The state of West Virginia says someone attempted to hack its citizens' votes during the 2018 mid-term elections. A statement issued this week by US Attorney Mike Stuart of the Southern District of West Virginia revealed that the FBI has been called in and is actively investigating at least one attempt to tamper with election …

After last year acknowledging that Google Maps stores location data even when told not to, the Chocolate Factory plans to give Maps the same misunderstood form of privacy offered by its Chrome browser, otherwise known as Incognito mode. "When you turn on Incognito mode in Maps, your Maps activity on that device, like the …

The US Food and Drug Administration is warning hospital IT admins to keep a close eye on their networks following the discovery of security vulnerabilities in a relatively obscure and dated TCP/IP stack – IPnet – used in embedded devices. The flaws, mostly buffer overflows and memory in various components of IPnet, can be …

Zendesk has admitted to suffering a data snafu – but while it affects 10,000 customers, it only applies to those who were using the firm's helpdesk products before 1 November 2016. In an email to all its customers, seen by The Register, Zendesk coughed to the breach. "We recently became aware of a security matter that may …

Recognising that not everyone has climbed aboard the Windows 10 train, Microsoft has thrown a Window 7 Extended Support lifeline to more businesses... for a price. Microsoft 365 veep Jared Spataro had already cut laggardly enterprises some slack in September last year, and the kindly software giant has now extended its …

Thomas Cook's former breach detection contractor has warned of a sharp spike in scammers setting up fake websites to lure ex-staff and customers alike. Digital risk biz Skurio said it has spotted "a flurry of web domain registration activity" focused on Thomas Cook-themed domain names. These appear to have been set up by …

MacOS network admins are being advised to update their copies of the Jamf Pro management software following the disclosure of a critical security flaw. The Jamf Pro 10.15.1 update includes among its fixes a patch for a security flaw that, depending upon the version being used, could allow for file deletions or remote code …

Former Yahoo! software engineer Reyes Daniel Ruiz has pleaded guilty in a California federal court to one count of computer intrusion after breaking into customers' Yahoo! emails and accounts at other service providers to obtain private data, mainly sexual images and videos of account holders. According to the Office of the US …

Security plaftorm vendor Comodo has 'fessed up to a digital break-in affecting 245,000 users – after it ignored line one in the first chapter of the "How to do Basic Security" book about timely patching of software. Despite the whole world (yup, us too) shouting about the latest zero-day bug in vBulletin forum software, Comodo …

Nearly seven in eight CTOs and CIOs have admitted to their businesses suffering a data breach, according to a survey. Threat intel biz Carbon Black reckons that of the 250 CTOs, CIOs and CISOs it surveyed earlier this year, 84 per cent admitted to some form of security breach within their organisation. This compares with 88 …

UpdatedAlmost 100 staff at UK tax collector HMRC faced disciplinary action for computer misuse in the previous two full financial years. This is according to a Freedom of Information request by the Parliament Street think tank which discovered 92 employees were probed and rapped for the abuse in fiscal '18 and '19. The most …

A man who hacked women's Facebook accounts to steal their intimate images has been ordered to carry out 200 hours' unpaid work after admitting three criminal charges under the Computer Misuse Act. The Worthing Herald reported that Kieren Kennedy, of Montpelier Place in Brighton, "caused a very significant level of distress" to …

PromoHosted by the UK government’s National Cyber Security Centre (NCSC) and training specialist SANS Institute, the two-day CyberThreat Summit 2019 in London this autumn is a highly informative technical event bringing together security practitioners from the UK and Europe. SANS CTO James Lyne, who will speak at this year’s summit …

Admins of Linux and Unix boxes running Exim would be well-advised to update the software following the disclosure of another critical security flaw. The Exim 4.92.3 patch, released on September 28th, includes a fix to close up the CVE-2019-16928 flaw. Discovered by bug-hunters with the QAX A-Team, the vulnerability is caused …

A former system admin for a US Army contractor has been sentenced to two years behind bars for trashing his employer's network on his way out the door. Barrence Anthony, 40, of Waldorf, Maryland, was given the sentence by US District Judge Leonie Brinkema in the Eastern District of Virginia court after pleading guilty to one …

Cops have seized the physical premises and servers of the Dutch-German ISP that once hosted The Pirate Bay – after storming the hosting biz's ex-NATO bunker hideout with 600 gunmen. Cyberbunker, aka CB3ROB, was shut down by German police in what appears to be a military-grade operation targeting the hosting firm's Traben- …

British cops have raised £240,000 in their first ever UK-based auction of cryptocurrencies understood to have been seized from former TalkTalk hacker Elliot Gunton , who'd "earned" it selling hacking services and flogging people's stolen personal details online. The sell-off of Bitcoin, Ripple and Ether to the highest bidder …

RoundupLet's look at some of the latest security news you may have missed this week. Baltimore ransomware outbreak made worse by bad storage practices This year's ransomware infection at the City of Baltimore made headlines, in part because of the eye-popping $18.2m price tag its damage and recovery bills racked up. It turns out that …

