The Register - Anti-Virus

Don't worry, there are cheques, too

DevOps outfit GitLab has opened its bug bounty scheme to world+dog, having paid out $200,000 last year and fixed "nearly 200 vulnerabilities reported to us".…

Swifties' faces scanned against DB of 'known stalkers' at US gig – reports

Spotify's one-time nemesis Taylor Swift has reportedly used controversial facial recognition tech on fans while they've been getting down to her sick beats.…

Cisco gracefully says it won't charge for the privilege

UK security training company Hacker House briefly had its site blocked after being mistaken for malware by Cisco's security wing Talos' smart "threat intelligence" software.…

Sharpshooter takes aim at critical infrastructure

Hackers are targetting critical infrastructure providers, including nuclear power and defense agencies, in what may be a state-sponsored attack that's hiding behind North Korean code.…

Liberty and pals seek to prove intrusive spy powers can never be justified

A band of human rights organisations have appealed against a top European court's ruling on bulk surveillance, arguing that any form of mass spying breaches rights to privacy and free expression.…

Who was Jamal Khashoggi, anyway?

British ministers have approved the export of more than £2.4m worth of telecoms snooping gear to Saudi Arabia, in spite of its very obvious human rights problems, according to a report.…

Uh, hello? Didn't you put third-party Javascript on a payment page?

Ticketmaster is telling its customers that it wasn't to blame for the infection of its site by a strain of the Magecart cred-stealing malware – despite embedding third-party Javascript into its payments page.…

Windows, Office, Acrobat, SAP... you know the deal

Microsoft, Adobe, and SAP are finishing up the year with a flurry of activity, combining to patch more than 140 CVE-listed security flaws between them.…

'Entirely preventable' theft down to traffic-monitoring certificate left expired for 19 months

Updated  A US Congressional report outlining the breakdowns that led to the 2017 theft of 148 million personal records from Equifax has revealed a stunning catalog of failure.…

Not like there's been a major incident recently to kick them into gear or anything

A quarter of NHS trusts in the UK responding to a Freedom of Information request have no staff with security qualifications, despite some employing up to 16,000 people.…

That's thousands of employees' names, monthly salaries, bank details

Exclusive  A corporate-issued laptop lifted from a Lenovo employee in Singapore contained a cornucopia of unencrypted payroll data on staff based in the Asia Pacific region, The Register can exclusively reveal.…

Yeah, we've patched that one, adds Cisco

Texas Instruments has rather feebly slapped down infosec researchers' findings on a so-called Bleedingbit Bluetooth Low Energy vulnerability after a more detailed explanation of the chipset's weakness emerged.…

52.5 million accounts at risk, tens of people are worried

Google says it will be speeding up the dismantling of its Google+ social network following the discovery of a new security bug that affected 52.5 million users.…

Malware hides cheap Android clicks as high-end Apple traffic

An enterprising malware writer has been masquerading infected Android devices as Apple gear in order to make a few extra bucks.…

If Artem Moskowsky owes you money, it's a good time to ask

A recently patched set of flaws in Samsung's mobile site was leaving users open to account theft.…

Yeah, how about you work for us...

Digital minister Margot James reckons Brits need to "get over" their concerns about privacy and cyber security and let the government assign them with ID cards.…

Plus, US Congress wants more cybersec training, better breach laws

Roundup  This week, we saw Linux get pwned, a teen hacker go down, and Julian Assange vowing to stay right where he is.…

First proof-of-concept, SplitSpectre, requires fewer instructions in victim

Analysis  You've patched your Intel, AMD, Power, and Arm gear to crush those pesky data-leaking speculative execution processor bugs, right? Good, because IBM eggheads in Switzerland have teamed up with Northeastern University boffins in the US to cook up Spectre exploit code they've dubbed SplitSpectre.…

It's the least they could do. Really. The bare minimum

Hotel-chain turned data faucet Marriott says it will help some customers cover the cost of replacing stolen documents.…

DEA gets down and dirty with new surveillance kit

Next time you're closing a big drug deal you may want to watch the cleaner. Or more specifically their vacuum cleaner.…