The Register - Anti-Virus

Syndikovat obsah
Biting the hand that feeds IT — sci/tech news and views for the world
Aktualizace: 28 min 59 sek zpět

What happens when holes perfect for spyware are found in the engine room of millions of Qualcomm-based phones? Let's find out

8 Srpen, 2020 - 01:46
Start the clock on those patches – they'll be coming any day, week, month soon

DEF CON  In July, the makers of millions of smartphones powered by Qualcomm's Snapdragon system-on-chips received mitigation recommendations to address a bevy of security flaws in their products, all introduced by Qualcomm's technology.…

Kategorie: Viry a Červi

How did you spend your time at university? Pizza, booze, sleeping? This Oxford student is snooping on satellites

8 Srpen, 2020 - 00:01
Bug-hunter details how his team slurped data… IN SPAAAAACE

DEF CON  FYI, if you didn't already know: readily available satellite TV electronics can be used to sniff and inspect satellite internet traffic.…

Kategorie: Viry a Červi

Android user chucks potential $10bn+ sueball at Google over 'spying', 'harvesting data'... this time to build supposed rival to TikTok called 'Shorts'

7 Srpen, 2020 - 14:23
These are the class-action-suit-joining 'droids lawyers are looking for. (We'll get our coats)

Google "abuses Android OS to obtain a competitive advantage", according to a lawsuit filed this week alleging that the Alphabet offshoot "secretively monitored and collected users' sensitive personal data" to develop apps to compete with TikTok, Facebook, and Instagram.…

Kategorie: Viry a Červi

So you've decided you want to write a Windows rootkit. Good thing this chap's just demystified it in a talk

7 Srpen, 2020 - 10:15
Demirkapi shows how drivers can be misused for deep pwnage

DEF CON  Writing a successful Windows rootkit is easier than you would think. All you need is do is learn assembly and C/C++ programming, plus exploit development, reverse engineering, and Windows internals, and then find and abuse a buggy driver, and inject and install your rootkit, and bam. Happy days.…

Kategorie: Viry a Červi

Chrome Web Store slammed again after 295 ad-injecting, spammy extensions downloaded 80 million times

7 Srpen, 2020 - 08:02
Not exactly the first time this has happened, by a very long chalk

Google's Chrome Web Store is once again under fire for poor policing of harmful extensions.…

Kategorie: Viry a Červi

Trump administration labels WeChat, TikTok ‘threats’ to national security, bans transactions with both

7 Srpen, 2020 - 05:32
On grounds that they can track users, conduct corporate espionage and oppress Chinese-Americans

United States president Donald Trump has issued two executive orders banning Chinese messaging service WeChat and made-in-China-but-only-operating-abroad social network TikTok, and labelling the two a “threat”.…

Kategorie: Viry a Červi

Capital One fined $80m for shoddy public cloud security. Yeah, same bank in that 106m customer-record hack

7 Srpen, 2020 - 03:22
All that money must be wired to the US Treasury immediately

Capital One must pay a trivial $80m fine for its shoddy public cloud security – yes, the US banking giant that was hacked last year by a miscreant who stole personal information on 106 million credit-card applicants in America and Canada.…

Kategorie: Viry a Červi

Foreshadow returns to the foreground: Secrets-spilling speculative-execution Intel flaw lives on, say boffins

7 Srpen, 2020 - 02:00
A misunderstanding about the vulnerability means defenses fall short

Some of the boffins who in 2018 disclosed the data-leaking speculative-execution flaws known as Spectre and Meltdown today contend that attempts to extinguish the Foreshadow variant have missed the mark.…

Kategorie: Viry a Červi

When it comes to hacking societies, Russia remains the master at sowing discord and disinformation online

6 Srpen, 2020 - 23:49
China can't hold a candle to GRU's shenanigans, says expert

Black Hat  While China is the bête noire du jour of the US government, Russia is the master of spreading disinformation, fostering conflict, and derailing discourse online, the Black Hat security conference was told today.…

Kategorie: Viry a Červi

Intel NDA blueprints – 20GB of source code, schematics, specs, docs – spill onto web from partners-only vault

