Security > More stories

china hacker

Chinese IT security bods accused of siphoning US GPS, biz blueprints

Three Chinese nationals went on a six-year hacking spree against American targets, siphoning financial reports and tech blueprints, US prosecutors allege. Wu Yingzhuo, Dong Hao and Xia Lei, all thought to be residing in the city of Guangzhou, China, stand accused of eight counts of conspiracy to commit computer fraud and …
Iain Thomson, 28 Nov 2017
Uber office in San Francisco

Uber, quit shoveling money into the fire for one second and explain that hack – US senators

Five US senators on Monday asked ersatz taxi biz and lawsuit magnet Uber to provide more details about how it allowed hackers in 2016 to pilfer personal information for 57 million customers and drivers. The data theft, revealed last week and not to be confused with a May 2014 security blunder, led to a $100,000 bung to the …
Thomas Claburn, 28 Nov 2017

Bulletproof Coffee lacks bulletproof security: Nerd brain juice biz hacked, cards gulped

The Silicon Valley-backed nutrition upstart specializing in butter-infused coffee says evil code injected into its website was covertly gulping customers' payment card details for months. Bulletproof 360 Inc., purveyors of the fatty coffee touted as a wonder-treatment for mental clarity and weight loss, admitted that from May …
Shaun Nichols, 27 Nov 2017

That $10,000 Facebook bug: Photos shafted, addicts screwed by polls

A security researcher found a way to delete any picture on Facebook, irrespective of whether it's public or private, by cunning use of polls. Pouya Daribi was digging around in the software used by Facebook users to set up quick opinion polls on their profile pages. When creating these informal surveys, the social media …
Iain Thomson, 27 Nov 2017
Barracuda_cloud_sea

Barracuda gobbled up by private equity sharks

Private equity biz Thoma Bravo is buying slow-growth Barracuda Networks for $1.6bn in cash. Barracuda is a $400m-run-rate business based in Campbell, California, USA, that sells data protection and security products. It has been making a move to flogging subscriptions as its customers move away from appliances, preferring to …
Chris Mellor, 27 Nov 2017
NHS hosptial photo, by Marbury via Shutterstock

Looking for scrubs? Nah, NHS wants white hats – the infosec techie kind

The UK's National Health Service will pay white hat hackers up to £20m to protect its IT systems, it announced today. NHS Digital is looking to make a deal with consultants to create a security operations centre, which it says will ensure the safety of staff and patient data nationwide. Speaking to The Telegraph, NHS Digital …
Richard Priday, 27 Nov 2017
Business man dressed as a clown

Don't shame idiots about their idiotically weak passwords

Attempting to scare people by telling them their password choices are stupid or easily guessable is counterproductive: because it serves only to reassure them that they are just like everyone else. By saying users are stupid, you perpetuate a stereotype that people are the problem, according to Dr Jessica Barker. Security …
John Leyden, 27 Nov 2017
Password

.GIF garage Imgur plugs 1.7 million-subscriber creds breach

The world's self-described “most awesome” collection of images, Imgur, has confessed to leaking 1.7 million user records in 2014. The company was advised of the breach by HaveIBeenPwned administrator Troy Hunt on November 23, 2017. Imgur's chief operating officer Roy Sehgal posted confirmation of the breach. Hunt took to …
bomb

Exim-ergency! Unix mailer has RCE, DoS vulnerabilities

Sysadmins who tend Exim servers have been advised to kick off their working weeks with the joy of patching. The popular (if relatively low-profile) Internet mail message transfer agent (MTA) advised of flaws in a Black Friday post to its public bugtracker, which as contributor Phil Pennock said in this message came without any …

Seek 'passion' and tech skills will follow, say recruiting security chiefs

Plugging the infosec skills gap with expensive consultants or by trying to hire already skilled people won't fix recruitment headaches, Thom Langford, CISO at Publicis Groupe, insisted at the #IRISSCERT conference in Dublin this week. He argued that the industry should be looking for "passionate people and inspire them", …
John Leyden, 24 Nov 2017
All UK police forces use Tetra

