The Register

Subscribe to The Register feed
Biting the hand that feeds IT — Enterprise Technology News and Analysis
Updated: 49 min 6 sec ago

Unfixable Apple M1 chip bug enables cross-process chatter, breaking OS security model

Thu, 27/05/2021 - 02:38
M1RACLES flaw looks more embarrassing than dangerous

Apple's Arm-based M1 chip, much ballyhooed for its performance, contains a design flaw that can be exploited to allow different processes to communicate with one another, in violation of operating system security principles.…

Categories: News

What to do about open source vulnerabilities? Move fast, says Linux Foundation expert

Wed, 26/05/2021 - 12:34
The CIO does not decide how soon you need to respond. 'The person who decides is the attacker'

QCon Plus  Automated testing and rapid deployment are critical to defending against vulnerabilities in open source software, said David Wheeler, director of Open Source Supply Chain Security at the Linux Foundation.…

Categories: News

Computer Misuse Act: Tell the Home Office infosec needs a public interest defence in law, says CyberUp campaign

Wed, 26/05/2021 - 10:17
Bug-hunting industry wants to know a bit more before doing that, though

Businesses operating in the word of infosec have been urged to write to the Home Office and support a public interest defence being added to the Computer Misuse Act.…

Categories: News

In-person cybersec training? Yes, it’s back on the agenda this year

Wed, 26/05/2021 - 08:30
SANS brings you face to face with students and instructors – or virtually if you prefer

Promo  The last year has taught us that online training can absolutely deliver the same learning experience as traditional in-person training. But it has also demonstrated how some of us thrive on human interaction, whether it’s with an instructor or simply with your fellow students.…

Categories: News

Contract killer: Certified PDFs can be secretly tampered with during the signing process, boffins find

Wed, 26/05/2021 - 07:46
24 out of 26 tools vulnerable – with bonus JavaScript attack for Adobe

A pair of techniques to surreptitiously alter the content of certified PDFs have been detailed by researchers in Germany.…

Categories: News

VMware reveals critical vCenter hole it says ‘needs to be considered at once’

Wed, 26/05/2021 - 03:04
Unauthenticated remote code execution possible thanks to vSphere Client bug

VMware has revealed a critical bug that can be exploited to achieve unauthenticated remote code execution in the very core of a virtualised system – vCenter Server.…

Categories: News

Snowden was right, rules human rights court as it declares UK spy laws broke ECHR

Tue, 25/05/2021 - 18:08
Says privacy and freedom of expression breached, but upholds sending surveillance product to foreign countries

Surveillance laws permitting GCHQ to operate its Tempora dragnet mass surveillance system broke the law, the European Court of Human Rights has ruled.…

Categories: News

Brit watchdog shows some teeth over McAfee antivirus auto-renewals

Tue, 25/05/2021 - 16:46
Refund rights for customers

The UK's Competition and Markets Authority (CMA) has reached agreement with antivirus vendor McAfee that means some customers whose software subscription was automatically renewed will be able to get a refund.…

Categories: News

South Korea plans large scale quantum cryptography adoption, thanks in part to tech partnership with USA

Tue, 25/05/2021 - 09:33
Also steps into future by allowing plug to be pulled on 2G networks

The Republic of Korea took two bold steps into the future on Tuesday, by announcing that the last of its 2G networks will go offline in June and that it will initiate large-scale adoption of communications protected by quantum encryption.…

Categories: News

Hard cheese: Stilton snap shared via EncroChat leads to drug dealer's downfall

Tue, 25/05/2021 - 07:30
Brit thrown in the clink for 13 years after palm-print lifted from internet photo

A drug dealer's ham-handed OPSEC allowed British police to identify him from a picture of him holding a block of cheese, which led to his arrest, guilty plea, and a sentence of 13 years and six months in prison.…

Categories: News

China’s Digital Yuan not aimed at challenging US dollar, says former People’s Bank governor

Tue, 25/05/2021 - 06:59
It’s all about domestic efficiency, and if that helps China to become a bigger player then so be it

A former governor of the People’s Bank of China has given a speech in which he suggested that China’s Digital Yuan is not intended to increase China’s influence over global financial systems.…

Categories: News

Apple patches macOS flaw exploited by malware to secretly snap screenshots

Mon, 24/05/2021 - 22:43
Bug can also be abused to record audio and video, access files – and iOS, iPadOS updated, too

Apple has patched a hole in macOS that has been exploited by malware to secretly take screenshots on victims' Macs.…

Categories: News

Legacy data protection and modern ransomware? The odds are not in your favor

Mon, 24/05/2021 - 20:00
Join us to learn how to frustrate extortionists in the 2020s

Webcast  On the face of it, blunting a ransomware attack should be straightforward if you’ve got a solid data protection plan in place.…

Categories: News

Icarus moment: Mozilla Thunderbird was saving OpenPGP keys in plaintext after encryption snafu

Mon, 24/05/2021 - 18:15
Cockup has since been patched in latest release

Mozilla Thunderbird spent the last couple of months saving some users’ OpenPGP keys in plain text – but that’s now been patched, the author of both the bug and the patch fixing it has told The Register.…

Categories: News

Apple is happy to diss the desktop – it knows who's got the most to lose

Mon, 24/05/2021 - 10:01
Also: The basic utility of the general purpose OS cannot be sanitised into total safety. Nor should it

Column  You will have noticed that Apple just pushed MacOS under the wolves, thrown it to the bus and left it hanging out to dry like a post-Brexit fishing net.…

Categories: News

Air India admits to data breach impacting 4.5m customers, sat on the news for five weeks

Mon, 24/05/2021 - 06:58
While my SITA gently leaks, customers were unaware their credit card numbers had flown away

India’s flag carrier, Air India, has admitted it fell foul of the data breach at aviation information services provider SITA, and that its disclosure comes five weeks after it was notified of the situation.…

Categories: News

Indonesia’s national health insurance scheme leaks at least a million citizens' records

Mon, 24/05/2021 - 03:28
Tech Ministry trying to figure out just how much personal info has made it onto notorious RaidForums data-mart

Indonesia’s government has admitted to leaks of personal data from the agency that runs its national health insurance scheme…

Categories: News

American insurance giant CNA reportedly pays $40m to ransomware crooks

Sat, 22/05/2021 - 11:22
Plus: Stalkerware even more scummy and ExifTool needs patching

In brief  CNA Finaincial, the US insurance conglomerate, has apparently paid $40m to ransomware operators to gets its files back.…

Categories: News

UK Computer Misuse Act convictions declined last year despite pandemic explosion in online criminal activity

Fri, 21/05/2021 - 16:32
And less than a fifth of CMA crims copped jail terms

Prosecutions under the UK's Computer Misuse Act (CMA) dropped by a fifth in 2020 even as conviction rates soared to 95 per cent during the year of the pandemic, new statistics have revealed.…

Categories: News

Here's how we got persistent shell access on a Boeing 747 – Pen Test Partners

Fri, 21/05/2021 - 12:50
In-flight entertainment system ran Windows NT4 – and almost defied access attempts

Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after using a vulnerability dating back to 1999.…

Categories: News