German pharmaceuticals giant Bayer says it has been hit by malware, possibly from China, but that none of its intellectual property has been accessed. On Thursday the aspirin-flingers issued a statement confirming a report from Reuters that the Winnti malware, a spyware tool associated with Chinese hacking groups, had been …

Outsourcing badass Capita has gulped down a tasty £13.2m morsel dished out by the Scottish Police Authority: namely, the deal for Police Scotland's Core Operational Solution (COS). Capita in Scotland Capita already gets plenty of dosh for delivering public services to the northern third of the British mainland. As it merrily …

Ethiopia's transport minister has said the national carrier's pilots were following published Boeing procedures immediately before the fatal crash of a 737 Max 8 in March, citing an unpublished government report. During a press conference this morning, transport boss Dagmawit Moges said: "The crew performed all the procedures …

British university admin folk are alarmingly easy to phish, according to an academic support body which claims a 100 per cent success rate "within two hours". Jisc, the artists formerly known as the Joint Information Systems Committee, claimed to have secured a "100 per cent track record" when securing illicit access to "high …

As the tax year rolls over into 2019/20, cybercrims have started belching out phishing emails and tax-themed malware, according to infosec researchers. Proofpoint, one of those companies which keeps a close eye on the world of online badness, "observed the expected seasonal increase in tax-themed campaigns" as Q4FY19 clicked …

A government survey of British businesses has praised those who read El Reg to keep up to date with security news – while claiming to have revealed that fewer firms have spotted cyber attacks against them over the past 12 months, when compared to last year. The government, which used data drawn from surveys to make its …

A collection of servers found in the US are responsible for some of the nation's biggest malware and phishing attacks. This according to a report from security company Bromium, which said just over a dozen servers are being used to spread 10 of the major malware and phishing campaigns spreading around the internet at the …

The details of millions of Facebook accounts have been left ripe for harvesting thanks to a pair of careless developers. Professional Shodan jockey Chris Vickery of Upguard spotted a pair of exposed AWS S3 buckets that appear to belong to the coders behind Cultura Colectiva and At the Pool, a pair of third-party apps for …

Apache HTTP Server has been given a patch to address a potentially serious elevation of privilege vulnerability. Designated CVE-2019-0211, the flaw allows a "worker" process to change its privileges when the host server resets itself, potentially allowing anyone with a local account to run commands with root clearance, …

The teenager who hacked TalkTalk three years ago has been hauled before court charged with computer misuse offences after allegedly amassing a Bitcoin fortune worth more than £300,000. Elliot Gunton, who pleaded guilty in 2016 to hacking Brit ISP TalkTalk, was said to be selling stolen personal data on cybercrime forums and …

Storing Britain's obsolete nuclear submarines has cost the nation £500m – with some 1960s boats having been in storage for longer than they were in service. The National Audit Office's (NAO) latest report into British nuclear submarine storage and disposal revealed that nine of the 20 vessels moored at Devonport and Rosyth …

UpdatedGaming PC specialist Razer has been singled out for leaving its motherboards vulnerable to a well-known and critical firmware vulnerability. Infosec bod Bailey Fox said Razer's Intel notebook models are still vulnerable to CVE-2018-4251, a security screw-up that potentially allows malware with administrative rights to alter …

Former Mozilla CTO Andreas Gal says he was interrogated for three hours by America's border cops after arriving at San Francisco airport – because he refused to unlock his work laptop and phone. Gal, now employed by Apple, today claimed he was detained and grilled on November 29 after landing in California following a trip to …

A Chinese woman was caught sneaking into President Trump's Mar-a-Lago country club with a thumb drive of malware, it was claimed yesterday. Yujing Zhang, 32, was collared after possibly trying to slip into a bash at the swanky resort promoted by Li "Cindy" Yang, the former massage parlor boss who denies allegations she sold …

Network intruders are staying longer and going after wider swathes of machines with their attacks. This is according to the latest quarterly report (PDF) from security company Carbon Black, which analysed various incident reports from about 40 of its enterprise customers. It found that attackers are doing more to cover their …

UpdatedA British web-dev outfit has denied allegations it deliberately hid code inside its WordPress plugins that, among other things, spammed a rival's website with junk traffic. Pipdig, which specializes in designing themes and templates for sites running the popular WordPress publishing system, was accused late last week of …

Misinformation coming from Russia isn't merely an internet phenomenon; it also affects navigation systems. In a report [PDF] issued last week, the Center for Advanced Defense (C4ADS), a data analyzing non-profit, documents a series of attacks, attributed to Russia, designed to block or interfere with signals from the Global …

Google has released the April edition of its monthly Android security updates, including fixes for three remote-code execution vulnerabilities in the mobile OS. This month's batch – now out for Google-branded devices, at least: other Android device manufacturers and carriers push out updates on on their own – includes one …

