Security News • The Register

Why you need much more than a zero-trust strategy to nail your security provision

Overbudget and behind schedule, UK's Emergency Services Network reaches 500th base station milestone

Transport for London asks Capita to fling Congestion Charge system into the cloud

With this Uber get-to-work-safe app, you are really spoiling us, ServiceNow

Programming pioneer Fran Allen dies aged 88 after a career of immense contributions to compilers

Google offers Linux kernel first part of its in-house M:N thread code as open source

India awards apps that offer citizens Microsoft and Google alternatives

Have I Been Pwned to go open source – 10bn credentials, not so much, says creator Hunt

Pen Test Partners: Boeing 747s receive critical software updates over 3.5" floppy disks

Pay ransomware crooks, or restore the network? Guess which way this city chose after weighing up the costs

What happens when holes perfect for spyware are found in the engine room of millions of Qualcomm-based phones? Let's find out

How did you spend your time at university? Pizza, booze, sleeping? This Oxford student is snooping on satellites

Machine log roller Sumo Logic expands to swallow AWS data-watching, DevOps performance

Microsoft introduces Open Service Mesh for Kubernetes, plans quick donation to CNCF

Are your homegrown business apps as secure, fast and usable as they could be?

New Relic streamlines app monitoring tools, shifts to per-user, pay-as-you-go pricing, adds free tier to lure you in

Apple's at it again: Things go pear-shaped for meal planner app after iGiant opposes logo

As hospital-based infections set to rise, best not change the vendor behind the system that tracks them, hm?

Ancestry.com: Let arbitrator decide on auto-enrolling membership lawsuit

Rackspace IPO bags $704m, proceeds used to pay down debts to private equity backer

Huawei running out of smartphone CPUs as US sanctions begin to bite

Just like when you 'game over' two seconds into a new level... Facebook launches Gaming app without games on iOS

Apple faces further iPhone 12 supply chain woes, per famed analyst Ming-Chi Kuo

That's how we roll: OWC savagely undercuts Apple's $699 Mac Pro wheels with bargain $199 alternative

Geek's Guide

NASA to stop using names like 'Eskimo Nebula' and 're-examine' what it calls cosmic objects

The sun is shining, the birds are singing. You can shut the curtains and tour The National Museum of Computing in VR

Q: What’s big, red and pulses UV light into the cosmos three times a night? A: Mars

Geneticists throw hands in the air, change gene naming rules to finally stop Microsoft Excel eating their data

Whoops, our bad, we may have 'accidentally' let Google Home devices record your every word, sound – oops

UK puts £200m on table for dynamic purchasing system to supply public sector with AI

Self-driving car supremo Anthony Levandowski sentenced to 18 months in the clink for stealing trade secrets from Google's Waymo

Singapore to give all incoming travelers wearable tracking device

Verity Stob

Search for 'things of value' in a bank: Iowa cops allege this bloke broke into one and decided on ... hand sanitiser

First alligators, then dogs, now Basil Fawlty is trying to standardise social distancing measures

The Last of Us Part II: Never mind the Metacritic nonsense, Naughty Dog's ultra-violent odyssey is a must-play*

An irritating itch down the back of your neck? Searing midsummer heat? Of course, it can only be SysAdmin Day

Security

Fun fact: If you noticed a while ago Zoom's web client going AWOL for a week, it's because someone found a passcode-cracking hole

Story behind a hasty teardown, fixing of a brute-force vulnerability

31 Jul 2020 | 8

Twitter says spear-phishing attack hooked its staff and led to celebrity account hijack

Attack came in waves that probed for staff with access to the creds crims craved

31 Jul 2020 | 19

Infosec bod: I've found zero-day flaws in Tor's bridge relay defenses. Tor Project: Only the zero part is right

Warnings either not new or need more study, reckons open-source dev team

30 Jul 2020 | 15

If you own one of these 45 Netgear devices, replace it: Kit maker won't patch vulnerable gear despite live proof-of-concept code

That's one way of speeding up the tech refresh cycle

30 Jul 2020 | 81

DXC says ransomware attack disrupted customer operations at insurance services arm but barely left a scratch

No data loss or evidence of extended intrusions, but standalone limb Xchanging did suffer

