JET engine flaws can crash Microsoft's IIS, SQL Server, say Palo Alto researchers

The Register - Thu, 06/05/2021 - 05:59
Trio claim database queries can lead to remote code execution

Black Hat Asia  A trio of researchers at Palo Alto Networks has detailed vulnerabilities in the JET database engine, and demonstrated how those flaws can be exploited to ultimately execute malicious code on systems running Microsoft’s SQL Server and Internet Information Services web server.…

Categories: News

21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk

The Register - Wed, 05/05/2021 - 18:20
Nearly 4 million to be exact, say researchers

Researchers at security biz Qualys discovered 21 vulnerabilities in Exim, a popular mail server, which can be chained to obtain "a full remote unauthenticated code execution and gain root privileges on the Exim Server."…

Categories: News

East London council blurts thousands of residents' email addresses in To field blunder

The Register - Wed, 05/05/2021 - 15:01
'Was a Mailchimp sub too hard?!' asks Reg reader

A local authority in East London has committed a classic privacy blunder by emailing what appear to be thousands of residents – while forgetting to use the BCC field and exposing all of the email addresseses to each recipient.…

Categories: News

Twilio's private GitHub repositories cloned by Codecov attacker, cloud comms platform confirms

The Register - Wed, 05/05/2021 - 13:27
Used the GitHub Codecov Action? Credentials may have been pilfered

Cloud comms platform Twilio has confirmed its private GitHub repositories were cloned after it became the latest casualty of the compromised credential-stealing Codecov script.…

Categories: News

What not to expect when you're expecting: Fertility apps may be selling intimate health secrets

The Register - Wed, 05/05/2021 - 08:32
Majority aren't GDPR compliant and Google Play categorises them badly, leading to lax practices

Hundreds of millions of women turn to fertility apps to conceive or prevent pregnancy, and according to a new study those apps may leak very personal information including miscarriages, abortions, sexual history, potential infertility and pregnancy.…

Categories: News

'Millions' of Dell PCs will grant malware, rogue users admin-level access if asked nicely

The Register - Tue, 04/05/2021 - 20:56
Five vulnerabilities lay undetected for almost a dozen years in Windows driver code

Dell desktops, laptops, and tablets built since 2009 and running Windows can be exploited to grant rogue users and malware system-administrator-level access to the computers. We're told this amounts of hundreds of millions of machines that can be completely hijacked.…

Categories: News

Red Hat open-sources StackRox Kubernetes security product

The Register - Tue, 04/05/2021 - 19:24
More goodies for OpenShift, plus Konveyor to Kubernetes in association with IBM

Kubecon Europe  As Kubecon Europe gets under way, Red Hat has pushed out StackRox, the Kubernetes security product it acquired earlier this year, as an open-source project which will be the upstream for its Advanced Cluster Security for OpenShift.…

Categories: News

Apple patches iOS, macOS, iPadOS, watchOS, kitchen-sinkOS bugs said to be exploited in the wild

The Register - Tue, 04/05/2021 - 02:35
Plus: Micro-op CPU caches abused to leak data, and more

In Brief  Apple on Monday patched security flaws in its software said to have been exploited in the wild by miscreants to hijack gear.…

Categories: News

Bill to protect UK against harmful foreign investment becomes law

The Register - Fri, 30/04/2021 - 17:52
Act gives government powers to scrutinise, alter, and block transactions where there is a risk to national security

In a move akin to calling the fire brigade after your house has burned down, the UK government today announced the passage of a bill that would afford it powers to intervene in potentially hostile direct investment.…

Categories: News

Happy Friday? Darktrace gets 40 per cent boost on London IPO debut

The Register - Fri, 30/04/2021 - 16:10
AI infosec start-up avoids same opening day peril as Deliveroo

British AI-powered security startup Darktrace has enjoyed a bumper IPO Friday as its shares climbed 40 per cent on its London Stock Exchange debut.…

Categories: News

Australia proposes teaching cyber-security to five-year-old kids

The Register - Fri, 30/04/2021 - 03:33
By eight they should be telling you not to upload geo-tagged photos of them in school uniform

Australia has decided that six-year-old children need education on cyber-security, even as it removes other material from the national curriculum.…

Categories: News

Stealthy Linux backdoor malware spotted after three years of minding your business

The Register - Fri, 30/04/2021 - 00:40
'RotaJakiro' now on infosec world's radar, its impact has yet to be determined

Chinese security outfit Qihoo 360 Netlab on Wednesday said it has identified Linux backdoor malware that has remained undetected for a number of years.…

Categories: News

BadAlloc: Microsoft looked at memory allocation code in tons of devices and found this one common security flaw

The Register - Thu, 29/04/2021 - 23:03
Integer overflows leave IoT, OT, medical gear vulnerable to heap-seeking missiles

Microsoft has taken a look at memory management code used in a wide range of equipment, from industrial control systems to healthcare gear, and found it can be potentially exploited to hijack devices.…

Categories: News

Vivaldi update unleashes the 'Cookie Crumbler' to simply block any services asking for consent (sites may break)

The Register - Thu, 29/04/2021 - 13:26
Plus: Browser sends Google's FLoC straight to the blacklist

The latest release of Chromium-based browser Vivaldi has extended ad blocking to handle cookie warning dialogs and sent a shot across the bows of Google's ad technology, FLoC.…

Categories: News

Billions in data protection lawsuits rides on Google's last-ditch UK Supreme Court defence for Safari Workaround sueball

The Register - Thu, 29/04/2021 - 12:30
Biggest data protection case for years teeters on brink

Google has urged the UK's Supreme Court to throw out a £3bn lawsuit brought by an ex-Which director over secretly planted tracking cookies on devices running Safari, on the grounds that local law doesn’t allow for opt-out class action lawsuits.…

Categories: News

48 ways you can avoid file-scrambling, data-stealing miscreants – or so says the Ransomware Task Force

The Register - Thu, 29/04/2021 - 11:00
No, not the US government's task force ... the other one

The Institute for Security and Technology's Ransomware Task Force (RTF) on Thursday published an 81-page report presenting policy makers with 48 recommendations to disrupt the ransomware business and mitigate the effect of such attacks.…

Categories: News

When you’re building a cybersecurity pro, you need to get the foundations right

The Register - Thu, 29/04/2021 - 09:00
New starter or mid-career switcher? Here’s where to start

Promo  Cyber attackers are a diverse lot. They can strike from anywhere in the world, and may be motivated by greed, politics, status, or pure malevolence. And their techniques range from the dazzlingly sophisticated to the frankly crude, technically speaking.…

Categories: News

Digital Ocean springs a leak: Miscreant exploits hole to peep on unlucky customers' billing details for two weeks

The Register - Thu, 29/04/2021 - 06:05
First that IPO and now this

Digital Ocean on Wednesday said someone was able to snoop on some of its cloud subscribers' billing information via a now-patched vulnerability.…

Categories: News

Ransomware crooks who broke into Merseyrail used director's email address to brag about it – report

The Register - Wed, 28/04/2021 - 17:45
Hasn't stopped the trains, though

Brit railway company Merseyrail is understood to have suffered a ransomware attack – and the crooks responsible reportedly pwned a director's Office 365 account to email employees and journalists about it.…

Categories: News

Brit MPs and campaigners come together to oppose COVID status certificates as 'divisive and discriminatory'

The Register - Wed, 28/04/2021 - 15:32
Transport minister confirms use of the NHS app for just that when citizens travel abroad

With Minister for the Cabinet Office Michael Gove expected to announce app-based "COVID status certificates", the UK's post-lockdown plan looks set to come under fierce attack.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News