DDoS sueball, felonious fonts, leaky Android file manager, blundering building security, etc etc
Plus, Safari security foiled by… a finger swipe? Roundup This week we wrangled with alleged Russian election meddling, hundreds of millions of username-password combos spilled online, Oracle mega-patches, and cliams of RICO swap-gangs.…
The Iceman cometh, his smartwatch told the cops: Hitman jailed after gizmo links him to Brit gangland slayings
Killer jailed for life after fitness kit data tips off plod Avid runner and hitman Mark Fellows was this week found guilty of murder after being grassed up by his Garmin watch.…
US midterms barely over when Russians came knocking on our servers (again), Democrats claim
Лучшая защита – нападение? Russian hackers attempted to infiltrate the Democratic National Committee (DNC) just after the US midterm elections last year, according to a new court filing.…
Microsoft partner portal ‘exposes ‘every’ support request filed worldwide’ today
No customer data visible but hell's bells, Redmond, what have you borked now? Exclusive Alarmed Microsoft support partners can currently view support tickets submitted from all over the world, in what appears to be a very wide-ranging blunder by...
I used to be a dull John Doe. Thanks to Huawei, I’m now James Bond!
We'll know for sure when Huawei reveals a shoe-shaped smartphone Something for the Weekend, Sir? The name's McLeod. Alessandro McLeod. I am a spy for the secret services.…
Microsoft blue biz bug bounty bonanza beckons
Azure DevOps Services invites hackers to test its limits There's more money to be made from bug hunting in Microsoft code after Redmond announced its 10th active bug hunting reward scheme, the Azure DevOps Bounty Program.…
Old bugs, new bugs, red bugs … yes, it’s Oracle mega-update day again
Out of 284 flaws, 33 are rated critical. Big Red admins have big patches ahead Oracle admins, here's your first critical patch advisory for 2019, and it's a doozy: a total of 284 vulnerabilities patched across Big Red's product...
Got a Drupal-powered website? You may want to get patching now…
Open-source CMS gets a pair of critical fixes Drupal has issued a pair of updates to address two security vulnerabilities in its online publishing platform. The vulns are a little esoteric, and will not affect most sites, but it's...
Twitter. Android. Private tweets. Pick two… Account bug unlocked padlocked accounts
Cock-up went unnoticed for two Olympics, one World Cup, an EU referendum, and a US presidential election Twitter has fessed up to a flaw in its Android app that, for more than four years, was making twits' private tweets...
Top GP: Medical app Your.MD’s data security wasn’t my remit
Prof Maureen Baker told tribunal info security and clinical safety are two separate things The founders of medical symptom-checker app Your.MD knew that a number of key medical information databases were "open to anyone who knows the URL", emails...
Happy Thursday! 770 MEEELLLION email addresses and passwords found in yuge data breach
Now is a good time to get a password manager app Infosec researcher Troy Hunt has revealed that more than 700 million email addresses have been floating around “a popular hacker forum” - along with a very large number...
South Korea says mystery hackers cracked advanced weapons servers
No idea who could have been behind this one... The South Korea Ministry of National Defense says 10 of its internal PCs have been compromised by North Korea unknown hackers .…
$24m in fun bux stolen from crypto-mogul. Now he fires off huge fraud charge. Like, RICO, say?
Lawsuit claims coin thief was part of a gang targeting crypto whales The victim of a $24m cryptocurrency heist is suing his assailants in what is believed to be the first ever RICO claim involving digital currency.…
Lowjax city: Researchers crack open notorious Fancy Bear rootkit
UEFI malware has been in the wild for more than two years The Fancy Bear hacking group's Lojax rootkit is far from a one-off tool, and may have been active in the wild for years before it was first...
Epic’s Fortnite fail: Ancient UT2004 server used for login-stealing proof-of-concept
A tale of XSS, SQL injection and OAuth implementation Crafty infosec bods exploited XSS vulns on dusty corners of Epic Games’ web infrastructure to steal Fortnite gamers’ login tokens and compromise their accounts – using a genuine Epic Games...
Microsoft sends a raft of Windows 10 patches out into the Windows Update ocean
Whoa - is that an Access 97 iceberg dead ahead? Microsoft has released a second raft of fixes for Windows 10 following the monthly Patch Tuesday excitement last week. It has also issued some fixes for its latest Windows...
EDGAR Wrong: Ukrainians hacked SEC, stole docs for inside trading, says Uncle Sam
Crooks banked $270,000 in just one move, it is claimed A pair of Ukranian hackers broke into America's financial watchdog to swipe insider info for stock traders, it is claimed.…
‘It’s like they took a rug and covered it up’: Flight booking web app used by scores of airlines still vuln to attack – claim
Security hole can still be exploited to tamper with journeys, warn infosec bods Exclusive A security hole in a widely used airline reservation system remains open to exploit, allowing miscreants to edit strangers' travel details online, The Register has...
Yes, you can remotely hack … building site cranes. Wait, what?
Authentication is simply AWOL for remote RF construction plant, says Trend Micro Did you know that the construction industry uses radio-frequency remote controllers to operate cranes, drilling rigs and other heavy machinery? Doesn't matter: they're alarmingly vulnerable to being...
Want to get rich from bug bounties? You’re better off exterminating roaches for a living
Before you outsource security to strangers, try boosting internal cybersecurity skills Security researchers looking to earn a living as bug bounty hunters would to do better to pursue actual insects.…
Websites can steal browser data via extensions APIs
Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
6 Reasons We Need to Boost Cybersecurity Focus in 2019
Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency
Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information as well...
DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week
Trump dominated security headlines this week, but there's plenty of other news to catch up on.
Bulgaria Extradites Russian Hacker to US: Embassy
Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday.
read more
