Honda said today that it had briefly halted operations at a car plant in Sayama, Japan earlier this week because of the infamous WannaCrypt ransomware. The Japanese car maker halted production for one day at a domestic vehicle plant on Monday after finding samples of the WannaCrypt ransomware in its computer network, Reuters …

An intriguing, and slightly concerning, job ad has appeared on freelancing website People Per Hour, entitled: "URGENT!!! Delivery of a National e-ID System". The post is from an unidentified small IT consultancy which is submitting a bid to deliver a National e-ID system, including a biometric enrolment for all citizens and …

Windows 10 does disable some third-party security software, Microsoft has admitted, but because of compatibility – not competitive – issues. Redmond is currently being investigated in the EU, Germany and Russia over alleged anti-competitive behavior because it bundles the Windows Defender security suite into its latest …

Hacking attacks against sales terminals have risen by nearly a third last year, and the US is still leading the way in being insecure. Incidents affecting sales tills and payment systems increased to 31 per cent in 2016, according to research by security firm Trustwave, while incidents affecting e-commerce environments fell to …

A UK hacker who stole £100,000 from his bank after spotting a loophole in its systems has been jailed for 16 months. Unemployed James Ejankowski, 24, of Bridlington, squandered his ill-gotten gains by splurging on a BMW and a Range Rover, and getting his face tattooed (as shown in a story in the Teeside Evening Gazette here). …

Second-rate opsec remained pervasive at the United States' National Security Agency, according to an August 2016 review now released under Freedom of Information laws. It's almost surprising that the agency was able to cuff Reality Winner, let alone prevent a wholesale Snowden-style leak. The Department of Defense Inspector …

A South Korean web hosting company is forking out just over US$1 million to ransomware scum after suffering more than eight days of nightmare. Nayana first announced the attack on June 10, saying customer video files and its database had been encrypted, and promising to work to recover the data. More than 150 servers were hit …

Powerful programs run daily by users of Linux and other flavors of Unix are riddled with holes that can be exploited by logged-in miscreants to gain root privileges, researchers at Qualys have warned. Essentially, it's possible to pull off a "Stack Clash" attack in various tools and applications to hijack the whole system, a …

An investigation by Mexican NGOs and a Canadian tech lab has revealed how the Mexican government is illegally targeting the mobile phones of journalists, lawyers and activists to spy on them. R3D, SocialTic, Article 19 and CitizenLab report that the government has been sending malware links to specific individuals' phones, …

A massive cloud-hosted database containing personal information on nearly 200 million people in America was left wide open by consultants hired by the US Republican National Committee, it is claimed. Security firm UpGuard said the records of 198 million US voters, including dates of birth, addresses and phone numbers, were …

American defence firm Raytheon has said it is in talks with the Ministry of Defence to put the US Navy’s “satnav for F-35s” system onto new British carrier HMS Prince of Wales. The USN’s Joint Precision Approach and Landing System (JPALS) is already being integrated onto the service’s F-35Cs and the US Marine Corps’ F-35Bs – …

Another banking malware variant has been spotted in the wild, and it's using UPnP to pop home routers to expose unsuspecting home users, recruited as part of the botnet. McAfee Labs says the new campaign uses a variant of the ancient “Pinkslipbot”, and says it uses Universal Plug'n'Play (UPnP) to open ports through home …

Election hacking is much in the news of late and there are fears that the Russians/rogue lefties/Bavarian illuminati et al are capable of falsifying results. For example, voters in the state of Georgia's sixth district are going to the polls on Tuesday for a close-fought election, and serious doubts have been raised about the …

A mystery technology biz tried to fight off demands from the US government that it hand over people's communications flowing through its systems. The unnamed company refused to obey the surveillance order, and was also denied the ability to even review the outcomes of any previous challenges to help form its case. That's …

A UK-based computer hacker has admitted stealing hundreds of usernames and email addresses from a US military communications system. Sean Caffrey, 25, of Sutton Coldfield in the West Midlands, broke in and pinched the ranks, usernames and email addresses of more than 800 users of a satellite communications system and of about …

Hundreds of commercial Wi-Fi routers are, or were, easily hackable by the CIA, according to classified files published today by WikiLeaks. The confidential US government documents describe the Cherry Blossom project, which is the framework by which CIA operatives can subvert wireless routers; install software that harvests …

A year-long investigation has uncovered evidence that British armaments conglomerate BAE Systems has been selling internet surveillance equipment to Middle Eastern regimes with questionable human rights records. BAE has its fingers in many pies, including the online sphere, and in 2011 it bought Danish firm ETI and added it to …

Germany has joined an increasing number of countries looking to introduce anti-encryption laws. Speaking on Wednesday, German interior minister Thomas de Maizière said the government was preparing a new law that would give the authorities the right to decipher and read private encrypted messages, specifically citing encrypted …

Security researchers have developed a free decryption tool for victims of the ‪Jaff‬ ransomware, meaning they can regain access to files without paying crooks. The utility – developed by boffins at Kaspersky Lab – works on all variants released to date. Of course there is still the possibility that the criminals behind Jaff …

European banks could face fines totalling €4.7bn in the three years after General Data Protection Regulation comes into force, according to a report from data security solutions firm AllClear ID. The latest in a string of sales pitches reports on businesses' preparedness for GDPR to land in The Reg's inbox says that banks are …

A new study has warned that third-party trackers litter banking websites and the privacy-invading tech is being used to rate surfers' creditworthiness. Among the top 10 financial institution websites visited in the US and UK, there are 110 third-party trackers snooping on surfers each time they visit. Online privacy firm …