UK emergency crews get 4G smartmobes as monkeys attempt to emerge from Reg's butt

The British emergency services are to be equipped with 4G phones thanks to a new handheld device contract with Samsung worth up to £210m. The deal with the South Korean company will last for at least three years, with a potential to provide up to 250,000 phones, which is part of a continuing £1.2bn project to replace the …
Richard Priday, 24 Nov 2017
EU flag photo via Shutterstock

EU's data protection bods join the party to investigate Uber breach

The massive Uber data breach will be discussed by the European Union's data protection authorities next week. The group, known as the Article 29 Working Party, is meeting on November 28-29 and has put the hack, which affected 57 million users, high on its agenda. A spokeswoman for the group, which is chaired by Isabelle …
Rebecca Hill, 24 Nov 2017

'Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal

The world has never been so dependent on computers, networks and software so ensuring the security and availability of those systems is critical. Despite this, major security events resulting in loss of data, services, or financial loss are becoming increasingly commonplace. Brian Honan, founder and head of Ireland's first …
John Leyden, 24 Nov 2017
Spraying bugs with insecticide

Linus Torvalds on security: 'Do no harm, don't break users'

Linus Torvalds has offered a lengthy explanation of his thoughts on security, in which he explained a calmer and more detailed version of his expletive-laden thoughts on the topic earlier this week. Torvalds was angry that developers wanted to kill dangerous processes in Linux, a measure that would have removed potential …
Simon Sharwood, 24 Nov 2017
Data breach

Firefox to warn users who visit p0wned sites

Mozilla developer Nihanth Subramanya has revealed the organisation's Firefox browser will soon warn users if they visit sites that have experienced data breaches that led to user credential leaks. A recently-released GitHub repo titled “Breach Alerts Prototype” revealed “a vehicle for prototyping basic UI and interaction flow …
Simon Sharwood, 24 Nov 2017
HMS Duncan, Type 45 destroyer. Crown copyright

Royal Navy destroyer leaves Middle East due to propeller problems

A Type 45 destroyer has been recalled to Britain with propeller problems, leaving the Royal Navy's traditional "east of Suez" deployment without proper warship cover. As revealed in The Times, HMS Diamond is on her way back to the UK after a propeller problem proved too much for the ship's crew to repair on their own. The …
Gareth Corfield, 23 Nov 2017
Welders wearing protective clothing fixing welding and grinding industrial construction oil and gas or water and sewerage plumbing pipeline outside on site. Photo by Andrea Slatter/Shutterstock

'Data is the new oil': F-Secure man on cartels, disinformation and IoT

Questions about cyber influence continue to cloud last year's US presidential elections and recently similar allegations have been levelled against the Brexit vote. Mexican armed forces are apprehensive about upcoming elections in that country but it's not the US or the Russians they are worried about – it's the cartels. Mikko …
John Leyden, 23 Nov 2017

To fix Intel's firmware fiasco, wait for Christmas Eve or 2018

The world's top PC-makers have started to ship fixes for the multiple flaws in Intel's CPUs, but plenty won't land until 2018. As Intel admitted on Monday, multiple flaws in its Management Engine, Server Platform Services, and Trusted Execution Engine make it possible to run code that operating systems – and therefore …
Simon Sharwood, 23 Nov 2017
Scary Skeleton Samba

Samba needs two patches, unless you're happy for SMB servers to dance for evildoers

It’s time to patch Samba again - or turn off SAMBA 1, which is never as easy as it sounds. The lid came off the issue a couple of days ago, when the big Linux distributions (Red Hat, Ubuntu, Debian and so on) rolled out fixes for a use-after-free error affecting all versions of SAMBA since 4.0 (published in 2012). The bug …

