Ethical hacking is a "redundant term" but to be a "hacker" is no longer a bad thing, according to proponents of the cybersecurity art form known as "penetration testing". One-time Lulzsec hacker Jake Davis and his deportation-proof hacker mate Lauri Love appeared at a talk organised by pentesting biz Redscan in which the great …

Twitter and Facebook on Monday claimed some third-party apps quietly collected swathes of personal information from people's accounts without permission. The antisocial networks blamed the data slurp on what they termed a pair of "malicious" software development kits (SDKs) used by the third-party iOS and Android apps to …

PromoThe IT security landscape changes by the second, as organisations move to new technologies and data thieves devise increasingly ingenious ways to penetrate systems. It’s no surprise that IT security leaders feel the constant need to shore up their defenses. Help on how to achieve this will be at hand at the major event IT …

RoundupTime for another roundup of all the security news that's fit to print and that we haven't covered yet. T-Mobile US says hackers broke into customer info T-Mobile US prepaid account holders got unwelcome news this week when their wireless carrier admitted on Friday it was compromised by miscreants who would have been able to …

VNC remote desktop software has no shortage of potentially serious memory-corruption vulnerabilities, you'll no doubt be shocked to hear. This is all according to [PDF] a team at Kaspersky Lab, which has uncovered and reported more than three dozen CVE-listed security holes, some allowing for remote code execution. VNC, or …

Developers working on open-source ad-blocker uBlock Origin have uncovered a mechanism for tracking web browsers around the internet that defies today's blocking techniques. A method to block this so-called unblockable tracker has been developed by the team, though it only works in Firefox, leaving Chrome and possibly other …

A French hospital has suffered a ransomware attack that reportedly caused the lockdown of 6,000 computers. Rouen's Centre Hospitalier Universitaire (CHU) reverted to pen and paper instead of computerised record-keeping during last week's attack, according to Le Monde. The attack, which took place on Friday November 15 at …

The UK’s tax authorities have issued an official warning to contractors to watch out for self-assessment scams - and they don’t mean IR35 for a change. According to Her Majesty’s Revenue and Customs (HMRC), fraudsters see self-employed individuals as a good target and are pulling off a wide variety of cons around purported tax …

A convicted fraudster housed in a maximum security prison in Nigeria managed to pull off a $1m (£775,000) online scam from behind bars. The African nation's Economic and Financial Crimes Commission this week said Hope Olusegun Aroke, who is serving a 24-year stretch for a previous fraud conviction in 2015, used a contraband …

Amnesty International says the "pervasive surveillance" practiced by Facebook and Google represents a threat to human rights, a claim the two companies dispute. On Thursday in the UK, the advocacy group, known for documenting torture and ethnic cleansing, published a report taking the two ad giants to task for business models …

Half of UK public sector IT chiefs think the data they're responsible for protecting is less valuable than private sector information, according to a survey by antivirus firm Sophos. Just over 50 per cent of 420 senior managers quizzed by Sophos agreed with the statement: "The data held by my organisation is less valuable than …

A British video-editing startup exposed what is claimed to be "thousands" of user-uploaded videos, including family films and home-made pornography, in an unsecured Amazon AWS bucket. Research by Noam Rotem and Ran Locar, for security biz vpnMentor, revealed that VEED.io left an AWS bucket completely unsecured and hosting what …

Thousands of Oracle E-Business Suite customers are vulnerable a security bug that can be exploited for bank fraud. Security company Onapsis estimates that roughly half of all companies using the Oracle EBS software have not yet patched CVE-2019-2648 and CVE-2019-2633, despite Big Red having pushed out fixes for both bugs back …

A 39 year-old man from New York has been ordered to spend the next 18 months in prison after being convicted of cryptocurrency-based securities fraud. Brooklyn-based Maksim Zaslavskiy was handed the sentence in the New York Eastern US District Court after being convicted on one charge of conspiracy to commit wire fraud. He …

Mozilla has decided to celebrate the 15th anniversary of its Firefox browser by expanding its bug bounty program to cover a range of new sites and services, and – get this – triple its maximum payout. So if you manage to fix a remote code execution bug in Firefox or some of Mozilla's lesser-known services such as its payment …

US retailer Macy's says that hackers planted a card-stealing malware script on its site and harvested customer details for eight days last month. A notice (PDF) posted by the long-operating department store chain said that, between October 7 and October 15 of this year, a Magecart script was running on the checkout page of its …

Brexit-supporting businessman Arron Banks has had his Twitter account hijacked and his private messages dumped online by person or persons unknown – and random script kiddies are trying to claim the credit for it. Banks’ account was seemingly accessed two days ago, with @arron_banks on Twitter (since suspended) being used this …

A rape investigation involving everyone's favourite cupboard-dwelling WikiLeaker, Julian Assange, has been dropped, Swedish prosecutors told the world's press today. Deputy director of public prosecutions Eva-Marie Persson told journalists that the case against Assange had been discontinued, around seven years after …

