Articles about Security

Homer Simpson

CCleaner targeted top tech companies in attempt to lift IP

Cisco's security limb Talos has probed the malware-laden CCleaner utility that Avast so kindly gave to the world and has concluded its purpose was to create secondary attacks that attempted to penetrate top technology companies. Talos also thinks the malware may have succeeded in delivering a payload to some of those firms …
Simon Sharwood, 21 Sep 2017
password

AI slurps, learns millions of passwords to work out which ones you may use next

Eggheads have produced a machine-learning system that has studied millions of passwords used by folks online to work out other passphases people are likely to use. These AI-guessed passwords could be used with today's tools to crack more hashed passwords, and log into more strangers' accounts on systems, than ever before. …
Iain Thomson, 20 Sep 2017
Tripping over

Video nasty lets VMware guests run code on hosts

VMware's given vAdmins a busy Friday by disclosing three nasties to patch. One's a video nasty dubbed CVE-2017-4924 and impacts VMware ESXi, and the desktop hypervisors Workstation & Fusion. This one's “an out-of-bounds write vulnerability in SVGA driver device*” , an old virtual graphics card toolkit. The bug “may allow a …
Simon Sharwood, 15 Sep 2017
FTP

Chrome to label FTP sites insecure

Google's Chrome browser will soon label file transfer protocol (FTP) services insecure. Google employee and Chrome security team member Mike West yesterday announced the plan on the Chromium.org security-dev mailing list. “As part of our ongoing effort to accurately communicate the transport security status of a given page, …
Simon Sharwood, 15 Sep 2017
Business: Stressed man with pile of paperwork works against the clock

Tick, tock motherf... erm, we mean, don't panic over GDPR

Welcome back from the summer. Feeling refreshed? Good, now let’s talk General Data Protection Regulation from the European Union, due to swing into effect on May 25, 2018. You now have eight months to get your data infrastructure, tech policies and related procedures ship-shape. Not feeing so refreshed now, are you? Plenty of …
Dave Cartwright, 14 Sep 2017
A close up at atomic level of limpits' teeth. Image via Portsmouth University

Bluetooth bugs bedevil billions of devices

Security experts have long complained that complexity is the enemy of security, but the designers of the Bluetooth specification have evidently failed to pay attention. Bluetooth is a wireless communication protocol for connecting devices over short ranges. It's used in mobile phones, wireless speakers, smartwatches, printers …
Thomas Claburn, 12 Sep 2017
Nerd in shower photo via Shutterstock

Linus Torvalds' lifestyle tips for hackers: Be like me, work in a bathrobe, no showers before noon

Linux Lord Linus Torvalds has offered some lifestyle advice for hackers, suggesting they adopt his admittedly-unglamorous lifestyle but also his ethos of working on things that matter. In an on-stage interview with Linux Foundation founder and executive director Jim Zemlin at the Open Source summit in Los Angeles on Monday, …
Simon Sharwood, 12 Sep 2017
stock_ticker_board_648

Shocking: Former Amazon analyst fed frat brother insider info

A former financial analyst at Amazon.com pled guilty on Thursday to securities fraud for helping a former fraternity brother trade Amazon stock based on insider information. Brett D Kennedy, 26, a resident of Blaine, Washington, acknowledged that in April 2015 he provided confidential financial information – Amazon's Q1 2015 …
The Cross-Domain Desktop Compositor

Secure microkernel in a KVM switch offers spy-grade app virtualization

Researchers at Australian think tank Data61 and the nation's Defence Science and Technology Group have cooked up application publishing for the paranoid, by baking an ARM CPU and secure microkernel into a KVM switch. As explained to El Reg by Toby Murray, on behalf of his fellow researcher from Data61’s Trustworthy Systems …
BT Tower photo via Shutterstock

Indian call centre scammers are targeting BT customers

BT customers in the UK have been targeted by scammers in India – with one person reporting they were defrauded for thousands of pounds this week. The issue appears to have been going on for more than a year. Some customers said the fraudsters knew their personal details. One reader got in touch to report that his father-in- …
Kat Hall, 6 Sep 2017
Boot print

Boffins hijack bootloaders for fun and games on Android

University of California Santa Barbara researchers have turned up bootloader vulnerabilities across a bunch of Android chipsets from six vendors. The team of nine researchers decided to look at a little-studied aspect Android architecture – the interaction between OS and chip at power-up. To get inside that operation, they …

Yet another AWS config fumble: Time Warner Cable exposes 4 million subscriber records

Records of roughly four million Time Warner Cable customers in the US were exposed to the public internet after a contractor failed to properly secure an Amazon cloud database. Researchers with security company Kromtech said freelancers who handled web applications for TWC and other companies had left one of its AWS S3 storage …
Shaun Nichols, 5 Sep 2017
Angle grinder image via Shutterstock

Apache Struts you're stuffed: Vuln allows hackers to inject evil code into biz servers

Malicious code can be pushed into servers running Apache Struts 2 apps, allowing scumbags to run malware within corporate networks. The critical security vulnerability was discovered by researchers at Semmle, who today went public with their find. Apache Struts is a popular open-source framework for developing applications in …
John Leyden, 5 Sep 2017
Estonia folk dancers in traditional costume

Kurat võtku! Estonia identifies security risk in almost 750,000 ID cards

The Estonian government has discovered a security risk in its ID card system, potentially affecting almost 750,000 residents. "When notified, Estonian authorities immediately took precautionary measures, including closing the public key database, in order to minimise the risk while the situation can be fully assessed and a …
Kat Hall, 5 Sep 2017
ocean_648

So you're already in the cloud but need to come back down to Earth

We generally think of a transformation to a hybrid infrastructure as one where you're going from a completely private setup to one that spans the public cloud and your private installation. But what if you started life as a small company with your systems entirely in the cloud? It's not an unusual approach, as running up your …
License plates

US cops can't keep license plate data scans secret without reason

Police departments cannot categorically deny access to data collected through automated license plate readers, California's Supreme Court said on Thursday – a ruling that may help privacy advocates monitor government data practices. The ACLU Foundation of Southern California and the Electronic Frontier Foundation sought to …

So much data, so little time: How to not flip your wig processing it

Working with data can be a pain in the butt. You do it because you need to, and because there's value in it – data-driven enterprises thrive on being able to eke as much concrete information as possible out of the stuff in order to maximise efficiency and attack the market share of the competition. But data is complicated and …
Bitcoin, photo via Shutterstock

Bitcoin Foundation wants US Department of Justice investigated

Spooked by prosecutions of Bitcoin sellers and pending money laundering rules, The Bitcoin Foundation on Tuesday said the cryptocurrency isn't really money and asked lawmakers to investigate the US Department of Justice's pursuit of merchants selling it. In a letter [PDF] to the US Senate Judiciary Committee, Llew Claasen, the …
Thomas Claburn, 31 Aug 2017

Create a news alert about Security , or find more stories about Security .

Biting the hand that feeds IT © 1998–2017