A wormable vulnerability involving an estimated one million digital video recorders (DVR) is at risk of creating a Mirai-style botnet, security researchers warn. UK-based security consultancy Pen Test Partners said that the issue stems from a zero-day (unpatched) flaw in networking software from Chinese manufacturer XiongMai …

Stop us if you've heard this one: an emergency access feature offered by RSA for SecurID token customers isn't completely secure. That's the opinion of pentest outfit Netspi, whose Alexander Leary worked out how to abuse the SecurID Emergency Access Tokencodes (EAT). The use-once codes are intended to provide a temporary …

Sysadmins should already have purged WINS from their Microsoft Windows Server environments – but if they haven't, there's a new reason to take it for one last walk out behind the shed. Fortinet's Honggang Ren says a WINS Server remote memory corruption vulnerability in the MS-proprietary name server isn't going to get fixed, …

In spite of a flurry of patches designed to fix Windows Defender, at least one security researcher reckons there's still work to be done. James Lee, who has presented at conferences like Zer0con, has contacted The Register to say the key vulnerable component, MsMpEng, is still subject to remote code execution. As with the …

A massive click-fraud farm has been raided in Thailand by police and army troops, who seized nearly half a million SIM cards and hundreds of iPhones used to promote products online. The raid on two rented houses in Ban Mai Nong Sai in the Aranyaprathet District led to the arrest of three Chinese suspects: Wang Dong, 33, Niu …

The Norks are coming and it won't be fun, according to a new bulletin from the United States Computer Emergency Readiness Team (US-CERT). The advisory warns that a North Korean hacking team, dubbed Hidden Cobra, is actively targeting media, aerospace, financial, and critical infrastructure sectors in the US and around the …

Updated University College London is tonight tackling a serious ransomware outbreak that has scrambled academics' files. It is feared the software nasty may be exploiting a zero-day vulnerability, or is a previously unseen strain of malware as antivirus defenses did not spot it in time, we're told. Eggheads at the UK uni are urged to …

Network security has improved little over the last 12 months – millions of vulnerable devices are still exposed on the open internet, leaving them defenceless to the next big malware attack. A follow-up audit by Rapid7 – the firm behind the Metasploit pen-testing tool – found that more than a million endpoints were confirmed …

The founder of chat app Telegram has publicly claimed that feds pressured the company to weaken its encryption or install a backdoor. "During our team's 1-week visit to the US last year we had two attempts to bribe our devs by US agencies + pressure on me from the FBI," Pavel Durov said on Twitter. "It would be naive to think …

Voice over LTE leaks like a sieve, because nobody's paying attention to the details. That's the conclusion in a paper (PDF) presented to the Symposium on Information and Communications Technology Security in Rennes, France last week. The researchers, from Priority 1 Security, warn the vulnerabilities could affect any of the …

The developers of privacy-protecting Linux distribution Tails have decided to get closer to Debian with the project's 3.0 release. Tails - aka The Amnesic Incognito Live System - is designed to boot and run from removable storage and not to leave any trace of what you did while running it. Users booting into version 3.0 will …

Officials from the United States, the United Kingdom, Canada, Australia and New Zealand will discuss next month plans to force tech companies to break encryption on their products. The so-called Five Eyes nations have a long-standing agreement to gather and share intelligence from across the globe. They will meet in Canada …

Fake news has come to be associated with political intrigue but the same propaganda techniques are also abused by cybercriminals, according to a study by Trend Micro. The techniques and methods used to spread fake news and manipulate public opinion have a wide range of objectives and even a price list. Cybercriminals produce …

Researchers from the Massachusetts Institute of Technology and Stanford University have found that people say they want privacy but make choices suggesting the opposite, and can be easily manipulated through interface design, reassuring statements, and pizza. In "Digital Privacy Paradox: Small Money, Small Costs, Small Talk," …

I spent the first half of my career coding and while I don't miss the day-in-day-out grind of coding, but do still enjoy the computer-as-infinite-toy. So from time to time I try to spend a few days with my head in the machine, playing, exploring and learning. Lately I've done that with Glitch, a browser-based programming …

Anti-virus vendor Dr. Web has found something nasty: malware named “Linux.MulDrop.14” that turns the Raspberry Pi into a cryptocurrency mining machine. To catch the malware you'll need to leave your rPi on with SSH ports open. If you've done so and the malware's scripts make their way in to your Pi, they'll install zmap, …

The jailed kingpin behind a multimillion-pound fraud has admitted attempting to run an almost identical con from behind bars. Feezan "Fizzy" Hameed, 26, ran a voice-based phishing fraud which claimed 750 RBS group victims (mainly small businesses such as accountants and solicitors) and resulted in loses of £113m. He used his …

+Comment Our Monday here at The Reg's London offices has been cheered to no end by Google News, which has been spitting out odd pharmaceutical-related "journalism" throughout the day. Over the past few days*, we've watched in amazement as our inbox filled up with emails from readers, and journos in the newsroom today have been …

Security researchers have discovered malware capable of disrupting industrial control processes. Industroyer can cause the same sort of damage as BlackEnergy, a malware strain blamed for attacks on energy firms that caused blackouts in Ukraine in December 2015. The malware may have featured in follow-up attacks last December …

German police have arrested a man they suspect of being the administrator of a dark net website. The site is said to have been used to buy a gun used in a 2016 mass murder. The unnamed 30-year-old man was arrested on 8 June in “south west Germany”, according to Sky News. The server used to host the site is said to have been …

Security researchers have discovered a ransomware variant that targets Macs rather than Windows PCs. Although technically inferior to most current ransomware targeting Windows, it still encrypts or prevents access to victim's files, thereby causing real damage, according to researchers at Fortinet. MacRansom uses symmetric …