Tuesday, March 19, 2019
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…
The Register

Sorry, Linux. We know you want to be popular, but cyber-crooks are all about Microsoft for now

Oh, and Flash! Arrrrrggghhh Eight out of the ten most exploited vulnerabilities tracked by threat intelligence biz Recorded Future in 2018 targeted Microsoft products – though number two on its list was, surprise surprise, a Flash flaw.…
The Register

PuTTY in your hands: SSH client gets patched after RSA key exchange memory vuln spotted

Bunch of bugs stomped with version 0.71 Venerable SSH client PuTTY has received a pile of security patches, with its lead maintainer admitting to the The Register that one fixed a "'game over' level vulnerability".…
The Register

Bandersnatch to gander snatched: Black Mirror choices can be snooped on, thanks to privacy-leaking Netflix streams

Interactive entertainment tells on itself despite encryption Boffins have found a side channel to observe the choices netizens make when viewing interactive streaming videos.…
The Register

Bad cup of Java leaves nasty taste in IBM Watson’s ‘AI’ mouth: Five security bugs to splat in analytics gear

Worst brew than that time El Reg went on a road trip and stopped at a Denny's IBM has issued a security alert over five vulnerabilities in its golden boy Watson analytics system.…
The Register

This headline is proudly brought to you by wired keyboards: Wireless Fujitsu model hacked

If you have an LX901, you are at risk of mild embuggerance A German security researcher has revealed that one model of Fujitsu wireless keyboard will accept unauthenticated input, despite the presence of AES-128 encryption.…
The Register

Lone staffer killed our shields, claims etailer Gearbest after infosec bods peep at user deets

Whether it's 1.5m or 280k exposed, it's not a great look Researchers working for VPNMentor have accused Chinese e-commerce site Gearbest of storing user information in "completely unsecured" Elasticsearch databases after discovering "1.5 million records" which they were able...
The Register

Karpeles walks, Google and Microsoft board up Windows hole, and Android AV still sucks

Plus, BlackBerry wants to be Uncle Sam's go-to security firm, thousands of legal docs pill online, and more Roundup  Last week we saw a conservative app exposed, the revelation of Beto's hacker past, and the rise of Slub.…
The Register

UK code breakers drop Bombe, Enigma and Typex simulators onto the web for all to try

You have to run GCHQ code? Nice try, spy guys UK signals intelligence agency GCHQ, celebrating its centenary, has released emulators for famed World War II-era cipher machines that can be run within its web-based educational encryption app CodeChef.…
The Register

Q&A: Crypto-guru Bruce Schneier on teaching tech to lawmakers, plus privacy failures – and a call to techies to act

'Politicians are reluctant to disrupt the enormous wealth creation machine technology has turned out to be' RSA  Politicians are, by and large, clueless about technology, and it's going to be up to engineers and other techies to rectify that,...
The Register

What was that P word? Ah. Privacy. Yes, we’ll think about privacy, says FCC mulling cellphone location data overhaul

Commissioners still doing their best to ignore bounty hunter stalking scandal Analysis  America's comms regulator has finally pinky-promised to at least consider people's privacy when it looks into how cellphone location data can be made more accurate.…
The Register

Beto O’Dork: White House hopeful O’Rourke was a member of America’s top hacking crew Cult of Dead Cow

Revealed: Dem golden boy's past as BBS-dwelling l33t teen Newly minted US presidential hopeful Beto O'Rourke says he was a member of Cult of the Dead Cow, one of the most legendary hacking groups in cyber-history.…
The Register

Welcome. You’re now in the timeline in which US presidential hopeful Beto was a member of a legendary hacking crew

From O'Dork to O'Rourke: Dem golden boy's past as BBS-dwelling l33t teen revealed Newly minted US presidential hopeful Beto O'Rourke says he was a member of Cult of the Dead Cow, one of the most legendary hacking groups in...
The Register

Public spending watchdog snipes at UK.gov’s £1.3bn infosec plan – but broadly nods it through

Less hiding behind 'national security' to hush up failures, please Britain's Cabinet Office (CO) hasn’t quite bungled the National Cyber Security Programme (NCSP) but it could certainly be doing things a lot better, the National Audit Office said today.…
The Register

So you need an IT security center. Fret not: Let an automated solution take the strain

Comarch offers all-in-one infrastructure monitoring Promo  Today's businesses are so heavily dependent on their IT infrastructure that the slightest disruption in service can incur damaging losses.…
The Register

Don’t be a WordPress RCE-hole and patch up this XSS vuln, pronto

Not on 5.1.1? You should be A newly revealed vuln in the open-source CMS WordPress allows an unauthenticated website attacker to remotely execute code – potentially letting naughty folk delete or edit blog posts.…
The Register

Protip: If you’d rather cyber-scoundrels didn’t know the contents of your comp, don’t apply for a Pakistani passport

Compromised government website slurps buttload of data about applicants A Pakistani government website was compromised with a keylogger and other malware that hoovered up a whole host of information about people checking on their passport application status.…
The Register

Hackers cop a FILA thousands of UK card deets after slinking onto clothing brand’s servers

Pesky JavaScript malware harvester strikes again Sportswear brand FILA is the latest company to fall victim to the card-stealing JavaScript infection that menaced British Airways and Ticketmaster last year.…
The Register

What do sexy selfies, search warrants, tax files have in common? They’ve all been found on resold USB sticks

You do know just dragging stuff to the delete folder doesn't wipe stuff, right? Apparently not About two-thirds of USB memory sticks bought secondhand in the US and UK have recoverable and sometimes sensitive data, and in one-fifth of...
The Register

Thought you were done patching this week? Not if you’re using an Intel-powered PC or server

Here comes Chipzilla with a big bunch of security fixes for graphics drivers, server and workstation firmware, and more Hot on the heels of this month's security updates from Microsoft, Adobe, and SAP, Intel has kicked out a batch...
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.