Security > More stories

Kaspersky

Brit bank Barclays' Kaspersky Lab diss: It's cyber balkanisation, hiss infosec bods

Analysis Barclays has stopped offering free Kaspersky Lab products to new users in a move that shows, like Best Buy, commercial firms can be swayed by governmental stances on dealing with the Russian software firm. Red panic: Best Buy yanks Kaspersky antivirus from shelves READ MORE As El Reg reported yesterday, the UK high street …
John Leyden, 05 Dec 2017
The first RAF F-35B Lightning II to land in the UK. Crown copyright

Once again, UK doesn't rule out buying F-35A fighter jets

The United Kingdom is edging ever closer to buying F-35As, instead of the B model needed to fly from the Navy’s new aircraft carriers, as a senior officer once again refused to rule out a future F-35A purchase. Lieutenant General Mark Poffley, deputy chief of the defence staff for military capability, told MPs “I don’t think …
Gareth Corfield, 05 Dec 2017

Turns out Leakbase can keep a secret: It has shut down with zero info

Stolen-creds-for-sale site Leakbase has gone dark and started redirecting to Troy Hunt's HaveIBeenPwned. Since it's published only three tweets relating to the shutdown, Leakbase left plenty of room for speculation about the reason for its disappearance. We understand many of you may have lost some time, so in an effort to …
Flyswat

Google prepares 47 Android bug fixes, ten of them rated Critical

Google has teased 47 Android patches for Nexus and Pixel devices. Among the critical bugs in the Android Security Bulletin, five concern the media framework, one is system-level, four hit Qualcomm components. The worst, Google said, is one of the media framework bugs, not yet fully disclosed, but it “could enable a remote …
Infosys web page

Infosys names a new CEO: welcome to the hot-seat Salil S. Parekh

Infosys has named its next leader: Salil S. Parekh will become as CEO an managing director as of January 2nd, 2018, and has been appointed for five years. Parekh has spent the last 25 years of his working life at Capemini, where he reached the rank of deputy CEO and sat on the Group Executive Board. Infosys needed a new CEO …
Simon Sharwood, 05 Dec 2017
A dentist examining teeth

Dentist-turned bug-biter given a taste of freedom

Justin Shafer, who last year sparked a complaint to the FBI for discovering a dental software vendor's unprotected FTP server, will walk free until his trial begins. Although his vulnerability work upset some of his targets, Shafer's detention wasn't directly about hacking: he took exception to repeated FBI raids, went public …
closed sign

International team takes down virus-spewing Andromeda botnet

Police and private companies have taken down a massive botnet used to move malware onto compromised PCs. The Andromeda botnet, also known as Gamarue, is thought to have spanned over two million PCs and distributed over 80 types of malware onto infected PCs. It was shut down on November 29 in a combined operation by Europol, …
Iain Thomson, 05 Dec 2017
A businessman in handcuffs

SEC's cyber-cops cyber-file cyber-first cyber-fraud cyber-charges

The SEC's new online crime unit says it has frozen what officials believe to be a fraudulent cryptocurrency. The US securities watchdog claims Canada-based PlexCorps and its owners, Dominic Lacroix and Sabrina Paradis-Royer, are violating anti-fraud statutes by promising US investors impossible returns on investments in their …
Shaun Nichols, 05 Dec 2017

Prison hacker who tried to free friend now likely to join him inside

A Michigan man who hacked into his local prison's computing system to gain early release for a friend is facing his own time inside after getting caught. Konrads Voits, 27, pled guilty to hacking charges after installing malware on the Washtenaw County government computer system in an attempt to get a friend released early …
Iain Thomson, 04 Dec 2017
My Friend Cayla and i-Que robot

Creepy Cayla doll violates liberté publique, screams French data protection agency

The French data protection agency has issued a formal notice to a biz peddling allegedly insecure toys, just in time for Christmas. The mass-marketed toys in question – Genesis Toys' My Friend Cayla doll and i-Que robot – are Bluetooth-enabled so they can capture and analyse children's speech through an app on – ideally – …
Rebecca Hill, 04 Dec 2017
Pop art style illustration of man exclaiming "WHAT?" in shock/horror/bemusement. Illustration via Shutterstock

Damian Green: Not only my workstation – mystery pr0n all over Parliamentary PCs

Under-fire Cabinet Office minister Damian Green has reportedly told an internal UK government inquiry that he has proof he was not the one who downloaded porn onto his Parliamentary computer. The minister has forwarded to investigators an email from Eleanor Laing, deputy speaker of the House of Commons, detailing how one of …
Gareth Corfield, 04 Dec 2017
Archer cracks the ISIS mainframe's password

Brit MP Dorries: I gave my staff the, um, green light to use my login

UK MP Nadine Dorries revealed yesterday that she shares her parliamentary login information with her staff. This was an attempt to defend recently resurfaced allegations about porn allegedly found on fellow politician Damian Green's office computer. Tweeting on Saturday, Dorries disputed the assertion that only Green could …
danger

