Tuesday, May 26, 2020
The Register

Galaxy S20 security is already old-hat as Samsung launches new safety silicon

Passport-grade chippery to help mobile devices prove their identity Samsung will launch a new standalone turnkey security chip to protect mobile devices, the company announced today.…
The Register

Galaxy S20 security is already old hat as Samsung launches new safety silicon

Passport-grade chippery to help mobile devices prove their identity Samsung will launch a new standalone turnkey security chip to protect mobile devices, the company announced today.…
The Register

Contact-tracing app may become a permanent fixture in major Chinese city

Hangzhou wants a 'health and immunity firewall' One of China's major tech hubs is planning to make a health and movement tracking system developed to fight the COVID-19 epidemic a permanent fixture in daily life.…
The Register

Pre-authentication, remote root hole in call-center software? Thanks, Cisco. Just what a long weekend needs

This and more bits and bytes from infosec world Roundup  It's once again time to catch up on the latest happenings from the world of infosec.…
The Register

It wasn’t just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victims

Unsurpisingly budget airline goes cheap: No payout or credit monitoring Victims of the Easyjet hack are now being told their entire travel itineraries were accessed by hackers who helped themselves to nine million people’s personal details stored by the...
The Register

Forget BYOD, this is BYOVM: Ransomware tries to evade antivirus by hiding in a virtual machine on infected systems

Like Inception, but expensive and disappointing. So... just like Inception With antivirus tools increasingly wise to common infection tricks, one group of extortionists has taken the unusual step of stashing their ransomware inside its own virtual machine.…
The Register

To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it

Welp, at least that's better than industry averages, says code-hosting biz Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing – and a fifth of the participants submitted their...
The Register

Campaign groups warn GCHQ can re-identify UK’s phones from COVID-19 contract-tracing app data

Yes, the app that's not quite working yet Campaign groups have written to the UK Prime Minister warning GCHQ and its digital arm, the National Cyber Security Centre (NCSC) will have the capacity to re-identify the phones of people...
The Register

Campaign groups warn GCHQ can re-identify UK’s phones from COVID-19 contact-tracing app data

Yes, the app that's not quite working yet Campaign groups have written to the UK Prime Minister warning GCHQ and its digital arm, the National Cyber Security Centre (NCSC) will have the capacity to re-identify the phones of people...
The Register

Far-right leader walks free from court after conviction for refusing to hand his phone passcode over to police

British border search law strikes again The leader of far-right political group Britain First has been handed a judicial slap on the wrist after refusing to give his phone PIN to police at Heathrow Airport.…
The Register

DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline

Microsoft, BIND, Google, Cloudflare, Amazon, others fix up software A new vulnerability has been found in the design of the world's domain-name system that potentially can be exploited to flood websites off the internet.…
The Register

Zoom continues its catch-up security sprint with new training, bug bounty tweaks and promise of crypto playbook

Sigh. How many users did it have before it started this stuff? Zoom has outlined more about its efforts to improve its security.…
The Register

Remember when Securus was sued for recording 14,000 calls between prison inmates and lawyers? It just settled

It was a software bug, insists telco, as attorneys walk with most of the money Literal locked-down market biz Securus Technologies has settled a class-action lawsuit over illegally recorded prison phone calls, promising to improve its systems while avoiding...
The Register

UK’s Ministry of Defence: We’ll harvest and anonymise private COVID-19 apps’ tracing data by handing it to ‘behavioural science’ arm

Plus, Serco plays email fail game by mass-mailing human contact tracers; NCSC gives feedback on feedback about beta app COVID-19 app round-up  Worried about identifiable personal data from your coronavirus contact-tracing app making it into a British government database?...
The Register

Ransomware has gone nuclear: To avoid any fallout yourself, tune in online this month to hear from KnowBe4

How to defend your organization from attack Webcast  We’ve been hearing about ransomware for years now. You may even personally know a company that has been a victim and quietly paid up, and you may even know someone who’s...
The Register

Houseparty denied it had been hacked…. while miscreants were abusing its dot-com’s domain-name infrastructure

Subdomain takeover possible, says infosec bod At the end of March, video chat app Houseparty, owned by Epic Games, responded to unsubstantiated reports that user accounts had been hacked – by offering a $1m bounty to anyone able to...
The Register

Tech’s Volkswagen moment? Trend Micro accused of cheating Microsoft driver QA by detecting test suite

AV maker denies allegation, says researcher is 'looking for attention' Trend Micro is on the defensive after it was accused of engineering its software to cheat Microsoft's QA testing, branding the allegation "misleading."…
The Register

Former Labour deputy leader Harriet Harman calls on UK govt to legally protect data from contact-tracing apps

'We don't want the system to rely on the individual integrity of any minister, ministerial team, or government' Harriet Harman, chair of the UK's Joint Committee on Human Rights and former Labour Deputy Leader, has redoubled calls on the...
The Register

You know this Land of the Free thing, yeah? Well then, why allow the FBI to trawl through Americans’ browsing history without a warrant?

50-plus advocacy groups call on US House of Reps to slap protection mechanism on surveillance law Congress has been urged to introduce a measure that would require the FBI to get a warrant before agents can review Americans’ internet...
The Register

Rogue ADT tech spied on hundreds of customers in their homes via CCTV – including me, says teen girl

Security biz admits worker snooped on victims, two lawsuits filed A technician at ADT remotely accessed as many as hundreds of CCTV cameras to spy on people in their own homes, the burglar-alarm biz has admitted.…
Bruce Schneier

Bluetooth Vulnerability: BIAS

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication...
Tripwire

Updated AnarchyGrabber Steals Passwords, Spreads to Discord Friends

Researchers found an updated version of AnarchyGrabber that steals victims’ plaintext passwords for and infects victims’ friends on Discord. Detected as AnarchyGrabber3, the new trojan variant modified the Discord client’s %AppData%Discordmodulesdiscord_desktop_coreindex.js file upon successful installation. This process gave the...
ZDNet

Forescout files lawsuit against Advent for withdrawal of merger plans due to COVID-19

Advent says the pandemic has resulted in “material” changes at Forescout. The company disagrees.

How To Achieve Balance Between Cybersecurity And The User Experience

Usability and security go hand in hand. If you have usability, then by default, you should have security designed into it.

Determining Liability For Security Breaches Isn’t Black And White

Between the volume of successful cyberattacks and the rising cost of the fallout from those attacks, it's understandable for companies and individuals to want to hold someone responsible.