Tuesday, August 3, 2021
The Register

UK’s Ministry of Defence coughs up bug bounties for public-facing web pentesting

Small steps could lead to bigger strides The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed its websites for vulnerabilities, according to a cheery missive from HackerOne.…
The Register

Shopping for execs: ID management biz Okta poaches Google’s veep of engineering to run product dev activities

Head techie for Chocolate Factory's search ad biz departs Mountain View Identity-as-a-service slinger Okta has poached Google veep of engineering Sagnik Nandy to become its president and chief tech officer.…
The Register

Research finds attack groups working for ‘Chinese state interests’ lurking in SE Asian telco networks since 2017

Handy way to keep tabs on 'activists, politicians, business leaders, and more' Attack protection specialist Cybereason has fingered threat actors working on behalf of "Chinese state interests" as being behind attacks on telcos operating in Southeast Asia – with...
The Register

Credit-card-stealing, backdoored packages found in Python’s PyPI library hub

Plus: SolarWinds cyber-spies hit US prosecutors' email systems, and more In brief  Malicious libraries capable of lifting credit card numbers and opening backdoors on infected machines have been found in PyPI, the official third-party software repository for Python.…
The Register

Nuisance call-blocking firm fined £170,000 for making almost 200,000 nuisance calls

Irony, thy name is Yes Consumer Solutions Ltd A firm that sells nuisance call-blocking systems is itself nursing a £170,000 fine from the UK's data watchdog, ironically for cold calling almost 200,000 people registered with the Telephone Preference Service...
The Register

PwnedPiper vulns have potential to turn Swisslog’s PTS hospital products into Swiss cheese, says Armis

Hardcoded passwords, unencrypted connections and unauthenticated firmware updates... patches released Security specialist Armis has discovered vulnerabilities, collectively dubbed PwnedPiper, in pneumatic tube control systems used in thousands of hospitals worldwide – including 80 per cent of the major hospitals...
The Register

Huawei to USA: you’re not taking cybersecurity seriously until you let China vouch for us

Slams Biden's Executive Order on improving infosec and calls for multilateral trust framework Huawei has decided to school the USA on cyber security, and its lesson is to co-operate with China so its vendors – including Huawei – can...
The Register

Zoom agrees to pay subscribers $25 to put its security SNAFUs behind it

Zoombombing class action offers US$85m in payments, meaning even free accounts get a few bucks US-based Zoom users may have a little cash coming their way after the video meeting outfit lodged a preliminary settlement in a class action...
The Register

Sysadmins: Why not simply verify there’s no backdoor in every program you install, and thus avoid any cyber-drama?

Just 'validate third-party code before using it', says Euro body Half of publicly reported supply chain attacks were carried out by "well known APT groups", according to an analysis by EU infosec agency ENISA, which warned such digital assaults...
The Register

Here’s 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ

Biden-Putin summit went well, then Details of 30 servers thought to be used by Russia's SVR spy agency (aka APT29) as part of its ongoing campaigns to steal Western intellectual property were made public today by RiskIQ.…
The Register

Malware and Trojans, but there’s only one horse the boss man wants to hear about

The company's IT might be on fire, but my needs trump those of the many On Call  A call from the executive floor is rarely a harbinger of happiness, especially when one is wading knee-deep through the molasses of...
The Register

We can’t believe people use browsers to manage their passwords, says maker of password management tools

You just save it in Chrome or Firefox? Ugh. And then it autofills when you need it again? Oh the horror It seems some of us are, in the year of our lord 2021, still reusing the same password...
The Register

Spam is Chipotle’s secret ingredient: Marketing email hijacked to dish up malware

More than 120 messages caught trying to filch credentials from customers of USAA Bank, Microsoft Between July 13 and July 16, someone took over the Mailgun account owned by restaurant chain Chipotle Mexican Grill and placed an order for...
The Register

Upcoming Android privacy changes include ability to blank advertising ID, and ‘safety section’ in Play store

New policies give users more control, but ad tracking still on by default Google has shared details of upcoming changes to Android including the ability to blank a device's advertising ID, and a new safety section for apps in...
The Register

Israeli authorities investigate NSO Group over Pegasus spyware abuse claims

Reason for probe unknown, but CEO claims it will vindicate company's claims Israel's Ministry of Defense says the nation's government has visited spyware-for-governments developer NSO Group to investigate allegations its wares have been widely – and perhaps willingly –...
The Register

Here’s a list of the flaws Russia, China, Iran and pals exploit most often, say Five Eyes infosec agencies

And you've patched them all, haven't you, diligent readers? Western cybersecurity agencies have published a list of 30 of the most exploited vulnerabilities abused by hostile foreign states in 2020, urging infosec bods to ensure their networks and deployments...
The Register

‘Woefully insufficient’: Biden administration’s assessment of critical infrastructure protection

Memorandum details plans to turn that around with rapid development of security baselines, not mandates The Biden administration has issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems to address what it describes as a...
The Register

Over 100 Taiwanese political figures’ messages leaked outta LINE app

Attack turned off encryption function, which made snooping rather easier Law enforcement agencies in Taiwan are investigating a cyberattack on over 100 local political figures and dignitaries who used the messaging app LINE.…
The Register

Security breaches where working from home is involved are costlier, claims IBM report

Great, it's not like employers need more reasons to haul you back to the office Firms looking to save money by shifting to more flexible ways of working will need to think carefully about IT security and the additional...
The Register

Iranian state-backed hackers posed as flirty Scouser called Marcy to target workers in defence and aerospace

Recognise this one? Oh dear... Iranian state-backed hackers posed as a flirty Liverpudlian aerobics instructor in order to trick defence and aerospace workers into revealing secrets, according to a newly-published study.…
SecurityWeek

Google Patches High-Risk Android Security Flaws

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The latest Android update provides documentation on 33 security bugs, some serious...
SecurityWeek

Mismanagement Driving Cybersecurity Skills Gap: Research

“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.” read more
Google

Linux Kernel Security Done Right

Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
SecurityWeek

SAP Customer Survey Reveals False Sense of Security

Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis. The SAP Security Survey Report 2021 is based on information from over 100 SAP...