Security > More stories

screenshot of coffee miner code

How to hack Wi-Fi for fun and imprisonment with crypto-mining inject

Thanks to the ridiculous valuation of Bitcoin and other cryptocurrencies, cryptomining code has become a common mechanism for converting authorized and stolen computing cycles into potential cash. Antivirus and ad-blocker makers have responded by trying to halt crafty coin-crafting code from hijacking CPU time, particularly in …
Thomas Claburn, 05 Jan 2018

Dell EMC patches 3 zero-days in Data Protection Suite

Three vulns in Dell EMC’s Data Protection Suite product that can combine to fully compromise a virtual appliance have been patched by the vendor. Security consultancy Digital Defense Inc, which sniffed them out, said Dell EMC Avamar Server, NetWorker Virtual Edition and the Integrated Data Protection Appliance had a common …
Chris Mellor, 05 Jan 2018

Cisco to release patches for Meltdown, Spectre CPU vulns, just in case

Cisco is the latest company to prepare patches to tackle the serious security vulnerabilities affecting the majority of CPUs, Meltdown and Spectre. Cybersecurity group CERT has warned companies that the only way to protect themselves from the flaw was to rip out and replace their processors. It has since backtracked on that …
Kat Hall, 05 Jan 2018

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years

Analysis Intel has borne the brunt of the damage from the revelation of two novel attack techniques, dubbed Meltdown and Spectre, that affect the majority of modern CPUs in various ways. The chipmaker's stock price is down, and it's being eyed for possible securities litigation, following reports CEO Brian Krzanich sold the bulk of his …
Thomas Claburn, 05 Jan 2018

Microsoft patches Windows to cool off Intel's Meltdown – wait, antivirus? Slow your roll

Microsoft has released updates for Windows to block attempts by hackers and malware to exploit the Meltdown vulnerability in Intel x86-64 processors – but you will want to check your antivirus software before applying the fixes. The Redmond giant issued the out-of-band update late yesterday for Windows 10 version 1709. While …
Shaun Nichols, 04 Jan 2018
Data breach

US Homeland Security breach compromised personal info of 200,000+ staff

More than 240,000 current and former employees of the US Department of Homeland Security have had their personal details exposed in a data breach. In what it describes somewhat euphemistically as a “privacy incident”, the DHS said the breach could also affect anyone who was part of an investigation by the DHS Office of …
Rebecca Hill, 04 Jan 2018
Shocked couple scream and clutch their hair

Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs

Summary The severe design flaw in Intel microprocessors that allows sensitive data, such as passwords and crypto-keys, to be stolen from memory is real – and its details have been revealed. On Tuesday, we warned that a blueprint blunder in Intel's CPUs could allow applications, malware, and JavaScript running in web browsers, to …
Chris Williams, 04 Jan 2018

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

Analysis In the wake of The Register's report on Tuesday about the vulnerabilities affecting Intel chips, Chipzilla on Wednesday issued a press release to address the problems disclosed by Google's security researchers that afternoon. To help put Intel's claims into context, we've annotated the text. Bold is Intel's spin. Intel and …
Thomas Claburn, 04 Jan 2018

Apple macOS so secure some apps can't be easily deleted

An Apple macOS security process called System Integrity Protection can prevent certain apps from being easily uninstalled, which isn't ideal when the code may be vulnerable or malware. System Integrity Protection, or SIP, has clear benefits for macOS security. Introduced in OS X El Capitan (10.11) in 2015, it applied a new …
Thomas Claburn, 03 Jan 2018

Attention, vSphere VDP backup admins: There is a little remote root hole you need to patch...

VMware on Tuesday published a security advisory for its vSphere Data Protection (VDP) backup and recovery product. The virtualization giant identified three vulnerabilities, one of which it deems critical, with the two others categorized as important. The issues affect VDP 5.x, 6.0.x, and 6.1.x. CVE-2017-15548 is the …
Thomas Claburn, 03 Jan 2018

Bug-finders' scheme: Tick-tock, this tech's tested by flaws.. but who the heck do you tell?

Security researcher E. Foudil is pushing a scheme to make it easier for bug finders to notify companies about problems with their technology. The idea revolves around “security.txt” - a simple text file, much like robots.txt, that contains information on whom to contact or where to look for security related information about a …
John Leyden, 03 Jan 2018
mcafee_sharper_648

Security catch-up: Nigerian prince email ring cops collar ... Louisiana OAP?

