The Register

Dev fears sub-domain abuse – Plus, unofficial patches for trio of Windows zero-days

Microsoft has been accused of ignoring an IT security risk that could be exploited to create legit-looking malware-laden webpages that sport seemingly trusted Azure and Office 365 domain names. Alternatively, the domains potentially could be used to stealthily leak stolen data from networks.…

Anyone still at their posts, please stop these address takeovers... please, helloo? Anyone there?

America's Homeland Security has urged US government departments and federal agencies to shore up their DNS control panels after hackers successfully stormed the barricades.…

Open the door, get on the floor – not so fast if you've an iPhone 4

Apple has emitted a handful of software patches to address security vulnerabilities in iOS, macOS, and various peripherals.…

How many ad blocks could an ad slinger block if an ad slinger could block blocks?

Google engineers have proposed changes to the open-source Chromium browser that will break content-blocking extensions, including various ad blockers.…

Disable redirects before applying update

The Debian Project has patched a security flaw in its software manager Apt that can be exploited by network snoops to execute commands as root on victims' boxes as they update or install packages.…

Parly-vous cyber-security? No plan to surrender, military bug bounty coming

FIC2019  France’s defence secretary Florence Parly today declared “Cyber war has begun.”…

Pragmatic chap looks at reality of international relations

FIC2019  A French diplomat has suggested that future global regulation of cyberspace could exempt spying from regulation "as long as some specific sectors are preserved".…

White House to nominate former DocuSign boss

The US may have finally complied with the European Commission's repeated requests to name a permanent Privacy Shield ombudsperson, The Register understands.…

Boffins reckon they can predict what you'll say based on your friends' activity online

The phenomenon of "prescient Facebook advertising", so beloved of conspiracy theorists who think social networks listen to your microphone, might instead simply be evidence of how good Facebook's algorithms have become.…

End-of-life followed 2018 fake Website certificate drama

If you're still using TLS-SNI, stop: a year after a slip-up allowed miscreants to claim Let's Encrypt certificates for domains they didn't own, the free certificate authority has announced the final sunset of the protocol involved.…

Plus, Safari security foiled by… a finger swipe?

Roundup  This week we wrangled with alleged Russian election meddling, hundreds of millions of username-password combos spilled online, Oracle mega-patches, and cliams of RICO swap-gangs.…

Killer jailed for life after fitness kit data tips off plod

Avid runner and hitman Mark Fellows was this week found guilty of murder after being grassed up by his Garmin watch.…

Лучшая защита – нападение?

Russian hackers attempted to infiltrate the Democratic National Committee (DNC) just after the US midterm elections last year, according to a new court filing.…

No customer data visible but hell's bells, Redmond, what have you borked now?

Exclusive  Alarmed Microsoft support partners can currently view support tickets submitted from all over the world, in what appears to be a very wide-ranging blunder by the Redmond-based biz.…

We'll know for sure when Huawei reveals a shoe-shaped smartphone

Something for the Weekend, Sir?  The name's McLeod. Alessandro McLeod. I am a spy for the secret services.…

Azure DevOps Services invites hackers to test its limits

There's more money to be made from bug hunting in Microsoft code after Redmond announced its 10th active bug hunting reward scheme, the Azure DevOps Bounty Program.…

Out of 284 flaws, 33 are rated critical. Big Red admins have big patches ahead

Oracle admins, here's your first critical patch advisory for 2019, and it's a doozy: a total of 284 vulnerabilities patched across Big Red's product range, and 33 of them are rated “critical”.…

Open-source CMS gets a pair of critical fixes

Drupal has issued a pair of updates to address two security vulnerabilities in its online publishing platform. The vulns are a little esoteric, and will not affect most sites, but it's good to patch just in case you later add functionality that can be exploited.…

Cock-up went unnoticed for two Olympics, one World Cup, an EU referendum, and a US presidential election

Twitter has fessed up to a flaw in its Android app that, for more than four years, was making twits' private tweets public. The programming blunder has been fixed.…

Prof Maureen Baker told tribunal info security and clinical safety are two separate things

The founders of medical symptom-checker app Your.MD knew that a number of key medical information databases were "open to anyone who knows the URL", emails seen by a London tribunal have revealed.…