Security News • The Register

Security

Internet Society condemns UK's Online Safety Bill for demonising encryption using 'think of the children' tactic

Plus: Cops' surveillance is used against drug gangs and not child abusers, says Tutanota

28 Jan 12:56 | 42

Silk could tie up all-but-unbreakable encryption, say South Korean boffins

At last, a worm that improves security

28 Jan 05:31 | 28

Intel fails to get Spectre, Meltdown chip flaw class-action super-suit tossed out

Cheesed-off customers have 'alleged enough facts at this stage' to allow legal battle to continue, says judge

28 Jan 01:18 | 24

US DoD staffer with top-secret clearance stole identities from work systems to apply for loans

Plus: Apple patches exploited-in-the-wild bug, White House zero-trust order, and more

27 Jan 23:41 | 14

Targeted ransomware takes aim at QNAP NAS drives, warns vendor: Get your updates done pronto

Nasty demands hefty Bitcoin ransom

27 Jan 16:19 | 8

Court papers indicate text messages from HMRC's 60886 number could snoop on Brit taxpayers' locations

Bitter contract dispute revealed HLR lookup capability baked into agreement

27 Jan 11:59 | 69

Indonesia bars financial institutions from offering crypto services

Advises citizens to avoid 'Ponzi schemes'

27 Jan 07:13 | 17

China orders web operators to spring clean its entire internet

Purveyors of rumours, flirty teens, dodgy infomercials, or bloody violence all told to get in the bin – yet again

27 Jan 03:01 | 21

Alert: Let's Encrypt to revoke about 2 million HTTPS certificates in two days

Relatively small number of certs issued using verification method that doesn't comply with policy

26 Jan 21:26 | 18

Infosec big dogs break out the bubbly over UK government's latest cyber strategy emission

See that? That's a promise of fat contracts, that is

26 Jan 11:55 | 8

Infosec chap: I found a way to hijack your web accounts, turn on your webcam from Safari – and Apple gave me $100k

Now you see a harmless PNG. Now it's a malicious payload. Look into my eyes

26 Jan 08:32 | 20

Linux distros haunted by Polkit-geist for 12+ years: Bug grants root access to any user

What happens when argc is zero and a SUID program doesn't care? Let's find out!

26 Jan 01:02 | 128

Sophos: Log4Shell would have been a catastrophe without the Y2K-esque mobilisation of engineers

Anti-malware biz weighs in on one of the worst security flaws of recent times

25 Jan 15:32 | 18

UK government opens consultation on medic-style register for Brit infosec pros

Are you competent? Ethical? Welcome to UKCSC's new list

25 Jan 10:14 | 49

Yes, your data is special. But do you know how special?

Join this webinar, open your ears, and learn about data visibility

Twitter's top security staff out after incoming CEO shakes things up

Plus: Nigerian BEC gang bust, NSO woes, and more

25 Jan 00:05 | 3

Hive View security camera customers left in the dark as some gear gives up the ghost

Devices of the affected seem intent on going into the light

24 Jan 14:21 | 25

Myanmar's military junta seeks ban on VPNs and digital currency

People would no longer be able to rely on VPNs for their preferred communication tool, Facebook

24 Jan 07:02 | 14

Australian Prime Minister's WeChat Shanghaied by Chinese patriots

Politicians rush to blame Beijing, Tencent says the account was transferred from its original registrar and it's probing that shift

24 Jan 04:58 | 16

Apple preps fix for Safari's web-history-leaking IndexedDB privacy bug

Disclosure of WebKit flaw appears to have prodded iBiz to undertake repairs

21 Jan 22:56 | 20

Popular

Court papers indicate text messages from HMRC's 60886 number could snoop on Brit taxpayers' locations

Bitter contract dispute revealed HLR lookup capability baked into agreement

Hardware boffin starts work on simulation of an entire IBM S/360 Model 50 mainframe

With microcode intact so it can talk to an original operator's console

Imagination GPU cleared for RISC-V CPU compatibility, licensed to chip designers

We love it when a plan comes together

For first time in nearly 17 years, stable Linux kernel version has over 999 commits – but not everyone heard about it

'Script was adding the cc: to msg.000 not msg.0000'

US DoD staffer with top-secret clearance stole identities from work systems to apply for loans

Plus: Apple patches exploited-in-the-wild bug, White House zero-trust order, and more

Toaster-friendly alternative web protocol Gemini attracts criticism for becoming exclusive clique

While creators were stripping away annoying styling, users started to make Geminispace a bunker, says engineer

Something 4,000 light years away emitted strange radio bursts. This is where we talk to scientists for actual info

'This experience has taught me that it's worth trying out looking at the sky in entirely new ways'

Instant Ump: HP Inc's subscription ink services hiking prices from next month

Customers in mid-tier band facing up to 50% higher fees... and they're delighted

Intel fails to get Spectre, Meltdown chip flaw class-action super-suit tossed out

Cheesed-off customers have 'alleged enough facts at this stage' to allow legal battle to continue, says judge

Twelve years after Intel was fined $1.2bn for unfairly running over rivals, an EU court says: No need to pay

Ah, y'know what, maybe those rebates for not using AMD chips weren't so anti-competitive after all, eh?

