Security News • The Register

Security

Bug in WebKit's IndexedDB implementation makes Safari 15 leak Google account info... and more

Glitch is spilling private data and there's not much Apple users can do about it

17 Jan 18:31 | 8

Ukraine blames Belarus for PC-wiping 'ransomware' that has no recovery method and nukes target boxen

And for last week's digital graffiti operations, too

17 Jan 16:24 | 7

Umbrella company Parasol Group confirms cyber attack as 'root cause' of prolonged network outage

'Malicious activity on our network' spotted, says CEO, as some contractors say they've still not been paid

17 Jan 13:28 | 9

North Korea pulled in $400m in cryptocurrency heists last year – report

Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

16 Jan 11:01 | 20

Russia starts playing by the rules: FSB busts 14 REvil ransomware suspects

Cybercrook gang has 'ceased to exist' says Putin's military service

14 Jan 21:01 | 50

Multi-day IT systems outage whacks umbrella biz Parasol Group amid fears of a cyber attack

Contractors say they haven't been paid, and are in the dark too

14 Jan 16:30 | 16

Ukraine shrugs off mass govt website defacement as world turns to stare at Russia

Despite threatening messages nothing's been leaked, say victims

14 Jan 15:49 | 28

Visibility, immutability, security … a revolutionary approach to fighting off ransomware

This webinar shows how throwing up barricades isn’t enough anymore

Federal Communications Commission proposed stricter rules on how telco carriers should report data breaches

Customers shouldn't need to wait seven days before being told

13 Jan 22:42 | 5

Orca Security tells AWS fail tale with a happy ending

Those critical AWS flaws that exposed data and broke tenant separation? All fixed!

13 Jan 21:02 | 4

Continuous security and compliance for hybrid cloud, the Red Hat way

Tune in, turn on, run in the background, using Red Hat DevSecOps framework

Ukrainian cops nab husband and wife suspected to be part of $1m ransomware operation

Plus three other suspects nicked in raids today

13 Jan 15:31 | 5

Austrian watchdog rules German company's use of Google Analytics breached GDPR by sending data to US

Schrems II ruling continues to trouble transatlantic data sharing

13 Jan 14:48 | 43

Admins report Hyper-V and domain controller issues after first Patch Tuesday of 2022

Start as you mean to go on, Microsoft

13 Jan 13:17 | 28

Volunteer Dutch flaw finders bag $100k to forward national bug bounty goal

Huntress Labs tips some loose change into vuln-spotters' cup

Ransomware puts New Mexico prison in lockdown: Cameras, doors go offline

Bernalillo County's Metropolitan Detention Center still recovering from infection

12 Jan 22:03 | 22

Ransomware demands… a new approach to security

Spending more time thinking about trust could mean spending less cash on ransom

Info-saturated techie builds bug alert service that phones you to warn of new vulns

Or SMSes, if the idea of midnight robot calls worries you

12 Jan 11:02 | 10

Microsoft starts 2022 with big bundle fixes for 96 security bugs in its software

Nothing is certain except death, taxes, and programming errors

12 Jan 01:14 | 11

Make sure you're up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out

Nothing like topping off unauth'd remote code execution with a su password of ... password

11 Jan 22:46 | 1

Popular

North Korea pulled in $400m in cryptocurrency heists last year – report

Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

Planning for power cuts? That's strictly for the birds

Please Mr Hitchcock, no more. The UPS can't take it

Epoch-alypse now: BBC iPlayer flaunts 2038 cutoff date, gives infrastructure game away

Nobody expects the Linux malposition, do they, Michael Palin?

Open source, closed wallets, big profits – nobody wins the OSS rock, paper, scissors game

Stop horsing around. Pony up

Email blocklisting: A Christmas gift from Microsoft that Linode can't seem to return

Sorry, that IP address is on the naughty step

Umbrella company Parasol Group confirms cyber attack as 'root cause' of prolonged network outage

'Malicious activity on our network' spotted, says CEO, as some contractors say they've still not been paid

Ukraine blames Belarus for PC-wiping 'ransomware' that has no recovery method and nukes target boxen

And for last week's digital graffiti operations, too

Edge computing set for growth – that is, when we can agree what it is

Analyst predicts double-digit percentage uptick in '22

Buy 'em by the punnet: Raspberry Pi offers RP2040 chips in bulk

'Reel'-y cheap – like $0.70 a pop

Bug in WebKit's IndexedDB implementation makes Safari 15 leak Google account info... and more

Glitch is spilling private data and there's not much Apple users can do about it

MORE
STORIES

EU data watchdog to Europol: You've helped yourself to too much data

Law enforcement agency now has one year to delete any data older than 6 months not related to criminal activity

11 Jan 11:47 | 8

Secure boot for UK electric car chargers isn't mandatory until 2023 – but why the delay?

