How a malicious Android app could covertly turn the DSP in your MediaTek-powered phone into an eavesdropping bug

The Register - Wed, 24/11/2021 - 11:00
Millions of devices potentially vulnerable, we're told

Check Point Research will today spill the beans on security holes it found within the audio processor firmware in millions of smartphones, which can be potentially exploited by malicious apps to secretly eavesdrop on people.…

Categories: News

Yes, ransomware is your number one security nightmare. But here’s how to sleep easy

The Register - Wed, 24/11/2021 - 07:30
Here’s a clue … it involves encryption

Advertorial  It may have escaped your notice, but last month was Cybersecurity Awareness month, and this year’s theme is “Do Your Part. Be #CyberSmart”.…

Categories: News

China trying to export its Great Firewall and governance model

The Register - Wed, 24/11/2021 - 02:56
Beware of Communists bearing internet governance proposals, says Australian Strategic Policy Institute

China is actively trying to export its internal internet governance model, according to a paper from the International Cyber Policy Centre at the Australian Strategic Policy Institute.…

Categories: News

Apple sues 'amoral 21st century mercenaries' NSO for infecting iPhones with Pegasus spyware

The Register - Tue, 23/11/2021 - 20:58
iGiant pledges any damages plus $10m to anti-cybersurveillance groups

Apple today sued NSO Group, which sells spyware to governments and other organizations, for infecting and snooping on people's iPhones.…

Categories: News

Zero-day proof-of-concept exploit lands for Windows make-me-admin vulnerability

The Register - Tue, 23/11/2021 - 20:21
InstallerFileTakeOver code pops up on GitHub

The day has a 'y' in it, so it must be time for another zero day to drop for a Microsoft product. In this case, a local privilege-elevation vulnerability to gain control of fully patched Windows 10, 11, and Server systems up to the 2022 build.…

Categories: News

Crypto for cryptographers! Infosec types revolt against use of ancient abbreviation by Bitcoin and NFT devotees

The Register - Tue, 23/11/2021 - 18:45
Complaints abound that yoof use it to mean 'digital currency'

Infosec must "reclaim" the word crypto from people who trade in Bitcoins and other digital currencies, according to industry veteran Bruce Schneier – and it seems some Reg readers agree.…

Categories: News

Alleged Brit SIM-swapper will kill himself if extradited to US for trial, London court told

The Register - Tue, 23/11/2021 - 16:10
'Exceptional' case involves 100 BTC payoff, judge told

A Briton accused of playing a pivotal role in an $8.5m SIM-swapping attack shouldn't be extradited to the US because he might commit suicide, making his an "exceptional" case, a court was told.…

Categories: News

UK Ministry of Justice secures HVAC systems 'protected' by passwordless Wi-Fi after Register tipoff

The Register - Tue, 23/11/2021 - 10:15
There's a default admin password online too

The Ministry of Justice has secured a set of Wi-Fi access points that potentially gave admin access to industrial control equipment after a tipoff by The Register.…

Categories: News

Infosec bods: After more than a year, Sky gets round to squashing hijacking bug in 6m home broadband routers

The Register - Tue, 23/11/2021 - 07:31
Plus: DNS cache poisoning again, cops probe property conveyancing group's IT outage, Azure hole addressed, and more

In brief  Sky has fixed a flaw in six million of its home broadband routers, and it only took the British broadcaster'n'telecoms giant a year to do so, infosec researchers have said.…

Categories: News

Indian bank smacks down allegation it exposed 180 million customers' accounts

The Register - Tue, 23/11/2021 - 01:58
Infosec firm says it found unpatched software, Bank admits Exchange may not have been in the best shape

India's Punjab National Bank has smacked down a security firm's allegation that it exposed personal and financial data of its 180 million customers – but appears to have admitted its Exchange Server implementation wasn't in tip-top shape.…

Categories: News

SSL keys, sFTP passwords and more exposed after someone broke into GoDaddy Managed WordPress using 'compromised password'

The Register - Mon, 22/11/2021 - 20:37
Yikes: Up to 1.2 million customers affected

GoDaddy has admitted to America's financial watchdog that one or more miscreants broke into its systems and potentially accessed a huge amount of customer data, from email addresses to SSL private keys.…

Categories: News

Ecommerce platforms (cough, Magento) need patching before Black Friday, warns UK's National Cyber Security Centre

The Register - Mon, 22/11/2021 - 17:14
You're your own security team, remember?

If you run a small online business powered by the Magento ecommerce platform, Britain's National Cyber Security Centre (NCSC) is begging you to make sure it's fully patched ahead of Black Friday.…

Categories: News

Turbine maker Vestas Wind Systems admits to cyber incident, refuses to confirm if ransomware is at play

The Register - Mon, 22/11/2021 - 14:10
Company data compromised but not systems containing customer or supplier information

Vestas Wind Systems, one of the world's largest makers of wind turbines, today confirmed company data has been compromised in a "cyber security incident" that forced the firm to isolate parts of its IT infrastructure.…

Categories: News

Nigeria's central bank digital currency is 'same Naira, more possibilities' – if you count government snooping

The Register - Mon, 22/11/2021 - 11:00
Privacy challenges and rushed implementation should make this cash alternative much less attractive

Opinion  Nigeria recently became the first African country to launch its central bank digital currency (CBDC), the eNaira. However, there are significant privacy challenges that could make eNaira a lot less attractive.…

Categories: News

A tiny typo in an automated email to thousands of customers turns out to be a big problem for legal

The Register - Mon, 22/11/2021 - 08:30
Unexpected consequences of the SQL Slammer worm

Who, Me?  Do you check your emails before sending them? Re-read a dozen times but still that typo sneaks through? Welcome to a Who, Me? in which a reader learns that one mistyped letter can result in a visit from the legal department.…

Categories: News

After four bans, TikTok finally passes the Pakistan challenge

The Register - Mon, 22/11/2021 - 04:59
Video app promises not to let naughty content cross the border, and to ban those who try

Pakistan has allowed TikTok to resume operations on its soil.…

Categories: News

Amazon India execs charged after sellers allegedly use site to smuggle marijuana

The Register - Mon, 22/11/2021 - 03:58
Ganja believe it? Seller claimed to sell 'Stevia leaves', but shifted a tonne of wacky 'baccy before being busted

Police in the Indian state of Madhya Pradesh have charged Amazon India executives under narcotics laws, after uncovering a marijuana smuggling operation centered around the e-commerce website.…

Categories: News

Defending critical infrastructure: The status quo isn’t working

The Register - Fri, 19/11/2021 - 07:30
AI can help thwart attacks before they affect operations

Paid Feature  Cyber-attacks aren't just about siphoning bank accounts. They're also targeting critical national infrastructure, warn experts – and we're not doing a very good job of preventing them. How can we stop the rot and protect the systems that funnel our oil, carry our electricity, and manage our water, among other things?…

Categories: News

Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure

The Register - Fri, 19/11/2021 - 04:00
Boffins measure the black hole of dubious certs and find it troubling

Security researchers have checked the web's public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities.…

Categories: News

Canadian teen nabbed in $36.5M crypto heist – possibly the biggest haul yet by a single individual

The Register - Thu, 18/11/2021 - 23:04
Plus, US gov to sell off $56M of Bitcoin – the largest single sum recovered so far from a cryptocurrency fraud

A Canadian teenager has been arrested for allegedly stealing $37 million worth of cryptocurrency ($46M Canadian) via a SIM swap scam, making it the largest virtual cash heist affecting a single person yet, according to police.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News