Bad news: KeyWe Smart Lock is easily bypassed and can’t be fixed
Good news? There is no good news File this one under "not everything needs a computer in it". Finnish security house F-Secure today revealed a vulnerability in the KeyWe Smart Lock that could let a sticky-fingered miscreant easily bypass...
Google Chrome will check for breached credentials every time you sign in anywhere
Double-encrypted. That said, if you're worried about over-sharing, what are you doing on Chrome? A new feature in Google's Chrome browser will warn you if your username and password matches a known combination in a data breach every time...
Google Chrome will check for leaked credentials every time you sign in anywhere
Double-encrypted. That said, if you're worried about over-sharing, what are you doing on Chrome? A new feature in Google's Chrome browser will warn you if your username and password matches a known combination in a security breach every time...
Beware of bad Santas this Xmas: Piles of insecure smart toys fill retailers’ shelves
Latest Which? study with NCC Group highlights toys it ain't smart to buy It seems to come around quicker every year – the failure of so-called smart toys to meet the most basic of security requirements. Which? has discovered...
Alleged Nigerian social engineer wins free flight to the US for business email fraud and love scams
Feds get extradition for 64 year-old fraud suspect who allegedly netted hundreds of thousands of dollars A 64 year-old man from Nigeria is set to be tried in the US on charges he was the brains behind a string...
It’s the end of the 20-teens, and your Windows PC can still be pwned by nothing more than a simple bad font
End 2019 with a Patch Tuesday from Microsoft, Adobe, SAP and Intel With the year winding to a close and the holiday parties set to kick off, admins will want to check out the December Patch Tuesday load from...
Americans should have strong privacy-protecting encryption …that the Feds and cops can break, say senators
I don't care if it's mathematically impossible, make it happen nerds! In its latest attempt to come up with a digital encryption scheme that's both secure and not, the US Senate Judiciary Committee on Tuesday heard conflicting testimony from...
Intel might want to reconsider the G part of SGX – because it’s been plunderstruck
I was caught in the middle of a memory attack, and I knew there was no turning back Intel on Tuesday plans to release 11 security advisories, including a microcode firmware update to patch a vulnerability in its Software...
Don’t pay off Ryuk ransomware, warn infoseccers: Its creators borked the decryptor
Oracle DBs particularly vulnerable to fake decryptions, say researchers If you're an Oracle database user and are tempted to pay off a Ryuk ransomware infection to get your files back, for pity's sake, don't. The criminals behind it have...
SIEMs like a stretch: Elastic searches for cash from IT pros with security budgets
Open-source product now has yet another paid option on top Black Hat Europe Elastic, the biz behind open-source search engine stack Elasticsearch, has launched its own SIEM – a somewhat counterintuitive thing to do, you'd think, until you look...
Advertisers want exemption from web privacy rules that, you know, enforce privacy
They also want a ban on interfering with their cookies Amid the final rulemaking before the California Consumer Privacy Act (CCPA) is scheduled to take effect next year, five ad industry groups have asked California Attorney General Xavier Becerra...
Ad network ransomware crook to flog £5k Rolex after court confiscates £270k in ill-gotten gains
Next thing she's wearing my Casio A jailed hacker who profited from the Angler Exploit Kit has been ordered to sell his £5,000 Rolex watch after the National Crime Agency (NCA) applied to confiscate £270,000 of criminal proceeds from...
Metasploit for drones? Best of luck with that, muses veteran tinkerer
Been down this path and it ain't that easy, says man who knows Black Hat Europe A veteran drone hacker reckons the recent release of the Dronesploit framework won't go down quite as its inventors hope.…
OpenBSD bugs, Microsoft’s bad update, a new Nork hacking crew, and more
Meanwhile, the DOJ sets its sights on money mules Welcome to yet another El Reg security roundup. Off we go.…
China fires up ‘Great Cannon’ denial-of-service blaster, points it toward Hong Kong
Protest organizers come under fire from network traffic barrage China is reportedly using the 'cannon' capabilities of its massive domestic internet to try and take down anti-government websites in Hong Kong.…
Reasons to be fearful 2020: Smishing, public Wi-Fi, deepfakes… and all the usual suspects
Too soon for New Year Resolutions? Cybercriminals will continue to exploit tried-and-tested fraud methods but also adopt a couple of new takes and targets in the year ahead.…
SANS Announces 13th Holiday Hack Challenge and 2nd KringleCon infosec conference
Sign up, tune in, expand your knowledge, and compete in hacking contests Promo On December 9, SANS will launch its second annual KringleCon virtual conference followed shortly thereafter by its 13th Holiday Hack Challenge.…
Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads
OpenVPN, WireGuard, IKEv2/IPSec also vulnerable to unmasking flaw, we're told A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted traffic hijacked, it is claimed.…
VCs find exciting new way to blow $1m: Wire it directly to hackers after getting spoofed
Who needs an elevator pitch when you have man-in-the-middle attack? A group of hackers used a compromised email account to steal a start-up's $1m venture capital payment.…
If there’s somethin’ stored in a secure enclave, who ya gonna call? Membuster!
Boffins ride the memory bus past Intel's SGX to your data Computer scientists from UC Berkeley, Texas A&M, and semiconductor biz SK Hynix have found a way to defeat secure enclave protections by observing memory requests from a CPU...
Pensacola confirms ransomware attack
Pensacola
officials confirmed that an ongoing
cyberattack that began early Saturday morning is a ransomware attack.
While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...
Trickbot Operators Now Selling Attack Tools to APT Actors
North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
The Great $50M African IP Address Heist
A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...
Intel Issues Fix for ‘Plundervolt’ SGX Flaw
Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
How to stop spam calls right now
Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.
