Articles about security

security

A plethora of patches, Kaspersky hits back, new hope for Wannacry Brit hero – and more

Roundup IT admins aren't always fond of patching. It's like going to the dentist – it needs to be done but it can be a pain to do. Sadly, this week there was a lot of patching to be done. The Wi-Fi WPA2 weakness dubbed KRACK burdened Android, Linux and macOS users at work and home with patch installation responsibilities, and Cisco …
Iain Thomson, 21 Oct 2017
Shutterstock: insects in museum display

Be my guest, be my guest, at a hypervisor hacking fest

The Xen Project has posted advisories and patches for seven bugs, most of which let guests run denial-of-service (DoS) attacks on hosts. CVE-2017-15592 means “A malicious or buggy HVM guest may cause a hypervisor crash, resulting in a DoS affecting the entire host, or cause hypervisor memory corruption.” Privilege escalation …

Ex-TalkTalk chief grilled by MPs on suitability to chair NHS Improvement

Dido Harding, the woman at the helm during UK ISP TalkTalk's 2015 mega breach, was yesterday grilled about her move to chair NHS Improvement, the body responsible for overseeing Blighty's health service and also famously clobbered by a huge cyber attack. Speaking in front of MPs in a pre-appointment hearing for her forthcoming …
Kat Hall, 18 Oct 2017

Dying! Yahoo! loses! fight! to! lock! dead! man's! dead! account!

Yahoo! may be compelled to hand over the contents of a dead man's email account to his surviving family, Massachusetts's top court has ruled. On Monday, the US state's supreme struck down an earlier ruling in the Purple Palace's favor in a case regarding the estate of John Ajemian, who was killed at the age of 43 in a bike …
Shaun Nichols, 16 Oct 2017
Arcady http://www.shutterstock.com/gallery-450076p1.html

Google isn't saying Microsoft security sucks but Chrome for Windows has its own antivirus

In its ongoing effort to improve browser security, school Microsoft on security, and retain its search audience, Google is today rolling out several Chrome for Windows fortifications. The search biz has modded Chrome for Windows to detect when extensions switch people's Chrome settings, such as the default search engine, …
Thomas Claburn, 16 Oct 2017

Remember how you said it was cool if your mobe network sold your name, number and location?

US mobile phone companies appear to be selling their customers' private data – including their full name, phone number, contract details, home zip code and current location to third parties – all in the name of security. Security researcher Philip Neustrom found and linked to demo sites run by two mobile authentication …
Kieren McCarthy, 16 Oct 2017
PWX_image

IT at sea makes data too easy to see: Ships are basically big floating security nightmares

Updated If there's anything worse than container security, it would appear to be container ship security. Ken Munro, a researcher for UK-based Pen Test Partners, has been exploring maritime satellite communication systems used to keep ships connected while at sea. His findings don't inspire much confidence. Munro, in a blog post today …
Thomas Claburn, 13 Oct 2017

Equifax's malvertising scare, Chromebook TPM RSA key panic, Cuban embassy sonic weapon heard at last – and more

Roundup We almost wanted to feel sorry for Equifax, were it not for the fact that the credit biz takes to IT security like a duck to an acid bath. After a brutal few weeks under the spotlight, on Wednesday night it suffered another hacking scare. When's it going to end? Visitors to one of Equifax's customer support webpages couldn't …
Chris Williams, 13 Oct 2017

They've only gone and made a chemical-threat-detecting ring

Smartwatches and Fitbits might be the cool wearables du jour, but they're hardly able to tell you if you're standing in a cloud of noxious chemicals. However, a team of boffins hopes to some day fill this, er, gap in the market with their hip prototype, the broad goal of which is to help keep you alive. Juliane Sempionatto, …
Andrew Silver, 11 Oct 2017
screenshot from Felix Krause's blog

Apple's iOS password prompts prime punters for phishing: Too easy now for apps to swipe secrets, dev warns

Apple, we have a problem. A bug report filed Monday through Open Radar – which mirrors bug reports developers submit to Apple's private bug tracking system – suggests that password prompts in iOS apps can be misused to steal passwords and other secrets. In a blog post today describing the issue, developer Felix Krause, founder …
Thomas Claburn, 10 Oct 2017

After selling his site for millions, founder hacked it for a second payday

"Operation Resume Hoard" was going well. Initiated around April 1, 2015, it represented David W. Kent's plan to build the membership of his oil and gas industry networking site Oilpro.com. Court documents indicate that Kent, 41, of Spring, Texas, USA, had a buyer in mind: DHI Group, the employment data biz that in 2010, when …

FBI iPhone hack lost forever, White House mobe compromised, SSH – and plenty more

Roundup Another week draws to a close so it's time to review the security news you may have missed in between the big hitters: the NSA contractor who leaked more exploits, Apple's encryption password blunder, and so on. This week we've seen bugs, hacking, and government silliness – take a look... Computerinsel PhotoLine full of bugs …
Iain Thomson, 6 Oct 2017

npm adds two-factor auth, security tokens in wake of JS typo attack

Code registry npm, home to some 550,000 Node.js packages and millions of users, on Wednesday added support for two-factor authentication (2FA) and read-only authentication tokens in an effort to shore up its defenses. Software registries, which store modules required by modern apps, have attracted the attention of malware …

UK cybercops reacted to 590 'significant attacks' over past year – report

The National Cyber Security Centre responded to 590 "significant attacks" over the last year including WannaCry, MPs' email addresses being targeted due to weak passwords and various threats to other large organisations. The body was created in October last year, bringing together previously separate parts of government, MI5 …
Kat Hall, 5 Oct 2017
YouTube India logo - not official

India's national internet registry breached, but says heist was trivial

Indian antivirus and endpoint vendor Seqrite claims the nation's internet registry has suffered a data breach, but the registry's parent organisation says while it was attacked the information obtained was trivial. Seqrite says its researchers noticed “an advertisement on DarkNet announcing secret access to the servers and …
Keybase.io encrypted git screenshot

Keybase Git gets keys, basically: Secure chat app encrypts your repos

Keybase.io, which began as a cloud key database and has since evolved into a secure messaging and collaboration service, on Wednesday added support for encrypted Git repositories. Git, a version control system widely used for managing source code, doesn't encrypt files stored in Git repositories. It can, however, be used in …

Smart burglar alarms: Look who just tossed their hat into the ring ... It's, er, Ring

The smart home battleground has moved to security systems, with smart doorbell biz Ring announcing this week a new product just days before Nest dove into the same market. The Ring Protect is very similar to Nest's Secure system launched last month in that it aims to be a simpler, friendlier version of traditional beige boxes …

Citrix patches Netscaler hole, ARM TrustZone twisted, Android Dirty COW exploited – and more security fails

Roundup As ever, it has been a busy week on the security front with good news, some very bad reports, corporate failings all round and troubling signs ahead for those worried about government intrusion in the online world. Here's El Reg's take on the resulting wreckage. Cloudflare opens up protection Among the good news, Cloudflare …
Team Register, 29 Sep 2017

Create a news alert about security, or find more stories about security.

Biting the hand that feeds IT © 1998–2017