Tuesday, May 21, 2019
The Register

Sophos tells users to roll back Microsoft’s Patch Tuesday run if they want PC to boot

Yes, the one with the critical security fixes Brit security software slinger Sophos has advised its customers to uninstall Microsoft's most recent Patch Tuesday run – the same patches that protect servers against the latest Intel cockups.…
The Register

Boeing admits 737 Max sims didn’t accurately reproduce what flying without MCAS was like

Turning off trim control software in training wouldn't give realistic results – report Boeing has admitted that pilot training simulators for the controversial 737 Max did not accurately reproduce what happened if the infamous MCAS system went gaga.…
The Register

Let adware be treated as malware, Canuck boffins declare after breaking open Wajam ad injector

If it walks like a duck and quacks like a duck then... Analysis  The technology industry has numerous terms for sneaky software, including malware, adware, spyware, ransomware, and the ever adorable PUPs – potentially unwanted programs. But there isn't...
The Register

CIA traitor spy thrown in the clink for selling secrets to China. Stack Overflow, TeamViewer admit: We were hacked…

...And more from the world of infosec this week Roundup  Here's a quick catch-up of all things infosec beyond what we've already reported this week.…
The Register

Giga-hurts radio: Terrorists build Wi-Fi bombs to dodge cops’ cellphone jammers

Explosives activated by wireless networking signals discovered amid election Terrorists have been caught strapping Wi-Fi-activated backup triggers to bombs in Indonesia, police revealed this week.…
The Register

It’s not chicken feed: Million-dollar meal deal for livestock sabotaged by hackers… and, er, exchange rates

Six-week investigation delay shrank payment by 13% A $1.2m shipment of livestock feed went awry when "hackers" intercepted and tweaked emails with payment details, eventually costing the cheeky buyers an extra $161,000 after exchange rates moved during the legal...
The Register

Get out of Huawei, it’s an avalanche of news from everyone’s favourite Chinese bogeyman

We read this week's Huawei happenings and filleted it so you don't have to Roundup  Huawei has been kicked by a US national emergency proclamation hitting "foreign" gear, spent some cash in France, claimed it's worth billions to Britain...
The Register

Good heavens, is it time to patch Cisco kit again? Prime Infrastructure root privileges hole plugged

Do the thing ASAP, you know how it works by now Among a bumper crop of 57 security issues Cisco divulged on Wednesday was a fix for a trio of vulns, one critical, in networks management tool Prime Infrastructure.…
The Register

Freed whistleblower Chelsea Manning back in jail for refusing to testify before secret grand jury

If orange is the new black, she's back in black After seven days of freedom, US Army whistleblower Chelsea Manning is back behind bars for refusing to testify before a secret federal grand jury investigating WikiLeaks.…
The Register

Bank-account-raiding Goznym malware bust: Five suspects collared, five still on the run. $100m feared stolen

Most exciting Enid Blyton book yet – Five accused of international fraud? Ten people have been accused of masterminded the theft of roughly $100m from bank accounts using the Goznym malware. Five have been arrested, charged, and are facing...
The Register

The plane, it’s ‘splained, falls mainly without the brain: We chat to boffins who’ve found a way to disrupt landings using off-the-shelf radio kit

DoS cyber-attacks are not just for websites, they may also be for aircraft ILS Video  Aircraft instrument landing systems (ILS) are susceptible to radio signal spoofing using off-the-shelf equipment, boffins have found, calling into question the adequacy of aviation...
The Register

Office 365 user security practices are woeful, yet it’s still ‘Microsoft’s fault’ when an org is breached

As soon as defences are sold as a product, hygiene suffers The US Cybersecurity and Infrastructure Security Agency (CISA) has become the latest government body to plead with admins to implement security best practices on Microsoft's Office 365 platform.…
The Register

Breaking news: Bank-card-slurping malware sneaks into Forbes’ mag subscription website

Dead-tree devotees who recently signed up may want to check their statements The Magecart credit-card-skimming malware that is the bane of internet shoppers has been spotted again, this time on the Forbes magazine subscription website.…
The Register

Google warns of Titan(ic) Bluetooth issue sinking its security keys, recalls early builds

A pairing problem makes an account compromise possible, although improbable Google is recalling some of its Titan Security Keys, used for two-factor authentication, after finding a security flaw exposed the key's Bluetooth connections to an attacker…
The Register

Titan-ic disaster: Bluetooth blunder sinks Google’s 2FA keys, free replacements offered

A pairing problem makes an account compromise possible, although improbable Google is offering free replacements of its Titan Security Keys, used for two-factor authentication, after learning the widgets' Bluetooth connections could be compromised by nearby hackers.…
The Register

We like transparency and we’re a CA, hackers hack all night and we log all day

Cert authority Sectigo funds Lets Encrypt transparency log Let’s Encrypt has wheeled out a new certificate transparency log called Oak, which is funded for a year by the certificates arm of Sectigo (formerly known as Comodo).…
The Register

Supreme Court says secret UK spy court’s judgments can be overruled after all

It all went a bit Pete Tong for the Peeping Toms Britain's Supreme Court said today that rulings from a secretive UK spy tribunal can now be appealed against after a legal challenge from pressure group Privacy International.…
The Register

MI5 slapped on the wrist for ‘serious’ surveillance data breach

Auditors poked around for a week after too many Peeping Toms had a trawl Home Secretary Sajid Javid has confessed to Parliament that MI5 bungled the security of "certain technology environments used to store and analyse data," including that...
The Register

Microsoft emits free remote-desktop security patches for WinXP to Server 2008 to avoid another WannaCry

Plus plenty of other fixes from Redmond and Adobe – and special guest star Citrix Patch Tuesday  It’s that time of the month again, and Microsoft has released a bumper bundle of security fixes for Patch Tuesday, including one...
The Register

Buffer the Intel flayer: Chipzilla, Microsoft, Linux world, etc emit fixes for yet more data-leaking processor flaws

Intel CPUs dating back a decade are vulnerable to latest cousin of Spectre Intel on Tuesday plans to release a set of processor microcode fixes, in conjunction with operating system and hypervisor patches from vendors like Microsoft and those...
Tripwire

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared...

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August. Despite reports emerging over the weekend of various chipmakers...
isBuzz

GDPR: The Best Strategy For International Businesses

The EU’s General Data Protection Regulation (GDPR) was created with the aim of homogenising data privacy laws across the EU. GDPR also applies to organisations outside the EU, if they monitor EU data subjects, or offer goods and services...
IBM Security

How Cyber-Secure Are Business Travelers? New Report Says Not Very

I travel frequently for business — to industry conferences such as RSA Conference and Black Hat and meeting with clients. Whenever I travel, I bring my work laptop, my personal cellphone enabled with work email and calendar, and, of...

Haas F1 team leans on service providers as security force multipliers

If today’s cars are smartphones on wheels, then race cars are supercomputers with engines attached. As the fastest racing sport in the world, Formula One cars come laden with over 100 sensors measuring every aspect of a car’s internal...