Good: New requirements in new law. Bad: Grace period

11 Jan 10:17 | 108

Four million outdated Log4j downloads were served from Apache Maven Central alone despite vuln publicity blitz

It's not as though folks haven't been warned about this

11 Jan 08:27 | 20

Signal CEO Moxie Marlinspike resigns, leaves WhatsApp co-founder to run things until a successor is named

Departure comes as app courts controversy by integrating private cryptocurrency scheme

11 Jan 01:02 | 60

Avira also mines imaginary internet money on customers' PCs

Who should your PC work for: you, or your antivirus vendor?

10 Jan 18:36 | 45

China puts Walmart in the naughty corner, citing 19 alleged cybersecurity 'violations'

Warning comes weeks after govt body accused subsidiary Sam’s Club of 'ulterior motive' in goods stocking spat

10 Jan 13:35 | 17

GCHQ was rebuked for ignoring spy law safeguards as pandemic hit Britain

Auditor IPCO flagged it up – but then approved 99.94% of state snooping

10 Jan 12:47 | 21

No defence for outdated defenders as consumer AV nears RIP

How sad would you be to see AV go? Us neither

10 Jan 10:00 | 90

WebSpec, a formal framework for browser security analysis, reveals new cookie attack

Boffins in Vienna devise way to make software prove how it behaves

08 Jan 08:45 | 23

Salesforce mandates MFA by default

Thales: ‘Significant change in security culture'

Your backups can save you from ransomware. But how do you protect your backups?

Immutability, analytics, and a complete lack of trust…

You better have patched those Log4j holes or we'll see what a judge has to say – FTC

Apply fixes responsibly in a timely manner or face the wrath of Lina Khan

05 Jan 22:30 | 9

US Army journal's top paper from 2021 says Taiwan should destroy TSMC if China invades

No more chip factories would surely change Beijing's mind about unification

05 Jan 19:01 | 85

Remember Norton 360's bundled cryptominer? Irritated folk realise Ethereum crafter is tricky to delete

Disable anti-tamper features first and you'll be all right

05 Jan 15:56 | 68

Windows giant seeks Pluton-ic relationship with chipmaker: AMD first out of the gates with Microsoft's security processor

Yes, you're going to have to get a new CPU (again)

05 Jan 12:11 | 37

How ransomware gangs went pro

They're developing new techniques 'in every area' says Darktrace

SlimPay fined €180k after 12 million customers' bank data publicly accessible for 5 years

French regulator's investigation finds multiple breaches of GDPR

04 Jan 17:33 | 13

John Edwards takes the reins at the UK's data protection watchdog

Information Commissioner faces a year of upheaval in data law

04 Jan 13:58 | 14

Four years: That's how long Azure's App Service had a source code leak bug

Firm that found the flaw also spotted ChaosDB and OMIGOD, confident this one’s been exploited

24 Dec 06:01 | 7

Fisher Price's Bluetooth reboot of pre-school play phone has adult privacy flaw

‘Chatter’ can be bugged thanks to kindergarten-grade security

23 Dec 08:02 | 94

Alibaba Cloud slapped by Chinese ministry for mishandling Log4j

Beijing's not saying what cloudy contender did wrong

23 Dec 05:58 | 12

Of course a Bluetooth-using home COVID test was cracked to fake results

The Ellume COVID-19 Home Test was connected to the internet of woefully insecure things for a while

22 Dec 03:58 | 25

How to tackle hybrid cloud security and DevSecOps

Putting the Sec into DevOps is key, says Red Hat

Belgian defence ministry admits attackers accessed its computer network by exploiting Log4j vulnerability

Perpetrators' ID unknown, however

21 Dec 12:33 | 60

UK National Crime Agency finds 225 million previously unexposed passwords

Shares them with Troy Hunt’s Have I Been Pwned after sweeping them up from ‘compromised cloud storage’

21 Dec 07:10 | 54

US bags Russian accused of bagging millions after stealing pre-release financial filings

Swiss cough up accused crim while Russia is 'deeply disappointed'

20 Dec 22:23 | 27

Police National Computer not pwned by Clop ransomware crims, insists Home Office

Scottish MSP Dacoll was hit, however

20 Dec 15:51 | 20

How to keep on top of cloud security best practices

Trend Micro outlines common misconfigurations and how to avoid them

VMware 2FA flaw can divulge that vital second credential to malicious actors

Plus: Deep dive into the NSO Group's zero-click exploit and 'Hack the DHS!'

