The Register - Anti-Virus

Syndikovat obsah
Biting the hand that feeds IT — Enterprise Technology News and Analysis
Aktualizace: 8 min 6 sek zpět

App Tracking: Apps plead for users to press allow, but 85% of Apple iOS consumers are not opting in

11 Květen, 2021 - 15:45
The data is in: most users do not opt in to third-party tracking

Mobile app analytics company Flurry is measuring how many users of iOS 14.5 are opting in to allow apps to request to track them - and so far only 15 per cent worldwide have done so.…

Kategorie: Viry a Červi

Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine

11 Květen, 2021 - 11:15
Patch your devi... oh, hang on a sec

A computer science professor from Sweden has discovered an arbitrary code execution vuln in the Universal Turing Machine, one of the earliest computer designs in history – though he admits it has "no real-world implications".…

Kategorie: Viry a Červi

Train operator phlunks phishing test by teasing employees with non-existent COVID bonus

11 Květen, 2021 - 09:58
Someone at West Midlands Trains approved nasty cybersecurity drill

UK rail operator West Midlands Trains sent an email to 2,500 employees to thank them for hard work during COVID and promised a one-time bonus as a reward, but that lovely news turned out to be phishing training. Needless to say, it did not go over well.…

Kategorie: Viry a Červi

Tencent research team scores free powerups for electric cars with Raspberry Pi-powered X-in-the-middle attack

11 Květen, 2021 - 06:04
Another auto-exploit saw rPi push Telegram messages over CAN bus to brick a car

Black Hat Asia  Researchers have used the Black Hat Asia conference to demonstrate the awesome power of the Raspberry Pi as a car-p0wning platform.…

Kategorie: Viry a Červi

Indian government says 5G doesn’t cause COVID-19. Also points out India has no 5G networks

11 Květen, 2021 - 04:58
But won’t reveal who it wants banned from social media over less obvious disinformation

As COVID-19 continues to ravage India, the nation’s government has told it populace that 5G signals have nothing to do with the spread of the virus – if only because no 5G networks operate in India.…

Kategorie: Viry a Červi

Trend Micro hosted email service is down, inboxes still stuck in cloudy limbo

11 Květen, 2021 - 03:13
Blames spam filters for brownout, warns fix could be 'disruptive'

Trend Micro’s hosted email security product is experiencing a global brownout.…

Kategorie: Viry a Červi

Kubecon 2021: A largely dry and corporate affair where the best bits involved a spot of Kubernetes-hacking roleplay

10 Květen, 2021 - 21:12
But we heard the message loud and clear – it's pretty much the standard runtime platform now

Kubecon  A session on how to hack into a Kubernetes cluster was among the highlights of a Kubecon where the main events were generally bland and corporate affairs, perhaps indicative of the technology now being a de facto infrastructure standard among enterprises.…

Kategorie: Viry a Červi

Uncle Sam wants 'ethical hackers' to crack its planetary defenses, but don't expect a pay-day from this bug bounty

10 Květen, 2021 - 13:32
Plus: Student cripples EU bio lab and IRS goes after cryptocurrency

In brief  The United States' Department of Defense has opened up all of its publicly facing systems and apps to investigation under a bug bounty program.…

Kategorie: Viry a Červi

Namecheap hosted 25%+ of fake UK govt phishing sites last year – NCSC report

10 Květen, 2021 - 10:30
Also we fixed SS7 use by British telcos. How? Why? Not saying

Updated  Domains'n'hosting outfit Namecheap harboured more than a quarter of all known phishing sites that falsely posed as UK government web presences during 2020, according to the National Cyber Security Centre today.…

Kategorie: Viry a Červi

US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day

10 Květen, 2021 - 02:15
Oil transport by road allowed after Colonial Pipeline goes down, operator says recovery is under way but offers no recovery date

Updated  One of the USA’s largest oil pipelines has been shut by ransomware, leading the nation's Federal Motor Carrier Safety Administration to issue a regional emergency declaration permitting the transport of fuel by road.…

Kategorie: Viry a Červi

Russian cyber-spies changed tactics after the UK and US outed their techniques – so here's a list of those changes

7 Květen, 2021 - 20:49
Plus: NCSC warns of how hostile powers may exploit smart city infrastructure

Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets' networks as a legitimate pentesting exercise.…

Kategorie: Viry a Červi

Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away

7 Květen, 2021 - 17:20
Software giant vows data processing of EU cloud services to stay in EU, which means that currently...

