Found 71 bookmarks
Newest
How Apple Wi-Fi Positioning System can be abused to track people around the globe
How Apple Wi-Fi Positioning System can be abused to track people around the globe
Academics have suggested that Apple's Wi-Fi Positioning System (WPS) can be abused to create a global privacy nightmare. In a paper titled, "Surveilling the Masses with Wi-Fi-Based Positioning Systems," Erik Rye, a PhD student at the University of Maryland (UMD) in the US, and Dave Levin, associate professor at UMD, describe how the design of Apple's WPS facilitates mass surveillance, even of those not using Apple devices.
#theregister#EN#2024#Apple#Wi-Fi#Positioning#WPS#privacy#abused
·theregister.com·
How Apple Wi-Fi Positioning System can be abused to track people around the globe
AI bots hallucinate software packages and devs download them
AI bots hallucinate software packages and devs download them
Not only that but someone, having spotted this reoccurring hallucination, had turned that made-up dependency into a real one, which was subsequently downloaded and installed thousands of times by developers as a result of the AI's bad advice, we've learned. If the package was laced with actual malware, rather than being a benign test, the results could have been disastrous.
#theregister#EN#2024#AI#bots#Hallucinations#Supply-chain-attack
·theregister.com·
AI bots hallucinate software packages and devs download them
Rapid7 flames JetBrains over vulnerability disclosure
Rapid7 flames JetBrains over vulnerability disclosure
Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server. Rapid7 says it reported the two TeamCity vulnerabilities in mid-February, claiming JetBrains soon after suggested releasing patches for the flaws before publicly disclosing them. Such a move is typically seen as a no-no by the infosec community, which favors transparency, but there's apparently a time and a place for these things.
#theregister#EN#2024#Rapid7#flames#JetBrains
·theregister.com·
Rapid7 flames JetBrains over vulnerability disclosure
Raspberry Pi Pico cracks BitLocker in under a minute
Raspberry Pi Pico cracks BitLocker in under a minute
We're very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company will be bragging too much about that particular application. The technique was documented in a YouTube video over the weekend, which demonstrated how a Raspberry Pi Pico can be used to gain access to a BitLocker-secured device in under a minute, provided you have physical access to the device.
#theregister#EN#2024#Raspberry-Pi#Pico#BitLocker#cracked
·theregister.com·
Raspberry Pi Pico cracks BitLocker in under a minute
One in four apps remain exposed to Log4Shell
One in four apps remain exposed to Log4Shell
Two years after the Log4Shell vulnerability in the open source Java-based Log4j logging utility was disclosed, circa one in four applications are dependent on outdated libraries, leaving them open to exploitation. Research from security shop Veracode revealed that the vast majority of vulnerable apps may never have updated the Log4j library after it was implemented by developers as 32 percent were running pre-2015 EOL versions.
#theregister#EN#2023#Log4Shell#Log4j#Veracode#outdated#vulnerable
·theregister.com·
One in four apps remain exposed to Log4Shell
How to bypass Windows Hello, log into vulnerable laptops
How to bypass Windows Hello, log into vulnerable laptops
Hardware security hackers have detailed how it's possible to bypass Windows Hello's fingerprint authentication and login as someone else – if you can steal or be left alone with their vulnerable device. The research was carried out by Blackwing Intelligence, primarily Jesse D'Aguanno and Timo Teräs, and was commissioned and sponsored by Microsoft's Offensive Research and Security Engineering group. The pair's findings were presented at the IT giant's BlueHat conference last month, and made public this week. You can watch the duo's talk below, or dive into the details in their write-up here.
#theregister#EN#2023#biometric#fingerprint#bypass#Windows#Hello
·theregister.com·
How to bypass Windows Hello, log into vulnerable laptops
Rhysida ransomware gang claims attack on British Library • The Register
Rhysida ransomware gang claims attack on British Library • The Register
The Rhysida ransomware group says it's behind the highly disruptive October cyberattack on the British Library, leaking a snippet of stolen data in the process. A low-res image shared to its leak site appears to show a handful of passport scans, along with other documents, some of which display the format of HMRC employment documents.
#theregister#EN#2023#Rhysida#ransomware#British#Library#Data-theft
·theregister.com·
Rhysida ransomware gang claims attack on British Library • The Register
Casio keyed up after data loss hits customers in 149 countries • The Register
Casio keyed up after data loss hits customers in 149 countries • The Register
Crooks broke into the ClassPad server and swiped online learning database Japanese electronics giant Casio said miscreants broke into its ClassPad server and stole a database with personal information belonging to customers in 149 countries. ClassPad is Casio's education web app, and in a Wednesday statement on its website, the firm said an intruder breached a ClassPad server and swiped hundreds of thousands of "items" belonging to individuals and organizations around the globe.
