Viry a Červi

Finding sparks debate over bug disclosure – and how do you secure a local gateway's web control panel

Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment's web-based admin interfaces.…

SD-WAN WANOP will have to wait a few days, though

Citrix has rushed out official fixes for the well-publicised vuln in some of its server products after miscreants were seen deploying their own custom patches that left a backdoor open for later exploitation.…

Two Germans, a Nigerian, and a Dutchman walk into a bar. What happens next? A lawsuit, of course

Game developer Ubisoft has lodged a claim against the owners of a website that allegedly sells DDoS attacks against the servers of its best-selling game, Tom Clancy's Rainbow Six: Siege (R6S).…

Login management service sulks in days-long TITSUP* for some

Updated  Password manager LastPass appears to have had a big night out on Friday, to the point where the service needed a lengthy lie down over the weekend. In fact, for some users it is still horizontal.…

The FBI has seized the domain for WeLeakInfo.com, a site that sold breached data records, after a multinational effort by law enforcement.

The FBI has announced that it will tell local election officials when hackers try to infiltrate their systems.

Molly Russell's grieving father has backed a psychiatrists' report, saying that tech companies must be forced to hand over anonymized data.

NHS working with cops and ICO to determine if patients must be told

A Stoke-on-Trent hospital administrator has avoided prison after hacking his NHS trust and helping himself to almost 9,000 heart scan images.…

The Spinner personalises “subconscious influencing” for a specific target.

The GandCrab ransomware regularly updated itself to newer versions to stay ahead of decryptors released by security researchers, and regularly included taunts, jokes and references to security organizations in its code. In a new paper, the AhnLab Security Analysis Team reveal the full details of the battle that went on between GandCrab and AhnLab.

Read more

From nasty snakes to rickrolling the NSA, get up to date with everything we've written in the last seven days - it's weekly roundup time.

Investigators ask Chocolate Factory to help them connect the geographic dots

At 1030 on April 27, 2019, four unidentified individuals attempted to rob a Brinks armored truck parked outside of Michaels, an art supply and home decor store at the Point Loomis Shopping Center in Milwaukee, Wisconsin. To find out who they are, local authorities plan to ask Google.…

Plus, WeLeakInfo? Not anymore!

Roundup  Welcome to another Reg roundup of security news.…

Researchers say that JhoneRAT has various anti-detection techniques - including making use of Google Drive, Google Forms and Twitter.

The WeLeakInfo "data breach notification" domain is no more.

Weak challenge questions by customer service reps make it easy for fraudsters to hijack a phone line and bypass 2FA to breach accounts.

Congratulations, you've won a secret backdoor

Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out.…

Are publicly released proof-of-concept exploits more helpful for system defenders -- or bad actors?

Are publicly-released PoC exploits good or bad? Why is the Joker malware giving Google a headache? The Threatpost team discusses all this and more in this week's news wrap.

Our tips will help you boost your resistance to phishing, even when the crooks make a determined effort to reel you in.