The Register

Are you where you think you are, or are you where I want you to think you are?

Rapid7 found Apple’s Safari browser, as well as the Opera Mini and Yandex browsers, were vulnerable to JavaScript-based address bar spoofing.…

'I'm not going to be bullied by someone with deeper pockets' vows Orca boss

Palo Alto Networks has threatened a startup with legal action after the smaller biz published a comparison review of one of its products.…

Better late than never, eh

The European Union has imposed sanctions on a Russian military malware developer and the commander of Russia’s MI6 equivalent, a mere five years after the two targeted Germany's parliament with a cyberattack.…

Immigration reforms allowing more skilled workers to stay seem to have resulted in permanent residency

Russia has apparently given super-leaker Edward Snowden de facto permanent residence.…

It's saying something when it's easy to believe the US President's passphrase was maga2020!

Donald Trump's Twitter password was easily guessed, and he still isn't using multi-factor authentication, claims a Dutch hacker who on Thursday bragged he broke into the President's account last week. Twitter says it has "no evidence" this claim is true.…

Privacy crackdown in the land of ubiquitous surveillance, where 5G now blankets all cities

Through most of 2020 bans on Chinese apps have meant geopolitical strife, but China yesterday revealed it has started banning some of its own apps.…

Taiwanese chipmaker promises ‘substantial assistance’ in ongoing China IP theft action

Taiwanese chip-maker United Microelectronics Corporation (UMC) will plead guilty to theft of trade secrets from Micron Technologies and pay a $60m fine to the USA.…

Energetic Bear team caught breaking into govt systems, no harm done to Nov 3 elections

The FBI and the US government's Cybersecurity and Infrastructure Security Agency on Thursday issued a joint warning that a Kremlin hacking crew is probing or breaking into systems belonging to the US government and aviation industry.…

You know, the firm that runs half of NHS Business Services

French-headquartered IT outsourcer Sopra Steria has been struck by a “cyberattack,” reportedly linked to the Ryuk ransomware gang.…

Yeah I've heard you were in a car accident that wasn't your fault. Is that right? *Click*

Samsung phones will soon come with automatic spam call blocking. The feature, which is part of Samsung Smart Call, will debut on the Galaxy Note20 and will roll out to all new devices released after 2020.…

No, say it ain't so, maga_christ9000@post.ir

Menacing emails to Democratic voters, telling them to vote for Donald Trump in the upcoming US elections or else, were sent by Iran, US intelligence claimed on Wednesday night.…

Massive public records request reveals scale of warrantless surveillance

Never mind the Feds. American police forces routinely "circumvent most security features" in smartphones to extract mountains of personal information, according to a report that details the massive, ubiquitous cracking of devices by cops.…

Digital souks are sitting ducks for identity fraudsters

Hackers are breaking into online loyalty card accounts using stolen credentials or easily obtainable information, and then not only ransacking the profiles' balances but also harvesting victims' personal data for subsequent identity theft, Akamai has warned.…

How many times do you want to read the CVSS rating 9.8 today?

Oracle has released its final quarterly batch of patches for the year for security flaws in its products. The total this time? 402 fixes, the bulk of which are rated critical in terms of severity.…

And why AI tools will make you less vulnerable

Sponsored  Conventional email security tools are losing the battle against phishing attacks. The cause? Instead of registering a handful of domains from which to conduct their phishing campaigns, many cybercriminals now buy them by the thousand. This approach makes it harder for traditional email protection tools to spot phishing emails among the ‘noise’. Thanks to bulk domain registration services, malicious spammers can tip the balance in their favour through sheer volume.…

Source warehouse asks users to verify recent project commits to ensure they’re not malicious

OpenDev.org, which hosts the official OpenStack source code, on Tuesday tore down its Gerrit deployment after realizing it had been secretly hacked two weeks ago.…

Plus this Chrome one being exploited in the wild, we note

The NSA has blown the lid off 25 computer security vulnerabilities Chinese government hackers are using to break into networks, steal data, and so on. The US super-spies said they went public with their list to help IT staff prioritize bug fixing. That is to say: if you're unsure of which patches to apply, do these first.…

Adobe issues out-of-band patches, too, for Photoshop, Illustrator, InDesign, After Effects, etc

Sysadmins responsible for VMware deployments should test and apply the latest security updates for the software.…

ENISA annual report also calls for better use of threat intel by frontline bods

Insider threats, ransomware and cyber espionage were all in decline in the early part of 2020, according to the EU’s cybersecurity agency – though the risk of an “uncontrolled cyber arms race” among nation states is growing.…

We'll help you manage risk while chasing your RDBMS dreams

Webcast  There was a time when open source was still – no matter how many decades it had driven software projects – regarded as the playground of hippies and utopians. Bold and brave, yet thrown together, inconsistent and unsecured when compared to more established products.…