Articles about Security

Businessman with unlocked padlock - shutterstck

Aw, not you too, Verizon: US telco joins list of leaky AWS S3 buckets

Yet another major company has burned itself by failing to properly secure its cloud storage instances. Yes, it's Verizon. Researchers with Kromtech Security say they were able to access an AWS S3 storage bucket that contained data used by the US telco giant's billing system and the Distributed Vision Service (DVS) software …
Shaun Nichols, 22 Sep 2017

NBD: Adobe just dumped its PRIVATE PGP key on the internet

Updated An absent-minded security staffer just accidentally leaked Adobe's private PGP key onto the internet. The disclosure was spotted by security researcher Juho Nurminen – who found the key on the Photoshop giant's Product Security Incident Response Team blog, ironically. That contact page should have only included the public PGP …
Shaun Nichols, 22 Sep 2017

Ethereum-backed hackathon excavates more security holes

An Ethereum-backed contest has revealed a few new tricks for disguising malware as the harmless code the network uses to transfer and manipulate funds: digital smart contracts. Since Ethereum was introduced in 2015, its security risks have been no secret in the blockchain community. After a $50m hack in 2016, the community …
Andrew Silver, 22 Sep 2017

Mini-Heartbleed info leak bug strikes Apache, airborne malware, NSA algo U-turn, and more

Roundup As ever, it's been a doozy of a week for cybersecurity, or lack thereof. The Equifax saga just keeps giving, the SEC admitted it was thoroughly pwned, and Slack doesn't bother to sign its Linux versions. We do spoil you so, Reg readers. And that was only yesterday. Here's the rest of the week's shenanigans we didn't get round to …
John Leyden, 22 Sep 2017
Homer Simpson

CCleaner targeted top tech companies in attempt to lift IP

Cisco's security limb Talos has probed the malware-laden CCleaner utility that Avast so kindly gave to the world and has concluded its purpose was to create secondary attacks that attempted to penetrate top technology companies. Talos also thinks the malware may have succeeded in delivering a payload to some of those firms …
Simon Sharwood, 21 Sep 2017
password

AI slurps, learns millions of passwords to work out which ones you may use next

Eggheads have produced a machine-learning system that has studied millions of passwords used by folks online to work out other passphases people are likely to use. These AI-guessed passwords could be used with today's tools to crack more hashed passwords, and log into more strangers' accounts on systems, than ever before. …
Iain Thomson, 20 Sep 2017
Tripping over

Video nasty lets VMware guests run code on hosts

VMware's given vAdmins a busy Friday by disclosing three nasties to patch. One's a video nasty dubbed CVE-2017-4924 and impacts VMware ESXi, and the desktop hypervisors Workstation & Fusion. This one's “an out-of-bounds write vulnerability in SVGA driver device*” , an old virtual graphics card toolkit. The bug “may allow a …
Simon Sharwood, 15 Sep 2017
FTP

Chrome to label FTP sites insecure

Google's Chrome browser will soon label file transfer protocol (FTP) services insecure. Google employee and Chrome security team member Mike West yesterday announced the plan on the Chromium.org security-dev mailing list. “As part of our ongoing effort to accurately communicate the transport security status of a given page, …
Simon Sharwood, 15 Sep 2017
Business: Stressed man with pile of paperwork works against the clock

Tick, tock motherf... erm, we mean, don't panic over GDPR

Welcome back from the summer. Feeling refreshed? Good, now let’s talk General Data Protection Regulation from the European Union, due to swing into effect on May 25, 2018. You now have eight months to get your data infrastructure, tech policies and related procedures ship-shape. Not feeing so refreshed now, are you? Plenty of …
Dave Cartwright, 14 Sep 2017
A close up at atomic level of limpits' teeth. Image via Portsmouth University

Bluetooth bugs bedevil billions of devices

Security experts have long complained that complexity is the enemy of security, but the designers of the Bluetooth specification have evidently failed to pay attention. Bluetooth is a wireless communication protocol for connecting devices over short ranges. It's used in mobile phones, wireless speakers, smartwatches, printers …
Thomas Claburn, 12 Sep 2017
Nerd in shower photo via Shutterstock

Linus Torvalds' lifestyle tips for hackers: Be like me, work in a bathrobe, no showers before noon

Linux Lord Linus Torvalds has offered some lifestyle advice for hackers, suggesting they adopt his admittedly-unglamorous lifestyle but also his ethos of working on things that matter. In an on-stage interview with Linux Foundation founder and executive director Jim Zemlin at the Open Source summit in Los Angeles on Monday, …
Simon Sharwood, 12 Sep 2017
stock_ticker_board_648

Shocking: Former Amazon analyst fed frat brother insider info

A former financial analyst at Amazon.com pled guilty on Thursday to securities fraud for helping a former fraternity brother trade Amazon stock based on insider information. Brett D Kennedy, 26, a resident of Blaine, Washington, acknowledged that in April 2015 he provided confidential financial information – Amazon's Q1 2015 …
The Cross-Domain Desktop Compositor

Secure microkernel in a KVM switch offers spy-grade app virtualization

Researchers at Australian think tank Data61 and the nation's Defence Science and Technology Group have cooked up application publishing for the paranoid, by baking an ARM CPU and secure microkernel into a KVM switch. As explained to El Reg by Toby Murray, on behalf of his fellow researcher from Data61’s Trustworthy Systems …
BT Tower photo via Shutterstock

Indian call centre scammers are targeting BT customers

BT customers in the UK have been targeted by scammers in India – with one person reporting they were defrauded for thousands of pounds this week. The issue appears to have been going on for more than a year. Some customers said the fraudsters knew their personal details. One reader got in touch to report that his father-in- …
Kat Hall, 6 Sep 2017
Boot print

Boffins hijack bootloaders for fun and games on Android

University of California Santa Barbara researchers have turned up bootloader vulnerabilities across a bunch of Android chipsets from six vendors. The team of nine researchers decided to look at a little-studied aspect Android architecture – the interaction between OS and chip at power-up. To get inside that operation, they …

Yet another AWS config fumble: Time Warner Cable exposes 4 million subscriber records

Records of roughly four million Time Warner Cable customers in the US were exposed to the public internet after a contractor failed to properly secure an Amazon cloud database. Researchers with security company Kromtech said freelancers who handled web applications for TWC and other companies had left one of its AWS S3 storage …
Shaun Nichols, 5 Sep 2017
Angle grinder image via Shutterstock

Apache Struts you're stuffed: Vuln allows hackers to inject evil code into biz servers

Malicious code can be pushed into servers running Apache Struts 2 apps, allowing scumbags to run malware within corporate networks. The critical security vulnerability was discovered by researchers at Semmle, who today went public with their find. Apache Struts is a popular open-source framework for developing applications in …
John Leyden, 5 Sep 2017
Estonia folk dancers in traditional costume

Kurat võtku! Estonia identifies security risk in almost 750,000 ID cards

The Estonian government has discovered a security risk in its ID card system, potentially affecting almost 750,000 residents. "When notified, Estonian authorities immediately took precautionary measures, including closing the public key database, in order to minimise the risk while the situation can be fully assessed and a …
Kat Hall, 5 Sep 2017

Create a news alert about Security , or find more stories about Security .

Biting the hand that feeds IT © 1998–2017