Articles about Security Risks

Android icon desktop toys

Fragmented Android development creating greater security risks

The fragmentation of Android is creating additional security risks, as the rush to release new devices without sufficient testing is inadvertently introducing security flaws, security researchers have warned. The researchers – Xiaoyong Zhou, Yeonjoon Lee, Nan Zhang, Muhammad Naveed and XiaoFeng Wang – uncovered flaws in …
John Leyden, 20 Jul 2015
padlock

ISO floats storage security standard

The International Standards Organisation reckons the world needs help securing its data, so has published a new storage security standard to cover it. Because The Register isn't about to shell out 198 Swiss Francs to read the whole thing, we're constrained in our ability to tell you exactly what it contains, but we note that the …
2001: A Space Odyssey

GCHQ: Ensure biz security by STOPPING everyone from TALKING

GCHQ is advising organisations to consider stripping staff of smartphones and memory sticks in order to make themselves less exposed to cyber attacks. The advice from the intelligence agency's CESG (Communications-Electronics Security Group) information assurance arm comes against a backdrop of increased concerns about the theft …
John Leyden, 19 Mar 2015
Cloud security

Cloud Security Temperature Check

Survey Results It is increasingly common for users and business groups to drive their own adoption of cloud services. But even where IT is involved, as organisations ramp up their use of cloud, activity is often uncoordinated. Pulling the threads together across service silos to manage risks effectively can be a challenge. The right strategy …
Dale Vile, 20 May 2015
Smart home

Internet of Thieves: All that shiny home security gear is crap, warns HP

In a recent study, every connected home security system tested by HP contained significant vulnerabilities, including but not limited to password security, encryption, and authentication issues. HP's Fortify on Demand security service assessed the top 10 home security devices – such as video cameras and motion detectors – along …
John Leyden, 10 Feb 2015

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013
David Cameron, Prime Minister, meets Ren Zhengfei, founder and CEO of Huawei Technologies, in Downing Street, 11th September, 2012.

Huawei networking kit gets the green light from Blighty's spooks

A board put together to double-check the work of a British government team set up to investigate Huawei has given the Chinese giant a clean bill of health. The Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board was established in early 2014 on the recommendation of the UK National Security Adviser. The board is …
Simon Rockman, 30 Mar 2015
Screenshot of Chrome's "Aw, snap!" error message

Speaking in Tech: Scrubbing Chrome with Google's Brillo

Podcast speaking_in_tech Greg Knieriemen podcast enterprise Hosted by Greg Knieriemen, Ed Saipetch and Sarah Vela. This week Ed, Greg and Sarah get together to digest Google's IoT operating system (is there a hidden agenda, and will it be open source?), creepy teddy bears (Ted made real, maybe, or just an Android phone with some …
Team Register, 27 May 2015

Contactless card fraud? Easy. All you need is an off-the-shelf scanner

Consumer association magazine Which? has highlighted a security flaw in contactless card systems, which, if combined with a lack of checks by retailers, could be exploited by thieves to make expensive online purchases. Researchers bought contactless card-reading technology from a mainstream website before using it to remotely …
John Leyden, 23 Jul 2015
Copyright Gage Skidmore licensed under CC attribution http://creativecommons.org/licenses/by-sa/2.0/deed.en

Phil Collins' daughter 'will give you A VIRUS' – security bods

Phil Collins' actress daughter is the celebrity most likely to give your equipment a nasty virus, security firm McAfee has warned. Its annual McAfee Most Dangerous CelebritiesTM study warned clicking on search links after Googling Lily Collins could flood your system with malware. The second most infectious celeb is Sk8r Boi …
Jasper Hamill, 18 Sep 2013
Privacy image

Snoopy Fujitsu tech KNOWS you'll click that link – before YOU do

The next time you hover over a suspicious link a little too long, or download from a questionable site, you might get a nudge from Fujitsu. The Japanese tech giant has, from the back of a 2000-head study, developed a tool capable of determining if a user was likely to be scammed and delivering a custom warning. Together with a …
Darren Pauli, 23 Jan 2015
Hacker image

Psst, hackers. Just go for the known vulnerabilities

Despite all the publicity about zero-day exploits, a big percentage of breaches (44 per cent) come from vulnerabilities which are two to four years old. Server misconfigurations were the number one vulnerability, according to the latest edition of HP’s annual Cyber Risk Report, which concludes that well-known issues posed the …
John Leyden, 23 Feb 2015
Facepalm

Samsung caught disabling Windows Update to run its own bloatware

Updated Samsung computer users could find themselves wide open to attack because the software the Korean giant bundles on its systems disables Windows Update. The problem was spotted by independent security researcher Patrick Barker after a Windows user complained that the Windows Update function, which automatically downloads patches …
Iain Thomson, 24 Jun 2015