Devs working to stop Go math error bugging crypto software

Consider this an item for the watch-list, rather than a reason to hit the panic button: a math error in the Go language could potentially affect cryptographic libraries. Security researcher Guido Vranken (who earlier this year fuzzed up some bugs in OpenVPN) found an exponentiation error in the Go math/big package. Big …

Permissionless data slurping: Why Google's latest bombshell matters

Comment According to an old Chinese proverb: "When a wise man points at the Moon, an idiot looks at his finger." Google may have been hoping that you were examining a finger, not reading a Quartz story yesterday, which reveals how Android phones send location data to Google without you even knowing it. Google received the data even if …
Andrew Orlowski, 22 Nov 2017
An angry woman steaming from the ears

You're such a goober, Uber: UK regulators blast hushed breach

Brit regulators, security agencies and MPs have slammed Uber for covering up the massive data breach of 57 million customer and driver records. The company – already in hot water in London for its failure to toe the regulatory lines required of a taxi firm – has been widely condemned for concealing the 2016 breach. The UK's …
Rebecca Hill, 22 Nov 2017
The UK's sole F-35B in flight. Crown copyright

Possible cut to British F-35 order considered before Parliament

Rising costs might force the UK to reduce its order of F-35 fighter jets, the House of Commons has been told. Lieutenant General Mark Poffley, chief of British military capability, told the Commons Defence Committee that he was "sympathetic" to the idea of reducing Britain's planned order of 138 F-35B jets. The short takeoff …
Gareth Corfield, 22 Nov 2017
Cyber

Loake Shoes admits: We've fallen victim to cybercrims

Miscreants, hackers – call 'em what you will – have pilfered email addresses from an unknown number of Loake Shoes customers. In a letter sent to punters on its database – seen by The Register – the premium footwear maker said it has been "the victim of a cyber attack". "Despite having stringent security measures in place, …
Andrew Silver, 22 Nov 2017

Once more unto the breach: El Reg has a go at crisis management

Hacks played representatives of a hacked company in an incident response exercise run by F-Secure this week. The Live Security product interactive workshop was based on an actual customer experience adapted for a media audience. Around 20 members of the international media became the board members and managers of a company …
John Leyden, 22 Nov 2017

Crypto-jackers enlist Google Tag Manager to smuggle alt-coin miners

Crypto-jackers using Coin Hive code to secretly mine Monero via computing power supplied by the unsuspecting have found Google Tag Manager to be a convenient means of distribution. Security researcher Troy Mursch told The Register that he recently found Coin Hive's free-to-use JavaScript running on the Globovisión website – …
Thomas Claburn, 22 Nov 2017
Smartphone showing Chinese flag

Apple: Sure, we banned VPN iOS apps in China, but, um, er, art!

Apple has told the US government it cooperated with China's demands to block VPN services so it could get other concessions from the Middle Kingdom on human rights. The Cupertino watchmaker said in a letter [PDF] to Senators Patrick Leahy (D-VT) and Ted Cruz (R-Zodiac) that while it did cave to China's demands it axe VPN apps …
Shaun Nichols, 22 Nov 2017
HBO: Game of Thrones

Iranian military hacker fingered for 'Game of p0wns' HBO leak

The United States' Department of Justice has identified a suspect in July's attack on Home Box Office, naming an Iranian national, Behzad Mesri, in an indictment unsealed Tuesday, November 21. Announcing the charges, acting Manhattan US attorney Joon Kim said Mesri is “had previously hacked computer systems for the Iranian …
No bugs sign

Microsoft says Win 8/10's weak randomisation is 'working as intended'

Microsoft has rebutted analysis that suggested its Address Space Layout Randomisation (ASLR) technology could be exploited. Redmond's response, posted here, was that ASLR is working as intended, and that the lack of randomisation discovered by Will Dormann - with assistance from Matt Miller of Microsoft - was a feature, not a …
Android 6 Marshmallow Logo

Wait, did Oracle tip off world to Google's creepy always-on location tracking in Android?

