The Register

Subscribe to The Register feed
Biting the hand that feeds IT — Enterprise Technology News and Analysis
Updated: 2 hours 52 min ago

JavaScript-based address bar spoofing vulns patched in Safari, Yandex, Opera

3 hours 55 min ago
Are you where you think you are, or are you where I want you to think you are?

Rapid7 found Apple’s Safari browser, as well as the Opera Mini and Yandex browsers, were vulnerable to JavaScript-based address bar spoofing.…

Categories: News

Palo Alto Networks threatens to sue security startup for comparison review, says it breaks software EULA

Fri, 23/10/2020 - 18:58
'I'm not going to be bullied by someone with deeper pockets' vows Orca boss

Palo Alto Networks has threatened a startup with legal action after the smaller biz published a comparison review of one of its products.…

Categories: News

EU slaps extra sanctions on Russian spy chief and APT28 malware dev over 2015 Bundestag hack

Fri, 23/10/2020 - 17:20
Better late than never, eh

The European Union has imposed sanctions on a Russian military malware developer and the commander of Russia’s MI6 equivalent, a mere five years after the two targeted Germany's parliament with a cyberattack.…

Categories: News

Ed Snowden doesn’t need to worry about being turfed out of Russia any more

Fri, 23/10/2020 - 07:34
Immigration reforms allowing more skilled workers to stay seem to have resulted in permanent residency

Russia has apparently given super-leaker Edward Snowden de facto permanent residence.…

Categories: News

After Dutch bloke claims he hacked Trump's Twitter by guessing password, web biz says there's 'no evidence'

Fri, 23/10/2020 - 06:36
It's saying something when it's easy to believe the US President's passphrase was maga2020!

Donald Trump's Twitter password was easily guessed, and he still isn't using multi-factor authentication, claims a Dutch hacker who on Thursday bragged he broke into the President's account last week. Twitter says it has "no evidence" this claim is true.…

Categories: News

China reveals audit of 320,000 local apps, with 34 booted from app stores and hundreds of devs warned they could suffer same fate

Fri, 23/10/2020 - 05:27
Privacy crackdown in the land of ubiquitous surveillance, where 5G now blankets all cities

Through most of 2020 bans on Chinese apps have meant geopolitical strife, but China yesterday revealed it has started banning some of its own apps.…

Categories: News

After first floating $20bn penalty, DoJ suggests $60m fine for UMC's theft of Micron’s DRAM secrets

Fri, 23/10/2020 - 03:58
Taiwanese chipmaker promises ‘substantial assistance’ in ongoing China IP theft action

Taiwanese chip-maker United Microelectronics Corporation (UMC) will plead guilty to theft of trade secrets from Micron Technologies and pay a $60m fine to the USA.…

Categories: News

Is it Iran or Russia's hackers we need to worry about? The Russians, definitely the Russians, says US intelligence

Fri, 23/10/2020 - 00:39
Energetic Bear team caught breaking into govt systems, no harm done to Nov 3 elections

The FBI and the US government's Cybersecurity and Infrastructure Security Agency on Thursday issued a joint warning that a Kremlin hacking crew is probing or breaking into systems belonging to the US government and aviation industry.…

Categories: News

French IT outsourcer Sopra Steria hit by 'cyberattack', Ryuk ransomware suspected

Thu, 22/10/2020 - 15:37
You know, the firm that runs half of NHS Business Services

French-headquartered IT outsourcer Sopra Steria has been struck by a “cyberattack,” reportedly linked to the Ryuk ransomware gang.…

Categories: News

Samsung to introduce automatic call blocking on Android 11-capable flagships

Thu, 22/10/2020 - 12:44
Yeah I've heard you were in a car accident that wasn't your fault. Is that right? *Click*

Samsung phones will soon come with automatic spam call blocking. The feature, which is part of Samsung Smart Call, will debut on the Galaxy Note20 and will roll out to all new devices released after 2020.…

Categories: News

Iran sent threatening pro-Trump emails to American Democrats, Russia close behind, says US intelligence

