Saturday, January 16, 2021
The Register

Signal boost: Secure chat app is wobbly at the moment. Not surprising after gaining 30m+ users in a week, though

Install base explodes following WhatsApp 'privacy' update, Musk endorsement Signal is experiencing a partial outage as tens of millions of netizens flood the free secure messaging service.…
The Register

Coming in at number 5, it’s a blast from the past! Tenable’s 2020 security flaw chart show features hits of yesteryear

You know that update thing? JFDI Out of the top five vulnerabilities for 2020 three dated back to 2019 or earlier, according to infosec firm Tenable's annual threat report.…
The Register

Ministry of Defence’s cyber warfare drive is helping burn a hole through its budget, warns UK’s National Audit Office

All that counter-China stuff costs a pretty penny, y'know The Ministry of Defence's multibillion budget overrun has been caused in part because of its spending splurge on flashy new "cyber" capabilities, according to the National Audit Office.…
The Register

Is a remote workforce making your organisation less secure?

And can SASE save us? Webcast  Last year your bosses embraced remote working because, let’s face it, none of us had a choice.…
The Register

World’s largest dark-web marketplace shuttered after Euro cybercops cuff Aussie

20 DarkMarket servers siezed and probed in international raids Europol cops have taken down dark-web souk DarkMarket, after arresting an Australian citizen living in Germany who they claim was operating the world's biggest online bazaar of its kind.…
The Register

Microsoft emits 83 security fixes in first Patch Tuesday of 2021 – and miscreants are already exploiting one of them

Redmond keeps us hanging with on-premises Exchange flaw still to be fixed Patch Tuesday  Microsoft on Tuesday released updates addressing 83 vulnerabilities in its software, which doesn't include the 13 flaws fixed in its Edge browser last week.…
The Register

SolarWinds malware was sneaked out of the firm’s Orion build environment 6 months before anyone realised it was there – report

Crowdstrike tech analysts explain how they think it slipped under the radar The malware that was utilised to hack SolarWinds checked to see whether software used to compile the firm's Orion product was running before deploying its payload, according...
The Register

Microsoft’s beefed-up take on Linux server security has hit general availability

Endpoint Detection and Response added. For servers, not standalone Linux desktops, mind After a few months in preview, Microsoft has made Defender Endpoint Detection and Response (EDR) generally available for Linux servers.…
The Register

In case you hadn’t heard, SolarWinds was hacked by Moscow, says Kaspersky Lab

Brave move for Russian firm to finger its own govt over cyber badness Kaspersky Lab reckons the SolarWinds hackers may have hailed from the Turla malware group, itself linked to Russia’s FSB security service.…
The Register

How I found a bug in YouTube that let me watch private videos I wasn’t allowed to, says compsci student

Theft-by-a-thousand-cuts flaw fixed Until early last year, Google's YouTube had a security flaw that made private videos visible at reduced resolution, though not audible, to anyone who knew or guessed the video identifier and possessed the technical knowledge to...
The Register

Ubiquiti iniquity: Wi-Fi box slinger warns hackers may have peeked at customers’ personal information

Salted password hashes, addresses, phone numbers may have been exposed in cloud security snafu Networking vendor Ubiquiti has written to its customers to advise them of a possible leak of their personal information.…
The Register

That’s it. It’s over. It’s really over. From today, Adobe Flash Player no longer works. We’re free. We can just leave

Post-Flashpocalypse, we stumble outside, hoping no one ever creates software as insecure as that ever again Adobe has finally and formally killed Flash.…
The Register

Thou shalt not hack indiscriminately, High Court of England tells Britain’s spy agencies

Choke chain tightened on 'general warrants' after Privacy International wins judicial review A landmark High Court ruling has struck down Britain's ability to hack millions of people at a time through so-called "general warrants" in what privacy campaigners are...
The Register

Unauthorised RAC staffer harvested customer deets then flogged them to accident claims management company

8-month suspended sentence for conspiracy to secure unauthorised access to computer data An employee at emergency roadside rescue biz RAC has received an eight-month suspended prison sentence for unsanctioned access to computer systems that saw her sell customers' data...
The Register

SolarWinds takes a leaf out of Zoom’s book, hires A-Team of Stamos and Krebs to sort out its security woes

The week's other security news Embattled and embarrassed network management shop SolarWinds has reportedly hired two of the highest profile security bods in the biz to sort out its woes.…
ZDNet

Iconic BugTraq security mailing list shuts down after 27 years

BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities.

Weekly Update 226

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineA little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people...
SC Magazine

FIN11 e-crime group shifted to CL0P ransomware and big game hunting

The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise. “Several...
ZDNet

Joker's Stash, the internet's largest carding forum, is shutting down

Joker's Stash to shut down on February 15, 2021.
SC Magazine

Biden to invest in cyber workforce, but without plan to overcome lingering staffing hurdles

President-elect Joe Biden announced funding to modernize secure IT and lure cyber talent to the public sector as part of his plan to stimulate the economy and rebuild in the wake of the pandemic. But cybersecurity experts remain skeptical...