Black HatAmerica's crime-fighters, desperate to recruit white-hat hackers to collar spies and cyber-crooks, are quietly and slightly relaxing the ban on hiring anyone who has used illegal drugs. Generally speaking, dabbling in any kind of substance abuse will rule you out of the running for a job at the NSA, Homeland Security, the FBI …

Black HatBlack Hat founder Jeff Moss opened this year's shindig in Las Vegas with tales of quite how odd the hacking culture in China is. You see, Moss also founded the DEF CON conference series, and has started running DEF CON events for nerds in China – which makes sense given the sizable reservoir of infosec and computer science …

Black HatIBM's X-Force hacking team have come up with an interesting variation on wardriving – you know, when you cruise a neighborhood scouting for Wi-Fi networks. Well, why not try using the postal service instead, and called it "warshipping," Big Blue's eggheads suggested earlier today. To demonstrate this approach, the X-Force team …

RoundupBefore letting the IT staff clock out early for summer, make sure they read up on the following security notices out this week. Cisco warns of four flaws in small biz switch line Organizations using Cisco Small Business 220 Series switches should make sure the firmware on the device is up-to-date with today's update from the …

Spectre – a family of data-leaking side-channel vulnerabilities arising from speculative execution that was disclosed last year and affects various vendors' chips – has a new sibling that bypasses previous mitigations. Designated CVE-2019-1125 and rated moderate in terms of severity, the issue – limited primarily to Intel x86- …

BSides LVLife’s tough as a malware developer. If the cops or Feds don't collar you, your fellow scumbags will screw you over – or perhaps both will happen. In a presentation at the Bsides Las Vegas hacking conference today, Winnona DeSombre, an analyst at threat-intelligence biz Recorded Future, detailed a year-long probe into dark and …

AT&T staff were bribed $1m to slip the codes to unlock two million smartphones to a gang operating out of Pakistan, US prosecutors have claimed. When those telco workers took too long to cough up the codes, the crew bought copies of the employees' work login credentials and used them to go straight into the cellular giant's …

Passwords were among the 23 million customer records siphoned from CafePress by hackers – and the site was using the less secure SHA-1 hashing algorithm to store half of its users' credentials. As El Reg and the rest of the security-focused media reported yesterday, CafePress had around 23 million customer records exfiltrated …

Brandon Philips, a member of the technical staff at Red Hat, has created a software tool called rget for Linux, macOS, and Windows, to make it easier to determine whether downloaded files can be trusted. The command-line application is intended as an alternative to wget, a widely used tool for fetching files that has been …

Black HatIt is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices. Specifically, the following two security holes, dubbed Qualpwn and found by Tencent's Blade Team, can be leveraged one after the …

Trendy online-only Brit bank Monzo is telling hundreds of thousands of its customers to pick a new PIN – after it discovered it was storing their codes effectively as plain-text in log files. As a result, 480,000 folks, a fifth of the bank's customers, now have to go to a cash machine, and reset their PINs. The bank said the …

An FBI contractor has pleaded not guilty to charges that he installed a camera under a coworker's desk to satisfy his "voyeur" fetish. Joshua Green was working as a contractor in the J Edgar Hoover building – aka the FBI headquarters in Washington DC – last month. On July 26, one of his colleagues, who had just returned to …

A week ago, Google released Chrome 76, which included a change intended to prevent websites from detecting when browser users have activated Incognito mode. Unfortunately, the web giant's fix opened another hole elsewhere. It enabled a timing attack that can be used to infer when people are using Incognito mode. On Sunday, …

Black HatIt's that time of year again and the world's white, grey and the occasional black-hat hackers descends into the fetid hell that is Las Vegas in August for a week of conferences, community conflabs and catching up with old friends. What started as a bunch of friends hanging out in a cheap hotel has grown into the largest …

The UK's Maritime and Coastguard Agency (MCA) is coughing up just shy of a million quid to see how drones could help with sea rescue and surveillance operations. Interested parties have until 19 August to put in a bid and will need to be ready to go by 1 September. The invitation to tender aims to improve MCA operations while …

Code repository GitHub and credit-card-flinger Capital One are facing down a potential class-action lawsuit in the US accusing them of negligence over the loss of 106 million individuals' personal data. Capital One is accused of failing to take appropriate action to secure its Amazon-hosted cloud storage, while Microsoftie …

Twee T-shirts 'n' merch purveyor CafePress had 23 million user records swiped – reportedly back in February – and this morning triggered a mass password reset, calling it a change in internal policy. Details of the security breach emerged when infosec researcher Troy Hunt's Have I Been Pwned service – which lists websites …

Black HatIf you're heading off the Black Hat and DEF CON security conferences in Las Vegas, USA, this week, be prepared to have your hotel room searched if - for any reason - you shoo maid service away and stop staff from cleaning your room. Most hotels in the city enforce mandatory checks within their rooms following the October 1, …

