The Register

Syndicate content
Biting the hand that feeds IT — sci/tech news and views for the world
Updated: 31 min 11 sec ago

Stunning infosec tips from Uncle Sam, furries exposed, Chase bank web leak, and more

Sat, 2018-02-24 05:12
A busy and bonkers week in security

Roundup  Happy weekend, everyone. Here's a roundup of computer security news beyond everything we've already reported this week.…

Categories: Security Articles

Tor pedo's torpedo torpedoed: FBI spyware crossed the line but was in good faith, say judges

Fri, 2018-02-23 21:56
Playpen pervert fails to convince appeals court

Analysis  US judges have shut down an appeal from a convicted pedophile who claimed the FBI hacking of his computer was an illegal and unreasonable search.…

Categories: Security Articles

Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix it

Fri, 2018-02-23 02:30
Letters to Congress detail the plan to keep CPU flaws secret

Letters sent to the United States Congress by Intel and the other six companies in the Meltdown/Spectre disclosure cabal have revealed how and why they didn't inform the wider world about the dangerous chip design flaws.…

Categories: Security Articles

OpenBSD releases Meltdown patch

Thu, 2018-02-22 23:30
And now to see it's an unwelcome imposition or a mere inconvenience

OpenBSD's Meltdown patch has landed, in the form of a Version 11 code update that separates user memory pages from the kernel's – pretty much the same approach as was taken in the Linux kernel.…

Categories: Security Articles

That microchipped e-passport you've got? US border cops still can't verify the data in it

Thu, 2018-02-22 15:54
Despite demanding world+dog gets one, Uncle Sam lacks tools to check crypto-signatures

Two Democratic US senators have formally asked Uncle Sam's Customs and Border Protection (CBP) agency to get its act together on electronic passports.…

Categories: Security Articles

uTorrent file-swappers urged to upgrade after PC hijack flaws fixed

Thu, 2018-02-22 01:33
Don't say we didn't warn you

Users of uTorrent should grab the latest versions of the popular torrenting tools: serious security bugs, which malicious websites can exploit to commandeer PCs, were squashed this week in the software.…

Categories: Security Articles

Hey, you. App dev. You like secure software? Let's learn from Tinder, Facebook's blunders

Wed, 2018-02-21 23:28
API holes would let miscreants spy on sexting lovers

App developers should take a long, hard look at how they use Facebook's Account Kit for identifying users – after a flaw in the system, and Tinder's use of the toolkit, left shag-seekers open to account hijacking.…

Categories: Security Articles

Guys, you're killing us! LA Times homicide site hacked to mine crypto-coins on netizens' PCs

Wed, 2018-02-21 18:29
And they say there's no money to be made in newspapers

A Los Angeles Times' website has been silently mining crypto-coins using visitors' web browsers and PCs for several days – after hackers snuck mining code onto its webpages.…

Categories: Security Articles

Guess who else Spectre is haunting? Yes, it's AMD. Four class-action CPU flaw lawsuits filed

Wed, 2018-02-21 16:43
Punters not happy with handling of vulnerability confessions

It's not just Intel facing a legal firestorm over its handling of the Spectre and Meltdown CPU design flaws – AMD is also staring at a growing stack of class-action complaints related to the chip vulnerabilities.…

Categories: Security Articles

If at first you don't succeed, you're likely Intel: Second Spectre microcode fix emitted

Wed, 2018-02-21 10:11
Mitigations for chip design vulnerabilities, take two

Updated  For the second time of asking, Intel has issued microcode updates to computer makers that it prays says will mitigate the Spectre variant two design flaw impacting generations of x86 CPUs spewed out over previous decades.…

Categories: Security Articles

Intel hurls Spectre 2 microcode patch fix at world

Wed, 2018-02-21 10:11
Mitigation for chip design vuln

For the second time of asking, Intel has issued microcode updates to OEMs that it prays says will mitigate the Spectre variant two design flaw impacting generations of CPUs spewed out over previous decades.…

Categories: Security Articles

World's cyber attacks hit us much harder in past year – major infosec chief survey

Wed, 2018-02-21 07:28
Cisco report: Smacked orgs forked out $500k due to attacks

Cyber security breaches were twice as severe in the past year, with total financial losses reaching $500,000 (£356,00) per business, according to an extensive survey of CISOs across the globe.…

Categories: Security Articles

World's cyber attacks hit us much harder in past year – major infosec chief survey

Wed, 2018-02-21 07:28
Cisco report: Smacked orgs forked out $500k due to attacks

Cyber security breaches were twice as severe in the past year, with total financial losses reaching $500,000 (£356,00) per business, according to an extensive survey of CISOs across the globe.…

Categories: Security Articles

Bad news: 43% of login attempts 'malicious' Good news: Er, umm...

Wed, 2018-02-21 01:04
Also bad: Unpatched systems, unsecured APIs, IoT gear, anthrax candy, bottomless pits

An extraordinary 43 per cent of all attempted online account logins are malicious, Akamai claims in its latest internet security report.…

Categories: Security Articles

UK local gov: 37 cyber attacks a minute but little mandatory training

Tue, 2018-02-20 07:27
Campaigners blame gov bods' growing hunger for big data

Britain's local governments were hit by almost 100 million cyber attacks in the last five years, while one in four councils’ systems were successfully breached, according to research.…

Categories: Security Articles

Year-old vuln turns Jenkins servers into Monero mining slaves

Mon, 2018-02-19 20:58
The hip world of continuous integration meets the dark world of crypto-jacking

Here's a salutary reminder why it pays to patch promptly: a Jenkins bug patched last year became the vector for a multi-million-dollar cryptocurrency mining hijack.…

Categories: Security Articles

Google reveals Edge bug that Microsoft has had trouble fixing

Mon, 2018-02-19 18:12
Oh great - because Google's explained how to make Edge run dodgy code

Google has again decided to disclose a flaw in Microsoft software before the latter company could deliver a fix. Indeed, Microsoft has struggled to fix this problem.…

Categories: Security Articles

Crims pull another SWIFT-ie, Indian bank stung for nearly US$2m

Sun, 2018-02-18 19:24
City Union Bank now reckons it has ‘adequate enhanced security’

A year after the SWIFT international bank transfer system enhanced its security, another breach has emerged: an Indian bank has confirmed that criminals gained access to its systems and made transfers totalling US$1.8 million.…

Categories: Security Articles

Australia's new insta-pay scheme has insta-lookup of any user's phone number

Sun, 2018-02-18 19:08
PayID operator says it's a feature that sends money to the right person. It's a bug that harvests data, say others

Updated  The brand-new app implementing Australia’s New Payment Platform (NPP) system has a user enumeration flaw, but the organisation responsible for it considers it to be a feature.…

Categories: Security Articles

Global security crackdown, a host of code nasties, Brit cops mocked, and more

Sat, 2018-02-17 05:52
It's the week in security

Roundup  Here's a summary of this week's security news beyond what we've already reported.…

Categories: Security Articles