The Register - Anti-Virus

Syndikovat obsah
Biting the hand that feeds IT — Enterprise Technology News and Analysis
Aktualizace: 23 min 39 sek zpět

21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk

5 Květen, 2021 - 19:20
Nearly 4 million to be exact, say researchers

Researchers at security biz Qualys discovered 21 vulnerabilities in Exim, a popular mail server, which can be chained to obtain "a full remote unauthenticated code execution and gain root privileges on the Exim Server."…

Kategorie: Viry a Červi

East London council blurts thousands of residents' email addresses in To field blunder

5 Květen, 2021 - 16:01
'Was a Mailchimp sub too hard?!' asks Reg reader

A local authority in East London has committed a classic privacy blunder by emailing what appear to be thousands of residents – while forgetting to use the BCC field and exposing all of the email addresseses to each recipient.…

Kategorie: Viry a Červi

Twilio's private GitHub repositories cloned by Codecov attacker, cloud comms platform confirms

5 Květen, 2021 - 14:27
Used the GitHub Codecov Action? Credentials may have been pilfered

Cloud comms platform Twilio has confirmed its private GitHub repositories were cloned after it became the latest casualty of the compromised credential-stealing Codecov script.…

Kategorie: Viry a Červi

What not to expect when you're expecting: Fertility apps may be selling intimate health secrets

5 Květen, 2021 - 09:32
Majority aren't GDPR compliant and Google Play categorises them badly, leading to lax practices

Hundreds of millions of women turn to fertility apps to conceive or prevent pregnancy, and according to a new study those apps may leak very personal information including miscarriages, abortions, sexual history, potential infertility and pregnancy.…

Kategorie: Viry a Červi

'Millions' of Dell PCs will grant malware, rogue users admin-level access if asked nicely

4 Květen, 2021 - 21:56
Five vulnerabilities lay undetected for almost a dozen years in Windows driver code

Dell desktops, laptops, and tablets built since 2009 and running Windows can be exploited to grant rogue users and malware system-administrator-level access to the computers. We're told this amounts of hundreds of millions of machines that can be completely hijacked.…

Kategorie: Viry a Červi

Red Hat open-sources StackRox Kubernetes security product

4 Květen, 2021 - 20:24
More goodies for OpenShift, plus Konveyor to Kubernetes in association with IBM

Kubecon Europe  As Kubecon Europe gets under way, Red Hat has pushed out StackRox, the Kubernetes security product it acquired earlier this year, as an open-source project which will be the upstream for its Advanced Cluster Security for OpenShift.…

Kategorie: Viry a Červi

Apple patches iOS, macOS, iPadOS, watchOS, kitchen-sinkOS bugs said to be exploited in the wild

4 Květen, 2021 - 03:35
Plus: Micro-op CPU caches abused to leak data, and more

In Brief  Apple on Monday patched security flaws in its software said to have been exploited in the wild by miscreants to hijack gear.…

Kategorie: Viry a Červi

Bill to protect UK against harmful foreign investment becomes law

30 Duben, 2021 - 18:52
Act gives government powers to scrutinise, alter, and block transactions where there is a risk to national security

In a move akin to calling the fire brigade after your house has burned down, the UK government today announced the passage of a bill that would afford it powers to intervene in potentially hostile direct investment.…

Kategorie: Viry a Červi

Happy Friday? Darktrace gets 40 per cent boost on London IPO debut

30 Duben, 2021 - 17:10
AI infosec start-up avoids same opening day peril as Deliveroo

British AI-powered security startup Darktrace has enjoyed a bumper IPO Friday as its shares climbed 40 per cent on its London Stock Exchange debut.…

Kategorie: Viry a Červi

Australia proposes teaching cyber-security to five-year-old kids

30 Duben, 2021 - 04:33
By eight they should be telling you not to upload geo-tagged photos of them in school uniform

Australia has decided that six-year-old children need education on cyber-security, even as it removes other material from the national curriculum.…