The festive period was accompanied by the usual security shenanigans including breaches, cybercrime busts and serious security bugs. Those security pros returning to work this week after a well-earned break may or (may not) be relieved to know it’s largely been business as usual. Over in the United States, half a dozen of the …
John Leyden, 03 Jan 2018
Helicopter carrier HMS Ocean is being sold to Brazil for £84m. Crown copyright

Brazil says it has bagged Royal Navy flagship HMS Ocean for £84m

The flagship of the Royal Navy, HMS Ocean, has been sold to Brazil for £84m, the South American country’s government has confirmed. The 22,000-tonne helicopter carrier, which returned from her last British deployment to the Caribbean just weeks ago, will be formally decommissioned from the RN in spring this year. Although it …
Gareth Corfield, 03 Jan 2018
Forever 21 storefront

Shopped in Forever 21? There was bank-card-slurping malware in it for, like, forever

Clothing chain Forever 21 has admitted a malware infection on its cash registers swiped customer payment card details for most of last year. The retailer issued a statement revealing that from how last year, from April 3 to November 18, hackers were able to harvest the payment card details from point of sale (POS) terminals in …
Shaun Nichols, 03 Jan 2018

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

Final update A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug. Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes …
Mobile phones on Iran flag

Iranians resist internet censorship amid deadly street protests

Iranian authorities have blocked Instagram and other social media platforms in response to a wave of street protests across the country this week. The clampdown has resulted in Tor users climbing from around 6k at the beginning of December to over 10,000 at the last count as citizens seek to circumvent the controls, according …
John Leyden, 02 Jan 2018
PHP, image via Shutterstock

Multiple-guess quiz will make Brit fliers safer, hopes drone-maker DJI

Roundup British drone users will have to take a multiple-guess quiz before using their Christmas toys this year, while drone users appear to have, once again, got around pre-eminent drone maker DJI's software-based flight restrictions. These developments and others occurred over the busy Christmas and New Year period, being lost in …
Gareth Corfield, 02 Jan 2018
Pointing finger, photo via Shutterstock

UK Foreign Sec Bojo to tell Kremlin: Stop your cyber shenanigans... or else!

Foreign secretary Boris Johnson will warn Russia that the UK will retaliate against cyber attacks in a rare visit to Moscow today. Johnson will tell his Russian counterpart Sergei Lavrov that "the UK will continue to defend its interests where they, and those of its allies, are threatened amid concerns that hostilities between …
Richard Priday, 22 Dec 2017
shutterstock_57979207-missing-watch

Merry Christmas, UK prosecutors: Here's a special gift... a slap from the privacy watchdog

Final update The UK Ministry of Justice has been slammed for poor handling of requests for personal records made under data protection laws – and told to fix the 700-plus backlog by October. In an enforcement notice [PDF] issued yesterday, Blighty's data protection watchdog, the Information Commissioner’s Office (ICO), said the justice …
Rebecca Hill, 22 Dec 2017
Playground hero

Braking news: Nissan Canada hacked, up to 1.1m Canucks exposed

Nissan Canada's vehicle-financing wing has been hacked, putting personal information on as many as 1.13 million customers in the hands of miscreants. In an email to Nissan car buyers, seen by The Register, the biz admitted its computer systems were compromised, with "unauthorized person(s) gaining access to the personal …
Chris Williams, 22 Dec 2017

US capital's surveillance cam network allegedly hijacked by Romanian ransomware suspects

Two of the five unnamed individuals cuffed this month in Romania on suspicion of spreading ransomware face US computer crime charges – for their alleged role in taking over 123 out of 187 networked computers that control Washington DC's CCTV cameras earlier this year. According to Europol, which led the arrests, this week, two …
Thomas Claburn, 22 Dec 2017
RAF F-35B ZM137, visiting the UK in 2016. Crown copyright

How much will Britain's next F-35s cost? Not telling, says MoD

The British government has refused to say how much new F-35 fighter jets will cost the nation – as it emerges that no fighting ships of the Royal Navy will be in foreign waters during the festive period. The House of Commons' Defence Committee, formed of MPs who supposedly scrutinise the Ministry of Defence's activities, asked …
Gareth Corfield, 21 Dec 2017
handcuffs

Euro ransomware probe: Five Romanians cuffed

Five people suspected of infecting Windows PCs with ransomware – and extorting money from more than 170 victims in Europe and the US – have been arrested. In the past week, an international crimefighting task force led by Europol collared the quintet in Romania – and searched six homes, seizing a load of computer parts and …
Richard Priday, 21 Dec 2017
plasters cover arm. photo by shutterstock

EMC admin? Plug this hole before the holidays

Dell EMC has patched an SMBv1 bug in its Data Domain Deduplication and Data Protection software. It's probably worth your time running the patch in, if you can, because as the advisory explained, it's a memory overflow that could open a system to remote code execution (RCE). CVE-2017-14385 affects quite a few versions of the …