Google to crack down on apps that snoop

Google has warned Android developers to give users better warnings about their apps' data collection behaviours, or it will flag their failings. Last Friday, the company announced revisions to Safe Browsing rules and "expanded enforcement of Google's Unwanted Software Policy". If developers don't comply within 60 days, Google …
Data breach

PayPal paid $US233m for company that leaked 1.6 million records

PayPal has “identified a potential compromise of personally identifiable information for approximately 1.6 million customers.” The good news ist that PayPal is not to blame for the likely leak. Fault can instead be ascribed to TIO Networks, a Canadian payments outfit that PayPal paid US$233m to acquire in February 2017. That …
Simon Sharwood, 04 Dec 2017

Dirty COW redux: Linux devs patch botched patch for 2016 mess

Linus Torvalds last week rushed a patch into the Linux kernel, after researchers discovered the patch for 2016's Dirty COW bug had a bug of its own. Dirty COW is a privilege escalation vulnerability in Linux's “copy-on-write” mechanism, first documented in October 2016 and affecting both Linux and Android systems. As The …

RSA coughs to critical-rated bug in its authentication SDK

RSA developers and admins have been given two critical-level authentication bugs to patch. For the sysadmin, the issue struck RSA's software providing Web-based authentication for Apache. CVE-2017-14377 is an authentication bypass that existed because of an “input validation flaw in RSA Authentication Agent for Web for Apache …

UK government bans all Russian anti-virus software from Secret-rated systems

The United Kingdom's National Cyber Security Centre has effectively banned the use of Russian anti-virus products from government departments and revealed it is trying to “prevent the transfer of UK data to the Russian state” from Kaspersky Labs software. A guidance note published last Friday and distributed to permanent …
Simon Sharwood, 03 Dec 2017
NSA

Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row

An NSA hacker has admitted taking home copies of classified software exploits – understood to be the cyber-weapons slurped from an agency worker's home Windows PC by Kaspersky Labs' antivirus. Nghia Hoang Pho, 67, pleaded guilty in a US district court in Baltimore on Friday to one count of willful retention of national defense …
Shaun Nichols, 02 Dec 2017

Apple iOS 11 security 'downgrade' decried as 'horror show'

After rapidly patching a flaw that allowed anyone with access to a High Sierra Mac to obtain administrative control, Apple still has more work to do to make its software secure, namely iOS 11, it was claimed this week. Oleg Afonin, a security researcher for password-cracking forensic IT biz Elcomsoft, in a blog post on …
Thomas Claburn, 01 Dec 2017

Expert gives Congress solution to vote machine cyber-security fears: Keep a paper backup

Video With too many electronic voting systems buggy, insecure and vulnerable to attacks, US election officials would be well advised to keep paper trails handy. This is according to Dr Matt Blaze, a University of Pennsylvania computer science professor and top cryptographer, who spoke to Congress this week about cyber-threats facing …
Shaun Nichols, 01 Dec 2017
Rt.Hon. Damian Green,  Conservative MP, attends a constituency meeting on September 17, 2013 in Tenterden, Kent. pic by david fowler/shutterstock (editorial use only)

Ex-cop who 'kept private copies of data' fingers Cabinet Office minister in pr0nz at work claims

Cabinet Office Minister Damian Green has been caught up in a fresh row over his Parliamentary computer habits after the BBC reported that he had porn on his parliamentary PC a decade ago. Neil Lewis, a former Scotland Yard detective specialising in computer investigations, was given a platform by the BBC's morning TV news …
Gareth Corfield, 01 Dec 2017
Leak

High Court judge finds Morrisons supermarket liable for 2014 data leak

Morrisons is responsible for the leak of staff personal details by an ex-employee, the High Court ruled today. A group of 5,518 employees took the supermarket to court, with Mr Justice Langstaff of the High Court's Queen's Bench Division, sitting at Leeds Crown Court in England, ruling that those affected can claim …
Richard Priday, 01 Dec 2017
Penguin, photo via Shutterstock

Linux laptop-flinger says bye-bye to buggy Intel Management Engine

In a slap to Intel, custom Linux computer seller System76 has said it will be "disabling" the Intel Management Engine in its laptops. Last month, Chipzilla admitted the existence of firmware-level bugs in many of its processors that would allow hackers to spy on and meddle with computers. One of the most important …
Andrew Silver, 01 Dec 2017
jail

Stop us if you've heard this one: Russian hacker thrown in US slammer for $59m bank fraud

A Russian hacker already facing a lengthy prison stay in the US has been sent down for another 14 years for heading up an "organized cybercrime ring" that racked up $59m in damages across America. Roman Valeryevich Seleznev, aka Track2, the 33-year-old son of a Russian MP, was sentenced after being convicted of one count each …
Shaun Nichols, 01 Dec 2017

