Hackers just POURING through unpatched Internet Explorer zero-day hole
An as-yet-unpatched zero-day vulnerability affecting Internet Explorer is being abused much more widely than analysts had previously suspected.
The vulnerability first came to public attention last week with the Operation DeputyDog attacks against targets in Japan, as first reported by net security firm FireEye.
Websense, …
'Quarter' of TWO-MILLION-strong zombie PC army lured to their deaths
Symantec has claimed credit for luring a significant lump of the powerful ZeroAccess botnet into a sinkhole.
ZeroAccess has been active since 2011 and is one of the largest known botnets in existence: it has upwards of 1.9 million infected computers forming its army, all remotely controlled by miscreants. This swarm of PC robots …
McAfee the man launches 'NSA-thwarting' $100 privacy gizmo
John McAfee, the wild man of security software, has unveiled plans for a cheap gadget for decentralised networking that he claims can keep users safe from the prying eyes of government.
The D-Central, which McAfee hopes to produce within six months, would cost around $100, the San Jose Mercury News reports.
Technically we seem …
GCHQ's CESG CCP 4 UK GOV IT BFFs? LOL RTFA INFOSEC VIPs ASAP
Britain's global eavesdropping nerve-centre GCHQ hopes to turn its certificates of IT security competence into an industry standard - by awarding them to bods in the private as well as public sector.
The CESG (Communications-Electronics Security Group) Certified Professional scheme (CCP) was launched in October, and is handed …
Would you hire a hacker to run your security? 'Yes' say Brit IT bosses
More than two in three IT professionals would consider ex-hackers for security roles, providing they have the right skills to do the job, a survey has found.
In addition, 40 per cent of respondents to CWJobs' survey of 352 IT bods reckoned there aren't enough skilled security professionals in the UK technology industry.
As if …
UK's Get Safe Online? 'No one cares' - run the blockbuster ads instead
The UK's Get Safe Online campaign has failed to teach Brits how to secure their computers - so says the ex top cop who established the information security awareness effort in 2004.
John Lyons, former crime reduction coordinator at the National Hi-Tech Crime Unit, said the Get Safe Online project had done "little to change …
The NSA's hiring - and they want a CIVIL LIBERTIES officer
Infamous US spy agency the NSA is looking to appoint a Civil Liberties & Privacy Officer.
The challenging position is an internal posting, aimed at potential candidates who already work at the top secret spy agency. The new role parcels separate responsibilities of NSA's existing Civil Liberties and Privacy (CL/P) protection …
LinkedIn fires back against 'hack-and-spam' US class-action sue bomb
LinkedIn senior director of litigation had to work over the weekend after a class action lawsuit was filed alleging the firm "hacks" into members email address-books before spamming out marketing emails.
The class action – filed in the US, in the Northern District Court of California (PDF, via Bloomberg) on behalf of four US- …
RSA: That NSA crypto-algorithm we put in our products? Stop using that
Security biz RSA has reportedly warned its customers to stop using the default random-number generator in its encryption products - amid fears spooks can easily crack data secured by the algorithm.
All encryption systems worth their salt require a source of virtually unpredictable random values to create strong cryptographic …
Java updates too much of a bother? Maybe online banking's just not for you
Security researchers have spotted a surge in attacks against online banking customers, thanks to a new strain of Java-exploiting Trojan Caphaw (aka Shylock).
Over the last month or so the malware has targeted customers in at least 24 financial institutions, including Bank of Scotland, Barclays Bank, First Direct, Santander …
Layoffs at EMC's RSA security division
RSA, the security division of EMC, has confirmed plans to restructure its business, a move than means an unspecified number of long-term staffers will be shown the door.
Details are scarce, for now, but RSA said that it plans to make new hires that will more than offset job losses by start of 2014.
It wrote in an email:
While …
Latest Snowden reveal: It was GCHQ that hacked Belgian telco giant
Leaked documents provide evidence that GCHQ planted malware in the systems of Belgacom, the largest telecommunications company in Belgium.
According to slides obtained by NSA whistleblower Edward Snowden and supplied to German newspaper Der Spiegel , the attack targeted several Belgacom employees and involved planting an attack …
'Bogus IT guys' slurp £1.3m from Barclays: Cybercops cuff 8 blokes
UK police have arrested eight men after a gang fitted remote-control hardware to a Barclays bank branch computer and stole £1.3m.
