Sunday, September 19, 2021
The Register

Yes, of course there’s now malware for Windows Subsystem for Linux

Once dismissed proof-of-concept attack on Microsoft OS through WSL detected in the wild Linux binaries have been found trying to take over Windows systems in what appears to be the first publicly identified malware to utilize Microsoft's Windows Subsystem...
The Register

Something phishy: Tech recruiters jabbed by fake COVID-19 Passport scam

Tells clients it is tackling the issue An IT recruitment agency says a "phishing scam" is behind a fake email sent to its customers with details on how to apply for a "Coronavirus Digital Passport."…
The Register

Is it OK to use stolen data? What if it’s scientific research in the public interest?

Not always, but Swiss team says you can manage the risks There's a fine line between getting hold of data that may be in the public interest and downright stealing data just because you can. And simply because the...
The Register

WTF? Microsoft makes fixing deadly OMIGOD flaws on Azure your job

Clouds usually fix this sort of thing before bugs go public. This time it's best to assume you need to do this yourself Microsoft Azure users running Linux VMs in the company's Azure cloud need to take action to...
The Register

Aviation-themed phishing campaign pushed off-the-shelf RATs into inboxes for 5 years

Not all promises of international flight itineraries are real, warns Cisco Talos A phishing campaign that mostly targeted the global aviation industry may be connected to Nigeria, according to Cisco Talos.…
The Register

Hack yourself before someone else does it for you

Breach and attack simulation tools help you raise your game, Keysight says Sponsored  Stop me if you’ve heard this before, but something appears to be amiss with cybersecurity. The spectacular success of ransomware is only the latest and worst...
The Register

Ransomware-hit law firm secures High Court judgment against unknown criminals

You tell 'em, 4 New Square chambers The London law firm which secured a court injunction forbidding ransomware criminals from publishing data stolen from them has now gone a step further – by securing a default judgment from the...
The Register

Computer and data scientists should be as highly regarded as ‘warriors’ says top UK cybergeneral

Translation: Skills shortage here! DSEI 2021  Military computer scientists ought to be treated with the same regard as pilots and warship captains, the head of the Army's cyber command has said.…
The Register

De-identify, re-identify: Anonymised data’s dirty little secret

Jeffrey Singh, stamp-collecting bachelor (35) of Milwaukee, Wisconsin – is that you? Feature  Publishing data of all kinds offers big benefits for government, academic, and business users. Regulators demand that we make that data anonymous to deliver its benefits...
The Register

It’s time to delete that hunter2 password from your Microsoft account, says IT giant

And go passwordless, use auth app, keys, Windows Hello, or codes to login From this week, Microsoft won't require you, or your password manager, to come up with strings of letters, numbers, and special characters forming a silly sentence...
The Register

This is AUKUS for China – US, UK, Australia reveal defence tech-sharing pact

Will build nuke-powered subs together and share cyber, AI, quantum and mysterious 'undersea capabilities' tech Australia, the United States of America, and the United Kingdom have signed a new defence and technology-sharing pact.…
The Register

Ransomware crims saying ‘We’ll burn your data if you get a negotiator’ can’t be legally paid off anyway

Grief Corp are already under US sanctions, says Emsisoft A couple of ransomware gangs have threatened to start deleting files if targeted companies call in professional negotiators to help lower prices for decryption tools.…
The Register

Ex-US intel, military trio were cyber-mercenaries for UAE, say prosecutors

Three men charged, agree to deal after infiltrating smartphones with zero-click exploits Three former US intelligence and military operatives broke America's weapons export and computer security laws by, among other things, helping the United Arab Emirates hijack and siphon...
The Register

Microsoft’s end-of-summer software security cleanse crushes more than 80 bugs

Patch Tuesday fiesta also sees Adobe and SAP tidying up Patch Tuesday  For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities, alongside 20 Chromium bugs in Microsoft Edge.…
The Register

Microsoft’s end-of-summer software security cleanse crushes more than 80 bugs

Patch Tuesday fiesta also sees Adobe and SAP tidying up Patch Tuesday  For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities, alongside 20 Chromium bugs in Microsoft Edge.…
The Register

Krita art app users targeted by ransomware posing as paid ‘collaboration’ opportunities

Artists advised to delete emails asking them to download 'media bundle' Krita, an open-source cross-platform digital painting application, has become the latest victim of ransomware – but rather than being attacked directly, its name is being used to spread...
The Register

Security bods boost Apple iPhone hardware attack research with iTimed toolkit

'The first complete infrastructure to enable general-purpose hardware security experiments on the Apple iPhone SoCs,' they claim A trio of researchers at North Carolina State University (NC State) have released what they describe as a "novel research toolkit" for...
The Register

Brits open doors for tech-enabled fraudsters because they ‘don’t want to seem rude’

Impersonation scams and smishing rocket, say UK Finance and Which? Brits are too polite to tell phone scammers to "get stuffed", "take a hike" or "sling yer 'ook" when they impersonate so-called "trusted organisations" such as banks.…
The Register

Thousands of internet-connected databases contain high or critical CVEs, says report by cloud security biz

Put your data on someone else's computer to keep it safe, urges Imperva After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet.…
The Register

ExpressVPN bought for $1bn by Brit biz with an interesting history in ad-tech world

'Kape has moved on from those times' UK-headquartered Kape Technologies announced on Monday it has acquired ExpressVPN in a $936m (£675m) cash and stocks deal, a move it claims will double its customer base to at least six million.…...
Security Affairs

The Biden administration plans to target exchanges supporting ransomware operations with sanctions

US Government is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware operations to cash out ransom payments. The Biden administration is putting in place all the strategies to disrupt the operations of the ransomware...

Former US Intelligence Operatives Admit They Hacked for UAE

Plus: Remote learning spyware, an AT&T bribery scandal, and more of the week's top security news.
Security Affairs

Expert discloses details and PoC code for Netgear Seventh Inferno bug

A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and take over impacted devices. Researchers provided technical details about a recently addressed critical vulnerability, dubbed Seventh Inferno, in Netgear smart...

A new app helps Iranians hide messages in plain sight

Enlarge / An anti-government graffiti that reads in Farsi "Death to the dictator" is sprayed at a wall north of Tehran on September 30, 2009. (credit: Getty Images) Amid ever-increasing government Internet control, surveillance, and censorship in...

Forget iPhone 13–Apple Suddenly Has A Critical New iPhone 14 Problem

How does Apple resolve the nightmare now awaiting its next iPhone...