AMD security flaw saga, browsers broken, Lamo dead at 37, and more

The Register - 9 hours 20 sec ago
It's the week in security

Roundup  The lingering fallout of security flaws in AMD processor chipsets has dominated the news this week, and it ain't over yet.…

Categories: News

Crooks opt for Monero as crypto of choice to launder ill-gotten gains

The Register - Fri, 16/03/2018 - 16:09
Study examines the cutting edge of cybercrime

Crooks are increasingly turning to Monero over Bitcoin, according to a new study on the economics of cybercrime.…

Categories: News

Ugh, of course Germany trounces Blighty for cyber security salaries

The Register - Fri, 16/03/2018 - 06:04
Britons never, never, never shall be wage slaves. Oh wait

Cyber security professionals in Germany earn on average 17 per cent more than their UK counterparts.…

Categories: News

FYI: There's a cop tool called GrayKey that force unlocks iPhones. Let's hope it doesn't fall into the wrong hands!

The Register - Fri, 16/03/2018 - 00:05
And how it works doesn't leak. Gulp!

A secretive unlocking tool offered to cops and government agents has some computer security bods worried over its privacy implications.…

Categories: News

DHS, FBI blame Russian government for Dragonfly attack on infrastructure

The Register - Thu, 15/03/2018 - 23:30
Alert adds detail to attack disclosed last year

The US Department of Homeland Security and the Federal Bureau of Investigation on Thursday issued an alert warning of ongoing cyber attacks against the energy sector and other critical infrastructure by individuals acting on behalf of the Russian government.…

Categories: News

Intel: Our next chips won't have data leak flaws we told you totally not to worry about

The Register - Thu, 15/03/2018 - 18:28
Meltdown, Spectre-free CPUs coming this year, allegedly

Intel has claimed its future processors – shipping as early as the second half of this year – will be free of the security design flaws it totally told you not to fret about.…

Categories: News

Researchers slap SAP CRM with vuln combo for massive damage

The Register - Thu, 15/03/2018 - 13:38
Directory traversal + log injection = I can see your privates

A pair of recently patched security vulnerabilities in SAP NetWeaver Application Sever Java* could have been combined to hack customer relationship management (CRM) systems.…

Categories: News

MailChimp 'working' to stop hackers flinging malware-laced spam from accounts

The Register - Thu, 15/03/2018 - 11:56
What can you do about it for now? Sweet 2FA

Email newsletter distribution service MailChimp has promised to act on the abuse of accounts to send (frequently) malware-tainted spam.…

Categories: News

VPN tests reveal privacy-leaking bugs

The Register - Thu, 15/03/2018 - 08:27
Hotspot Shield patched; Zenmate and VPN Shield haven't ... yet?

A virtual private network recommendation site decided to call in the white hats and test three products for bugs, and the news wasn't good.…

Categories: News

Microsoft starts buying speculative execution exploits

The Register - Thu, 15/03/2018 - 07:01
Adds bug bounty class for Meltdown and Spectre attacks on Windows and Azure

Microsoft has created a new class of bug bounty specifically for speculative execution bugs like January's Meltdown and Spectre processor CPU design flaws.…

Categories: News

Transport for NSW scrambles to patch servers missing fixes released in 2007

The Register - Wed, 14/03/2018 - 21:47
But IBM Australia has only a ‘skeleton crew’ on duty, missed deadlines, will move people from other projects for fix

Around a third of servers at Transport for New South Wales, the public transport department in Australia’s largest state, need security patches, some dating back to 2007. But IBM, which provides IT services to the agency, doesn’t have enough people dedicated to the the job in the required timeframe or in a manner that will let the agency operate as it desires.…

Categories: News

Ex-Equifax exec charged with insider trading after bagging 1 MEEELLION dollars in stock sale

The Register - Wed, 14/03/2018 - 17:00
Jun Ying 'dumped' shares before megabreach went public

A former Equifax exec was today charged with insider trading for offloading almost $1m of shares before the company went public about the scandelous mass data breach.…

Categories: News

WhatsApp agrees not to share user info with the Zuckerborg… for now

The Register - Wed, 14/03/2018 - 15:58
ICO probe: No legal basis for Facebook slurps

WhatsApp has agreed not to share users' data with parent biz Facebook after failing to demonstrate a legal basis for the ad-fuelling data slurp in the EU.…

Categories: News

Ex-GCHQ boss: All the ways to go after Russia. Why pick cyberwar?

The Register - Wed, 14/03/2018 - 12:41
Adds his 2 cents as PM, security council meet about Salisbury poisoning

Former boss at Brit electronic spy agency GCHQ, Robert Hannigan, has called for the application of "unexplained wealth orders" and economic sanctions against Russia rather than cyber attacks.…

Categories: News

Samba settings SNAFU lets any user change admin passwords

The Register - Wed, 14/03/2018 - 06:02
Patch or risk Revenge Of The Users

Samba admins: get patching and/or updating. Unless you’re content to have your admin passwords overwritten by, well, anyone else using Samba.…

Categories: News

Let's Encrypt updates certificate automation, adds splats

The Register - Wed, 14/03/2018 - 01:58
ACME v2 and Wildcard Certificates now live

Let's Encrypt has updated its certificate automation support and added Wildcard Certificates to its system.…

Categories: News

Russian anti-antivirus security tester pleads guilty to certifying attack code

The Register - Wed, 14/03/2018 - 00:10
Crim cops to running illegal testbed

A Russian coder who ran and franchised a dark web service that optimized malware and checked it against antivirus engines has pled guilty to one charge of conspiracy and one charge of aiding and abetting computer intrusion.…

Categories: News

OK, deep breath, relax... Let's have a sober look at these 'ere annoying AMD chip security flaws

The Register - Tue, 13/03/2018 - 22:47
Holes useful for malware on completely pwned PCs, servers

Analysis  CTS-Labs, a security startup founded last year in Israel, sent everyone scrambling and headlines flying today – by claiming it has identified "multiple critical security vulnerabilities and manufacturer backdoors in AMD’s latest Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile processors."…

Categories: News

It's March 2018, and your PC can be pwned by reading an online article (well, none of OURS)

The Register - Tue, 13/03/2018 - 21:03
Plus plenty of other Microsoft and Adobe bugs to fix

Patch Tuesday  Microsoft delivered another hefty bundle of patches with its scheduled monthly update.…

Categories: News

SecurEnvoy SecurMail, you say? Only after this patch is applied, though

The Register - Tue, 13/03/2018 - 16:38
Flaws meant others could read, meddle with encrypted emails

Recently resolved vulnerabilities in SecurEnvoy's encrypted email transfer SecurMail created a way for encrypted emails in users' inboxes to be read, overwritten and deleted by others.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News