Thu, 22/10/2020 - 03:03
No, say it ain't so,

Menacing emails to Democratic voters, telling them to vote for Donald Trump in the upcoming US elections or else, were sent by Iran, US intelligence claimed on Wednesday night.…

Categories: News

Thought the FBI were the only ones able to unlock encrypted phones? Pretty much every US cop can get the job done

Thu, 22/10/2020 - 00:34
Massive public records request reveals scale of warrantless surveillance

Never mind the Feds. American police forces routinely "circumvent most security features" in smartphones to extract mountains of personal information, according to a report that details the massive, ubiquitous cracking of devices by cops.…

Categories: News

Coronavirus outbreak triggered a rush of online attacks against retail loyalty schemes, Akamai reckons

Wed, 21/10/2020 - 21:25
Digital souks are sitting ducks for identity fraudsters

Hackers are breaking into online loyalty card accounts using stolen credentials or easily obtainable information, and then not only ransacking the profiles' balances but also harvesting victims' personal data for subsequent identity theft, Akamai has warned.…

Categories: News

How much does Oracle love you? Thiiiis much: Latest patch bundle has 402 fixes

Wed, 21/10/2020 - 19:32
How many times do you want to read the CVSS rating 9.8 today?

Oracle has released its final quarterly batch of patches for the year for security flaws in its products. The total this time? 402 fixes, the bulk of which are rated critical in terms of severity.…

Categories: News

How cybercriminals play the domain game

Wed, 21/10/2020 - 07:00
And why AI tools will make you less vulnerable

Sponsored  Conventional email security tools are losing the battle against phishing attacks. The cause? Instead of registering a handful of domains from which to conduct their phishing campaigns, many cybercriminals now buy them by the thousand. This approach makes it harder for traditional email protection tools to spot phishing emails among the ‘noise’. Thanks to bulk domain registration services, malicious spammers can tip the balance in their favour through sheer volume.…

Categories: News

OpenStack haven OpenDev yanks Gerrit code review tool after admin account compromised for two weeks

Wed, 21/10/2020 - 03:08
Source warehouse asks users to verify recent project commits to ensure they’re not malicious, which hosts the official OpenStack source code, on Tuesday tore down its Gerrit deployment after realizing it had been secretly hacked two weeks ago.…

Categories: News

Top tip, everyone: Chinese hackers are hitting these 25 vulns, so make sure you patch them ASAP, says NSA

Wed, 21/10/2020 - 00:40
Plus this Chrome one being exploited in the wild, we note

The NSA has blown the lid off 25 computer security vulnerabilities Chinese government hackers are using to break into networks, steal data, and so on. The US super-spies said they went public with their list to help IT staff prioritize bug fixing. That is to say: if you're unsure of which patches to apply, do these first.…

Categories: News

VMware patches, among other things, ESXi flaw that can be abused by miscreants on the network to hijack hosts

Tue, 20/10/2020 - 21:14
Adobe issues out-of-band patches, too, for Photoshop, Illustrator, InDesign, After Effects, etc

Sysadmins responsible for VMware deployments should test and apply the latest security updates for the software.…

Categories: News

Remember insider threat? Old news now. Focus on malware detection, says EU infosec agency

Tue, 20/10/2020 - 16:25
ENISA annual report also calls for better use of threat intel by frontline bods

Insider threats, ransomware and cyber espionage were all in decline in the early part of 2020, according to the EU’s cybersecurity agency – though the risk of an “uncontrolled cyber arms race” among nation states is growing.…

Categories: News

You’ve open sourced your relational database manager with PostgreSQL – but how can you keep it secure?

Tue, 20/10/2020 - 07:00
We'll help you manage risk while chasing your RDBMS dreams

Webcast  There was a time when open source was still – no matter how many decades it had driven software projects – regarded as the playground of hippies and utopians. Bold and brave, yet thrown together, inconsistent and unsecured when compared to more established products.…

Categories: News