Warning: Malware or rogue users can spy on apps' HTTPS crypto – by whipping them with a CAT o' nine TLS

The Register - Sat, 01/12/2018 - 01:00
Malicious code can spy on OpenSSL, Apple CoreTLS, etc

Crypto boffins have found a way to exploit side-channel information to downgrade most of the current TLS implementations, thanks to ongoing support for outmoded RSA key exchanges.…

Categories: News

Giraffe hacks printers to promote tasteless YouTuber

The Register - Sat, 01/12/2018 - 00:35
Yeah, we don’t know wtf is going on either

Did your work printer produce a strange call to action this week, encouraging you to follow someone on YouTube, unlike from a Bollywood channel and then offer you a "bro fist" made up of punctuation marks?…

Categories: News

It's 'nyet' again, yet again, for Kaspersky in US gov ban case

The Register - Fri, 30/11/2018 - 22:33
Appeals court shoots down Russian vendor's plea

Kaspersky Lab won't be getting its day in court after all, as the Washington DC Court of Appeals rejected its case against the American government.…

Categories: News

It's nearly 2019, and your network can get pwned through an oscilloscope

The Register - Fri, 30/11/2018 - 21:10
Researchers find head-slapping backdoors in lab equipment

Administrators overseeing lab environments would be well advised to double-check their network setups following the disclosure of serious flaws in a line of oscilloscopes.…

Categories: News

Podcast: Breaking Down the Magecart Threat (Part Two)

Kapersky Labs - Fri, 30/11/2018 - 21:00
In part two of our podcast series on Magecart, we talk to expert Yonathan Klijnsma, who has been tracking the threat for years.
Categories: News

Bing Warns VLC Media Player Site is ‘Suspicious’ in Likely False-Positive Gaff

Kapersky Labs - Fri, 30/11/2018 - 18:01
After identifying the official VLC media download page as "unsafe" with its Bing search engine, Microsoft now suggests it was done in error.
Categories: News

Magecart fiends punch card-skimming code in Sotheby's Home website

The Register - Fri, 30/11/2018 - 16:50
If you shopped with 'em since March 2017, consider your deets in the haul

Toff tat bazaar Sotheby's Home website has become the latest casualty of Magecart after a breach saw card-skimming code deployed by infosec rotters.…

Categories: News

Newsmaker Interview: Katie Moussouris on Improving Bug Bounty Programs

Kapersky Labs - Fri, 30/11/2018 - 14:30
The bug bounty "queen" Katie Moussouris discusses the biggest mistakes that companies launching these programs are making.
Categories: News

Little FYI: Wi-Fi calling services on AT&T, T-Mobile US, Verizon are insecure, say boffins

The Register - Fri, 30/11/2018 - 14:03
Subscribers using wireless calls wide open to attack

Boffins from Michigan State University in the US and National Chiao Tung University in Taiwan have found that the Wi-Fi calling services offered by AT&T, T-Mobile US, and Verizon suffer from four security flaws that can be exploited to attack mobile phone users, leaking private information, harassing them, or interfering with service.…

Categories: News

2014 Marriott Data Breach Exposed, 500M Guests Impacted

Kapersky Labs - Fri, 30/11/2018 - 13:48
The hackers had access to the impacted database since 2014.
Categories: News

Marriott's Starwood hotels mega-hack: Half a BILLION guests' deets exposed over 4 years

The Register - Fri, 30/11/2018 - 12:28
One of, but not the worst, in history

US hotel chain Marriott has admitted that a breach of its Starwood subsidiary's guest reservation network has exposed the entire database – all 500 million guest bookings over four years, making this one of the biggest hacks of an individual org ever.…

Categories: News

Q: If Pesky Pepper had a peek at patient papers, at how many patient papers did Pesky Pepper peek? A: 231

The Register - Fri, 30/11/2018 - 10:52
Bored secretary at GP fined for sneaky look at medical records

A bored trainee secretary at a GP practice has been fined for snooping on the health records of colleagues, friends and strangers.…

Categories: News

Support whizz 'fixes' screeching laptop with a single click... by closing 'malware-y' browser tab

The Register - Fri, 30/11/2018 - 07:54
Nope, no new computer for you. Move along

On Call  Welcome once more to On Call, our weekly column where Reg readers share their tales of tech support problems solved.…

Categories: News

Here's another 45,000 reasons to patch Windows systems against old NSA exploits

The Register - Fri, 30/11/2018 - 01:58
It's 2018 and UPnP is still opening up networks - this time to leaked SMB cyber-weapons

Earlier this year, Akamai warned that vulnerabilities in universal plug-and-play (UPnP) had been exploited by scumbags to hijack 65,000 home routers. Now, in follow-up research released his week, it found little has changed.…

Categories: News

GCHQ pushes for 'virtual crocodile clips' on chat apps – the ability to silently slip into private encrypted comms

The Register - Thu, 29/11/2018 - 22:31
Sliding into your DMs unnoticed, literally

Analysis  Britain's surveillance nerve-center GCHQ is trying a different tack in its effort to introduce backdoors into encrypted apps: reasonableness.…

Categories: News

Big Blue shoos Db2 blues before rogue staff turn the screws in hijack ruse (translation: patch your IBM databases)

The Register - Thu, 29/11/2018 - 21:06
Buffer overflow flaw could lead to privilege escalation

IBM is advising folks this week to check if they should update their Db2 database installations following the discovery of a potentially serious security vulnerability.…

Categories: News

Critical Zoom Flaw Lets Hackers Hijack Conference Meetings

Kapersky Labs - Thu, 29/11/2018 - 19:02
Hackers can spoof messages, hijack screen controls and kick others out of meetings.
Categories: News

Cisco Patches Critical Bug in License Management Tool

Kapersky Labs - Thu, 29/11/2018 - 16:11
The vulnerability could allow attacker to execute arbitrary SQL queries.
Categories: News

Healthcare billing biz AccuDoc 'fesses up to breach that blabbed 2.65m people's data

The Register - Thu, 29/11/2018 - 15:00
Names, addresses, social security numbers exposed

Miscreants gained access to US healthcare billing vendor AccuDoc Solutions' database for about a week in September, exposing the data of at least 2.65 million people.…

Categories: News

Hackers Breach Dunkin’ Donuts Accounts in Credential Stuffing Attack

Kapersky Labs - Thu, 29/11/2018 - 14:36
The donut giant first noticed the attack Oct. 31.
Categories: News


Subscribe to Sec Tec Limited aggregator - News