MORE
STORIES

Arm rages against the insecure chip machine with new Morello architecture

Prototypes now available for testing

21 Jan 18:21 | 46

Why should I pay for that security option? Hijacking only happens to planes

But if I give him my bank details, I'll be rich!

21 Jan 08:30 | 68

UK, Australia, to build 'network of liberty that will deter cyber attacks before they happen'

Enhanced 'Cyber and Critical Technology Partnership' will transport crime to harsh penal regime on the other side of the world

21 Jan 08:02 | 58

Japan's Supreme Court rules cryptojacking scripts are not malware

Coinhive-slinger wins on appeal

21 Jan 06:58 | 14

Russia's Putin out the idea of a broad cryptocurrency ban

Central bank worries that block-bucks reduce government control and are used by crims

21 Jan 04:57 | 20

Crypto.com now says someone tried to drain $34m from hundreds of accounts

Won't reveal net loss, says it stopped some withdrawals and has reimbursed those who had funds taken

20 Jan 22:29 | 8

For those worried about Microsoft's Pluton TPM chip: Lenovo won't even switch it on by default in latest ThinkPads

Folks can enable or disable it, install Linux as normal. Just sayin'

20 Jan 20:44 | 54

UK mulls making MSPs subject to mandatory security standards where they provide critical infrastructure

And to pay for the privilege. Consultation's open, though

20 Jan 17:15 | 11

Privacy is for paedophiles, UK government seems to be saying while spending £500k demonising online chat encryption

So far we've got a pisspoor video and... er, that's it

20 Jan 15:06 | 165

'Now' would be the right time to patch Ubuntu container hosts and ditch 21.04 thanks to heap buffer overflow bug

20 Jan 14:38 | 13

NortonLifeLock and Avast tie-up falls under UK competition regulator's spotlight

CMA invites comments from 'interested parties' on what merger means to them

20 Jan 11:03 | 7

Red Cross forced to shutter family reunion service following cyberattack and data leak

Director-general pleads with cyber-scum: leave this data alone, because the people involved have suffered enough

20 Jan 07:58 | 18

Being 'Threat-Led' is the answer. Your ISO certificate won’t save you from a breach!

The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them

McAfee's and FireEye rename themselves ‘Trellix’

To evoke support for growing things, not the 1990s vendor of web-pages-made-easy-ware

20 Jan 07:01 | 19

Singapore gives banks two-week deadline to fix SMS security

Edict follows widespread bank phishing scam claiming well over $6.3 million

20 Jan 06:01 | 11

Need to prioritize security bug patches? Don't forget to scan Twitter as well as use CVSS scores

Exploit, vulnerability discussion online can offer useful signals

19 Jan 21:22 | 2

Sniff those Ukrainian emails a little more carefully, advises Uncle Sam in wake of Belarusian digital vandalism

NotPetya started over there, don't forget

19 Jan 20:01 | 4

Vulnerabilities and censorship tools among hot new features in Beijing's Olympics app

Visitors have to install it 14 days prior to arrival in China until their departure

19 Jan 18:11 | 37

US mergers doubled in 2021 so FTC and DoJ seek new guidelines to stop illegal ones

Last set of rules written in 2010 – a whole different era in tech terms

19 Jan 12:31 | 5

Crypto.com acknowledges 'unauthorized activity' on servers, maintains no funds have been lost

Security biz PeckShield claims $15m in Ethereum taken

18 Jan 21:12 | 9

International police shut down 15 server infrastructures as part of VPNLab.net's takedown

VPN service used by crims to support ransomware attacks and other illicit activity

18 Jan 17:01 | 20

More contractor pain: Parasol's sister firms, SJD Accountancy and Nixon Williams, confirm cyberattack

Ransomware suspected but not confirmed

18 Jan 14:45 | 5

Singapore monetary authority threatens action on bank over widespread phishing scam

Scam has claimed 469 victims in December alone, of which OCBC has issued goodwill payments to 30

18 Jan 13:04 | 11

Why global DDoS protection is essential for Anycast networks

‘If you don’t have Anycast it’s not a good DNS service’

Microsoft patches the patch that broke VPNs, Hyper-V, and left servers in boot loops

Testing? Isn't that what users are for?

