News

Screencastify fixes bug that would have let rogue websites spy on webcams

The Register - 1 hour 54 min ago
School-friendly tool still not fully protected, privacy guru warns

Screencastify, a popular Chrome extension for capturing and sharing videos from websites, was recently found to be vulnerable to a cross-site scripting (XSS) flaw that allowed arbitrary websites to dupe people into unknowingly activating their webcams.…

Categories: News

How to find NPM dependencies vulnerable to account hijacking

The Register - Mon, 23/05/2022 - 08:58
Security engineer outlines self-help strategy for keeping software supply chain safe

Following the recent disclosure of a technique for hijacking certain NPM packages, security engineer Danish Tariq has proposed a defensive strategy for those looking to assess whether their web apps include dependencies tied to subvertable email domains.…

Categories: News

Microsoft sounds the alarm on — wait for it — a Linux botnet

The Register - Mon, 23/05/2022 - 07:57
Redmond claims the numbers are scary, but won't release them

Microsoft has sounded the alarm on DDoS malware called XorDdos that targets Linux endpoints and servers.…

Categories: News

South Korean and US presidents gang up on North Korea's cyber-offensives

The Register - Mon, 23/05/2022 - 06:25
Less than two weeks into his new gig, Yoon cozies up to Biden as China and DPRK loom

US president Biden and South Korea's new president Yoon Suk Yeol have pledged further co-operation in many technologies, including joint efforts to combat North Korea.…

Categories: News

Conti: Russian-backed rulers of Costa Rican hacktocracy?

The Register - Sat, 21/05/2022 - 12:01
Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

In brief  The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. …

Categories: News

China-linked Twisted Panda caught spying on Russian defense R&D

The Register - Fri, 20/05/2022 - 21:03
Because Beijing isn't above covert ops to accomplish its five-year goals

Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.…

Categories: News

Microsoft patches the patch that broke Windows authentication

The Register - Fri, 20/05/2022 - 14:00
May 10 update addressed serious vulns but also had problems of its own

Microsoft has released an out-of-band patch to deal with an authentication issue that was introduced in the May 10 Windows update.…

Categories: News

Microsoft Bing censors politically sensitive Chinese terms

The Register - Fri, 20/05/2022 - 11:37
Research claims it fails to autofill certain names in Han characters, Microsoft says it's technical error

Updated  Microsoft search engine Bing censors terms deemed sensitive in China from its autosuggestion feature internationally, according to research from Citizen Lab.…

Categories: News

Protecting data now as the quantum era approaches

The Register - Fri, 20/05/2022 - 08:30
Startup QuSecure is the latest vendor to jump into the field with its as-a-service offering

Analysis  Startup QuSecure will this week introduce a service aimed at addressing how to safeguard cybersecurity once quantum computing renders current public key encryption technologies vulnerable.…

Categories: News

Canada bans Huawei and ZTE from 5G networks, citing national security risks

The Register - Fri, 20/05/2022 - 06:30
Ban on shopping from September, rip and replace order with 2024 deadline

The Canadian government has joined many of its allies and banned the use of Huawei and ZTE tech in its 5G networks, as part of a new telecommunications security framework.…

Categories: News

India slightly softens infosec incident reporting and data retention rules

The Register - Fri, 20/05/2022 - 05:30
But also makes it plain that offshore entities must comply

India has slightly softened its controversial new reporting requirements for information security incidents and made it plain they apply to multinational companies.…

Categories: News

US won’t prosecute ‘good faith’ security researchers under CFAA

The Register - Fri, 20/05/2022 - 01:07
Well, that clears things up? Maybe not.

The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.…

Categories: News

US recovers a record $15m from the 3ve ad-fraud crew

The Register - Thu, 19/05/2022 - 21:30
Swiss banks cough up around half of the proceeds of crime

The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.…

Categories: News

Iran, China-linked gangs join Putin's disinformation war online

The Register - Thu, 19/05/2022 - 15:00
They're using the invasion 'to take aim at the usual adversaries,' Mandiant told The Reg

Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests — namely, advancing anti-Western narratives – according to threat-intel experts at Mandiant.…

Categories: News

Hot glare of the spotlight doesn’t slow BlackByte ransomware gang

The Register - Thu, 19/05/2022 - 10:56
Crew's raids continue worldwide, Talos team warns

The US government's alert three months ago warning businesses and government agencies about the threat of BlackByte has apparently done little to slow down the ransomware group's activities.…

Categories: News

The cyber threat isn’t going anywhere, but the fight back starts in London

The Register - Thu, 19/05/2022 - 08:15
CyberThreat 22 returns this September

Sponsored Post  It might feel like you’re facing down the cyber bad guys all on your own sometimes but be assured that’s not the case. In fact, if you head to CyberThreat 22 this Autumn you can draw on the expertise of some of the world’s most experienced practitioners.…

Categories: News

Your snoozing iOS 15 iPhone may actually be sleeping with one antenna open

The Register - Thu, 19/05/2022 - 07:02
No, you're not really gonna be hacked. But you may be surprised

Some research into the potentially exploitable low-power state of iPhones has sparked headlines this week.…

Categories: News

Patch your VMware gear now – or yank it out, Uncle Sam tells federal agencies

The Register - Thu, 19/05/2022 - 01:41
Critical authentication bypass revealed, older flaws under active attack

Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems.…

Categories: News

Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware

The Register - Wed, 18/05/2022 - 22:01
Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D

Analysis  Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.…

Categories: News

How these crooks backdoor online shops and siphon victims' credit card info

The Register - Wed, 18/05/2022 - 19:47
FBI and co blow lid off latest PHP tampering scam

The FBI and its friends have warned businesses of crooks scraping people's credit-card details from tampered payment pages on compromised websites.…

Categories: News

Pages

Subscribe to Sec Tec Limited aggregator - News