Tuesday, September 25, 2018
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
The Register

Microsoft ‘kills’ passwords, throws up threat manager, and APIs Graph Security

Cloud lineup gets security overhaul with 2FA and new monitoring tools Ignite  Microsoft is beefing up the security in its cloud services lineup with a handful of unveilings today at this year's Ignite conference.…
The Register

Baddies just need one email account with clout to unleash phishing hell

Third parties realised uni was compromised before uni did A single account compromise at an unnamed "major university" in the UK led to a large-scale phishing attack against third parties, according to data protection outfit Barracuda Networks.…
The Register

Some credential-stuffing botnets don’t care about being noticed any more

They just take a battering ram to the gates The bots spewing out malicious login attempts by the bucketload appear to have cranked it up a notch.…
The Register

The curious sudden rise of free US election ‘net security guardians

There is no such thing as a gratis lunch, after all Analysis  Nothing super-fuels a security sales pitch like the sort of threat it’s hard to ignore.…
The Register

Virus screener goes down, Intel patches more chips, Pegasus government spying code spreads across globe

Plus: Gov pay sites take a dive, and more Roundup  When we weren't dealing with malware bricked-breweries, poorly-wiped servers or litigious vendors, we had a number of other security headaches to keep busy with.…
The Register

Twitter: Don’t panic, but we may have leaked your DMs to rando devs

Internet outrage mobile insists year-long API bug would have been super-hard to exploit Twitter is in full damage control mode after disclosing that it may have inappropriately exposed some unlucky twits' private tweets and direct messages to strangers.…
The Register

Couldn’t give a fsck about patching? Well, that’s your WordPress website pwned, then

CMS vulnerabilities getting hammered by cyber-fiends Website admins are urged to update their WordPress installations as soon as possible to the latest version following a rash of attacks exploiting known vulnerabilities in the web publishing software.…
The Register

Enigma message crack honours pioneering Polish codebreakers

Plus: The Reg chats to wartime Bombe operator Ruth Bourne The Bombe team at The National Museum Of Computing has succeeded in breaking an Enigma-encrypted message in a live Poland-to-England demo.…
The Register

Scottish brewery recovers from ransomware attack

Trouble ferments after hackers lock system and Arran with it Staff at Arran Brewery were locked out of its computer systems this week following a ransomware attack.…
The Register

Never mind Brexit. UK must fling more £billions at nuke subs, say MPs

New boats, decommissioning old ones, skills shortage... The Ministry of Defence has too many too many bigshots and not enough grunts – or cash – to reliably keep Britain’s nuclear deterrent hiding beneath the ocean waves, according to Parliament’s...
The Register

Dead retailer’s ‘customer data’ turns up on seized kit, unencrypted and very much for sale

Infosec bod claims he glimpsed sensitive personal info left on unwiped servers Servers that once belonged to defunct Canadian gadget retailer NCIX turned up on the second-hand market without being wiped – and their customer data sold overseas –...
The Register

Guilty: The Romanian ransomware mastermind who infected Trump inauguration CCTV cams

Mediocre malware operator 'fesses up to DC infection A Romanian woman has admitted running a ransomware operation from infected Washington DC's CCTV systems just days before President Trump was sworn into office in the US capital.…
The Register

Microsoft’s Jet crash: Zero-day flaw drops after deadline passes

Don't click on the link, people – well, people using the database on a vulnerable installation The Zero Day Initiative has gone public with an unpatched remote-code execution bug in Microsoft's Jet database engine, after giving Redmond 120 days...
The Register

Microsoft’s Jet crash: Zero-day flaw drops after deadline passes

Don't click on the link, people – well, people using the database on a vulnerable installation The Zero Day Initiative has gone public with an unpatched remote-code execution bug in Microsoft's Jet database engine, after giving Redmond 120 days...
The Register

Developer goes rogue, shoots four colleagues at ERP code maker

Shooter dead and now named by cops, one worker in critical condition, two serious Cops have named the programmer who went on a gun rampage at WTS Paradigm – a US maker of enterprise resource planning software – this...
The Register

NSS Labs fires anti-malware testing lawsuit

Alleges CrowdStrike, Symantec, ESET and Anti-Malware Testing Standards Organization collusion NSS Labs has thrown a hand grenade into the always fractious but slightly obscure world of security product testing by suing multiple vendors as well as an industry standards...
The Register

No, that Sunspot Solar Observatory didn’t see aliens. It’s far more grim

Janitor probed over child sex abuse image allegations, facility reopens On September 6, the Sunspot Solar Observatory in New Mexico, USA, was evacuated and sealed off without explanation, sparking wild conspiracy theories as to why.…
The Register

No, Sunspot Solar Observatory didn’t see aliens

Janitor nabbed over child porn images, facility re-opens On September 6, the Sunspot Solar Observatory in New Mexico was evacuated and sealed off without explanation, sparking wild conspiracy theories as to why.…
The Register

Securing industrial IoT passwords: For Pete’s sake, engineers, don’t all jump in at once

If the networked kit needs to work for 10 years, you need to think policy Cybersecurity has become an increasing priority in operations technology thanks to the growing appetite for the industrial internet of things.…

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...