RoundupHere is a quick roundup of the recent happenings in the world of computer security beyond what we've already reported. Also, look out this week for our Black Hat, DEF CON, and Bsides Las Vegas coverage: our vultures out in the Nevada desert will produce a string of articles from the hacking conferences. Amazon closes one open …

Uncle Sam is testing a system that uses high-altitude balloons to conduct surveillance over American soil. Government contractor Sierra Nevada Corporation – the aerospace company, not the brewery – has released balloons that will drift over a large area in the United States' Midwest, and form a network capable of monitoring …

An email phisher found hiding in Kenya is facing up to two decades behind bars in America for scamming thousands of dollars from US universities. Amil Hassan Raage, 48, pleaded guilty on Thursday in a southern California court to one count of conspiracy to commit wire fraud. The charge carries a maximum of 20 years …

Germany's data protection commissioner in Hamburg has launched an investigation into Google over revelations that contracted workers were listening to recordings made via smart speakers. Google has been ordered to cease manual reviews of audio snippets generated by its voice AI for three months while the investigation is under …

Further details have emerged on the 737 Max flight control software bug discovered at the end of June, with reports suggesting that belated tests by a US regulator found the hitherto unknown bug. The Seattle Times, Boeing's hometown newspaper for many years, explains in detail how timid Federal Aviation Authority regulators …

WebcastSecurity professionals like you have a tough job. You can bang on about risks, threats, attack types and other scary stuff, explain the ins and outs of compliance, issue dire warnings about what might happen if your listeners don’t do the right thing – and they remain supremely unperturbed. And all the time you know precisely …

On CallWelcome back to On Call, a special corner of The Register where readers can share tales of their cries for help and the deaf ears on which they fall. Today's yarn, which includes a non-Linux-based solution to Active Directory woes, comes from a reader we shall call "Clive", who was struck with a run of bad luck at the hands of …

Palo Alto Networks has spotted a new cryptomining malware technique that not only wipes out any other miners present on the target machine but uses GitHub and Pastebin as part of its command-and-control (C2) infrastructure. The malware, believed to originate from a Chinese cybercrime group nicknamed Rocke, targets cloud …

LogowatchThe British Army has launched yet another social media 'n' psyops unit and its logo will look remarkably familiar to anyone who's watched 2001: A Space Odyssey – or Captain Scarlet. 6 (UK) Division is the new organisational home for the Army's "asymmetric edge", comprising all things "Intelligence, Counter-Intelligence, …

BackgrounderCrime doesn’t pay? Tell that to the small businesses that fall victim to cyber-attacks every year and have to fork out cash to crooks. According to a 2018 survey from the UK's Federation of Small Businesses, 5.4m of their members were attacked by cyber criminals, resulting in a loss of more than £5bn. According to a report by …

Uninspired by the stock imagery used by the media to depict cybersecurity, a graphic design group is offering cash prizes to anyone who comes up with something more original than dodgy hoodie-wearing laptop users with waterfalls of cascading 1s and 0s behind them. Challenging the very foundations upon which El Reg's image …

America's trade watchdog has officially told millions in the US not to apply for the $125 it promised each of them as part of the deal it struck with Equifax – and instead take up an offer of free credit monitoring. In a memo on Wednesday, FTC assistant director Robert Schoshinski said the regulator has been overwhelmed by …

Content delivery network Akamai Technologies reckons that despite the time and effort spent convincing people not to fall for phishing and other frauds, the bigger threat might actually be credential-stuffing attacks. In the latest edition of its State of the Internet Report (PDF), Akamai said it picked up around 3.5 billion …

Priti Patel has declared war on encryption safeguards, demanding they be torn up for the convenience of police workers. Patel, the social conservative appointed Home Secretary by British Prime Minister Boris Johnson last week, used this morning's Daily Telegraph to call for end-to-end encryption to be broken with backdoors …

Enterprise security, analytics, and hardware management tools - the very tools used to keep data safe - are collecting and sharing far more information than customers might think. So says the team from ExtraHop, an analytics firm that studied the networks of its customers and found that in many cases their security and …

Lancaster University has started withdrawing non-business-critical access to a breached student database – more than a week after the apparent hack took place. Following the breach, which affected somewhere between 12,000 and 20,000 people, the northwest England uni has begun pulling staff access to its LUSI (Lancaster …

DEF CONAn investigation into the computer security of small airplanes, the results of which were made public this week, will be sure to generate some flashy headlines. However, there are important caveats. The probe in question, carried out by Patrick Kiley, a senior security consultant at Rapid7, shows just how easy it is to hack a …

VidNewly released footage showing cops storming the house of the woman accused of hacking Capital One's cloud servers to steal 106 million people's personal information, has again raised questions about the over-militarization of the American police force. Software engineer Paige Adele Thompson, 33, was cuffed on Monday after the …