18 Jan 11:34 | 34

Bug in WebKit's IndexedDB implementation makes Safari 15 leak Google account info... and more

Glitch is spilling private data and there's not much Apple users can do about it

17 Jan 18:31 | 40

Ukraine blames Belarus for PC-wiping 'ransomware' that has no recovery method and nukes target boxen

And for last week's digital graffiti operations, too

17 Jan 16:24 | 35

Umbrella company Parasol Group confirms cyber attack as 'root cause' of prolonged network outage

'Malicious activity on our network' spotted, says CEO, as some contractors say they've still not been paid

17 Jan 13:28 | 22

North Korea pulled in $400m in cryptocurrency heists last year – report

Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

16 Jan 11:01 | 28

Russia starts playing by the rules: FSB busts 14 REvil ransomware suspects

Cybercrook gang has 'ceased to exist' says Putin's military service

14 Jan 21:01 | 50

Multi-day IT systems outage whacks umbrella biz Parasol Group amid fears of a cyber attack

Contractors say they haven't been paid, and are in the dark too

14 Jan 16:30 | 20

Ukraine shrugs off mass govt website defacement as world turns to stare at Russia

Despite threatening messages nothing's been leaked, say victims

14 Jan 15:49 | 33

Visibility, immutability, security … a revolutionary approach to fighting off ransomware

This webinar shows how throwing up barricades isn’t enough anymore

Federal Communications Commission proposed stricter rules on how telco carriers should report data breaches

Customers shouldn't need to wait seven days before being told

13 Jan 22:42 | 5

Orca Security tells AWS fail tale with a happy ending

Those critical AWS flaws that exposed data and broke tenant separation? All fixed!

13 Jan 21:02 | 4

Continuous security and compliance for hybrid cloud, the Red Hat way

Tune in, turn on, run in the background, using Red Hat DevSecOps framework

Ukrainian cops nab husband and wife suspected to be part of $1m ransomware operation

Plus three other suspects nicked in raids today

13 Jan 15:31 | 5

Austrian watchdog rules German company's use of Google Analytics breached GDPR by sending data to US

Schrems II ruling continues to trouble transatlantic data sharing

13 Jan 14:48 | 44

Admins report Hyper-V and domain controller issues after first Patch Tuesday of 2022

Start as you mean to go on, Microsoft

13 Jan 13:17 | 28

Volunteer Dutch flaw finders bag $100k to forward national bug bounty goal

Huntress Labs tips some loose change into vuln-spotters' cup

Ransomware puts New Mexico prison in lockdown: Cameras, doors go offline

Bernalillo County's Metropolitan Detention Center still recovering from infection

12 Jan 22:03 | 22

Ransomware demands… a new approach to security

Spending more time thinking about trust could mean spending less cash on ransom

Info-saturated techie builds bug alert service that phones you to warn of new vulns

Or SMSes, if the idea of midnight robot calls worries you

12 Jan 11:02 | 10

Microsoft starts 2022 with big bundle fixes for 96 security bugs in its software

Nothing is certain except death, taxes, and programming errors

12 Jan 01:14 | 11

Make sure you're up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out

Nothing like topping off unauth'd remote code execution with a su password of ... password

11 Jan 22:46 | 1

EU data watchdog to Europol: You've helped yourself to too much data

Law enforcement agency now has one year to delete any data older than 6 months not related to criminal activity

11 Jan 11:47 | 8

Secure boot for UK electric car chargers isn't mandatory until 2023 – but why the delay?

Good: New requirements in new law. Bad: Grace period

11 Jan 10:17 | 108

Four million outdated Log4j downloads were served from Apache Maven Central alone despite vuln publicity blitz

It's not as though folks haven't been warned about this

11 Jan 08:27 | 20

Signal CEO Moxie Marlinspike resigns, leaves WhatsApp co-founder to run things until a successor is named

Departure comes as app courts controversy by integrating private cryptocurrency scheme

11 Jan 01:02 | 60

Avira also mines imaginary internet money on customers' PCs

Who should your PC work for: you, or your antivirus vendor?