Updated  Microsoft has announced plans to ensure data processing of EU cloud services within the borders of the political bloc in a move that expert observers claim reveals problems with the firm's existing setup.…

Kategorie: Viry a Červi

Cisco HyperFlex web interface has critical flaw that lets attackers get <code>root</code> and execute arbitrary commands

7 Květen, 2021 - 07:52
You know the drill: shake your head in disbelief, then figure out if patching will wipe out a weekend or be merely inconvenient

Cisco has revealed a pair of critical bugs in its HyperFlex hyperconverged infrastructure product.…

Kategorie: Viry a Červi

Kids in Hong Kong and other highly surveilled states worry infosec careers are just asking for trouble

7 Květen, 2021 - 07:11
Asia is already short millions of trainees; expert warns talent pipeline will dry up in response to government snooping

Black Hat Asia  Asian nations in which governments are keen on citizen surveillance struggle to develop ethical hackers, as prospective workers fear their activities may be misunderstood, according to security specialist Mika Devonshire.…

Kategorie: Viry a Červi

Google Play to require privacy labels on apps in 2022, almost two years after Apple

7 Květen, 2021 - 04:57
Developers want to do this, says Google. Ummm ... guys, you do remember the thousands of malware nightmares you’ve hosted and sold?

Google has decided the time has come to require app developers to disclose the data their wares collect, and their security practices, in their Play Store listings.…

Kategorie: Viry a Červi

Google will make you use two-step verification to login

7 Květen, 2021 - 02:52
World Password Day returns to remind us how much passwords suck

Google has marked World Password Day by declaring "passwords are the single biggest threat to your online security," and announcing plans to automatically add multi-step authentication to its users' accounts.…

Kategorie: Viry a Červi

Qualcomm Snapdragon 855 modem code flaw exposed Android smartphones to possible snooping

6 Květen, 2021 - 18:11
Good thing researchers spotted it, no evidence of exploit in the wild

A heap overflow vulnerability in Qualcomm's Snapdragon 855 system-on-chip modem firmware, used in Android devices, could be exploited by baddies to run arbitrary code on unsuspecting users' devices, according to Check Point.…

Kategorie: Viry a Červi

Crane horror <i>Reg</i> reader uses his severed finger to unlock Samsung Galaxy phone

6 Květen, 2021 - 11:15
On the other hand he was fine

Graphic images  Everyone knows the trope. The baddies smash their way in and gun down the guard standing in front of the vault. "Dammit," says the lead bad guy, "it's a biometric scanner, we'll never get in!" His most grizzled henchman turns round, holding up the dead guard's lifeless arm. "Oh yes we will…"…

Kategorie: Viry a Červi

Chrome on Windows turns on Intel, AMD chip-level defenses against malicious websites

6 Květen, 2021 - 09:23
Terms and conditions apply

Version 90 of Google's Chrome browser includes a bit of extra security for users of recent versions of Windows and the latest x86 processors, in the form of hardware-enforced stack protection.…

Kategorie: Viry a Červi

JET engine flaws can crash Microsoft's IIS, SQL Server, say Palo Alto researchers

6 Květen, 2021 - 06:59
Trio claim database queries can lead to remote code execution

Black Hat Asia  A trio of researchers at Palo Alto Networks has detailed vulnerabilities in the JET database engine, and demonstrated how those flaws can be exploited to ultimately execute malicious code on systems running Microsoft’s SQL Server and Internet Information Services web server.…

Kategorie: Viry a Červi