A programmer claims to have found a way to execute arbitrary code on recent-ish iPhones and iPads, paving the way for full-blown tethered jailbreaks. And, we're told, it is impossible for Apple to block these shenanigans as it involves a vulnerability baked into the devices' immutable Boot ROM. Specifically, the coder, who …

Online merchant fragrancedirect.co.uk has confirmed a miscreant broke into its systems and made off with a raft of customers’ personal data, including payment card details. The e-retailer, based in Macclesfield, England, wrote to punters this week to inform them of the digital burglary and the subsequent data leakage. “We …

ExclusiveA Brit biz whose mobile apps monitor the mental state of 35,000 British schoolchildren is having to rewrite them after researchers found hardcoded login credentials within. "Tracking steering biases is a pioneering technique developed by STEER using AI to identify patterns of bias linked to mental health risks in 10,000 test …

Gig-economy delivery app maker DoorDash is so, so sorry this Thursday after hackers gained access to nearly five million of its customer accounts. The dial-a-serf service said that on May 4 of this year some miscreant was able to break into one of DoorDash's technology providers, and view account information including the …

The United States' electronic ballot boxes are as vulnerable as ever to physical tampering by hackers. So says this year's DEF CON Voting Village Report, which summarizes the findings of infosec experts who picked apart the various vote-casting computer systems in use today by cities and counties around the country. The report …

The US state of New York is suing food chain Dunkin Donuts for what is says is an illegal lapse in computer security. NY Attorney General Letitia James said today the complaint stems from a 2015 raid on Dunkin's website: fraudsters broke into individual customer accounts, stole those victims' payment card info from the …

Cisco has doled out yet more security updates for its IOS and IOS XE network operating systems, which, we are obliged to remind you, is its scheduled six-monthly patch run and not the usual "oh bugger" state of affairs. In the latest run we have a dozen patches for 13 vulnerabilities rated "high", including ones that cause a …

One of the teens behind the 2015 hack on UK telco TalkTalk has been indicted in the US over a huge cryptocurrency heist. Elliott Gunton, 19, is facing five separate charges ranging from computer fraud and abuse to wire fraud and aggravated identity theft. Potential penalties for the offences range from two to 20 years in …

Months after The Register first wrote about TalkTalk failing to close a former customer's email address, the firm is still using the General Data Protection Regulation as an excuse for dragging its heels. Reg reader Rose got in touch with us after reading our report of the zombie TalkTalk email account from March to complain …

The US Congress has, near enough, approved a law bill to create a new set of dedicated cyber-security teams within the Department of Homeland Security. On Tuesday, the Senate passed S.315, also known as the DHS Cyber Hunt and Incident Response Teams Act of 2019, a bipartisan measure that funds the creation of both …

A garbled remark by President Donald Trump in a just-released phone-call transcript with the Ukrainian head of state has focused attention on cloudy security shop CrowdStrike. America's conspiracy-theorist-in-chief name-dropped Silicon Valley's CrowdStrike during a July chat with Ukranian President Volodymyr Zelensky, which …

Infosec training biz Hacker House has been catapulted to Parliamentary prominence after reports that co-founder Jennifer Arcuri secured UK government funding because of her personal relationship with now-Prime Minister Boris Johnson. At today's first Parliamentary sitting since the Supreme Court overruled prorogation yesterday …

Adobe has released an update to clean up a trio of vulnerabilities in ColdFusion, its long-running web application platform. The security update addresses three CVE-listed vulnerabilities discovered in both ColdFusion 2016 and ColdFusion 2018. Two of the bugs open up the software to critical remote code execution risks, while …

Google has blocked a proposed revision of the charter of the Privacy Interest Group (PING), a part of the W3C web standards body, over concerns that establishing an unchecked "authoritarian review group" will create "significant unnecessary chaos in the development of the web platform." The PING's job is to ensure that …

On Monday, Andrei Tyurin, a 35-year-old Russian national, pleaded guilty in New York to charges of computer intrusion, bank and wire fraud, and online gambling in connection with a sustained hacking campaign targeting US financial institutions. "Andrei Tyurin’s extensive hacking campaign targeted major financial institutions, …

UpdatedAn anonymous bug hunter has publicly disclosed a zero-day flaw in the version 5 of the popular vBulletin forum software than can be exploited over the internet to hijack servers. No patch is known to be available. The security hole was revealed last night in a post to the Full Disclosure mailing list: the message exactly …

Firebox builder Mozilla has confirmed to UK Culture Secretary Nicky Morgan that Britons won't be getting DNS-over-HTTPS (DoH) by default once the feature is included in the next run of browser updates. In a letter to the Secretary of State for Digital, Culture, Media and Sport, Mozilla's global policy veep Alan Davidson said …

UK prime minister (at time of writing) Boris Johnson announced to the UN Security Council today a plan to block the sharing of violent videos on social media after terrorist attacks. The announcement specifically references the attack in March on a mosque in Christchurch, New Zealand, which killed 51 people. The attacker live- …