10 Jan 18:36 | 45

China puts Walmart in the naughty corner, citing 19 alleged cybersecurity 'violations'

Warning comes weeks after govt body accused subsidiary Sam’s Club of 'ulterior motive' in goods stocking spat

10 Jan 13:35 | 17

GCHQ was rebuked for ignoring spy law safeguards as pandemic hit Britain

Auditor IPCO flagged it up – but then approved 99.94% of state snooping

10 Jan 12:47 | 21

No defence for outdated defenders as consumer AV nears RIP

How sad would you be to see AV go? Us neither

10 Jan 10:00 | 90

WebSpec, a formal framework for browser security analysis, reveals new cookie attack

Boffins in Vienna devise way to make software prove how it behaves

08 Jan 08:45 | 25

Salesforce mandates MFA by default

Thales: ‘Significant change in security culture'

Your backups can save you from ransomware. But how do you protect your backups?

Immutability, analytics, and a complete lack of trust…

You better have patched those Log4j holes or we'll see what a judge has to say – FTC

Apply fixes responsibly in a timely manner or face the wrath of Lina Khan

05 Jan 22:30 | 9

US Army journal's top paper from 2021 says Taiwan should destroy TSMC if China invades

No more chip factories would surely change Beijing's mind about unification

05 Jan 19:01 | 88

Remember Norton 360's bundled cryptominer? Irritated folk realise Ethereum crafter is tricky to delete

Disable anti-tamper features first and you'll be all right

05 Jan 15:56 | 68

Windows giant seeks Pluton-ic relationship with chipmaker: AMD first out of the gates with Microsoft's security processor

Yes, you're going to have to get a new CPU (again)

05 Jan 12:11 | 37

How ransomware gangs went pro

They're developing new techniques 'in every area' says Darktrace

SlimPay fined €180k after 12 million customers' bank data publicly accessible for 5 years

French regulator's investigation finds multiple breaches of GDPR

04 Jan 17:33 | 13

John Edwards takes the reins at the UK's data protection watchdog

Information Commissioner faces a year of upheaval in data law

04 Jan 13:58 | 14

Four years: That's how long Azure's App Service had a source code leak bug

Firm that found the flaw also spotted ChaosDB and OMIGOD, confident this one’s been exploited

24 Dec 06:01 | 7

Fisher Price's Bluetooth reboot of pre-school play phone has adult privacy flaw

‘Chatter’ can be bugged thanks to kindergarten-grade security

23 Dec 08:02 | 94

Alibaba Cloud slapped by Chinese ministry for mishandling Log4j

Beijing's not saying what cloudy contender did wrong

23 Dec 05:58 | 12

Of course a Bluetooth-using home COVID test was cracked to fake results

The Ellume COVID-19 Home Test was connected to the internet of woefully insecure things for a while

22 Dec 03:58 | 25

How to tackle hybrid cloud security and DevSecOps

Putting the Sec into DevOps is key, says Red Hat

Belgian defence ministry admits attackers accessed its computer network by exploiting Log4j vulnerability

Perpetrators' ID unknown, however

21 Dec 12:33 | 60

UK National Crime Agency finds 225 million previously unexposed passwords

Shares them with Troy Hunt’s Have I Been Pwned after sweeping them up from ‘compromised cloud storage’

21 Dec 07:10 | 54

US bags Russian accused of bagging millions after stealing pre-release financial filings

Swiss cough up accused crim while Russia is 'deeply disappointed'

20 Dec 22:23 | 27

Police National Computer not pwned by Clop ransomware crims, insists Home Office

Scottish MSP Dacoll was hit, however

20 Dec 15:51 | 20

How to keep on top of cloud security best practices

Trend Micro outlines common misconfigurations and how to avoid them

VMware 2FA flaw can divulge that vital second credential to malicious actors

Plus: Deep dive into the NSO Group's zero-click exploit and 'Hack the DHS!'

20 Dec 07:02 | 12

Bad things come in threes: Apache reveals another Log4J bug

Third major fix in ten days is an infinite recursion flaw rated 7.5/10

19 Dec 22:57 | 36

US distrust of Huawei linked in part to malicious software update in 2012

Report claims Huawei techs working for Chinese intelligence compromised Australian telco

18 Dec 11:01 | 68

CISA issues emergency directive to fix Log4j vulnerability

Federal agencies have a week to get their systems patched

17 Dec 21:29 | 12

RAF shoots down 'terrorist drone' over US-owned special ops base in Syria

£200k Anglo-French heat-seeking missile does its thing

17 Dec 15:29 | 112

Over Log4j? VMware has another critical flaw for you to patch

Workspace ONE Unified Endpoint Management can leak info via server-side request forgery

17 Dec 02:28 | 6

Facebook locks out 1,500 fake accounts used by cyber-spy firms to snoop on people, alerts 50k potential targets

Meta adverse to internet mercenaries using its social networks to help governments violate human rights

17 Dec 01:41 | 25

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Biting the hand that feeds IT © 1998–2022

Do not sell my personal information Cookies Privacy Ts&Cs