Protecting your data from ransomware

Supported Well, there’s a surprise. The National Audit Office’s report into the WannaCry ransomware and its effect on the NHS came out in late October. It points the blame at – wait for it – the NHS. Despite warnings, trusts had not prepared themselves with the basic patches necessary to avoid what ended up being an unsophisticated attack …
Robin Birtstone, 30 Nov 2017
No, just stop. Nope. photo by shutterstock

Google Chrome vows to carpet bomb meddling Windows antivirus tools

By mid-2018 Google Chrome will no longer allow outside applications – cough, cough, antivirus packages – to run code within the browser on Windows. This is according to a post today on the Chromium blog that laid out the July release of Chrome 68 for Windows as the target for new rules that will block all third-party apps from …
Shaun Nichols, 30 Nov 2017
Bitcoin

Crypto-cash souk Coinbase forced to rat out its high rollers to probing US taxmen

Cryptocurrency exchange Coinbase will be turning over information on 14,000 of its users to the IRS – Uncle Sam's tax collectors – thanks to an order from a US court. Judge Jacqueline Corley of the San Francisco district court ruled on Wednesday the Bitcoin, Ethereum, and Litecoin trading website will be required to hand over …
Shaun Nichols, 30 Nov 2017
Lauri Love and girlfriend Sylvia Mann outside the Royal Courts of Justice. Pic: Richard Priday

Lauri Love's US extradition appeal judges reserve decision

London's High Court has reserved judgment on the extradition of accused hacker Lauri Love after hearing this morning that his appeal should be granted because conditions in the US prisons he may be sent to are "unconscionable". "For this particular appellant, going to MDC [the Metropolitan Detention Centre in Brooklyn, New …
Gareth Corfield, 30 Nov 2017
Pointing finger, photo via Shutterstock

Uber hack: EU data protection bods launch taskforce

The European Union’s group of data protection watchdogs has launched a taskforce into the Uber data breach that affected 57 million users worldwide. The Article 29 Working Party discussed the breach, which took place in October 2016 but was only revealed last week, at its November plenary meeting yesterday. The taskforce will …
Rebecca Hill, 30 Nov 2017
Coal miners

Hey girl, what's that behind your Windows task bar? Looks like a hidden crypto-miner...

Miscreants have found a way to continue running cryptocurrency-crafting JavaScript on Windows PCs even after netizens browse away from the webpage hosting the code. Researcher Jerome Segura of Malwarebytes said on Wednesday his team discovered scumbags had written some custom code to keep Coin Hive's freely available in- …
Shaun Nichols, 30 Nov 2017
Man confused by laptop

Wondering why your internal .dev web app has stopped working?

Network admins, code wranglers and other techies have hit an unusual problem this week: their test and development environments have vanished. Rather than connecting to private stuff on an internal .dev domain to pick up where they left off, a number of engineers and sysadmins are facing an error message in their web browser …
Kieren McCarthy, 29 Nov 2017

As Apple fixes macOS root password hole, here's what went wrong

Code dive Apple has emitted an emergency software patch to address the trivial to exploit vulnerability in macOS High Sierra, version 10.13.1, that allowed miscreants to log into Macs as administrators without passwords and let any app gain root privileges. The Cupertino iPhone giant kicked out the fix, Security Update 2017-001, today …
Shaun Nichols, 29 Nov 2017

Uber says 2.7 MEEELLION(ish) UK users affected by hack

Uber has finally come up with a figure for the number of UK-based riders and drivers affected by its massive data breach: 2.7 million. The taxi hire firm has been slammed by regulators around the world for keeping the hack, which happened in October 2016, quiet for the best part of a year. To make matters worse, when it …
Rebecca Hill, 29 Nov 2017

Hacked Brit shipping giant Clarksons: A person may release some of our data today

British shipping company Clarkson has 'fessed up to a data breach, saying a miscreant has accessed its systems and the public should expect some of it to be made public. Clarkson PLC declined to answer The Register's inquiry about how much data had been compromised or whether it belonged to customers and merely referred us to …
Andrew Silver, 29 Nov 2017
lauri_love_royal_courts_justice

Accused hacker Lauri Love's extradition appeal begins

Alleged computer hacker Lauri Love’s appeal against extradition from the UK to the US begins this morning at the Royal Courts of Justice in London. United States prosecutors have accused 33-year-old Love of having “carried out a series of cyber attacks against the websites and computer systems” of a list of American government …
Gareth Corfield, 29 Nov 2017
baratov

Canadian! fella! admits! hacking! Gmail! inboxes! amid! Yahoo! megahack!

A Canadian hacker for hire has admitted ransacking webmail accounts for miscreants accused of orchestrating the Yahoo! megahack that hit all three billion Purple Palace user accounts. Karim Baratov, 23, appeared in a federal district court in San Francisco on Tuesday after striking a plea deal with US prosecutors. He was …
Iain Thomson, 29 Nov 2017

Biting the hand that feeds IT © 1998–2017