Saturday, July 20, 2019
The Register

In the cooler for the next three years: Hacker of iCloud accounts used by athletes and rappers

Phishing led to shopping spree with victims' credit cards A man from the US state of Georgia who pleaded guilty in March to breaking into the Apple iCloud accounts of sports and entertainment figures was sentenced on Thursday to...
The Register

When Harry met celly: NSA hoarder thrown in the clink for 9 years – after taking classified work home for decades

Contractor Martin sentenced for squirreling away 50TB of hush-hush files, exploits An ex-NSA contractor who admitted stashing some 50TB of secret US government documents and exploit code at his home was today sentenced to nine years behind bars.…
The Register

All very MoD-ern: RAF test pilot headed into space with Virgin, £30m small sat demo project

Defence ministry gets with the Apollo vibes Roundup  As the world celebrates the 50th anniversary of the Apollo 11 Moon mission, the UK's Ministry of Defence has gone a bit wacky – not only does it have fresh space...
The Register

Israel’s NSO Group: Our malware? Slurp your cloud backups plus phone data? They’ve misunderstood

After report claimed its sales pitches boasted of doing that Israeli spyware firm NSO Group has denied it developed malware that can steal user data from cloud services run by Amazon, Apple, Facebook, Google and Microsoft.…
The Register

Your biz won’t be hacked by a super-leet exploit. It’ll be Bob in sales opening a dodgy email

Or Sam connecting a vulnerable dev box to production. Here's your gentle guide to risks and threats menacing your IT Backgrounder  The good news for enterprise security is that the number of reported cyberattacks is going down, in the...
The Register

Excluding Huawei from UK’s 5G will harm security, MPs warn

A decision must be made as a 'matter of urgency', says Intelligence and Security Committee Excluding Huawei from the UK's 5G network infrastructure would harm resilience and "lower security standards", the Intelligence and Security Committee (ISC) warned today.…
The Register

2015 database hack is the terrible gift that keeps giving for Slack: Tens of thousands of passwords now reset

Yak app still cleaning up after four-year-old cyber-break-in Slack says a 2015 database theft is to blame for a large-scale reset of stolen passwords.…
The Register

IT security biz’s ex-veep of finance accused of masterminding $400,000 insider-trading caper

Exec lined up sales of shares based on internal know-how, claims watchdog The former finance VP of computer security outfit OSI has been charged with making big bucks from insider trades on his own company's plunging stock.…
The Register

It’s never good when ‘Magecart’ and ‘bulletproof’ appear in the same sentence, but here we are

Ukrainian civil war a bonanza for dodgy malware hosting firms A growing crop of so-called bulletproof hosting companies are using the ongoing civil war in Ukraine to host Magecart malware without fear of the police coming knocking.…
The Register

Bulgaria hack: 20-year-old infosec whizz cuffed after ‘adult population’s’ finance deets nicked

Bosses stick up for suspect, claim he's being framed for pinching 5m folks' data A 20-year-old infosec bod has been arrested in Bulgaria after most of the country's population had their personal and financial details stolen.…
The Register

Those facial recognition trials in the UK? They should be banned, warns Parliamentary committee

Latest call to halt creepy tech likely to fall on deaf ears The government should slap a "moratorium on the current use of facial recognition technology, with "no further trials" until there is legal framework in place, a Parliamentary...
The Register

Microsoft demos end-to-end voting verification system ElectionGuard, will publish code on GitHub

'Defending democracy' initiative to resist nation-state attacks Microsoft has demonstrated its ElectionGuard electronic vote system at the Aspen Security Forum under way in Colorado, as well as warning that nearly 10,000 of its customers have been targeted by nation-state...
The Register

‘Member Ke3chang? They’re still at it, you know. Euro diplomats targeted by ‘China-based’ hacker crew

Click your mouse three times... there's no place like a back door to your machine - ESET An old-school shadowy malware group believed to operate out of China has been targeting diplomats with what infosec researchers say is a...
The Register

Dutch cops collar fella accused of crafting and flogging Office macro nasties to cyber-crooks

Accused bloke cuffed after plod swoop on home A 20-year-old man from the Netherlands accused of building and selling Office macro malware was arrested Wednesday.…
The Register

Fresh stalkerware crop pops up on Google’s Android Play Store, swiftly yanked offline

130,000 have already downloaded creepware Seven new stalkerware apps have been spotted for sale on the Android Play Store, despite Google's policy against the invasive monitoring tools.…
The Register

Don’t give it away, give it away, give it away now, bot busting biz tells reCAPTCHA data serfs

Instead of enriching Google, try making a market for click work Analysis  Internet companies depend on free labor. Companies like Amazon, Facebook and Google rely upon content creators who give their work away for the sake of platform participation...
The Register

For pity’s sake, groans Mimecast, teach your workforce not to open obviously dodgy emails

JavaScript obfuscation finds its way into finance phishery A JavaScript-based phishing campaign mainly targeting British finance and accounting workers has been uncovered by Mimecast.…
The Register

Email scammers extract over $300m a month from American suits’ pockets

FinCEN has recovered more than $500m to date While you're sweating to make an honest crust, email scammers are counting at least $301m in untaxed takings every month in the US alone, according to research by the Financial Crimes...
The Register

Turning it off and on again IN SPAAACE! ISS animal-tracker kit needs oldest trick in the book

There's bit more to it than leaning down and fumbling for reset switch, though Icarus – the ambitious project to track hundreds of thousands of animals from space – has hit an unexpected delay after a specialised computer installed...
The Register

It was totally Samsung’s fault that crims stole your personal info from a Samsung site, says Samsung-blaming Sprint

Just in case we've not made ourselves clear, Samsung screwed you over, adds Sprint Sprint has told some of its subscribers that a piss-poor Samsung website exposed their personal details to the internet.…

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.