Articles about security

fingers

Global security crackdown, a host of code nasties, Brit cops mocked, and more

Roundup Here's a summary of this week's security news beyond what we've already reported. At the Munich Security Conference in Germany, major companies, including Siemens, Airbus, Allianz, Daimler Group, IBM, NXP, SGS and Deutsche Telekom, signed a Charter of Trust for cybersecurity. The signatories were joined by Elżbieta Bieńkowska …
Iain Thomson, 17 Feb 2018
Grand Theft Auto (1997)

Former ICE top lawyer raided US govt database to steal aliens' identities

Yet again an insider has been caught misusing a workplace computer system to conduct identity theft and fraud. Unusually, the perp was, at the time, serving as the head lawyer for the US government's Immigration and Customs Enforcement’s (ICE) Office of Principal Legal Advisor (OPLA) at the time. And rather than turning to the …
Thomas Claburn, 15 Feb 2018
Spraying bugs with insecticide

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits

When details of the Meltdown and Spectre CPU security vulnerabilities emerged last month, the researchers involved hinted that further exploits may be developed beyond the early proof-of-concept examples. It didn't take long. In a research paper – "MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting …
Thomas Claburn, 14 Feb 2018
Lady looking at phone with the world map in the background connecting with the phone

US govt staffers use personal gear on work networks, handle biz docs on the reg – study

Employees of US government agencies are largely ignoring basic security measures. This is according to a study published this month by security biz Lookout, which suggests Uncle Sam's staffers may be putting confidential information at risk. According to a survey of 200 IT and security admins at US federal agencies, 67.5 per …
Shaun Nichols, 14 Feb 2018

From tomorrow, Google Chrome will block crud ads. Here's how it'll work

Starting tomorrow, Google, which makes most of its money from online advertising, will begin blocking egregious ads in its Chrome browser under limited circumstances – though it would really rather not. The reason, explained Chrome veep Rahul Roy-Chowdhury in a blog post on Tuesday, is that some ads suck. "It’s clear that …
Thomas Claburn, 14 Feb 2018

From July, Chrome will name and shame insecure HTTP websites

Three years ago, Google's search engine began favoring in its results websites that use encrypted HTTPS connections. Sites that secure their content get a boost over websites that used plain-old boring insecure HTTP. In a "carrot and stick" model, that's the carrot: rewarding security with greater search visibility. Later …
Uber CISO John Flynn

PSA: If your security starts and ends with bug bounties, you're gonna have a bad time

Analysis Remember when Uber tried to cover up the fact its AWS datastore containing records on 57 million riders and drivers had been hacked? And that it bunged the hackers $100,000 to shut them up, and then disguised the expense as a bug bounty payout? Who could forget? Certainly not shocked US lawmakers, who held a hearing in …

Unlucky 13 collared by cops hunting cyber-crew who stole up to $2.2bn

Thirteen out of 36 individuals indicted for their alleged involvement in a transnational cybercrime group know as Infraud have been arrested, the US Department of Justice announced on Wednesday. The Infraud Organization, according to prosecutors, coordinated various flavors of internet fraud including identity theft, bank …

Beware the looming Google Chrome HTTPS certificate apocalypse!

Tens of thousands of websites are going to find themselves labeled as unsafe unless they switch out their HTTPS certificate in the next two months. Thanks to a decision in September by Google to stop trusting Symantec-issued SSL/TLS certs, from mid-April Chrome browser users visiting websites using a certificate from the …
bouncer

You can find me in da club, database full of faces… but this ain't privacy watchers' jam

Five clubs in Bournemouth are now accepting ID in the form of an app that verifies who you are through facial recognition – to the disdain of privacy activists. The town is the first in the UK to accept the digital identity app Yoti, which claims to offer users a safer way to prove they are who they claim to be. Users sign up …
Rebecca Hill, 2 Feb 2018
A piggy bank in a pile of pound coins

Watchdog: Uh, sit down, AriseBank. This crypto-coin looks more like a $600m crypto-con

Updated America's financial watchdog today suspended an initial coin offering (ICO) from AriseBank, claiming it's a scam. The US Securities and Exchange Commission obtained a court order to halt the investment scheme based on a complaint filed under seal last week. According to the regulator, AriseBank – based in Dallas, Texas – and …
Thomas Claburn, 30 Jan 2018

Fella faked Cisco, Microsoft gear death – then sold replacement kit for millions, say Feds

A US bloke allegedly defrauded Cisco and Microsoft by faking problems with computing and networking gear he didn't own to trick the tech giants into sending him replacements. The suspected crook then sold the gear online and through New Jersey-based resellers for millions of dollars, prosecutors claim. Justin David May, 28, …
Thomas Claburn, 29 Jan 2018
A security guard asleep

Lenovo's craptastic fingerprint scanner has a hardcoded password

Lenovo wants ThinkPad owners to update their machines after its Fingerprint Manager Pro software was found to contain serious security vulnerabilities. Among the glaring flaws cited: a hardcoded password. In the fingerprint scanner. To log into the computer. "Sensitive data stored by Lenovo Fingerprint Manager Pro, including …
Shaun Nichols, 26 Jan 2018
Raining money

Trebles all round! Intel celebrates record sales of insecure processors

Still dealing with the consequences of security research that demands changes in its processors, Intel on Thursday reported better-than-expected earnings in 2017's final quarter. Chipzilla shrugged off the recently disclosed Meltdown and Spectre design flaws to report record fourth-quarter revenue of $17.1bn, up four per cent …
Thomas Claburn, 25 Jan 2018

Perv raided college girls' online accounts for nude snaps – by cracking their security questions

Jonathan C. Powell, who hacked into over 1,000 email accounts in search of sexually explicit images and videos of college-aged women, was jailed for six months for computer fraud, the US Department of Justice said on Thursday. Arrested in November, 2016, Powell, a resident of Phoenix, Arizona, pleaded guilty last August in a …
Thomas Claburn, 25 Jan 2018
Chronicle - Alphabet's new security company

S for Security is Google owner Alphabet's new favorite letter

Google’s parent company Alphabet has launched a security company named Chronicle. The business will be the new home of VirusTotal, which Google acquired in 2012. Chronicle’s other story will be “a new cybersecurity intelligence and analytics platform that we hope can help enterprises better manage and understand their own …
Simon Sharwood, 25 Jan 2018
Canada

Bell Canada Canucks it up again: Second hack in just eight months

Executives at Bell Canada have been left with faces redder than their nation's flag – after their subscriber database was hacked for the second time in eight months. In May 2017, 1.9 million customer records were stolen from Canada's largest telco after its anti-hacking defenses failed. Now the biz has admitted miscreants have …
Iain Thomson, 24 Jan 2018
Confiant image of JavaScript fingerprinting code

Maverick internet cop Chrome 64 breaks rules to thwart malvert scum

The largest malvertising campaign in 2017 involved 28 fake ad agencies, which were used to generate about one billion ad views across 62 per cent of ad-supported websites, according to publishing security biz Confiant. By malvertising, we mean ads that try to trick people into installing fake Adobe Flash updates, bogus …
Thomas Claburn, 24 Jan 2018

Create a news alert about security, or find more stories about security.

Biting the hand that feeds IT © 1998–2018