Tuesday, February 18, 2020
The Register

Tutanota cries ‘censorship!’ after secure email biz blocked – for real this time – in Russia

Move over, there's plenty of room on Putin's naughty step Fresh from last week's controversy with a US telco, German secure email biz Tutanota has declared today that the Russian authorities have pulled the plug on its services.…
The Register

Severe vuln in WordPress plugin Profile Builder would happily hand anyone the keys to your kingdom

Remote attackers were able create their own admin accounts A vulnerability in a popular WordPress user role plugin lets any random person create an admin-level account on targeted websites.…
The Register

It is with a heavy heart we must inform you, once again, folks are accidentally spilling thousands of sensitive pics, records onto the internet

Plus: Iranians accused of hacking IT service providers to get at their customers Roundup  Everything is insecure and everything is broken, exhibits A through Z:…
The Register

Roses are red, IBM is Big Blue. It’s out of RSA Conference after coronavirus review

Who’ll join the IT giant in staying away from San Francisco? IBM has confirmed that it will not be attending the RSA Conference in San Francisco at the end of this month because of fears of catching COVID-19 from...
The Register

Google burns down more than 500 private-data-stealing, ad-defrauding Chrome extensions installed by 1.7m netizens

Malvertising campaign makes big bucks for online criminals Google has removed more than 500 Chrome extensions in response to a report from a security researcher, who found the browser plugins distributed through the Chrome Web Store facilitated ad fraud...
The Register

Austrian foreign ministry: ‘State actor’ hack on government IT systems is over

Russia denies claims from well-informed broadcaster that it was homegrown Turla malware baddies Austria's foreign ministry has said a weeks-long cyber attack from a "state actor" against its systems has ended – amid local reports that pin the blame...
The Register

Call us immediately if your child uses Kali Linux, squawks West Mids Police

Maybe stick to walking the beat instead of infosec advice, eh? The National Crime Agency has publicly distanced itself from a poster urging parents to call police if their child has installed Kali Linux, Tor or – brace yourself...
The Register

AT&T insists it’s not blocking Tutanota after secure email biz calls foul, cites loss of net neutrality as cause

Monster telco says it's working to resolve whatever's going on Encrypted email service Tutanota on Thursday accused US mega-telco AT&T of blocking its service in some parts of America, and cited the service interruption, ongoing for more than two...
The Register

Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy

Shoddy code allegations are just FUD, software maker insists Only a week after the mobile app meltdown in Iowa's Democratic Caucus, computer scientists at MIT have revealed their analysis of the Voatz app used in West Virginia's 2018 midterm...
The Register

A dirty dozen of Bluetooth bugs threaten to reboot, freeze, or hack your trendy gizmos from close range

Over the air? More like over the aarrrggghhh A trio of boffins at Singapore University this week disclosed 12 security vulnerabilities affecting the Bluetooth Low Energy (BLE) SDKs offered by seven system-on-a-chip (SoC) vendors.…
The Register

Netgear’s routerlogin.com HTTPS cert snafu now has a live proof of concept

And the company reaction is: not even 'meh' An infosec researcher has published a JavaScript-based proof of concept for the Netgear routerlogin.com vulnerability revealed at the end of January.…
The Register

If you’re running Windows, I feel bad for you, son. Microsoft’s got 99 problems, better fix each one

Meanwhile, we're still squashing bugs in Adobe Flash Player... plus stuff from Intel and SAP Patch Tuesday  It's going to be a busy month for IT administrators as Microsoft, Intel, Adobe, and SAP have teamed up to deliver a...
The Register

B-but it doesn’t really get viruses! Not so, Apple fanbois: Mac malware is growing faster than nasties targeting Windows

So says Malwarebytes, anyway Software nasties targeted at MacOS are on the increase faster than ones for Windows, according to antivirus biz Malwarebytes.…
The Register

Crypto AG backdooring rumours were true, say German and Swiss news orgs after explosive docs leaked

One for the Cold War infosec veterans: CIA and BND literally owned the firm Swiss encryption machine company Crypto AG was secretly owned by the US CIA and a West German spy agency at the height of the Cold...
The Register

Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool

If you don't have auto-update switched on, time to patch Dell has copped to a flaw in SupportAssist – a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS – that allows local...

Sensitive plastic surgery images exposed online

Researchers at VPN advisory company vpnMentor have found yet another online data exposure caused by a misconfigured cloud database.

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.

12 hottest new cybersecurity startups at RSA 2020

Starting on February 24, the RSA Conference (RSAC) 2020 gives security vendors old and new a chance to demonstrate their capabilities. The event has become an attractive venue for startups to make their debut. This year’s crop will be...

Hundreds of Millions of PC Components Still Have Hackable Firmware

The lax security of supply chain firmware has been a known concern for years—with precious little progress being made.

Remote Wipe Plugin Bug Hits 200,000+ WordPress Sites

Remote Wipe Plugin Bug Hits 200,000+ WordPress SitesSecurity researchers are warning of a new plugin vulnerability which is exposing over 200,000 WordPress sites to the risk of being remotely wiped by an attacker. The problem lies with versions 1.3.4 and...