Security News

Zoom Taps Ex-Facebook CISO Amid Security Snafus, Lawsuit
2020-04-09 14:00

As it faces a major lawsuit, Zoom is taking a significant step to bolster security and privacy efforts by recruiting an industry heavy-hitter - former Facebook CISO Alex Stamos - to provide special counsel. Zoom now says that it aims to clean up its issues from both the product side and by taking a high-level executive approach, Zoom founder Eric Yaun said in a blog post published Wednesday.

Netgear's routerlogin.com HTTPS cert snafu now has a live proof of concept
2020-02-12 12:52

An infosec researcher has published a JavaScript-based proof of concept for the Netgear routerlogin.com vulnerability revealed at the end of January. Through service workers, scripts that browsers run as background processes, Saleem Rashid reckons he can exploit Netgear routers to successfully compromise admin panel credentials.

Capita Education Services accidentally spaffs email addresses in Helpdesk snafu
2020-01-22 10:30

Capita Education Services had a bit of an oopsie yesterday as a new helpdesk system spurted potentially thousands of email addresses at unsuspecting users. A Register reader got in touch to express his surprise at receiving an email regarding a helpdesk ticket he didn't open, logged by someone he didn't know.

Bad news: Windows security cert SNAFU exploits are all over the web now. Also bad: Citrix gateway hole mitigations don't work for older kit
2020-01-16 23:13

Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. Within hours of the NSA going public with details about its prized bug find, exploit writers posted working code demonstrating how the flaw can be abused to trick unpatched Windows computers into accepting fake digital certificates - which are used to verify the legitimacy of software, and encrypt web connections.

150 infosec bods now know who they're up against thanks to BT Security cc/bcc snafu
2019-11-12 11:08

Mass-mail fail followed outfit's appearance at jobs fair BT Security managed to commit the most basic blunder of all after emailing around 150 infosec professionals who attended a jobs fair –...

UK Home Office web form snafu allows you to both agree and disagree – strongly – all at once
2019-09-17 13:30

Government cares what you think. Honest A UK Home Office consultation on new, intrusive police powers was so incompetently written that you could both "strongly agree" and "strongly disagree" at...

Open-source 64-ish-bit serial number gen snafu sparks TLS security cert revoke runaround
2019-03-13 18:12

64 bits of cert ID on the wall, 64 bits of ID. Take the top bit down, don't pass it around, 63 bits of cert ID on the wall... A bunfight over a controversial UAE mobile security company led to the...

Open-source keygen snafu sparks 63-bit TLS cert revoke runaround
2019-03-13 18:12

What a difference a bit makes. 64 little flowers... brought the revokes and the scowls A mailing list bunfight over a controversial UAE mobile security company led to the discovery that millions...

Amazon Snafu Exposed Customers' Names and Email Addresses
2018-11-23 09:48

Scant Detail on Incident and Unusual Email Notification Raises EyebrowsAmazon has blamed a technical error for its inadvertent exposure of some customers' names and email addresses online. The...

Google+ Privacy Snafu Leaves a Cloud Over the Tech Landscape
2018-10-09 15:11

Google was caught not disclosing a potential data breach -- leaving questions as to whether a lack of transparency is the new normal.