30 Jul 2020 | 6

YOU... SHA-1 NOT PASS! Microsoft magics away demonic hash algorithm from Windows updates, apps

Because no one likes to install spoof system files

29 Jul 2020 | 7

GRUB2, you're getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a system

We're gonna keeping punning this until someone pays us $5m

29 Jul 2020 | 32

Chinese ambassador to UK threatens to withdraw Huawei, £3bn investment if comms giant banned from building 5G

Surprise pledge catches company on the hop: 'We have announced no change to our strategy'

29 Jul 2020 | 71

No wonder Brit universities report hacks so often: Half of staff have had zero infosec training, apparently

Plus: Don't worry, students. The attackers told us they destroyed your data

29 Jul 2020 | 32

Japan starts work on global quantum crypto network

Toshiba leads effort that aspires to run 100 quantum cryptographic devices for 10,000 users by 2024

29 Jul 2020 | 8

Reply-All storm flares as email announcing privacy policy puts 500 addresses in the 'To' field, not 'BCC'

Newsletter-as-a-service outfit Substack does the usual apologising

29 Jul 2020 | 36

We're suing Google for harvesting our personal info even though we opted out of Chrome sync – netizens

Browser quitters say they'll return if web goliath lives up to privacy promises

28 Jul 2020 | 40

MI6 tried to intervene in independent court by stopping judge seeing legal papers – but they said sorry, so it's OK

Just another day for the Investigatory Powers Tribunal

28 Jul 2020 | 34

Find out this week: How to build a cyber threat intelligence program while cutting through the noise

WebcastTune in online to get a handle on separating good data from clutter

28 Jul 2020 |

Tune in this week to learn all about an identity-centric approach to zero-trust security

WebcastIt's time to think beyond simple perimeter defenses

27 Jul 2020 |

Data-stealing, password-harvesting, backdoor-opening QNAP NAS malware cruises along at 62,000 infections

If you're still using a vulnerable box, you ought to factory reset it before patching

27 Jul 2020 | 19

Garmin staggers back to its feet: Aviation systems seem to be lagging, though. Here's why

UpdatedSomebody light that pilot light

27 Jul 2020 | 47

UKIP blackmail, data breach sueball allegations were groundless, rules High Court

Tawdry political scuffle over database access binned for lack of evidence

27 Jul 2020 | 20

Psst.. You may want to patch this under-attack data-leaking Cisco bug – and these Ripple20 hijack flaws

In BriefPlus: US govt sounds the alarm on industrial equipment attacks

25 Jul 2020 | 4

It's a Meow-nixed system, I know this: Purr-fect storm of 3,000+ insecure databases – and a data-wiping bot

ProtoVPN IP range fingrered as source of destructive attacks

24 Jul 2020 | 35

Cabinet Office takes over control of UK government data: Mundane machinery or Machiavellian manoeuvrings?

Argh! Dominic Cummings' department! Everybody panic!

24 Jul 2020 | 56

Brit unis hit in Blackbaud hack inform students that their data was nicked, which has gone as well as you might expect

That cloudy CRM firm paid ransom doesn't fill anyone with confidence

24 Jul 2020 | 26

UK's NCSC reveals Premier League footie clubs to be ripe pickings for cybercrooks: One almost lost £1m to BEC attack

Switch on, urges GCHQ-backed public security agency

24 Jul 2020 | 10

Raytheon techie who took home radar secrets gets 18 months in the clink in surprise time fraud probe twist

Be careful about bunking off when you're billing your hours to a government

24 Jul 2020 | 77

Congrats, First American Title Insurance, you've made technology history. For all the wrong reasons

Insurer is first biz to be charged in New York for data security negligence after exposing millions of records to the web

23 Jul 2020 | 20

Bridgecrew: Our mission is to set cloud security free

SponsoredInfrastructure-as-Code cloud misconfiguration screw-ups are ‘completely avoidable’

23 Jul 2020 |

Twitter hack latest: Up to 36 compromised accounts had their private messages read – including a Dutch politician's

Waves subside for now as microblogging site faces tough questions

23 Jul 2020 | 11

Ubiquiti, go write on the board 100 times, 'I must validate input data before using it'... Update silently breaks IDS/IPS