Money was slurped from the bank after crooks hooked up a KVM (keyboard, video and mouse) switch and 3G dongle to a terminal in the branch, officers said.
The suspects, aged between 24 and 47, were …
New ransomware strain forces hapless users into becoming Bitcoin miners
Scammers are punting a strain of ransomware that puts compromised PCs to work mining Bitcoins after blocking all other activity on infected Windows computers.
A new variant of the Reveton ransomware, spotted by researchers at Malwarebytes, locks a user out of their computer before running a Bitcoin miner. This means the …
Roll up, roll up: Cash, Bitcoin and booze offered for iPhone 5S fingerprint scanner hack
Hackers have taken to crowdfunding in a bid to raise a bounty to hack the iPhone 5S fingerprint scanner.
The IsTouchIDHackedYet.com site has so far received cash offers exceeding $3,250 – and 7.13 Bitcoins, which is a shade over $900 at current exchange rates – from more than 30 people prepared to chip in to offer a "reward to …
So, Linus Torvalds: Did US spooks demand a backdoor in Linux? 'Yes'
Linux supremo Linus Torvalds has jokingly admitted US spooks approached him to put a backdoor in his open-source operating system.
During a question-and-answer session at the LinuxCon gathering in New Orleans this week, Torvalds and his fellow kernel programmers were asked by moderator Ric Wheeler whether America's g-men …
'Kissing couple' Trojan sent to slurp fanbois' data... Syrian Electronic Army fingered
A “low risk” Mac Trojan seemingly linked to the Syrian Electronic Army has surfaced on the web.
The Mac-specific Trojan comes disguised as a picture of a kissing couple. If opened, it creates a back door on compromised Apple computers.
"This appears to be a targeted attack, though the method of delivery is not yet known," a …
Leaked docs: NSA 'Follow the money' team slurped BANK records, CREDIT CARD data
The NSA doesn't only hoover up your emails, web surfing habits and phone call metadata – they also harvest your credit card records and banking transactions.
The latest leaks from whistleblower Edward Snowden reveal that the NSA is monitoring international banking and credit card transactions that pass through the Society for …
Meet the Unmagnificent Seven: The critical holes plugged in Firefox update
Firefox maker Mozilla has pushed out a new version of its web browser in which multiple security vulnerabilities have been fixed - and seven of them are rated as critical.
Firefox 24, released on Tuesday, grapples with a total of 17 exploitable flaws: the most dangerous of the squashed bugs, which could have allowed an attacker …
Securo-boffins link HIRED GUN hackers to Aurora, Bit9 megahacks
Security researchers have linked the “Hackers for hire” Hidden Lynx Group with a number of high-profile attacks, including an assault on net security firm Bit9, as well as the notorious Operation Aurora assault against Google and other hi-tech firms back in 2009.
Hidden Lynx is a sophisticated hacking group based in China and …
Psst.. Know how to hack a mobe by radio wave? There's $70k+ in it for you
A second Mobile Pwn2Own hacking competition, in which experts discover and exploit security flaws in handhelds for prizes, will take place at the PacSec 2013 conference in Japan in November.
For many years, the original Pwn2Own contest has been held at the CanSecWest get-together in Vancouver every March. Like its older sibling …
NSA spooks tooled up with zero-day PC security exploits from the FRENCH
The NSA bought specialist computer hacking tools and research from French security outfit Vupen, according to documents unearthed using the Freedom of Information Act.
A contract shows the American spooks paid for a year's supply of zero-day vulnerability information and the software needed to exploit those flaws to attack …
Mid East undersea fibre telco hacked: US, UK spooks in spotlight
Belgian telco Belgacom - which operates vital undersea communications cables - says its internal network was compromised, possibly by foreign spooks.
Phone and data connections from international hot spots, such as Syria and Yemen, pass through submarine fibre lines handled by Belgacom International Carrier Services (BICS). …
Angry Brazilian whacks NASA to put a stop to ... er, the NSA
Multiple NASA websites were defaced last week by a Brazilian hacktivist who may have misread the sites' URLs, because he wasn't protesting about the US space agency giving joyrides to inhuman stowaways – he was protesting against NSA spying.
“BMPoC” hit kepler.arc.nasa.gov and 13 other sites with messages protesting against US …
Want to sit in Picard's chair while spying on THE WORLD? We can make it so – ex-NSA man
National Security Agency director Keith Alexander apparently sold the concept of surveillance to members of Congress using an operations centre styled on the bridge of the starship Enterprise from much-loved sci-fi series Star Trek.