Hey, NUDE CELEBS! Apple adds SWEET 2FA to iMessage, Facetime

Apple has activated a two-factor authentication (2FA) system for Facetime and iMessage, extending the service to beyond iCloud accounts in a move that it hopes will help secure its communications platforms. The feature has become effective immediately, meaning any attempt to activate the services on a new device would first need …
Team Register, 13 Feb 2015
Robert Baden-Powell, Chief Scout. Pic: Matt Brown, Flickr

Scouts' downed Compass database won't be back 'til autumn

The Scout Association will not have its troubled Compass database — which holds the details of 450,000 young people and volunteer adults — restored to operation until early autumn. The Compass database was taken down in January following revelations by El Reg that members had raised serious concerns over the security of the …
Kat Hall, 16 Apr 2015

IBM says dating apps can give you a nasty infection DOWN THERE!

Valentine's Day is just around the corner – and, purely coincidentally, IBM is warning techies about the risks of dating apps and websites. Big Blue has published a report outlining the potential security risks associated with users running sex scheduling software on their smartphones and tablets. Big Blue says it studied 41 …
Shaun Nichols, 12 Feb 2015
Cheat by https://www.flickr.com/photos/sohelparvezhaque/ CC 2.0 attribution https://creativecommons.org/licenses/by/2.0/

CHEATER! Test labs out AV vendor for using rival's engine

Chinese anti-virus vendor Qihoo 360 has been caught cheating on benchmarking tests by submitting versions running A-V engines from rival Bitdefender. The company has been reprimanded by established testing outfits Virus Bulletin, Av-Comparatives, and AV-Test which withdrew its 2015 certifications. In a joint statement [PDF] the …
Darren Pauli, 01 May 2015

New UK.gov cyber-security standard puts MANAGERS in firing line

The UK government is seeking to hear from businesses that would be interested in submitting evidence to help form a new "organisational standard" for cyber security. The Cyber Security and Resilience Team within the Department for Business, Innovation, and Skills (BIS) has asked businesses to detail initial interest in …
OUT-LAW.COM, 07 Mar 2013
The Register breaking news

Treating today’s security risks

Episode 2 In the second of our mini series of audiocasts assessing the state of the IT Security market, our expert panel considers the major risks and how to deal with them. Again lending their expertise are Jon Clay, core technology marketing manager from Trend Micro and Tony Lock, programme director at the IT analyst firm Freeform …
Team Register, 18 Mar 2009

Android gets biometric voice unlocking

Google is deploying what it calls Trusted Voice to allow Android users to unlock phones using their voice, according to reports. The feature is filed under the Choc Factory's Smart Unlock feature which sports easier unlock mechanisms like Trusted devices, places, and faces. Once activated, it would allow punters to unlock their …
Darren Pauli, 14 Apr 2015
car hacking

Jeep breach: Scared? You should be, it could be you next

Other vehicles may be at risk from hacking following the Jeep Cherokee incident, according to one of the two researchers who pioneered the spectacular auto exploit. Renowned car security researchers Charlie Miller and Chris Valasek remotely hacked a Jeep Cherokee over a mobile network and found a way to control critical …
John Leyden, 24 Jul 2015
Derailed train wagon. Pic: New York MTA

UK rail signals could be hacked to cause crashes, claims prof

The rollout of a next generation train signalling system across the UK could leave the network at greater risk of hack attacks, a university professor has claimed. Prof David Stupples warns that plans to replace the existing (aging) signalling system with the new European Rail Traffic Management System (ERTMS) could open up the …
John Leyden, 24 Apr 2015
The Register breaking news

'We are screwed!' Fonts eat a bullet in Microsoft security patch

Updated Windows users were surprised to find that a Microsoft security update stopped fonts from working on their PCs. Security update KB2753842 has killed certain fonts on PCs where it has been installed, rendering many of them unusable, and causing problems for designers and businesses who rely on using the types in their work. …
Anna Leach, 17 Dec 2012

Wi-Fi hotspots can put iPhones into ETERNAL super slow-mo

A vulnerability fixed in this week's Apple patch run can easily brick iPhones, researchers say. The flaw (CVE-2015-1118) dubbed "Phantom" allows attackers who can trick users into changing their iDevice proxy settings to tap into multiple use-after-free vulnerabilities. Doing so causes constant ubiquitous app crashing including …
Darren Pauli, 10 Apr 2015
The Register breaking news