20 Dec 07:02 | 12

Bad things come in threes: Apache reveals another Log4J bug

Third major fix in ten days is an infinite recursion flaw rated 7.5/10

19 Dec 22:57 | 36

US distrust of Huawei linked in part to malicious software update in 2012

Report claims Huawei techs working for Chinese intelligence compromised Australian telco

18 Dec 11:01 | 68

CISA issues emergency directive to fix Log4j vulnerability

Federal agencies have a week to get their systems patched

17 Dec 21:29 | 12

RAF shoots down 'terrorist drone' over US-owned special ops base in Syria

£200k Anglo-French heat-seeking missile does its thing

17 Dec 15:29 | 112

Over Log4j? VMware has another critical flaw for you to patch

Workspace ONE Unified Endpoint Management can leak info via server-side request forgery

17 Dec 02:28 | 6

Facebook locks out 1,500 fake accounts used by cyber-spy firms to snoop on people, alerts 50k potential targets

Meta adverse to internet mercenaries using its social networks to help governments violate human rights

17 Dec 01:41 | 25

Why ransomware attacks happen out of hours or during the holidays

Security teams have a choice to make – and doing nothing is not an option

East Londoners nicked under Computer Misuse Act after NHS vaccine passport app sprouted clump of fake entries

App runs off a database, and databases are run by humans

16 Dec 16:04 | 104

Move fast, break security: Why CISOs must push back against Agile IT

The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them

National Cyber Strategy will lead to BritChip for mobile devices by 2025, claims UK.gov

And potentially an increase in UK state-backed hacks

16 Dec 07:29 | 39

Japan draws a LINE: web giants must reveal where they store user data

Looks a lot like a response to messaging services passing data through China

16 Dec 06:46 | 4

Facebook expands bug bounty program to include scraping attacks, two years after it was scraped – hard

But still allows limited harvesting

16 Dec 01:33 | 6

As CISA tells US govt agencies to squash Log4j bug by Dec 24, fingers start pointing at China, Iran, others

Microsoft says cyber-spies linked to Beijing, Tehran are getting busy with security flaw along with world + dog

15 Dec 23:31 | 11

US lawmakers want to put NSO Group, 3 other spyware makers out of business with fresh severe sanctions

Export controls aren't enough, Dems say: Bring on the Global Magnitsky Act

15 Dec 20:50 | 16

Pen Test Partners: Anyone could view Gumtree users' GPS location by pressing F12

And online flea market had IDOR in an iOS-focused API

15 Dec 15:31 | 18

Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild

Round off the year with a large crop of fixes for programming blunders

15 Dec 03:29 | 8

Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16

Now open-source logging library's JNDI disabled entirely by default, message lookups removed

14 Dec 23:30 | 15

You may have cracked serverless development, but it’s almost certain you haven’t solved serverless security

Here’s how to secure that ever-expanding attack surface

Popular password manager LastPass to be spun out from LogMeIn

Private equity owners play pass the parcel

14 Dec 17:11 | 34

MPs charged with analysing Online Safety Bill say end-to-end encryption should be called out as 'specific risk factor'

Too far? Committee thinks it doesn't go far enough

14 Dec 16:00 | 118

Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching

This might be the bug that deserves the website, logo and book deal

13 Dec 23:07 | 36

When disaster strikes, data recovery really is a race against time

But exactly how much time are we talking about?