According to "a former administration official" who spoke to Foreign Policy magazine, General …
Do you trust your waiter? Hacked bank-card reader TEXTS your info to crims
A Russian-speaking man casually shows on camera how he can download a punter's bank-card details and PIN from a hacked card reader.
In a video demonstrating a tampered sales terminal, a card is swiped through the handheld device and a PIN entered - just as any customer would in a restaurant or shop. Later, after a series of key- …
Microsoft's swipe'n'swirl pic passwords LESS secure than PINs, warn researchers
Microsoft's promotion of visual passwords, based on tapping pictures and making gestures instead of conventional text passwords, might be a boon for usability. Yet security experts warn the technology is less secure than even a simple 4-digit PIN.
The increased power of brute force attacks, password hash database leaks and the …
Hacker cracks Vodafone Germany, steals data of 2 million customers
A hack on a Vodafone Germany server has exposed the personal details – including banking information – of two million of its customers.
Hackers accessed names, addresses, bank account numbers and dates of birth. Phone numbers, credit card details and passwords are thought to be safe, but the leaked information is still pretty …
'NSA PRISM spies' shake down victims with bogus child-abuse vids claims
Crooks are using the NSA's notorious global web surveillance scandal in new ransomware: punters visiting booby-trapped websites are falsely accused of downloading illegal material, told their PCs are now locked from use, and ordered to hand over a cash "fine" to unlock their computers.
Cloud security firm Zscaler has spotted 20 …
iPhone 5S: Fanbois, your prints are safe from the NSA, claim infosec bods
Apple’s decision to bundle a fingerprint scanner with its newly unveiled iPhone 5s has the potential to become a game-changer for personal device authentication.
But the success of "Touch ID" fingerprint authentication will depend on security as well as reliability, according to market-watchers. The fruits of Apple's acquisition …
Parallels pledges roll-back fix after silent 'trojan' freebie install triggers punter outrage
Parallels has promised to change the registration process of its virtualisation software for Macs after users complained that the technology introduced a "trojan-like" update functionality, intended to push a six month freebie trial of its new Access product.
The release of Parallels Desktop 9 for Mac, the latest version of the …
Brazilian TV show accuses NSA of spying on oil firm based on leaked docs
Brazilian President Dilma Rousseff has said that if leaked NSA documents showing the US spied on her country's state-run oil firm Petrobras are "confirmed", then it must have done so for “economic and strategic” reasons rather than for "national security".
The leaked "intelligence documents" appear to run counter to US claims it …
John McAfee tweets from BEYOND THE GRAVE: Drug binge death? Not me, mate
Antivirus software wild man John McAfee has joined Queen Elizabeth II, the Queen Mother, Fidel Castro, and poet Samuel Taylor Coleridge in receiving a premature obituary.
Internet rumours that surfaced on Tuesday falsely claimed the self-described “eccentric millionaire” and entrepreneur had died at the Palms Casino Resort in …
Biz bods STILL don't patch hacker's delight Java and Flash
A whopping 81 per cent of businesses run outdated Java while two in five (40 per cent) have not updated Flash, according to the latest figures from net security firm Websense.
Websense warns that failing to apply patches that address vulnerabilities in hacker favourites such as Flash and Java leaves these business at risk of …
Pulse-taking ticker tech cuff to sniff out cash-snafflers
A Canadian security firm that developed a device which uses the rhythm of a person's heartbeat as a biometric identifier has said that the technology offers a secure alternative to conventional biometrics.
The Nymi wristband bracelet, manufactured by Bionym and due to become available next year, bundles a sensor that monitors …
'Beat the lie detectors' trainer sentenced to 8 months in jail
An Indiana man was jailed for eight months on Friday for charges arising from allegations he coached federal job applicants and criminals on how to beat lie detector tests.
Chad Dixon, 34, Dixon had previously pleaded guilty to the charges of wire fraud* and obstruction of an agency proceeding** on 17 December last year, but was …
American Fantasy Football app lets hackers change team rosters
Security researchers have discovery a vulnerability in mobile versions of the Yahoo! Fantasy [American] Football app that created a means for hackers to change team lineups and post imposter comments on message boards.
Yahoo! has plugged the security hole, but users who fail to update their mobile app to the most recent version …
That earth-shattering NSA crypto-cracking: Have spooks smashed RC4?