#theregister#EN#2023#data-loss#databreach#Casio#ClassPad#database
·theregister.com·
Casio keyed up after data loss hits customers in 149 countries • The Register
CIA exposed to intelligence interception due to X's URL bug
CIA exposed to intelligence interception due to X's URL bug
Musk's mega-app-in-waiting goes from chopping headlines to profile URLs An ethical hacker has exploited a bug in the way X truncates URLs to take over a CIA Telegram channel used to receive intelligence. Kevin McSheehan, who uses the online handle "Pad," spotted the issue after hovering over the link to the CIA's Telegram channel displayed on its X social media profile.
#theregister#EN#2023#X#McSheehan#Pad#Telegram#CIA#URL#bug#Twitter
·theregister.com·
CIA exposed to intelligence interception due to X's URL bug
US-Canada water commission confirms 'cybersecurity incident"
US-Canada water commission confirms 'cybersecurity incident"
NoEscape promises 'colossal wave of problems' if IJC doesn't pay up The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization.
#theregister#EN#2023#IJC#ransommware#NoEscape#US-Canada#border#water#Critical-infrastructure
·theregister.com·
US-Canada water commission confirms 'cybersecurity incident"
Ransomware flingers hit Manchester cops in the supply chain • The Register
Ransomware flingers hit Manchester cops in the supply chain • The Register
The UK's Greater Manchester Police (GMP) has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked. According to the Manchester Evening News the stolen data included the names and pictures of police officers held by the supplier for use on thousands of ID badges.
#theregister#EN#2023#Greater-Manchester-Police#databreach#ransomware#police#UK
·theregister.com·
Ransomware flingers hit Manchester cops in the supply chain • The Register
Ransomware crew hits Save The Children, steals 7TB of data
Ransomware crew hits Save The Children, steals 7TB of data
Cybercrime crew BianLian says it has broken into the IT systems of a top nonprofit and stolen a ton of files, including what the miscreants claim is financial, health, and medical data. As highlighted by VX-Underground and Emsisoft threat analyst Brett Callow earlier today, BianLian bragged on its website it had hit an organization that, based on the gang's description of its unnamed victim, looks to be Save The Children International. The NGO, which employs about 25,000 people, says it has helped more than a billion kids since it was founded in 1919.
#theregister#EN#2023#BianLian#exfiltration#ONG#SavetheChildren#databreach
·theregister.com·
Ransomware crew hits Save The Children, steals 7TB of data
Want to pwn a satellite? Turns out it's surprisingly easy
Want to pwn a satellite? Turns out it's surprisingly easy
A study into the feasibility of hacking low-Earth orbit satellites has revealed that it's worryingly easy to do. In a presentation at the Black Hat security conference in Las Vegas, Johannes Willbold, a PhD student at Germany's Ruhr University Bochum, explained he had been investigating the security of satellites. He studied three types of orbital machinery and found that many were utterly defenseless against remote takeover because they lack the most basic security systems.
#theregister#EN#2023#satellite#hacking#blackhat-conf
·theregister.com·
Want to pwn a satellite? Turns out it's surprisingly easy
JumpCloud says 'nation state' gang hit some customers
JumpCloud says 'nation state' gang hit some customers
JumpCloud says a "sophisticated nation-state" attacker broke into its IT systems and targeted some of its customers. The identity and access management provider, particularly popular with sysadmins wrangling Macs on corporate networks, said it first discovered signs of an intrusion on June 27. The biz at the time determined persons unknown got "unauthorized access to a specific area of our infrastructure" using a "sophisticated spear-phishing campaign" that began five days prior.
#theregister#EN#2023#APT#jumpcloud
·theregister.com·
JumpCloud says 'nation state' gang hit some customers
Dump these Cisco phone adapters because it's not fixing them
Dump these Cisco phone adapters because it's not fixing them
There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit. In an advisory, Cisco this week warned about the vulnerability in the SPA112 2-Port Adapter that, if exploited, could allow a remote attacker to essentially take control of a compromised device by seizing full privileges and executing arbitrary code. The flaw, tracked as CVE-2023-20126, is rated as "critical," with a base score o
#theregister#EN#2023#Cisco#CVE-2023-20126#SPA112#2-Port#phone#adaptor
·theregister.com·
Dump these Cisco phone adapters because it's not fixing them