Bad traffic rules from HQ caused intrusion detection and prevention on gateways to just stop working

23 Jul 2020 | 11

UK surveillance laws tightened up as most spying demands to be subject to warrants

Retired judges now to take greater part in overseeing council snoopers

23 Jul 2020 | 25

Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters

No honor among thieves

23 Jul 2020 | 31

Capita's bespoke British Army recruiting IT cost military 25k applicants after switch-on

Taxpayers shelled out £1.3bn for this 'abysmal' flop

22 Jul 2020 | 95

Pakistan bans one Chinese app and gives TikTok a final warning to clean up its act

Objects to obscene content, not data leakage

22 Jul 2020 | 2

Twilio: Someone waltzed into our unsecured AWS S3 silo, added dodgy code to our JavaScript SDK for customers

ExclusiveAPI dev kit remained modified for hours, says source

21 Jul 2020 | 22

It's July 2020, and your PC or Mac can be pwned by a dodgy Photoshop file – Adobe emits critical patch batch

Major fixes for Bridge and Prelude, too, plus Reader Android updated

21 Jul 2020 | 4

Bad: US govt says Chinese duo hacked, stole blueprints from just about everyone. Also bad: They extorted cash

Including COVID-19 research, it is claimed. And they'll almost certainly never face an American court

21 Jul 2020 | 28

Stick that in your named pipe and smoke it: Flaw in Citrix Workspace app could let remote attacker pwn host

Patch out for Pen Test Partners-spotted vuln – you know what to do

21 Jul 2020 |

Why you need much more than a zero-trust strategy to nail your security provision

Overbudget and behind schedule, UK's Emergency Services Network reaches 500th base station milestone

Transport for London asks Capita to fling Congestion Charge system into the cloud

With this Uber get-to-work-safe app, you are really spoiling us, ServiceNow

Programming pioneer Fran Allen dies aged 88 after a career of immense contributions to compilers

Google offers Linux kernel first part of its in-house M:N thread code as open source

India awards apps that offer citizens Microsoft and Google alternatives

Have I Been Pwned to go open source – 10bn credentials, not so much, says creator Hunt

Pen Test Partners: Boeing 747s receive critical software updates over 3.5" floppy disks

Pay ransomware crooks, or restore the network? Guess which way this city chose after weighing up the costs

What happens when holes perfect for spyware are found in the engine room of millions of Qualcomm-based phones? Let's find out

How did you spend your time at university? Pizza, booze, sleeping? This Oxford student is snooping on satellites

Machine log roller Sumo Logic expands to swallow AWS data-watching, DevOps performance

Microsoft introduces Open Service Mesh for Kubernetes, plans quick donation to CNCF

Are your homegrown business apps as secure, fast and usable as they could be?

New Relic streamlines app monitoring tools, shifts to per-user, pay-as-you-go pricing, adds free tier to lure you in

Apple's at it again: Things go pear-shaped for meal planner app after iGiant opposes logo

As hospital-based infections set to rise, best not change the vendor behind the system that tracks them, hm?

Ancestry.com: Let arbitrator decide on auto-enrolling membership lawsuit

Rackspace IPO bags $704m, proceeds used to pay down debts to private equity backer

Huawei running out of smartphone CPUs as US sanctions begin to bite

Just like when you 'game over' two seconds into a new level... Facebook launches Gaming app without games on iOS

Apple faces further iPhone 12 supply chain woes, per famed analyst Ming-Chi Kuo

That's how we roll: OWC savagely undercuts Apple's $699 Mac Pro wheels with bargain $199 alternative

NASA to stop using names like 'Eskimo Nebula' and 're-examine' what it calls cosmic objects

The sun is shining, the birds are singing. You can shut the curtains and tour The National Museum of Computing in VR

Q: What’s big, red and pulses UV light into the cosmos three times a night? A: Mars

Geneticists throw hands in the air, change gene naming rules to finally stop Microsoft Excel eating their data

Whoops, our bad, we may have 'accidentally' let Google Home devices record your every word, sound – oops

UK puts £200m on table for dynamic purchasing system to supply public sector with AI

Self-driving car supremo Anthony Levandowski sentenced to 18 months in the clink for stealing trade secrets from Google's Waymo