Is VPOTUS Bluetooth-phobic or sensible? The answer's pretty clear

Plus: bugs found on Mars! Of the software kind, of course

13 Dec 17:01 | 29

Timekeeping biz Kronos hit by ransomware and warns customers to engage biz continuity plans

Big implications for millions of staffers' Christmas pay packets

13 Dec 15:07 | 24

Ooh, an update. Let's install it. What could possibly go wro-

Patching the patch

13 Dec 08:30 | 96

Irish Health Service ransomware attack happened after one staffer opened malware-ridden email

PWC report shows long list of missed opportunities to shut out extortion crims

10 Dec 21:05 | 34

Log4j RCE: Emergency patch issued to plug critical auth-free code execution hole in widely used logging utility

Prepare to have a very busy weekend of mitigating and patching

10 Dec 16:04 | 65

Revealed: Remember the Sony rootkit rumpus? It was almost oh so much worse

That time Rootkitting for Dummies might as well have been in Microsoft's Plus! Pack

10 Dec 14:02 | 67

Ransomwared payroll provider leaks data on 38,000 Australian government workers

Frontier Software admitted attack three weeks ago, said data was safe … now it's on the dark web

10 Dec 05:58 | 9

A third of you slackers out there still aren't using HTTPS by default

And it's really bad news for EV cert vendors in Top 1 Million report

09 Dec 19:46 | 32

Resistance is ... cheap? Cloudflare, Mandiant, and pals form incident response 'n' cyber insurance borg

Trust us with everything, croons septuple-strong partnership

09 Dec 14:32 | 4

Ransomware giving you sleepless nights? Here’s how to insure a good night’s sleep

This guide to cyber insurance will help you rest easy

Oz Feds reveal distribution model behind backdoored 'An0m' chat app spread by crims

Resellers were given exclusive territories to target, and offered tech support

09 Dec 03:43 | 7

Canadian charged with running ransomware attack on US state of Alaska

Cross-border op nabbed our man, boast cops and prosecutors

08 Dec 19:02 | 11

Not all tech disasters are ‘all hands’ events. But how do you tell which is which?

This webinar shows you how to measure the blast radius

Virgin Media fined £50,000 after spamming 451,000 who didn't want marketing emails

Data watchdog shows it's keeping its PECR up

08 Dec 16:37 | 32

What’s the right amount of trust to build into your network? Less than Zero

It’s tricky but manageable, says Iomart

Microsoft extends Secured-core concept to servers

Certifies hardware with malware-crimping spec, already common in PCs, for Azure Stack and Windows Server

08 Dec 05:15 | 6

Cryptominers aren't just a headache – they're a big neon sign that Bad Things are on your network

So says Sophos in warning about Tor2Mine Monero malware

07 Dec 16:14 | 4

Foreign Office IT chaos: Shocking testimony reveals poor tech support hindered Afghan evac attempts

Contributed to dysfunction as diplomats and soldiers struggled to get Afghan helpers out of reach of Taliban

07 Dec 13:49 | 54

Microsoft wins court approval to take over sites run by Chinese crime gang

'Nickel' back in trouble for trying to lift secrets, often by exploiting Microsoft snafus

07 Dec 05:31 | 10

LINE Pay leaks around 133,000 users' data to GitHub, of all places

Someone just accidentally put it there, says the messaging service company

07 Dec 04:03 | 3

Spar shops across northern England shut after cyber attack hits payment processing abilities

Franchisees' closures also affect petrol stations

06 Dec 18:41 | 27

Miscreants make off with $150m of digital assets in BitMart security breach

Or it might be nearer $200m. Even the amounts stolen seem to be volatile in the crypto world

06 Dec 17:01 | 9

Cuba ransomware gang scores almost $44m in ransom payments across 49 orgs, say Feds

Hancitor is at play

06 Dec 13:02 | 10

American diplomats' iPhones reportedly compromised by NSO Group intrusion software

Reuters claims nine State Department employees outside the US had their devices hacked

04 Dec 01:54 | 51

Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

All together now - R, A, N, S, O...

03 Dec 22:06 | 25

Feds charge two men with claiming ownership of others' songs to steal YouTube royalty payments

Alleged scheme said to have netted $20m since 2017

03 Dec 21:54 | 29

Protecting your critical infrastructure is one thing…protecting your backups is the same thing

Do you know what your recovery position really is?

Netgear router flaws exploitable with authentication ... like the default creds on Netgear's website

Don't just install the patch, change your router passwords too

03 Dec 17:30 | 18

BadgerDAO DeFi defunded as hackers apparently nab millions in crypto tokens

Badger, badger, badger, coin theft, coin theft!

02 Dec 22:58 | 20

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Biting the hand that feeds IT © 1998–2022

Do not sell my personal information Cookies Privacy Ts&Cs