HMRC’s HTTPS howler: Childcare payments site cert expired at 1am on Sunday, down for hours
Gov.uk portal finally lurched back to life after lunch Furious parents have lashed out at Her Majesty's Revenue and Customs after the UK tax authority let a key HTTPS certificate expire on its childcare tax credit portal.…
Pizza prankster’s prisoner plea plot perturbs police, Norks invading and Uber woes
Plus, a Windows NTSF flaw, Fortnite hacking, and much, much more Security roundup Here are a handful of security happenings in the past week that are worth noting - aside from what The Reg has already covered.…
Disgraced ex-Kaspersky guy made me do it, says bloke in Russian court on hacking charges
Oh no I didn't, says disgraced ex-Kaspersky guy An accused Russian hacker has claimed Kaspersky's former head of investigations blackmailed him into stealing approximately £150,000 from local banks.…
Bulgarian phishing gang member who lived with his parents jailed for part in £40m fraud ring
37-year-old was extradited to Blighty to stand trial A Bulgarian phishing criminal who created fake versions of legitimate companies' websites as part of a £40m fraud has been jailed.…
Supply chain actors agree that everyone’s a security risk – except themselves, of course
Perception is an illusion, grasshopper Security surveys tend to confirm what we already knew a few months ago and the 2019 Global Cyber Risk Perception Survey (PDF) from Marsh and Microsoft does not disappoint.…
Nice work if you can grift it: Two blokes accused of swindling $10m from the elderly with bogus virus infection alerts
~~~WaRNiG!! Ur PC has THe Da Vinci m4Lw4rez!! CaLL 1-555-NOSCAM 2 f!x it~~~ Two Americans used bogus virus-infection alerts to bilk $10m out of PC owners, it is alleged.…
If you’re using Harbor as your container registry, bear in mind it can be hijacked with has_admin_role = True
Patch now before miscreants sail off with your apps, data IT departments using the Harbor container registry will want to update the software ASAP, following Thursday's disclosure of a bug that can be exploited by users to gain administrator...
FedEx execs: We had no idea cyberattack would be so bad. Investors: Is that why you sold $40m+ of your own shares?
Shareholders NotHappy stock offloaded in NotPetya aftermath FedEx execs not only hid the impact of the NotPetya ransomware on their business but personally profited by selling off tens of millions of dollars of their own shares before the truth...
Chinese students in UK ripe target for scammers exploiting visa concerns
Add in Brexit outsourcing mess and it's plain to see why young international scholars get duped Scammers are exploiting Chinese students' Brexit fears by targeting them with phishing emails claiming their visas could be revoked, threat intel researchers say.…
Belgian F-16 pilot rescued from power line after emergency ejection
Two-seat jet crashed in France A Belgian F-16 fighter jet pilot has been rescued from a power line after getting into difficulties and ejecting from his stricken aircraft.…
WannaCry is still the smallpox of infosec. But the latest strain (sort of) immunises its victims
Whatever you do, don't pay the ransom Analysis WannaCry – the file-scrambling ransomware that infamously locked up Britain's NHS and a bunch of other organisations worldwide in May 2017 – is still a live-ish threat to this day, infosec...
IT now stands for Intermediate Targets: Tech providers pwned by snoops eyeing up customers – report
Symantec says Tortoiseshell crew ransacked suppliers Miscreants are hacking into Saudi Arabian IT providers in an attempt to compromise their real targets: said providers' customers, according to Symantec.…
Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up
Both sides have different interpretations of the rules The infosec duo cuffed during an IT penetration test that went south last week are out of jail, though not necessarily out of the woods.…
Scotiabank slammed for ‘muppet-grade security’ after internal source code and credentials spill onto open internet
Blueprints for mobile apps, databases exposed in public GitHub repos Exclusive Scotiabank leaked online a trove of its internal source code, as well as some of its private login keys to backend systems, The Register can reveal.…
GitHub gobbles biz used by NASA, Google, etc to search code for bugs and security holes in Mars rovers, apps…
Semmle's flaw-finding queries can be shared and used on multiple projects On Wednesday, Microsoft's GitHub said it has acquired Semmle, a San Francisco-based software analysis platform for finding vulnerabilities in code. No price was disclosed.…
Uni sysadmins, don’t relax. Cybercrooks are still after your crown jewels, warns NCSC
GCHQ offshoot says be on your guard Cybercrims are still likely to affect universities and other educational institutions online with ransomware, reckons GCHQ offshoot the National Cyber Security Centre.…
Analytics exec nicked as Ecuador tries to rush through privacy laws after massive data leak
Government gave them the deets, so not a hacking charge The head of Novaestrat, the data analytics company at the centre of the huge leak revealed on Monday involving personal information about more than 20 million Ecuadorian citizens, has...
MPs call for ‘immediate’ stop to facial recog in UK as report underlines bias risks in ‘pre-crime’ algos used by coppers
New report after 12 forces across England and Wales trialled technology MPs across parties have called for an immediate "stop" to live facial recognition surveillance by the police and in public places.…
How to break out of a hypervisor: Abuse Qemu-KVM on-Linux pre-5.3 – or VMware with an AMD driver
Pair of bug reports show how VM escapes put servers at risk A pair of newly disclosed security flaws could allow malicious virtual machine guests to break out of their hypervisor's walled gardens and execute malicious code on the...
Your ugly mug may be scanned yet again – but at least you’ll be able to board faster at Gatwick
Brit airport to extend facial recog after easyJet trial Gatwick Airport will extend its use of facial recognition to match passengers to their passports at departure gates before they board planes.…
Ning Wang – Offensive Security
Ning WangCEO Offensive Security
Why Nominated: Ning Wang is a rising star has worked to break the
boundaries in the security industry, so that people can see that anyone is
capable of starting a career in cybersecurity and advancing it –...
Dani Martínez – IOActive
Dani MartínezSecurity ConsultantIOActive
Why nominated:
Dani Martínez proved to be a self-starter, beginning his career in
IT he soon developed an interest in cybersecurity and began taking online
courses in his spare time. Martínez also dove write in and began a
cybersecurity blog...
Maurice Stebila – Harman, a Samsung Company
Maurice StebilaDigital Security,Compliance and Privacy OfficerHarman, a Samsung Company
Why nominated: Maurice Stebila has spent more than 30 years in the automotive,
manufacturing and financial services industry supporting two of the world’s
largest companies – EDS/General Motors and Harman by Samsung...
Ed Adams – Security Innovation
Ed AdamsPresident and CEOSecurity Innovation
Why Nominated:
A highly respected veteran of the cybersecurity industry, Security Innovation
CEO Ed Adams has taken on several new leadership roles in the year or so. Last
April, he was named to board of directors of...
David Archer – Galois
David ArcherPrincipal scientistGalois
Why Nominated: Archer, an
advocate for preserving privacy of data even when it’s used in decision-making
both within the U.S. at all levels of government as well as internationally,
directs research in privacy-preserving information technologies.
Profile: David Archer is all...