BT links with Huawei raise national security concerns, say MPs

Chinese telecoms giant Huawei has dismissed claims that its technology, which is used by BT, is a threat to the UK's national security. The company was forced to defend itself today, after a parliamentary security and intelligence committee report attacked the civil service for failing to inform ministers of BT and Huawei's …
Kelly Fiveash, 06 Jun 2013

Microsoft's message for Win Server 2003 users: FLEE FOR YOUR LIVES

With 160 days to go before extended support for Windows Server 2003 reaches the end of the line, Microsoft has popped up with some scaremongering tactics helpful advice. Come 14 July, any businesses running the 12-year-old OS will need to cough a princely sum to receive custom support from Microsoft as no more security patches …
Paul Kunert, 04 Feb 2015

Australian online voting system may have FREAK bug

UPDATE Next weekend, voters in the Australian State of New South Wales go to the polls to elect a new government. Some have already cast their votes online, with a system that may be running the FREAK bug. So say Vanessa Teague and J. Alex Halderman, respectively a research fellow in the Department of Computing and Information Systems …
Darren Pauli, 22 Mar 2015

By the way, Home Depot hackers also grabbed 53 million email addresses

Hackers made off with a whopping 53 million email addresses as part of the high profile April breach of Home Depot in which 56 million credit cards were compromised, the company says. The haul bagged enough email addresses to contact everyone in England, but it was unknown if the information had been implicated in further …
Darren Pauli, 07 Nov 2014

Windows Server 2003 support deadline is TOMORROW – but thousands don't care

Tomorrow marks the end of support for Windows Server 2003 but plenty of customers, of all shapes and sizes, weighed up the cost versus the risk factors and will continue to make do with their dusty old boxes. From 14 July, Microsoft will not issue any further security patches or firmware upgrades, and buying custom support is …
Paul Kunert, 13 Jul 2015

A billion things are already on the IoT: Verizon

Verizon reckons the Internet of Things is no longer a “nascent” market, reporting that there are already more than a billion devices out there running business-to-business IoT operations. In its “state of the market” report (free with registration) covering the IoT in 2015, the company predicts that the B2B IoT space will pass 5 …
The Register breaking news

Canada: We'll boot 'security risk' firms from gov network bid race

The Canadian government has said that it will be invoking a "national security exemption" as it hires firms to build a secure network, hinting that Chinese telco Huawei could be excluded. The exemption allows the government to kick out of the running any companies or nations considered a security risk, which coming in the wake …
Abbott and Costello dressed as policemen

HORDES OF CLING-ONS menace UK.gov IT estate as special WinXP support ends

UK government departments still running Windows XP are now doing so entirely on their own. A framework support agreement between the Crown and Microsoft guaranteeing the release of special security patches for PCs still on Windows XP has ended after one year. That deal - revealed here - expired on April 14 and it’s been decided …
Gavin Clarke, 08 May 2015

What scares you most about ‘the cloud’?

Tech Panel Cloud computing has gone mainstream. While a hard-core of naysayers still exists, the black-and-white negative viewpoint is a lot less common today than it was a year or two ago. Our research at Freeform Dynamics, including via The Register, says it’s now less about ‘whether’ to use cloud, and more a question of where to adopt …
Dale Vile, 28 May 2015
The Register breaking news

Experts fret over iPad security risks

Apple's much hyped iPad tablet may come tightly locked down but the device is still likely to be affected by many of the security issues that affect the iPhone, as well as some of its own. Security experts polled by El Reg were concerned about a variety of risks, in particular phishing attacks and browser exploits. Graham …
John Leyden, 29 Jan 2010

India's tough hacker crackdown: IT security leaflets with every device

India has reportedly concocted a plan to cut down on IT security problems: forcing hardware vendors to include a security awareness brochure with all desktop PCs, mobile phones and USB modems. The plans were dreamt up to improve the country’s cyber security preparedness, in response to the increasing volume of online threats …
Phil Muncaster, 14 Jan 2013
IE8 patch

Looking forward to the end of Tuesday? You've patched this month's 37 Microsoft bugs, right?

True to its word, Microsoft released nine security patches this month, two of which are rated as critical. The company said that the August edition of Patch Tuesday addresses a total of 37 CVE-listed security vulnerabilities. Most of the flaws will be addressed by the cumulative Internet Explorer security update. The browser …
Shaun Nichols, 12 Aug 2014
Winnie-the-Pooh honey

Business expects data retention will hit their bottom lines: survey

Risk management outfit Protiviti says Australian businesses are fearful that the government's proposed metadata retention scheme is going to cost them. The government is in the throes of considering a two-year retention regime for Australian telecommunications carriers and ISPs. While the Parliamentary Joint Committee on …
Don't Panic towel

