in AWS bucket

The Register - Tue, 04/02/2020 - 17:46
It's 2020 and people are still letting S3 storage leak

A private yacht crew recruitment agency has left an AWS bucket containing the CVs, passports and even some drug test results for up to 17,000 people exposed to world+dog, according to reports.…

Categories: News

School's out as ransomware attack downs IT systems at Scotland's Dundee and Angus College

The Register - Tue, 04/02/2020 - 13:34
5,000 password resets, multi-day outage, och aye!

A further education college in east Scotland has been struck by what its principal described as a cyber "bomb" in an apparent ransomware attack so bad that students have been told to stay away and reset passwords en masse.…

Categories: News

Google's OpenSK lets you BYOSK – burn your own security key

The Register - Tue, 04/02/2020 - 10:30
Now there's no excuse

OpenSK, a new open-source project from Google, lets folk make their own security key for less than £10.…

Categories: News

Twitter says a certain someone tried to discover the phone numbers used by potentially millions of twits

The Register - Tue, 04/02/2020 - 07:01
Exploitable API blew away anonymity, abused by systems in Iran, Israel, Malaysia

Twitter has admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of twits en masse, which could lead to their de-anonymization.…

Categories: News

Your mobile network broke the law by selling location data and may be fined millions... or maybe not, shrugs FCC

The Register - Tue, 04/02/2020 - 00:56
US watchdog struggles to do its job over illegal sale of folks' whereabouts

It’s been nearly two years since it was first revealed that US cellular networks were selling real-time location data with inadequate safeguards. Late last week, after months of political pressure, the regulator in charge, the FCC, finally revealed the results of an investigation.…

Categories: News

'Cyber security incident' takes its Toll on Aussie delivery giant as box-tracking boxen yanked offline

The Register - Mon, 03/02/2020 - 15:13
IT services offline for days now

Australian courier company Toll has shut down several of its key systems after a "security incident" last week, prompting a backlash from frustrated customers.…

Categories: News

iCloud hacker perv cops 4 years in jail for stealing and sharing people's private, intimate pics

The Register - Mon, 03/02/2020 - 13:45
He was also secretly filming in leisure centres

A perv who reportedly hacked people's iCloud accounts to obtain sexual images before sharing them online has been sent to prison for nearly four years.…

Categories: News

Cover for 'cyber' attacks is risky, complex and people don't trust us, moan insurers

The Register - Mon, 03/02/2020 - 11:06
Tried not suing your customers when they make claims?

FIC 2020  EU companies aren't taking out insurance against attacks on online assets because the companies selling coverage aren't organised enough – while Brits are more likely to pay off ransomware crooks than others.…

Categories: News

WannaCry ransomware attack on NHS could have triggered NATO reaction, says German cybergeneral

The Register - Mon, 03/02/2020 - 09:15
Top military officers talk about response thresholds at French shindig

FIC 2020  Western military alliance NATO could have reacted with force to the 2017 WannaCry ransomware outbreak that locked up half of Britain's NHS, Germany's top cybergeneral has said.…

Categories: News

Flaws punched holes in Azure cloud, Apple patches pretty much everything, Eurocops cuff Maltese hackers, etc

The Register - Mon, 03/02/2020 - 06:04
Also, Wawa data surfaces on dark markets after December's hack

Roundup  It has been a busy week in infosec, though here's a few more security news bites to mull over.…

Categories: News

Remember those infosec fellas who were cuffed while testing the physical security of a courthouse? The burglary charges have been dropped

The Register - Fri, 31/01/2020 - 20:39
And it only took, er, four and a half months for people to see sense

Criminal charges have been dropped against two infosec professionals who were arrested during a sanctioned physical penetration test gone wrong.…

Categories: News

China's Winnti hackers (apparently): Forget the money, let's get political and start targeting Hong Kong students for protest info

The Register - Fri, 31/01/2020 - 13:02
Supply-chain hackers now taking aim at kids fighting for democracy, say researchers

A Chinese hacking crew which had previously been focusing on industrial and commercial attacks has now involved itself in efforts to suppress protests in Hong Kong.…

Categories: News

A year after Bank of Valletta 'cyber heist', cuffs applied as cash-cleansing case continues

The Register - Fri, 31/01/2020 - 12:04
Would sir care for an Audi with that Jag?

Nearly a year after Malta's Bank of Valletta (BOV) yanked itself from the internet amid a "cyber intrusion", Britain's National Crime Agency (NCA) has made three arrests.…

Categories: News

Attempts to define international infosec rules of the road bogged down by endless talkshops, warn diplomats

The Register - Fri, 31/01/2020 - 11:08
Do you want Russia or China writing treaties on what's cool online?

FIC 2020  International progress on state-level so-called cybersecurity "norms" is hopelessly bogged down in an explosion of NGOs and internal United Nations rivalries between two overlapping groups, a French security conference heard this week.…

Categories: News

Difficult season: Antivirus-flinger Avast decides to 'wind down' Jumpshot

The Register - Thu, 30/01/2020 - 15:38
'Hundreds' of staffers in marketing analytics subsidiary to be hit

Avast will pull the plug on Jumpshot, its controversial data analytics business, after it was revealed the company was harvesting its users' data.…

Categories: News

If only 3 in 100,000 cyber-crimes are prosecuted, why not train cops to bring these crooks to justice once and for all, suggests think-tank veep

The Register - Thu, 30/01/2020 - 11:03
'We are focusing on defending systems over identifying and pursuing the person behind the cyber-crime'

Enigma  A plague of ignorance and misplaced priorities in government and law enforcement, from neighborhood cops all the way up to international bodies, is allowing cyber-crime to run rampant.…

Categories: News

Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage

The Register - Thu, 30/01/2020 - 05:56
Function accidentally returns OK instead of no-way

Code dive  The OpenBSD project's OpenSMTPD can be potentially hijacked by a maliciously crafted incoming email.…

Categories: News

UN didn't patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it

The Register - Wed, 29/01/2020 - 22:39
For an organization accused of being 'all talk, no action', there's not even enough talking – to its own employees

The United Nations’ European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants' fingertips. Incredibly, the organization decided to cover it up without informing those affected nor the public.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News