Infosec controls relaxed a little after latest Wassenaar meeting

Without much fanfare, negotiators crafting changes to the Wassenaar Arrangement earlier this month moved to make things easier for infosec white-hats. Wassenaar is an arms-control pact in which more than 40 nations agreed to limit the export of certain types of weaponry and "dual-use products." Usually this covers conventional …
DDOS

UK teen dodges jail time for role in DDoSes on Natwest, Amazon and more

Brit teen Jack Chappell has avoided being sent to prison after pleading guilty to helping launch DDoS attacks against NatWest, Amazon and Netflix, among others. Chappell, 19, from Heaton Moor, Stockport, launched 2,000 DDoS attacks and aided several others as part of the vDos "booter" service. The site posed as a server stress …
Richard Priday, 20 Dec 2017
A Badger

Ghostery, uBlock lead the anti-track pack

Looking for browser privacy? A group of researchers in France and Japan say RequestPolicyContinued and NoScript have the toughest policies, while Ghostery and uBlock Origin offer good blocking performance and a better user experience. The study also gave a nod to the EFF's Privacy Badger, which uses heuristics rather than …

Windows 10 Hello face recognition can be fooled with photos

If you've skipped recent Windows 10 Creators Updates, here's a reason to change your mind: its facial recognition security feature, Hello, can be spoofed with a photograph. The vulnerability was announced by German pentest outfit Syss at Full Disclosure. Even if you've installed the fixed versions that shipped in October – …
backdoor_648. Pic via Shutterstock

WordPress captcha plugin on 300,000 sites had a sneaky backdoor

WordFence are warning that the WordPress Captcha plugin, popular enough to get around 300,000 installations, should be replaced with the latest official WordPress version (4.4.5). To help admins, WordFence worked with the WordPress plugin team to patch pre-4.4.5 versions of the software; the code's developer has been blocked …

TalkTalk banbans TeamTeamviewerviewer againagain

TalkTalk customers who need to use a remote desktop tool are on the warpath after the UK ISP blocked TeamViewer for the second time this year, ostensibly in an attempt to protect users from potential scammers. A screenshot seen by The Register showed that teamviewer.com had been blocked as part of TalkTalk's Scam Protect …
Richard Priday, 19 Dec 2017
Kim Jong Un

UK, US govt and pals on WannaCry culprit: It woz the Norks wot done it

UK Foreign Office Minister Lord Ahmad of Wimbledon today claimed North Korea was behind the WannaCry ransomware incident. He joins the US government, Canada, Australia, New Zealand, Japan, Microsoft, Google, Kaspersky, Symantec, FireEye, and others, in blaming Kim Jong-un's hackers for unleashing WannaCry on the world. Uncle …
Kat Hall, 19 Dec 2017
ocean_648

HMS Queen Elizabeth has sprung a leak and everyone's all a-tizzy

New British aircraft carrier HMS Queen Elizabeth has sprung a leak. The warship takes on around 200 litres of water per hour thanks to a faulty propeller shaft gland packing, according to reports. The packing in question, according to The Sun, which broke the news and knocked up a graphic illustrating the problem, was rapidly …
Gareth Corfield, 19 Dec 2017

Android trojan has miner so aggressive it can bork your battery

Kaspersky researchers have turned up a strain of malware lurking in adult content and fake virus scanners, and it can run a victim's Android mobe so hard they might suffer physical damage. The Android trojan, dubbed “Loapi”, has a modular architecture that lets it be adapted to run cryptocurrency mining, take part in DDoS …
spies_648

Alleged Uber black ops lawyer would rather not have his Xmas holiday ruined by Waymo, ta

Former Uber attorney Craig Clark on Monday filed an emergency motion in a Miami, Florida, court to quash a subpoena directing him to testify in Waymo's trade secret lawsuit against Uber on Thursday on the other side of America in California – because he has holiday plans with his family in the Sunshine State. "[R]equiring …
Thomas Claburn, 19 Dec 2017

SCOLD WAR: Kaspersky drags Uncle Sam into court to battle AV ban

Embattled Russian security software maker Kaspersky Lab has taken the American government to a US federal court to overturn Uncle Sam's ban on its antivirus tools. The Moscow-based developer claimed the US Department of Homeland Security acted illegally when, back in September, the department publicly told federal agencies …
Shaun Nichols, 18 Dec 2017

Windows 10 bundles a briefly vulnerable password manager

Google Project Zero's Tavis Ormandy has turned up a howling blunder in a password manager bundled with Windows 10. On Friday, Ormandy publicly disclosed the bug, which lies not in the Microsoft operating system but in an included third-party Keeper password manager. He wrote: “I've heard of Keeper, I remember filing a bug a …

Biting the hand that feeds IT © 1998–2018