The Register

Syndicate content
Biting the hand that feeds IT — sci/tech news and views for the world
Updated: 12 min 34 sec ago

CBS's Showtime caught mining crypto-coins in viewers' web browsers

5 hours 20 min ago
Who placed the JavaScript code on two primetime dot-coms? So far, it's a mystery

The websites of US telly giant CBS's Showtime contained JavaScript that secretly commandeered viewers' web browsers over the weekend to mine cryptocurrency.…

Categories: Security Articles

Sensitive client emails, usernames, passwords exposed in Deloitte hack

10 hours 37 min ago
Oops, did someone forget to turn on 2FA?

Deloitte, one of the world's "big four" accountancy firms, has fallen victim to a cyberattack that exposed sensitive emails to hackers.…

Categories: Security Articles

Insteon and Wink home hubs appear to have a problem with encryption

12 hours 22 min ago
Which is to say neither do it

Security researchers have discovered that two popular home automation systems are vulnerable to attacks.…

Categories: Security Articles

Brit military wants a small-drone-killer system for £20m

13 hours 22 min ago
Too small for lasers, too big for nets

Fresh from showing off its gotta-zap-'em-all Dragonfire laser cannon, the Ministry of Defence is now buying a £20m anti-drone system.…

Categories: Security Articles

Cops shut 28k sites flogging knock-off footie kits and other tat

14 hours 26 min ago
Warn Joe Public: they'll nick your ID and ruin your credit

Cops have closed 28,000 websites selling counterfeit goods over the last three years, the City of London Police’s Intellectual Property Crime Unit (PIPCU) revealed today.…

Categories: Security Articles

Pesky users! They're always compromising endpoints! Security baked into silicon helps

17 hours 33 min ago
Intel chippery tech mitigates the most careless of workers

Sponsored  We can all agree that endpoint security is important – and also that it is a pain to enforce. Because of people. Worker carelessness is the most potent threat to endpoint security, according to US IT decision makers.…

Categories: Security Articles

Guess – go on, guess – where a vehicle tracking company left half a million records

Sun, 2017-09-24 21:01
No prize, because it's too easy: SVR Tracking had an unsecured AWS S3 bucket

A US outfit that sells vehicle tracking services has been accused of leaving more than half a million records in a leaky AWS S3 bucket.…

Categories: Security Articles

Shock! Hackers for medieval caliphate are terrible coders

Sun, 2017-09-24 20:20
Daesh-bags give up on writing their own attack code, copy successful hackers

DerbyCon  An analysis of the hacking groups allying themselves to Daesh/ISIS has shown that about 18 months ago the religious fanatics stopped trying to develop their own secure communications and hacking tools and instead turned to the criminal underground to find software that actually works.…

Categories: Security Articles

Don’t fear the software shopkeeper: T&Cs banning bad reviews aren’t legal in America

Fri, 2017-09-22 18:32
Doesn’t stop them trying to put the frighteners, tho

DerbyCon  Security vendors are inserting language into their products' terms and conditions that attempt to silence critics, folks attending this year's DerbyCon conference were told on Friday.…

Categories: Security Articles

Want to get around app whitelists by pretending to be Microsoft? Of course you can...

Fri, 2017-09-22 17:27
...And here's how

DerbyCon  A sprinkle of code and an understanding of the Windows digital certificate process is all that's needed for a miscreant to sneak malware past Microsoft's application whitelist within a corporate environment.…

Categories: Security Articles

Aw, not you too, Verizon: US telco joins list of leaky AWS S3 buckets

Fri, 2017-09-22 15:45
Now is a good time to go check your own Amazon settings. It's OK, we'll wait

Yet another major company has burned itself by failing to properly secure its cloud storage instances. Yes, it's Verizon.…

Categories: Security Articles

NBD: Adobe just dumped its PRIVATE PGP key on the internet

Fri, 2017-09-22 14:08
Change the name to A-d'oh!-be

Updated  An absent-minded security staffer just accidentally leaked Adobe's private PGP key onto the internet.…

Categories: Security Articles

IoT botnet Linux.ProxyM turns its grubby claws to spam rather than DDoS

Fri, 2017-09-22 10:28
I don't know which is worse

An IoT botnet is making a nuisance of itself online after becoming a conduit for spam distribution.…

Categories: Security Articles

Finance sector is littered with vulns, and guess what – most can be resolved by patching

Fri, 2017-09-22 08:55
But pen-testers have questioned the figures

Security vulnerabilities across the finance sector have increased more than fivefold (418 per cent) in the last four years, according to a study by NCC Group.…

Categories: Security Articles

Ethereum-backed hackathon excavates more security holes

Fri, 2017-09-22 06:51
Smart contracts language easy to use and create exploits with

An Ethereum-backed contest has revealed a few new tricks for disguising malware as the harmless code the network uses to transfer and manipulate funds: digital smart contracts.…

Categories: Security Articles

Mini-Heartbleed info leak bug strikes Apache, airborne malware, NSA algo U-turn, and more

Fri, 2017-09-22 04:01
The security week in review

Roundup  As ever, it's been a doozy of a week for cybersecurity, or lack thereof. The Equifax saga just keeps giving, the SEC admitted it was thoroughly pwned, and Slack doesn't bother to sign its Linux versions. We do spoil you so, Reg readers. And that was only yesterday. Here's the rest of the week's shenanigans we didn't get round to.…

Categories: Security Articles

IT plonker stuffed 'destructive' logic bomb into US Army servers in contract revenge attack

Thu, 2017-09-21 19:34
He's now facing 10 years in prison for act of spite

An IT contractor is facing a possible decade behind bars in America for planting a ticking "destructive" time bomb in US military systems.…

Categories: Security Articles

Slain: Unions' US OPM mega-hack lawsuit against Uncle Sam

Thu, 2017-09-21 13:09
You have to get shafted before you can sue, says court

A lawsuit brought against the hacker-ransacked Office of Personnel Management on behalf of US federal employees has been killed.…

Categories: Security Articles

SEC 'fesses to security breach, says swiped info likely used for dodgy stock-market trading

Thu, 2017-09-21 12:34
EDGAR database a veritable goldmine of financial tips

The US Securities and Exchange Commission (SEC) has admitted that hackers broke into its corporate filling system last year.…

Categories: Security Articles

Researchers claim ISPs are 'complicit' in latest FinSpy snooping rounds

Thu, 2017-09-21 10:31
Dictators' favourite spyware is working at the top, says report

A surveillance campaign utilising a new variant of FinFisher, the infamous spyware also known as FinSpy, has been tracked by security researchers.…

Categories: Security Articles