The Register

Subscribe to The Register feed
Biting the hand that feeds IT — sci/tech news and views for the world
Updated: 35 min 15 sec ago

Uncle Sam blames best pal China as Taidoor crew's dirty RAT takes aim at Western orgs, but others are less sure

2 hours 13 min ago
Hello, 2009 called, they said they've got an email for you

A Chinese state-backed hacking crew named Taidoor is deploying a custom remote access trojan (RAT) against Western organisations, according to US authorities.…

Categories: News

Doctor, doctor, got some sad news, there's been a bad case of hacking you: UK govt investigates email fail

9 hours 19 min ago
Former trade minister Dr. Liam Fox named as source of leaked trade docs

Former UK trade minister and current Conservative MP Dr. Liam Fox has been named as the source of hacked trade documents released during last year's British elections.…

Categories: News

Leaky S3 buckets have gotten so common that they're being found by the thousands now, with lots of buried secrets

16 hours 32 min ago
When will this madness end?

The massive amounts of exposed data on misconfigured AWS S3 storage buckets is a catastrophic network breach just waiting to happen, say experts.…

Categories: News

Days after Trump suggests pausing election over security, US House passes $500m for states to do just that

Mon, 03/08/2020 - 21:51
Chances of it getting enacted in time for the election - slim to almost nil

The US House of Representatives has passed a spending bill which includes a $500m election security provision.…

Categories: News

UK Defence Committee chair muses treating TikTok like Huawei: So eyeball its code then ban it from the country?

Mon, 03/08/2020 - 18:36
Chinese-owned vid app reportedly moving HQ to London

The chairman of UK Parliament's Defence Committee has suggested making popular app TikTok subject to Huawei-style code reviews by GCHQ, if its reported move to a new London HQ comes true.…

Categories: News

Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns

Mon, 03/08/2020 - 16:44
OpenSSF to take projects from CII and OSSC under its umbrella

The Linux Foundation has formed the Open Source Security Foundation (OpenSSF) with founding board members representing companies including IBM, GitHub, Google, JPMorgan Chase, Microsoft, NCC Group, and Red Hat.…

Categories: News

'We stopped ransomware' boasts Blackbaud CEO. And by 'stopped' he means 'got insurance to pay off crooks'

Mon, 03/08/2020 - 15:02
CRM biz doesn't 'anticipate any kind of material financial impact' but can't say same for those whose data was nicked

"We discovered and stopped a sophisticated attempted ransomware attack," Blackbaud CEO Michael Gianoni has told financial analysts – failing to mention the company simply paid off criminal extortionists to end the attack.…

Categories: News

Oh cool, more Cisco patches to apply. Happy Monday

Mon, 03/08/2020 - 07:03
Meanwhile, Linux KDE desktops can be pwned by evil archives

In Brief  Cisco customers once again find themselves needing to patch critical vulnerabilities in Switchzilla's gear.…

Categories: News

Who was behind that stunning Twitter hack? State spies? Probably this Florida kid, say US prosecutors

Fri, 31/07/2020 - 23:28
Alleged 17-year-old mastermind among trio charged over account mass hijackings

Three individuals were charged on Friday for allegedly hijacking a string of high-profile Twitter accounts after hoodwinking the social network's staff.…

Categories: News

First rule of Ransomware Club is do not pay the ransom, but it looks like Carlson Wagonlit Travel didn't get the memo

Fri, 31/07/2020 - 13:50
$4.5m may have gone into crims' pockets after bookings biz hit by Ragnar Locker nasty

Exclusive  US corporate travel management firm Carlson Wagonlit Travel has suffered an intrusion and it is believed the company paid a $4.5m ransom to get its data back.…

Categories: News

Burn baby burn, plastic inferno! Infosec researchers turn 3D printers into self-immolating suicide machines

Fri, 31/07/2020 - 11:15
Inflammatory findings from deadly serious investigation

Some 3D printers can be flashed with firmware updates downloaded directly from the internet – and an infosec research firm says it has discovered a way to spoof those updates and potentially make the printer catch fire.…

Categories: News

In the market for a second-hand phone? Check it's still supported by the vendor – almost a third sold are not

Fri, 31/07/2020 - 09:30
That means no security updates, which puts users at risk of compromise

An investigation by consumer watchdog Which? has found that nearly a third of all phones sold on second-hand sites are no longer supported by the vendor, leaving punters at risk of being hacked.…

Categories: News

EU tries to get serious on cybercrime with first sanctions against Wannacry, NotPetya, CloudHopper crews

Fri, 31/07/2020 - 08:55
Russian, Chinese, Nork groups named in bank asset freeze

The European Union has, for the first time ever, slapped sanctions on hacking crews.…

Categories: News

Fun fact: If you noticed a while ago Zoom's web client going AWOL for a week, it's because someone found a passcode-cracking hole

Fri, 31/07/2020 - 07:25
Story behind a hasty teardown, fixing of a brute-force vulnerability

Zoom has confirmed it fixed a vulnerability that could have been exploited by miscreants to crack the passcodes needed to access strangers' private chin-wagging.…

Categories: News

Twitter says spear-phishing attack hooked its staff and led to celebrity account hijack

Fri, 31/07/2020 - 06:27
Attack came in waves that probed for staff with access to the creds crims craved

Twitter has offered further explanation of the celebrity account hijack hack that saw 130 users’ timelines polluted with a Bitcoin scam.…

Categories: News

Infosec bod: I've found zero-day flaws in Tor's bridge relay defenses. Tor Project: Only the zero part is right

Thu, 30/07/2020 - 23:08
Warnings either not new or need more study, reckons open-source dev team

Neal Krawetz, a computer forensics expert, has published details on how to detect Tor bridge network traffic that he characterizes as "zero-day exploits"... which the Tor Project insists are nothing of the sort.…

Categories: News

If you own one of these 45 Netgear devices, replace it: Firm won't patch vulnerable gear despite live proof-of-concept code

Thu, 30/07/2020 - 12:28
That's one way of speeding up the tech refresh cycle

Netgear has quietly decided not to patch more than 40 home routers to plug a remote code execution vulnerability – despite security researchers having published proof-of-concept exploit code.…

Categories: News

DXC says ransomware attack disrupted customer operations at insurance services arm but barely left a scratch

Thu, 30/07/2020 - 08:29
No data loss or evidence of extended intrusions, but standalone limb Xchanging did suffer

DXC has recovered from a ransomware attack that hit its independent services-for-insurers operation Xchanging.…

Categories: News

YOU... SHA-1 NOT PASS! Microsoft magics away demonic hash algorithm from Windows updates, apps

Wed, 29/07/2020 - 21:37
Because no one likes to install spoof system files

Microsoft is preparing to once and for all drop support for the SHA-1 hash algorithm.…

Categories: News

GRUB2, you're getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a system

Wed, 29/07/2020 - 18:00
We're gonna keeping punning this until someone pays us $5m

An annoying vulnerability in the widely used GRUB2 bootloader can be potentially exploited by malware or a rogue insider already on a machine to thoroughly compromise the operating system or hypervisor while evading detection by users and security tools.…

Categories: News