Multinational police agency Interpol is due to say that tech companies deploying strong encryption helps paedophiles – unless they build backdoors for police workers. Three people "briefed on the matter" told financial newswire Reuters yesterday that the agency would be issuing a statement this week condemning the use of …

A Briton once suspected of hacking Pippa Middleton's iCloud account – although he was cleared after a police probe in 2016 – now faces deportation to America. Nathan Wyatt, who is said to have used the handle "The Dark Overlord" online, is accused by American prosecutors of conspiracy, aggravated identity theft and three …

It's time for another Register security roundup of the week's smaller stories you may have missed. FedEx says exposed driver database was a 'test system' US parcel delivery company FedEx has acknowledged that it left an exposed database containing detailed driver and delivery information, but says the infomation was part of a …

A US court has sentenced the operator of a massive DDoS service to 13 months in prison. Sergiy Usatyuk, 21, from Orland Park, IL was handed the term - along with a $542,925 forfeiture order - after pleading guilty earlier this year to one count of conspiracy to cause damage to internet-connected computers. He will also have to …

Some 14 years after it was founded and with no external funding taken in during that time, 1Password has finally succumbed to the charms - and $200m in cash - of venture cap biz Accel. 1Password was founded by Dave Teare along with Roustem Karimov in 2005 and he noted the shock the decision may cause. "As a completely …

Common behaviors shared across all families of ransomware are helping security vendors better spot and isolate attacks. This according to a report from British security shop Sophos, whose breakdown (PDF) of 11 different malware infections, including WannaCry, Ryuk, and GandCrab, found that because ransomware attacks all have …

Two men from Massachusetts have been arrested and charged with 11 criminal counts stemming from a string of account takeovers and cryptocurrency thefts. 21 year-old Eric Meiggs and 20 year-old Declan Harrington each face charges of wire fraud, conspiracy, computer fraud and abuse, and aggravated identity theft for their …

Reports that the Home Office's Brexit app contains "serious vulnerabilities" that could expose the phone numbers, addresses and passport details of EU citizens are overblown, say security experts. To date, one million EU nationals have downloaded the Android settled status app, which asks users to take a selfie and scans the …

The UK's Information Commissioner urged the Court of Appeal to side with Morrisons in the supermarket’s battle to avoid liability for the theft and leaking of nearly 100,000 employees’ payroll details – despite not having read the employees’ legal arguments. A letter (PDF) sent to the Court of Appeal in May 2018 on behalf of …

A man will appear at Crown court in December to answer charges that he used hacking program Sentry MBA to access and take money from online UK National Lottery gambling accounts. Prosecutors claim that 29-year-old Anwar Batson gained access to National Lottery users' accounts in November 2016, having downloaded hacking tools …

A Russian man was detained at Dulles airport in Washington DC on Monday and charged with running a stolen card trading ring that was responsible for $20m worth of fraud. Aleksei Burkov appeared in the Eastern Virginia US District Court on Tuesday to face charges (PDF) of access device fraud, conspiracy to commit access device …

The seizure and search of phones and laptops at the US border is unconstitutional, a judge said Tuesday in a landmark ruling. Massachusetts district court judge Denise Casper declared [PDF] that the practice breaks the Fourth Amendment on unreasonable search, and that border agents need to have a “reasonable suspicion” of …

Patch TuesdayThe November edition of Patch Tuesday has landed with scheduled updates from Microsoft, Adobe, and SAP, along with the debut of a new update calendar from Intel. Scripting bug draws attacks on IE Microsoft's monthly batch of fixes addresses 74 CVE-listed security vulnerabilities, more than a dozen of them considered to be …

Trusted Platform Modules, specialized processors or firmware that protect the cryptographic keys used to secure operating systems, are not entirely trustworthy. Boffins from the Worcester Polytechnic Institute and University of California, San Diego, in the US, and the University of Lübeck in Germany, have found that TPMs …

Intel is once again moving to patch its CPU microcode following the revelation of yet another data-leaking side-channel vulnerability. The same group of university boffins who helped uncover the infamous Spectre and Meltdown flaws say that a third issue, reported back in May under the name ZombieLoad, extends even further into …

Nearly three months after infosec biz Eclypsium highlighted widespread security weaknesses in third-party Windows hardware drivers, you can now add Intel to the list of vendors leaving holes in their all-powerful low-level code. In a follow-up report to its August DEF CON presentation, Eclypsium found that not only are those …

The UK's Labour Party says its campaign site has been the target of "sophisticated and large-scale cyber-attack" and has informed GCHQ's National Cyber Security Centre. Jeremy Corbyn's party said the attack took place yesterday, adding that security systems ensured there was no data breach. A spokeswoman said: "We have …

BT Security managed to commit the most basic blunder of all after emailing around 150 infosec professionals who attended a jobs fair – using the "cc" field instead of "bcc". The email, shown to The Register by a non-trivial number of aggrieved recipients, thanked them for attending the Westminster Cyber Expo and popping by the …