Kategorie: Viry a Červi

Stealthy Linux backdoor malware spotted after three years of minding your business

30 Duben, 2021 - 01:40
'RotaJakiro' now on infosec world's radar, its impact has yet to be determined

Chinese security outfit Qihoo 360 Netlab on Wednesday said it has identified Linux backdoor malware that has remained undetected for a number of years.…

Kategorie: Viry a Červi

BadAlloc: Microsoft looked at memory allocation code in tons of devices and found this one common security flaw

30 Duben, 2021 - 00:03
Integer overflows leave IoT, OT, medical gear vulnerable to heap-seeking missiles

Microsoft has taken a look at memory management code used in a wide range of equipment, from industrial control systems to healthcare gear, and found it can be potentially exploited to hijack devices.…

Kategorie: Viry a Červi

Vivaldi update unleashes the 'Cookie Crumbler' to simply block any services asking for consent (sites may break)

29 Duben, 2021 - 14:26
Plus: Browser sends Google's FLoC straight to the blacklist

The latest release of Chromium-based browser Vivaldi has extended ad blocking to handle cookie warning dialogs and sent a shot across the bows of Google's ad technology, FLoC.…

Kategorie: Viry a Červi

Billions in data protection lawsuits rides on Google's last-ditch UK Supreme Court defence for Safari Workaround sueball

29 Duben, 2021 - 13:30
Biggest data protection case for years teeters on brink

Google has urged the UK's Supreme Court to throw out a £3bn lawsuit brought by an ex-Which director over secretly planted tracking cookies on devices running Safari, on the grounds that local law doesn’t allow for opt-out class action lawsuits.…

Kategorie: Viry a Červi

48 ways you can avoid file-scrambling, data-stealing miscreants – or so says the Ransomware Task Force

29 Duben, 2021 - 12:00
No, not the US government's task force ... the other one

The Institute for Security and Technology's Ransomware Task Force (RTF) on Thursday published an 81-page report presenting policy makers with 48 recommendations to disrupt the ransomware business and mitigate the effect of such attacks.…

Kategorie: Viry a Červi

When you’re building a cybersecurity pro, you need to get the foundations right

29 Duben, 2021 - 10:00
New starter or mid-career switcher? Here’s where to start

Promo  Cyber attackers are a diverse lot. They can strike from anywhere in the world, and may be motivated by greed, politics, status, or pure malevolence. And their techniques range from the dazzlingly sophisticated to the frankly crude, technically speaking.…

Kategorie: Viry a Červi

Digital Ocean springs a leak: Miscreant exploits hole to peep on unlucky customers' billing details for two weeks

29 Duben, 2021 - 07:05
First that IPO and now this

Digital Ocean on Wednesday said someone was able to snoop on some of its cloud subscribers' billing information via a now-patched vulnerability.…

Kategorie: Viry a Červi

Ransomware crooks who broke into Merseyrail used director's email address to brag about it – report

28 Duben, 2021 - 18:45
Hasn't stopped the trains, though

Brit railway company Merseyrail is understood to have suffered a ransomware attack – and the crooks responsible reportedly pwned a director's Office 365 account to email employees and journalists about it.…

Kategorie: Viry a Červi

Brit MPs and campaigners come together to oppose COVID status certificates as 'divisive and discriminatory'

28 Duben, 2021 - 16:32
Transport minister confirms use of the NHS app for just that when citizens travel abroad

With Minister for the Cabinet Office Michael Gove expected to announce app-based "COVID status certificates," the UK's post-lockdown plan looks set to come under fierce attack.…

Kategorie: Viry a Červi

Here's what Russia's SVR spy agency does when it breaks into your network, says US CISA infosec agency

27 Duben, 2021 - 19:03
Email provider cock.li called out for harbouring snooping personas

Following attribution of the SolarWinds supply chain attack to Russia's APT29, the US CISA infosec agency has published a list of the spies' known tactics – including a penchant for using a naughtily named email provider.…

Kategorie: Viry a Červi