Monday, September 23, 2019
The Register

HMRC’s HTTPS howler: Childcare payments site cert expired at 1am on Sunday, down for hours

Gov.uk portal finally lurched back to life after lunch Furious parents have lashed out at Her Majesty's Revenue and Customs after the UK tax authority let a key HTTPS certificate expire on its childcare tax credit portal.…
The Register

Pizza prankster’s prisoner plea plot perturbs police, Norks invading and Uber woes

Plus, a Windows NTSF flaw, Fortnite hacking, and much, much more Security roundup  Here are a handful of security happenings in the past week that are worth noting - aside from what The Reg has already covered.…
The Register

Disgraced ex-Kaspersky guy made me do it, says bloke in Russian court on hacking charges

Oh no I didn't, says disgraced ex-Kaspersky guy An accused Russian hacker has claimed Kaspersky's former head of investigations blackmailed him into stealing approximately £150,000 from local banks.…
The Register

Bulgarian phishing gang member who lived with his parents jailed for part in £40m fraud ring

37-year-old was extradited to Blighty to stand trial A Bulgarian phishing criminal who created fake versions of legitimate companies' websites as part of a £40m fraud has been jailed.…
The Register

Supply chain actors agree that everyone’s a security risk – except themselves, of course

Perception is an illusion, grasshopper Security surveys tend to confirm what we already knew a few months ago and the 2019 Global Cyber Risk Perception Survey (PDF) from Marsh and Microsoft does not disappoint.…
The Register

Nice work if you can grift it: Two blokes accused of swindling $10m from the elderly with bogus virus infection alerts

~~~WaRNiG!! Ur PC has THe Da Vinci m4Lw4rez!! CaLL 1-555-NOSCAM 2 f!x it~~~ Two Americans used bogus virus-infection alerts to bilk $10m out of PC owners, it is alleged.…
The Register

If you’re using Harbor as your container registry, bear in mind it can be hijacked with has_admin_role = True

Patch now before miscreants sail off with your apps, data IT departments using the Harbor container registry will want to update the software ASAP, following Thursday's disclosure of a bug that can be exploited by users to gain administrator...
The Register

FedEx execs: We had no idea cyberattack would be so bad. Investors: Is that why you sold $40m+ of your own shares?

Shareholders NotHappy stock offloaded in NotPetya aftermath FedEx execs not only hid the impact of the NotPetya ransomware on their business but personally profited by selling off tens of millions of dollars of their own shares before the truth...
The Register

Chinese students in UK ripe target for scammers exploiting visa concerns

Add in Brexit outsourcing mess and it's plain to see why young international scholars get duped Scammers are exploiting Chinese students' Brexit fears by targeting them with phishing emails claiming their visas could be revoked, threat intel researchers say.…
The Register

Belgian F-16 pilot rescued from power line after emergency ejection

Two-seat jet crashed in France A Belgian F-16 fighter jet pilot has been rescued from a power line after getting into difficulties and ejecting from his stricken aircraft.…
The Register

WannaCry is still the smallpox of infosec. But the latest strain (sort of) immunises its victims

Whatever you do, don't pay the ransom Analysis  WannaCry – the file-scrambling ransomware that infamously locked up Britain's NHS and a bunch of other organisations worldwide in May 2017 – is still a live-ish threat to this day, infosec...
The Register

IT now stands for Intermediate Targets: Tech providers pwned by snoops eyeing up customers – report

Symantec says Tortoiseshell crew ransacked suppliers Miscreants are hacking into Saudi Arabian IT providers in an attempt to compromise their real targets: said providers' customers, according to Symantec.…
The Register

Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up

Both sides have different interpretations of the rules The infosec duo cuffed during an IT penetration test that went south last week are out of jail, though not necessarily out of the woods.…
The Register

Scotiabank slammed for ‘muppet-grade security’ after internal source code and credentials spill onto open internet

Blueprints for mobile apps, databases exposed in public GitHub repos Exclusive  Scotiabank leaked online a trove of its internal source code, as well as some of its private login keys to backend systems, The Register can reveal.…
The Register

GitHub gobbles biz used by NASA, Google, etc to search code for bugs and security holes in Mars rovers, apps…

Semmle's flaw-finding queries can be shared and used on multiple projects On Wednesday, Microsoft's GitHub said it has acquired Semmle, a San Francisco-based software analysis platform for finding vulnerabilities in code. No price was disclosed.…
The Register

Uni sysadmins, don’t relax. Cybercrooks are still after your crown jewels, warns NCSC

GCHQ offshoot says be on your guard Cybercrims are still likely to affect universities and other educational institutions online with ransomware, reckons GCHQ offshoot the National Cyber Security Centre.…
The Register

Analytics exec nicked as Ecuador tries to rush through privacy laws after massive data leak

Government gave them the deets, so not a hacking charge The head of Novaestrat, the data analytics company at the centre of the huge leak revealed on Monday involving personal information about more than 20 million Ecuadorian citizens, has...
The Register

MPs call for ‘immediate’ stop to facial recog in UK as report underlines bias risks in ‘pre-crime’ algos used by coppers

New report after 12 forces across England and Wales trialled technology MPs across parties have called for an immediate "stop" to live facial recognition surveillance by the police and in public places.…
The Register

How to break out of a hypervisor: Abuse Qemu-KVM on-Linux pre-5.3 – or VMware with an AMD driver

Pair of bug reports show how VM escapes put servers at risk A pair of newly disclosed security flaws could allow malicious virtual machine guests to break out of their hypervisor's walled gardens and execute malicious code on the...
The Register

Your ugly mug may be scanned yet again – but at least you’ll be able to board faster at Gatwick

Brit airport to extend facial recog after easyJet trial Gatwick Airport will extend its use of facial recognition to match passengers to their passports at departure gates before they board planes.…
SC Magazine

Ning Wang – Offensive Security

Ning WangCEO Offensive Security Why Nominated: Ning Wang is a rising star has worked to break the boundaries in the security industry, so that people can see that anyone is capable of starting a career in cybersecurity and advancing it –...
SC Magazine

Dani Martínez – IOActive

Dani MartínezSecurity ConsultantIOActive Why nominated: Dani Martínez proved to be a self-starter, beginning his career in IT he soon developed an interest in cybersecurity and began taking online courses in his spare time. Martínez also dove write in and began a cybersecurity blog...
SC Magazine

Maurice Stebila – Harman, a Samsung Company

Maurice StebilaDigital Security,Compliance and Privacy OfficerHarman, a Samsung Company Why nominated: Maurice Stebila has spent more than 30 years in the automotive, manufacturing and financial services industry supporting two of the world’s largest companies – EDS/General Motors and Harman by Samsung...
SC Magazine

Ed Adams – Security Innovation

Ed AdamsPresident and CEOSecurity Innovation Why Nominated: A highly respected veteran of the cybersecurity industry, Security Innovation CEO Ed Adams has taken on several new leadership roles in the year or so. Last April, he was named to board of directors of...
SC Magazine

David Archer – Galois

David ArcherPrincipal scientistGalois Why Nominated: Archer, an advocate for preserving privacy of data even when it’s used in decision-making both within the U.S. at all levels of government as well as internationally, directs research in privacy-preserving information technologies. Profile:  David Archer is all...