6 Srpen, 2020 - 21:31
Leaker only 'a bit concerned' about getting sued

Updated  Switzerland-based IT consultant Tillie Kottmann on Thursday published a trove of confidential Intel technical material, code, and documents related to various processors and chipsets.…

Kategorie: Viry a Červi

Think carefully about cyber insurance, says NCSC. But don't worry about buying off ransomware crooks

6 Srpen, 2020 - 16:00
Should your policy cover that? Well that's up to you

The National Cyber Security Centre has urged British businesses to think carefully when picking a cyber insurance policy – but won’t say whether insurance that covers ransomware payoffs is a bad thing or not.…

Kategorie: Viry a Červi

National Crime Agency says Brit teen accused of Twitter hack has not been arrested

6 Srpen, 2020 - 11:10
Bognor Regis man still faces 20 years in clink, though

The British teenager accused of being part of the gang that hacked Twitter and posted a cryptocurrency scam from various US celebrities' accounts has not yet been arrested.…

Kategorie: Viry a Červi

USA decides to cleanse local networks of anything Chinese under new five-point national data security plan

6 Srpen, 2020 - 05:31
‘Clean Network’ initiative bans use of Chinese clouds, names Alibaba, Baidu, and Tencent as compromised

US secretary of state Mike Pompeo has announced a “Clean Network plan” he says offers a “comprehensive approach to guarding our citizens’ privacy and our companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party (CCP).”…

Kategorie: Viry a Červi

Canon not firing on all cylinders: Fledgling cloud loses people's pics'n'vids, then 'Maze ransomware' hits

6 Srpen, 2020 - 04:18
'We are investigating the situation'

Canon has had a double shot of bad luck lately. First, its brand-new photo-and-video-hosting cloud started losing files. Now it's reportedly fallen victim to ransomware.…

Kategorie: Viry a Červi

US voting hardware maker's shock discovery: Security improves when you actually work with the community

6 Srpen, 2020 - 03:09
ES&S takes the bold step of not ignoring vulnerability reports

Black Hat  Just hours after Professor Matt Blaze today discussed the state of election system security in America, one of the largest US voting machine makers stepped forward to say it's trying to improve its vulnerability research program.…

Kategorie: Viry a Červi

Ever wonder how a pentest turns into felony charges? Coalfire duo explain Iowa courthouse arrest debacle

6 Srpen, 2020 - 01:08
Get. The. Terms. Of. The. Audit. In. Writing

Black Hat  The two penetration testers whose arrest and imprisonment made headlines last year are finally sharing their story, and it is a doozy.…

Kategorie: Viry a Červi

America was getting on top of its electronic voting machine security – then suddenly... A wild pandemic appears

5 Srpen, 2020 - 23:06
'We need to prepare for a number of scenarios that may not come to fruition' says Prof Blaze

Black Hat  Just as America was getting a grip on improving the security of its electronic ballot boxes, the coronavirus pandemic hit, throwing a potential surge in remote voting unexpectedly into the mix, the Black Hat hacking conference was told today.…

Kategorie: Viry a Červi

UK data watchdog having a hard time making GDPR fines stick: Marriott scores another extension, BA prepares to pay 11% of £183m penalty threat

5 Srpen, 2020 - 13:25
COVID-battered businesses win reprieve from Information Commissioner's Office

Updated  British Airways expects the fine for its 2018 credit card data leak to be just 10.8 per cent of the £183m proposed by the UK data watchdog – while US hotel chain Marriott has both halved and kicked its own data blunder punishment into the long grass once again, The Register can reveal.…

Kategorie: Viry a Červi

NSA warns that mobile device location services constantly compromise snoops and soldiers

5 Srpen, 2020 - 09:29
It might be best not to ask how the NSA knows this and why it advises most mitigations don’t help

The United States National Security Agency has issued new advice on securing mobile devices that says location services create a security risk for staff who work in defence or national security.…

Kategorie: Viry a Červi

China slams President Trump's TikTok banned-or-be-bought plan in the US

5 Srpen, 2020 - 08:27
Beijing accuses America of working to destroy businesses it doesn't like

China has accused the US of abusing its national security laws to target Chinese companies after Washington threatened to ban video-sharing app TikTok from its shores last week.…

Kategorie: Viry a Červi