WinShock PoC clocked: But DON'T PANIC... It's no Heartbleed

Security researchers have released a proof-of-concept exploit against the SChannel crypto library flaw patched by Microsoft last week. The release of a PoC for the MS14-066 vulnerability through the Canvas tool from Immunity Inc underlines the need to patch. The flaw opens the door to remote code execution on unpatched servers …
John Leyden, 17 Nov 2014
medical_doctor_health_channel

NHS XP patch scratch leaves patient records wide open to HACKERS

Thousands of patient records could be left exposed to hackers, as up to 20 NHS trusts have failed to put an agreement in place with Microsoft to extend security support for Windows XP via a patch, The Register can reveal. The majority of trusts still operate Windows XP and have signed up to a £5.5m Cabinet Office agreement with …
Kat Hall, 10 Nov 2014
The Register breaking news

Facebook message security risks 'open door to Web 2.0 botnet'

Security watchers have already begun fretting about the security implications of Facebook's new messaging system, warning that compromised accounts might be used to create potent Web 2.0 botnets. The system brings together Facebook messages, instant messaging chat and SMS messages in one location, a development that increases …
John Leyden, 18 Nov 2010
Canary Wharf at night

Bank of England plans to shove cyber-microscope up nation's bankers

The Bank of England today announced it plans to penetrate Blighty’s banks to test the security of their critical computer systems. Speaking to the British Bankers’ Association, the BoE's exec director of resolution, Andrew Gracie launched CBEST [PDF], a new defence-testing programme that mimics crims who attack crucial networks …

Patch Windows boxes NOW – unless you want to be owned by a web page or network packet

"Remote code execution if an attacker sends specially crafted packets" is not what many of you want to hear today – nor "remote code execution if a user views a specially crafted webpage using Internet Explorer" – but it's Patch Tuesday, so what do you expect? Microsoft has issued a batch of security fixes for Internet Explorer …
Shaun Nichols, 11 Nov 2014
School of Rock

UK.gov to train up 11-year-old cyberwarriors

British schoolkids as young as 11 will be trained in cyber security as part of a new drive to protect the UK from digital threats. The government will produce learning materials designed to get 11- to 14-year-olds up to speed on cyber security. If the kids show a willingness to strap on a keyboard and fight in some foreign …
Jasper Hamill, 13 Mar 2014
Privacy image

WANTED: A plan to DESTROY metadata, not just retain it

Australia's data retention proposal suggests the nation's telcos and ISPs need to store data for two years. But agencies accessing the data can seemingly keep it forever and are not, to date, required to securely store or destroy data they retrieve from the nation's putative data trove of personal information, miscalled " …
The Register breaking news

Step forward the chief information security officer

What does the modern chief information security officer (Ciso) look like? The role used to be little more than acting as a glorified sysadmin but things have changed. These days, Cisos must be all-rounders, concentrating not just on technology but on business too. “In recent years, the role of the Ciso has become more business …
Danny Bradbury, 15 Nov 2011
Interim logo for Digital Transformation Office

Turnbull's digital transformation office DOES SOMETHING

Earlier today, your correspondent bemoaned the fact that Australia's nascent Digital Transformation Office (DTO) was announced ten weeks ago but appears to have done little in that time other than advertise for a leader. Fast-forward to around 15:00 Australian time and the agency has revealed that it has, indeed, done something …
Simon Sharwood, 07 Apr 2015

People will happily run malware if paid ONE CENT – new study

Security white hats, despair: users will run dodgy executables if they are paid as little as one cent. Even more would allow their computers to become infected by botnet software nasties if the price was increased to five or 10 cents. Offer a whole dollar and you'll secure a herd of willing internet slaves. The demoralising …
Darren Pauli, 18 Jun 2014

Popular password protection programs p0wnable

Researchers have detailed a series of quickly patched vulnerabilities in five popular password managers that could allow attackers to steal user credentials. "Critical" vulnerabilities were discovered and reported in LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword in work described by the University of California …
Darren Pauli, 14 Jul 2014

Five critical fixes on deck for Patch Tuesday

Microsoft is planning to release at least five critical fixes in next week's Patch Tuesday monthly security update. The company said that the planned patch release will include fixes for critical remote code execution flaws in versions of Windows, Office, and Internet Explorer, as well as Microsoft Exchange Server. Among the …
Shaun Nichols, 06 Dec 2013

So long, Lenovo, and no thanks for all the super-creepy Superfish

+Comment Chinese PC maker Lenovo has published instructions on how to scrape off the Superfish adware it installed on its laptops – but still bizarrely insists it has done nothing wrong. That's despite rating the severity of the deliberate infection as "high" on its own website. Well played, Lenonope. Superfish was bundled on new Lenovo …