Maker of Chrome extension with 300,000+ users tells of constant pressure to sell out

The Register - Fri, 11/08/2023 - 18:29
Anyone with sizable audience in this surveillance economy is invited to stuff their apps with tracking and ads

Interview  In the past nine years, Oleg Anashkin, a software developer based in San Jose, California, has received more than 130 solicitations to monetize his Chrome browser extension, Hover Zoom+.…

Categories: News

Electoral Commission had internet-facing server with unpatched vuln

The Register - Fri, 11/08/2023 - 12:47
ProxyNotShell vulnerability could be how UK body got pwned, suggests infosec expert

The hacking of the UK’s Electoral Commission was potentially facilitated by the exploitation of a vulnerability in Microsoft Exchange, according to a security expert.…

Categories: News

Magento shopping cart attack targets critical vulnerability revealed in early 2022

The Register - Fri, 11/08/2023 - 11:23
Really? You didn't bother to patch a 9.8 severity critical flaw?

Ecommerce stores using Adobe's open source Magento 2 software are being targeted by an ongoing exploitation campaign based on a critical vulnerability that was patched last year, on February 13, 2022.…

Categories: News

US Cyber Command boss says China's spooky cyber-skills trail America's

The Register - Fri, 11/08/2023 - 06:27
Paul Nakasone rates the Middle Kingdom a 'pacing challenge'

The boss of US Cyber Command has opined that China's cyber and surveillance abilities are not ahead of, or comparable to, to that of the United States.…

Categories: News

There's a good chance your VPN is vulnerable to privacy-menacing TunnelCrack attack

The Register - Thu, 10/08/2023 - 21:37
Especially on Apple gear, uni team says

A couple of techniques collectively known as TunnelCrack can, in the right circumstances, be used by snoops to force victims' network traffic to go outside their encrypted VPNs, it was demonstrated this week.…

Categories: News

Get your staff's consent before you monitor them, tech inquiry warns

The Register - Thu, 10/08/2023 - 11:00
Plus: British government's push to reform data protection is working against the cause

Companies that monitor their employees should only do so after they consult with and get consent from the staffers they are watching or tracking.…

Categories: News

Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks

The Register - Wed, 09/08/2023 - 23:52
It's like a nesting doll of security flaws

AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine.…

Categories: News

Rapid7 prepares to toss 18% of workforce to cut costs

The Register - Wed, 09/08/2023 - 19:00
Operating expenses almost as high as actual turnover in latest quarterly numbers

Rapid7 is initiating a restructuring process that will involve shedding 18 percent of its workforce after net losses widened over the most recent quarter.…

Categories: News

Northern Ireland police may have endangered its own officers by posting details online in error

The Register - Wed, 09/08/2023 - 14:00
At least it was a blunder and not a hostile attack, unlike what happened to another UK public body this week

A spreadsheet containing details of serving Northern Ireland police officers was mistakenly posted online yesterday, potentially endangering the safety of officers, given the volatile politics of the region.…

Categories: News

INTERPOL shutters '16shop' phishing-as-a-service outfit

The Register - Wed, 09/08/2023 - 04:02
Alleged administrator cuffed in Indonesia, associate arrested in Japan, accused of selling fake Amazons for $60

INTERPOL has revealed a successful investigation into a phishing-as-a-service operation named "16shop" with arrests of alleged operators made in Indonesia and Japan and the platform shut down.…

Categories: News

Microsoft, Intel lead this month's security fix emissions

The Register - Wed, 09/08/2023 - 00:18
Downfall processor leaks, Teams holes, VPN clients at risk, and more

Patch Tuesday  Microsoft's August patch party seems almost boring compared to the other security fires it's been putting out lately.…

Categories: News

Cyber-extortionists pillage Colorado education dept

The Register - Tue, 08/08/2023 - 20:19
Hey, breacher, leave those kids alone

Data going back as far as nearly 20 years may have been stolen from the Colorado Department of Higher Education (CDHE) after ransomware extortionists breached the government body's IT systems.…

Categories: News

UK voter data exposed for over a year in attack on Electoral Commission

The Register - Tue, 08/08/2023 - 16:52
'It doesn't help if the organization responsible for the integrity of elections' gets pwned

The UK's Electoral Commission has been the subject of an online attack that may have exposed the names and addresses of voters, as well as the Commission's email system and unspecified other systems.…

Categories: News

China – which surveils everyone everywhere – floats facial recognition rules

The Register - Tue, 08/08/2023 - 11:39
Regulator says with a straight face that it should not be allowed to analyze ethnicity

China has released draft regulations to govern the country's facial recognition technology that include prohibitions on its use to analyze race or ethnicity.…

Categories: News

North Korean hackers had access to Russian missile maker for months, say researchers

The Register - Tue, 08/08/2023 - 07:27
Kim Jong Un's cyber-goons aren't above attacking the regime's few friends

Two North Korean hacker groups had access to the internal systems of Russian missile and satellite developer NPO Mashinostoyeniya for five to six months, cyber security firm SentinelOne asserted on Monday. The attack illustrates potential North Korean efforts to advance development of missile and other military tech via cyber espionage.…

Categories: News

Stalkerware slinger LetMeSpy shuts down for good after database robbery

The Register - Mon, 07/08/2023 - 22:12
If you can't trust a spyware developer with your info, who can you trust?

Stalkerware slinger LetMeSpy will shut down for good this month after a miscreant breached its servers and stole a heap of data in June.…

Categories: News

Microsoft hits back at Tenable criticism of its infosec practices

The Register - Mon, 07/08/2023 - 06:40
'Not all fixes are equal,' argues Redmond, and this one for the Power Platform didn't need to be rushed

Microsoft has explained why it seemingly took its time to fix a flaw reported to it by infosec intelligence vendor Tenable.…

Categories: News

Five Eyes nations detail dirty dozen most exploited vulnerabilities

The Register - Mon, 07/08/2023 - 04:03
PLUS: FBI admits buying NSO spyware; "IT" company busted for drugs 'n guns biz; this week's critical vulns

Infosec in brief  If you're wondering what patches to prioritize, ponder no longer: An international group of cybersecurity agencies has published a list of the 12 most commonly exploited vulnerabilities of 2022 – a list many will recognize. …

Categories: News

Two US Navy sailors charged with giving Chinese spies secret military info

The Register - Fri, 04/08/2023 - 23:03
'Quite obviously f**king espionage,' one suspect allegedly blabbed

Two US Navy service members appeared in federal court Thursday accused of espionage and stealing sensitive military information for China in separate cases.…

Categories: News

Alarm raised over Mozilla VPN: Wonky authorization check lets users cause havoc

The Register - Fri, 04/08/2023 - 20:48
SUSE security engineer goes public on unfixed problem after disclosure drama

A security engineer at Linux distro maker SUSE has published an advisory for a flaw in the Mozilla VPN client for Linux that has yet to be addressed in a publicly released fix because the disclosure process went off the rails.…

Categories: News


Subscribe to Sec Tec Limited aggregator - News