#elreg

MediaTek chipset flaw already exploited in the wild Google has emitted its latest monthly batch of Android security fixes, addressing a total of 70 CVE-listed vulnerabilities.

The March update includes 17 patches for flaws described as critical remote code execution holes, though only one is actually documented due to the other 16 residing in closed-source Qualcomm components.

The documented…

Staffer emails compromised and customer details exposed in T-Mobile US’s third security whoopsie in as many years

And there it is – exactly what telco was fretting over in FY’19 results T-Mobile US was hacked by miscreants who may have stolen some customer information.

The telco did not specify exactly when the intrusion took place (and has yet to respond to questions from The Register) in its Notice Of Data Breach.

The hackers gained access to employee email accounts, which contained customer account…

Government CIO promises they don’t record location, just change of location Hong Kong government CIO Victor Lam with a wristband and tracking app

Hong Kong has made it mandatory for all new arrivals to wear an “electronic wristband” that links to a smartphone to provide location-tracking services, so that authorities can be sure they’re observing COVID-19 quarantine requirements. And the…

Forget James Bond’s super-gadgets, this chap spied for China using SD card dead drops. Now he’s behind bars

Tour operator used job in America as cover while acting as a data mule for Beijing, stealing secrets from biz

An American citizen will spend the next four or so years behind bars in the US for smuggling corporate secrets out of the states to his spymasters in China.

A federal district judge this week sentenced Xuehua Edward Peng, 56, of Hayward, California, after he admitted handing over the…

Branded lunchbox biz didn’t answer for 5 days, alleges infosec firm

Tupperware, maker of the plastic food containers beloved of the Western middle classes, has an active and ongoing malware infection on its website that steals credit card data and passes it to criminals.

Infosec firm Malwarebytes, which made the discovery, has gone public with its findings today after alleging Tupperware ignored…

Consumer mag Which? calls for manufacturers to be open about how long they will support devices

File this one under “well, duh.” Consumer mag Which? today published research estimating that over a billion Android devices are vulnerable to hackers and malware as they are not receiving security updates.

Data obtained from Google by the publication found that 42.1 per cent of active Android users…

Fiddle with some numbers and voila

A vulnerability in NordVPN’s payments platform allowed anyone to view users’ payment information and email addresses, a startling HackerOne entry has revealed.

By simply sending an HTTP POST request without any authentication at all to join.nordvpn.com one could read off users’ email addresses, payment method and URL, currency, amount paid and even which product…