WebSpec, a formal framework for browser security analysis, reveals new cookie attack

The Register - Sat, 08/01/2022 - 08:45
Boffins in Vienna devise way to make software prove how it behaves

Folks at Technische Universität Wien in Austria have devised a formal security framework called WebSpec to analyze browser security.…

Categories: News

Salesforce mandates MFA by default

The Register - Fri, 07/01/2022 - 07:30
Thales: ‘Significant change in security culture'

Paid Feature  Of all the cybersecurity developments in 2021, a relatively low-key announcement made by software company (SFDC) in March might eventually turn out to be one of the most significant.…

Categories: News

Your backups can save you from ransomware. But how do you protect your backups?

The Register - Thu, 06/01/2022 - 18:15
Immutability, analytics, and a complete lack of trust…

Webinar  When it comes to cybersecurity, your backup data is no longer your last line of defence.…

Categories: News

You better have patched those Log4j holes or we'll see what a judge has to say – FTC

The Register - Wed, 05/01/2022 - 22:30
Apply fixes responsibly in a timely manner or face the wrath of Lina Khan

The US Federal Trade Commission on Tuesday warned companies that vulnerable Log4j software needs to be patched … or else.…

Categories: News

US Army journal's top paper from 2021 says Taiwan should destroy TSMC if China invades

The Register - Wed, 05/01/2022 - 19:01
No more chip factories would surely change Beijing's mind about unification

A top US Army War College paper suggests Taiwan should credibly threaten to eradicate its semiconductor industry if threatened by China so that Beijing would no longer be interested in unification.…

Categories: News

Remember Norton 360's bundled cryptominer? Irritated folk realise Ethereum app is tricky to delete

The Register - Wed, 05/01/2022 - 15:56
Disable anti-tamper features first and you'll be alright

Norton antivirus's inbuilt cryptominer has re-entered the public consciousness after a random Twitter bod expressed annoyance at how difficult it is to uninstall.…

Categories: News

Windows giant seeks Pluton-ic relationship with chip maker: AMD first out of the gates with Microsoft's security processor

The Register - Wed, 05/01/2022 - 12:11
Yes, you're going to have to get a new CPU (again)

It's been a while coming, but it looks like PCs with Microsoft's Pluton security processor are just around the corner. So long as your silicon of choice comes from AMD, for the time being at least.…

Categories: News

How ransomware gangs went pro

The Register - Wed, 05/01/2022 - 08:30
They're developing new techniques 'in every area' says Darktrace

Paid Feature  Ransomware has come a long way since the early days. When it first started out, it spread indiscriminately and often used poor code. Over the years, it has become more sophisticated and is now an efficient business. How did it become so professional?…

Categories: News

SlimPay fined €180k after 12 million customers' bank data publicly accessible for 5 years

The Register - Tue, 04/01/2022 - 17:33
French regulator's investigation finds multiple breaches of GDPR

SlimPay, a Paris-based subscription payment services company, has been fined €180,000 by the French CNIL regulatory body after it was found to have held sensitive customer data on a publicly accessible server for five years.…

Categories: News

John Edwards takes the reins at the UK's data protection watchdog

The Register - Tue, 04/01/2022 - 13:58
Information Commissioner faces a year of upheaval in data law

The Information Commissioner's Office has confirmed that former New Zealand privacy commissioner John Edwards has started his new role as the UK's Information Commissioner.…

Categories: News

Four years: that’s how long Azure’s App Service had a source code leak bug

The Register - Fri, 24/12/2021 - 06:01
Firm that found the flaw also spotted ChaosDB and OMIGOD, confident this one’s been exploited

Microsoft has revealed a vulnerability in its Azure App Service for Linux allowed the download of files that users almost certainly did not intend to be made public.…

Categories: News

Fisher Price's Bluetooth reboot of pre-school play phone has adult privacy flaw

The Register - Thu, 23/12/2021 - 08:02
‘Chatter’ can be bugged thanks to kindergarten-grade security

A Bluetooth phone designed to evoke the carefree days of early childhood has been found to instead threaten the very adult prospect of being surveilled in your home.…

Categories: News

Alibaba Cloud slapped by Chinese ministry for mishandling Log4j

The Register - Thu, 23/12/2021 - 05:58
Beijing's not saying what cloudy contender did wrong

China's Ministry of Industry and Information Technology has suspended Alibaba Cloud's membership of an influential security board to protest its handling of the Log4j flaw.…

Categories: News

Of course a Bluetooth-using home COVID test was cracked to fake results

The Register - Wed, 22/12/2021 - 03:58
The Ellume COVID-19 Home Test was connected to the internet of woefully insecure things for a while

Security vendor F-Secure has faked a COVID test result on a Bluetooth-equipped home COVID Test. Thankfully the vendor’s since fixed the device.…

Categories: News

How to tackle hybrid cloud security and DevSecOps

The Register - Tue, 21/12/2021 - 20:29
Putting the Sec into DevOps is key, says Red Hat

Paid Feature  Of all the ideas to surface in the 20-year history of cloud computing, few have proved as compelling as the hybrid cloud. Organizations understand on-premises data centers and how computing power can be rented through public clouds or accessed through dedicated private clouds.…

Categories: News

Belgian defence ministry admits attackers accessed its computer network by exploiting Log4j vulnerability

The Register - Tue, 21/12/2021 - 12:33
Perpertrators' ID unknown, however

The Belgian Ministry of Defence has suffered a cyber attack after miscreants exploited one of the vulnerabilities in Log4j. The attack marks the first occasion that a NATO country's defence ministry has fallen victim to the flaws.…

Categories: News

UK National Crime Agency finds 225 million previously unexposed passwords

The Register - Tue, 21/12/2021 - 07:10
Shares them with Troy Hunt’s Have I Been Pwned after sweeping them up from ‘compromised cloud storage’

The United Kingdom’s National Crime Agency and National Cyber Crime Unit have uncovered a colossal trove of stolen passwords.…

Categories: News

US bags Russian accused of stealing millions after stealing per-release financial filings

The Register - Mon, 20/12/2021 - 22:23
Swiss cough up accused crim while Russia is 'deeply disappointed'

The US Attorney's Office of Massachusetts on Monday announced the extradition of Vladislav Klyushin, a Russian business executive with ties to the Kremlin, on charges of hacking US computer networks and committing securities fraud by trading on undisclosed financial data.…

Categories: News

Police National Computer not pwned by Clop ransomware crims, insists Home Office

The Register - Mon, 20/12/2021 - 15:51
Scottish MSP Dacoll was hit, however

The Clop ransomware gang pwned a managed service provider with access to the UK's Police National Computer, dumping data on its dark web leaks site – but officials deny that police data was compromised.…

Categories: News

How to keep on top of cloud security best practices

The Register - Mon, 20/12/2021 - 08:30
Trend Micro outlines common misconfigurations and how to avoid them

Paid Feature  In an era beset by hackers at every turn, it’s no small irony that the fastest growing security threat to business data might now be the self-inflicted wound of cloud service misconfiguration.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News