Fresh revelations from whistleblower Edward Snowden suggest that the NSA can crack TLS/SSL connections, the widespread technology securing HTTPS websites and virtual private networks (VPNs).
Although reports from the New York Times and its allied publications held off on the specifics, it may all mean that US spooks can reliably …
Clear next Tues: Incoming Outlook, IE, Windows critical security patches
Microsoft will squash 14 sets of security vulnerabilities - four of which are deemed critical - in the next edition of its monthly batch of Patch Tuesday updates, due next week.
Those four critical patches will address flaws in the Sharepoint server software, the Outlook component of Microsoft Office 2007 and 2010, Internet …
'Unreliable, shambolic' ... a top CompSci prof slams Serco's UK crim tag tech
The electronic tags used to keep tabs on criminals and suspects in the UK are "unreliable" - and the systems monitoring them are "shambolic". That's according to a dynamite report by Ross Anderson, a leading computer scientist.
The University of Cambridge professor said he compiled his findings after he was called in as an …
New online banking Trojan empties users' wallets, videos privates
Bank account-raiding Trojan Hesperbot has infected computers in UK, Turkey, the Czech Republic and Portugal, The Register has learned.
Net security firm Eset said the software nasty is distributed via rather convincing-looking emails, which are dressed up as legit package tracking documents from postal companies or …
Nasty nuke-lab data-slurper EVOLVES, now feeds off new Java hole
A piece of malware linked to attacks against governments and organisations involved in hi-tech industries such as space exploration and nuclear power has been adapted to exploit a recently uncovered Java security flaw.
NetTraveler has been outfitted to exploit a recently patched Java bug as part of a watering-hole-style attack …
Your nicked iPad now likelier than ever to show up in Mongolia
The number of laptops and tablets stolen in one country and recovered in another is on the rise.
Absolute Software's second annual Endpoint Security Report records that stolen kit that had not been nicked locally had been recovered in an additional eight countries as far afield as Mongolia, Gambia, Vietnam and Zimbabwe. In the …
'Peeping while you're sleeping' NSA parody T-shirt ban BACKFIRES
Designers of a parody T-shirt mocking the NSA launched a successful crowdfunding campaign after being denied permission to sell it through custom goods marketplace Zazzle.
Dan McCall, founder of politically themed T-shirt company Liberty Maniacs, came up with an NSA-themed T-shirt that described the NSA as "the only part of the …
Watchdog mulls SOCA's secret dossier of private dicks 'hired to hack, blag'
The UK's privacy watchdog is now investigating whether corporate giants and others breached the Data Protection Act by hiring private eyes who allegedly hacked systems and blagged personal records.
The Information Commissioner’s Office (ICO) has received a list of 98 companies and individuals probed by the Serious Organised …
Syrian Electronic Army hacks US Marines, asks 'bros' to fight on its side
A US marines recruitment website, www.marines.com, was hacked and defaced by hacktivists from the infamous Syrian Electronic Army over the weekend.
The attack was used to post a propaganda message (full text here) claiming that the Syrian Army have been fighting Al Qaeda insurgents for three years and describing Obama as a " …
Scots council cops £100K fine for spaffing vulnerable kids' data ONLINE
UK data privacy watchdogs have fined Aberdeen City Council £100,000 after a council employee published vulnerable children's details online.
The sensitive social services information was released after a council worker accessed documents, including meeting minutes and detailed reports, from her home computer. A file-transfer …
Poison Ivy RAT becoming the AK-47 of cyber-espionage attacks
The Poison Ivy Remote Access Tool (RAT) - often considered a tool for novice "script kiddies" - has become a ubiquitous feature of cyber-espionage campaigns, according to experts.
Research by malware protection firm FireEye has revealed that the tool served as lynchpin of many sophisticated cyber attacks, including the …
Koobface worm-flinging gangster linked to pharma spam ops
What do you do after you've made millions through one of the most technically sophisticated strains of malware ever unleashed onto the internet? Make millions pushing penis-enhancing pills, according to more than one security researcher.
The findings suggest at least one of the crooks behind Koobface has branched out to become …
Russian spyboss brands Tor a crook's paradise, demands a total ban
Russia's spybosses are contemplating blocking access to the Tor network and similar privacy tools that try to prevent netizens from being traced online.
The proposal - pushed by Federal Security Service of the Russian Federation (the FSB) - sets out a clampdown on technologies top spooks branded tools for "weapon traffickers, …