Darktrace, the security startup backed in part by Mike Lynch, the exec currently involved in a big civil fraud case being heard at the UK's High Court, has nearly doubled turnover and reported deeper losses. The firm, started by Cambridge Uni maths boffins and folk with infosec experience gained at intelligence agencies, said …

RoundupLast week we saw someone admit hoarding NSA documents, a Huawei patch bungle, and an axe looming for DXC security employees. Now, here's some extra bits and bytes to start this week and month. VMware rings the klaxon over service provider vulnerability If you're running a server hosting VMware's Service Provider portal, you …

The Brit who ran the BuildFeed website of Windows leaks has been handed a suspended prison sentence – along with a former Malwarebytes bod who hacked into Microsoft's internal OS development networks. Thomas Hounsell, 26, of Station Road, Sleaford, Lincolnshire, and former Malwarebytes researcher Zammis Clark, 24, of Agar …

PromoWith cyber-attacks on the rise and constantly taking new forms, organisations rely more than ever on skilled IT security staff who can detect and deal with vulnerabilities in their systems. If you are a cybersecurity professional, you can deepen your knowledge and catch up with the latest security developments at the SANS …

Ex-NSA contractor Harold Martin has admitted he took home piles of top-secret US government reports and other materials, contrary to security rules and basic common sense. The 54-year-old, of Baltimore, Maryland, who had worked for Uncle Sam for more than 22 years within a number of NSA departments, agreed in a federal …

Hacktivists are spreading booby-trapped copies of the New Zealand mass shooter's Islamophobic rantings, in what is being described as an online "vigilante" operation. Security house Blue Hexagon claims it discovered a version of the killer's manifesto doing the rounds online containing Windows malware that, when executed with …

TP-Link's all-in-one SR20 Smart Home Router allows arbitrary command execution from a local network connection, according to a Google security researcher. On Wednesday, 90 days after he informed TP-Link of the issue and received no response, Matthew Garrett, a well-known Google security engineer and open-source contributor, …

Britain's Huawei oversight board has said the Chinese company is a threat to British national security after all – and some existing mobile network equipment will have to be ripped out and replaced to get rid of said threat. "The work of HCSEC [Huawei Cyber Security Evaluation Centre]… reveals serious and systematic defects in …

ExclusiveHuawei bungled its response to warnings from an ISP's code review team about a security vulnerability common across its home routers – patching only two models rather than all of its products that used the same flawed firmware. Years later, those unpatched Huawei gateways, still vulnerable and still in use by broadband …

Office Depot and Support.com have coughed up $35m after they were accused of lying to people that their PCs were infected with malware in order to charge them cleanup fees. On Wednesday, the pair of businesses settled a lawsuit brought against them by the US Federal Trade Commission, which alleged staff at the tech duo falsely …

The US Federal Trade Commission has asked seven American providers of mobile broadband service to provide details about how they deal with customer and device data. The trade watchdog issued an order [PDF] on Tuesday directing AT&T, AT&T Mobility, Comcast (Xfinity), Google Fiber, T-Mobile US, Verizon, and Cellco Partnership, …

Asus has released an update for its software update utility to rid about a million of its notebooks of a spyware-laden software update pushed to victims by its software update system. And breathe in. The Taiwanese PC giant on Tuesday published a fresh clean version of Live Update, which is a tool that keeps firmware driver …

ExclusiveA senior exec within DXC Technology's global security practice has acknowledged his staff's "puzzlement" at the company's reluctance to fund examinations for infosec certifications. Dean Clemons, global SC&C services leader at DXC's Offering division who reports to Mark Hughes, jumped on a conference call with staff on 19 …

In addition to teasing the world with a glimpse of subscriptions services for newspapers and magazines, gaming, and video entertainment, Apple on Monday released iOS 12.2, which patches 51 security vulnerabilities. The fruit-themed company's fixes cover some serious flaws and should be applied as soon as possible. Apple fixed …

A million or so Asus personal computers may have downloaded spyware from the computer maker's update servers and installed it, Kaspersky Lab claims. Someone was able to modify a copy of the Asus Live Update Utility, hosted on the Taiwanese manufacturer's backend systems, and sign it using the company's security certificate, …

PromoOrganisations can no longer afford to rely on prevention systems alone to protect them from increasingly numerous and determined adversaries who can find their way round most of today's monitoring tools. If you are a security professional working as part of an incident response and prevention team, the SANS Institute's …

Lasers could be used to detect radioactive material secretly transported to and from ports one day, according to a group of physicists from the University of Maryland in the US. The boffins describe a proof-of-concept method that can sniff out the particles emitted from radioactive decay using a technique known as an “electron …

RoundupThis week we got freaked out about heart implant hacks, welcomed a new Microsoft security tool, and endured yet another Facebook fsck up. Here's what else happened along the way: Slack pack give keys a whack Large enterprise customers will now have more control over the security of their Slack channels. This after the …