Analysis Having evidently forgotten about that Street View Wi-Fi-harvesting debacle, Google has admitted constantly collecting the whereabouts of Android devices regardless of whether or not they have location tracking enabled. Between 2007 and 2010, during the debut of its Street View service, Google gathered all the Wi-Fi network …
Thomas Claburn, 22 Nov 2017

Uber: Hackers stole 57m passengers, drivers' info. We also bribed the thieves $100k to STFU

Uber's CEO Dara Khosrowshahi today revealed hackers broke into the ride-hailing app's databases and stole personal information on 57 million passengers and drivers – information including names, email addresses, and phone numbers. And the cyber-thieves made off with 600,000 US driver records that included their license numbers …

National Cyber Security Centre boss: For the love of $DEITY, use 2FA on your emails, peeps

The chief exec of the National Cyber Security Centre – a branch of the UK's spy nerve-centre GCHQ – has called on everyone to enable two-factor authentication for their emails. This follows revelations that almost the entire population's details are available for sale on the dark web. Speaking at the Parliament and Internet …
Kat Hall, 21 Nov 2017
Cthulu emerges from a printer. Image created by illustrator Andy Davies. Copyright: The Register

Patch on way 'this week' for HP printer vulns

Updated Sysadmins have been advised to watch for a coming HP printer firmware update that will plug a remote code execution vulnerability (among others) in its MFP-586 and the M553 printers. News of the threat emerged from a Foxglove Security deep-dive into printer security that saw the researchers warn HP of problems in August. The …
Dice fail randomness

Microsoft's memory randomization security defense is a little busted in Windows 8, 10

A Carnegie-Mellon CERT researcher has discovered that Microsoft broke some use-cases for its Address Space Layout Randomisation (ASLR) mechanism, designed to severely hamper hackers' attempts to exploit security bugs. The programming blunder is simple: as of Windows 8, a flaw in Microsoft's system-wide mandatory ASLR …
Haswell E5-2600 series die

Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

Intel today admitted its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to multiple worrying security flaws, based on the findings of external security experts. The firmware-level bugs allow logged-in administrators, and malicious or hijacked high-privilege processes, …
Thomas Claburn, 20 Nov 2017
Police officers in bodu armour mill around in field

Cops jam a warrant into Apple to make it cough up Texas mass killer's iPhone, iCloud files

Texas Rangers have obtained a search warrant for the contents of a blood-splattered iPhone SE belonging to gunman Devin Kelley who killed 26 people in a murder-suicide at a church. Over the weekend, the US state's cops served the Cupertino phone-flinger a warrant demanding photos, messages and other potential evidence on …
Shaun Nichols, 20 Nov 2017

Biting the hand that feeds IT ? 1998–2017

<option id="haujiCA"></option>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"><small id="haujiCA"></small></acronym><tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"></acronym><acronym id="haujiCA"></acronym><rt id="haujiCA"></rt>
<acronym id="haujiCA"><optgroup id="haujiCA"></optgroup></acronym>
<acronym id="haujiCA"></acronym>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<rt id="haujiCA"></rt>
  • 325735831 2018-01-17
  • 162536830 2018-01-17
  • 48476829 2018-01-17
  • 804110828 2018-01-17
  • 74358827 2018-01-17
  • 613608826 2018-01-17
  • 955358825 2018-01-17
  • 318587824 2018-01-17
  • 196263823 2018-01-17
  • 409554822 2018-01-17
  • 765918821 2018-01-17
  • 179475820 2018-01-17
  • 49709819 2018-01-17
  • 376285818 2018-01-17
  • 299958817 2018-01-17
  • 686135816 2018-01-17
  • 197409815 2018-01-17
  • 734421814 2018-01-17
  • 33320813 2018-01-17
  • 159501812 2018-01-17