Wednesday, December 11, 2019
The Register

Bad news: KeyWe Smart Lock is easily bypassed and can’t be fixed

Good news? There is no good news File this one under "not everything needs a computer in it". Finnish security house F-Secure today revealed a vulnerability in the KeyWe Smart Lock that could let a sticky-fingered miscreant easily bypass...
The Register

Google Chrome will check for breached credentials every time you sign in anywhere

Double-encrypted. That said, if you're worried about over-sharing, what are you doing on Chrome? A new feature in Google's Chrome browser will warn you if your username and password matches a known combination in a data breach every time...
The Register

Google Chrome will check for leaked credentials every time you sign in anywhere

Double-encrypted. That said, if you're worried about over-sharing, what are you doing on Chrome? A new feature in Google's Chrome browser will warn you if your username and password matches a known combination in a security breach every time...
The Register

Beware of bad Santas this Xmas: Piles of insecure smart toys fill retailers’ shelves

Latest Which? study with NCC Group highlights toys it ain't smart to buy It seems to come around quicker every year – the failure of so-called smart toys to meet the most basic of security requirements. Which? has discovered...
The Register

Alleged Nigerian social engineer wins free flight to the US for business email fraud and love scams

Feds get extradition for 64 year-old fraud suspect who allegedly netted hundreds of thousands of dollars A 64 year-old man from Nigeria is set to be tried in the US on charges he was the brains behind a string...
The Register

It’s the end of the 20-teens, and your Windows PC can still be pwned by nothing more than a simple bad font

End 2019 with a Patch Tuesday from Microsoft, Adobe, SAP and Intel With the year winding to a close and the holiday parties set to kick off, admins will want to check out the December Patch Tuesday load from...
The Register

Americans should have strong privacy-protecting encryption …that the Feds and cops can break, say senators

I don't care if it's mathematically impossible, make it happen nerds! In its latest attempt to come up with a digital encryption scheme that's both secure and not, the US Senate Judiciary Committee on Tuesday heard conflicting testimony from...
The Register

Intel might want to reconsider the G part of SGX – because it’s been plunderstruck

I was caught in the middle of a memory attack, and I knew there was no turning back Intel on Tuesday plans to release 11 security advisories, including a microcode firmware update to patch a vulnerability in its Software...
The Register

Don’t pay off Ryuk ransomware, warn infoseccers: Its creators borked the decryptor

Oracle DBs particularly vulnerable to fake decryptions, say researchers If you're an Oracle database user and are tempted to pay off a Ryuk ransomware infection to get your files back, for pity's sake, don't. The criminals behind it have...
The Register

SIEMs like a stretch: Elastic searches for cash from IT pros with security budgets

Open-source product now has yet another paid option on top Black Hat Europe  Elastic, the biz behind open-source search engine stack Elasticsearch, has launched its own SIEM – a somewhat counterintuitive thing to do, you'd think, until you look...
The Register

Advertisers want exemption from web privacy rules that, you know, enforce privacy

They also want a ban on interfering with their cookies Amid the final rulemaking before the California Consumer Privacy Act (CCPA) is scheduled to take effect next year, five ad industry groups have asked California Attorney General Xavier Becerra...
The Register

Ad network ransomware crook to flog £5k Rolex after court confiscates £270k in ill-gotten gains

Next thing she's wearing my Casio A jailed hacker who profited from the Angler Exploit Kit has been ordered to sell his £5,000 Rolex watch after the National Crime Agency (NCA) applied to confiscate £270,000 of criminal proceeds from...
The Register

Metasploit for drones? Best of luck with that, muses veteran tinkerer

Been down this path and it ain't that easy, says man who knows Black Hat Europe  A veteran drone hacker reckons the recent release of the Dronesploit framework won't go down quite as its inventors hope.…
The Register

OpenBSD bugs, Microsoft’s bad update, a new Nork hacking crew, and more

Meanwhile, the DOJ sets its sights on money mules Welcome to yet another El Reg security roundup. Off we go.…
The Register

China fires up ‘Great Cannon’ denial-of-service blaster, points it toward Hong Kong

Protest organizers come under fire from network traffic barrage China is reportedly using the 'cannon' capabilities of its massive domestic internet to try and take down anti-government websites in Hong Kong.…
The Register

Reasons to be fearful 2020: Smishing, public Wi-Fi, deepfakes… and all the usual suspects

Too soon for New Year Resolutions? Cybercriminals will continue to exploit tried-and-tested fraud methods but also adopt a couple of new takes and targets in the year ahead.…
The Register

SANS Announces 13th Holiday Hack Challenge and 2nd KringleCon infosec conference

Sign up, tune in, expand your knowledge, and compete in hacking contests Promo  On December 9, SANS will launch its second annual KringleCon virtual conference followed shortly thereafter by its 13th Holiday Hack Challenge.…
The Register

Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads

OpenVPN, WireGuard, IKEv2/IPSec also vulnerable to unmasking flaw, we're told A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted traffic hijacked, it is claimed.…
The Register

VCs find exciting new way to blow $1m: Wire it directly to hackers after getting spoofed

Who needs an elevator pitch when you have man-in-the-middle attack? A group of hackers used a compromised email account to steal a start-up's $1m venture capital payment.…
The Register

If there’s somethin’ stored in a secure enclave, who ya gonna call? Membuster!

Boffins ride the memory bus past Intel's SGX to your data Computer scientists from UC Berkeley, Texas A&M, and semiconductor biz SK Hynix have found a way to defeat secure enclave protections by observing memory requests from a CPU...
SC Magazine

Pensacola confirms ransomware attack

Pensacola officials confirmed that an ongoing cyberattack that began early Saturday morning is a ransomware attack. While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...

Trickbot Operators Now Selling Attack Tools to APT Actors

North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Brian Krebs

The Great $50M African IP Address Heist

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...

Intel Issues Fix for ‘Plundervolt’ SGX Flaw

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
TechRepublic

How to stop spam calls right now

Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.