Singapore to give all incoming travelers wearable tracking device

Search for 'things of value' in a bank: Iowa cops allege this bloke broke into one and decided on ... hand sanitiser

First alligators, then dogs, now Basil Fawlty is trying to standardise social distancing measures

The Last of Us Part II: Never mind the Metacritic nonsense, Naughty Dog's ultra-violent odyssey is a must-play*

An irritating itch down the back of your neck? Searing midsummer heat? Of course, it can only be SysAdmin Day

Security

Fun fact: If you noticed a while ago Zoom's web client going AWOL for a week, it's because someone found a passcode-cracking hole

Twitter says spear-phishing attack hooked its staff and led to celebrity account hijack

Infosec bod: I've found zero-day flaws in Tor's bridge relay defenses. Tor Project: Only the zero part is right

If you own one of these 45 Netgear devices, replace it: Kit maker won't patch vulnerable gear despite live proof-of-concept code

DXC says ransomware attack disrupted customer operations at insurance services arm but barely left a scratch

YOU... SHA-1 NOT PASS! Microsoft magics away demonic hash algorithm from Windows updates, apps

GRUB2, you're getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a system

Chinese ambassador to UK threatens to withdraw Huawei, £3bn investment if comms giant banned from building 5G

No wonder Brit universities report hacks so often: Half of staff have had zero infosec training, apparently

Japan starts work on global quantum crypto network

Reply-All storm flares as email announcing privacy policy puts 500 addresses in the 'To' field, not 'BCC'

We're suing Google for harvesting our personal info even though we opted out of Chrome sync – netizens

MI6 tried to intervene in independent court by stopping judge seeing legal papers – but they said sorry, so it's OK

Find out this week: How to build a cyber threat intelligence program while cutting through the noise

Tune in this week to learn all about an identity-centric approach to zero-trust security

Data-stealing, password-harvesting, backdoor-opening QNAP NAS malware cruises along at 62,000 infections

Garmin staggers back to its feet: Aviation systems seem to be lagging, though. Here's why

UKIP blackmail, data breach sueball allegations were groundless, rules High Court

Psst.. You may want to patch this under-attack data-leaking Cisco bug – and these Ripple20 hijack flaws

It's a Meow-nixed system, I know this: Purr-fect storm of 3,000+ insecure databases – and a data-wiping bot

Cabinet Office takes over control of UK government data: Mundane machinery or Machiavellian manoeuvrings?

Brit unis hit in Blackbaud hack inform students that their data was nicked, which has gone as well as you might expect

UK's NCSC reveals Premier League footie clubs to be ripe pickings for cybercrooks: One almost lost £1m to BEC attack

Raytheon techie who took home radar secrets gets 18 months in the clink in surprise time fraud probe twist

Congrats, First American Title Insurance, you've made technology history. For all the wrong reasons

Bridgecrew: Our mission is to set cloud security free

Twitter hack latest: Up to 36 compromised accounts had their private messages read – including a Dutch politician's

Ubiquiti, go write on the board 100 times, 'I must validate input data before using it'... Update silently breaks IDS/IPS

UK surveillance laws tightened up as most spying demands to be subject to warrants

Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters

Capita's bespoke British Army recruiting IT cost military 25k applicants after switch-on

Pakistan bans one Chinese app and gives TikTok a final warning to clean up its act

Twilio: Someone waltzed into our unsecured AWS S3 silo, added dodgy code to our JavaScript SDK for customers

It's July 2020, and your PC or Mac can be pwned by a dodgy Photoshop file – Adobe emits critical patch batch

Bad: US govt says Chinese duo hacked, stole blueprints from just about everyone. Also bad: They extorted cash

Stick that in your named pipe and smoke it: Flaw in Citrix Workspace app could let remote attacker pwn host

Most Read

Pen Test Partners: Boeing 747s receive critical software updates over 3.5" floppy disks

You had one job... Just two lines of code, and now the customer's Inventory Master File has bitten the biscuit

VMware discontinues Datrium hardware and hyperconverged OS, effective immediately

India awards apps that offer citizens Microsoft and Google alternatives

Google offers Linux kernel first part of its in-house M:N thread code as open source

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER