Breaking news, LITERALLY: Financial Times vandalized by hackers
Stiff Pink 'Un left swinging in the wind
The Financial Times website and its Twitter accounts were this afternoon hijacked by pro-government hackers from the "Syrian Electronic Army".
The posh broadsheet's Tech Blog - at http://blogs.FT.com/beyond-brics - was compromised to run stories headlined "Syrian Electronic Army Was Here" and "Hacked by the Syrian Electronic …
Who is the mystery sixth member of LulzSec?
Analysis And, hang on, what happened to all the loot...
Thursday's sentencing of three core members of hacktivist crew LulzSec and an accomplice hacker who gave them access to a botnet closes an important chapter in the history of activism. But it also leaves a number of questions unanswered.
One of the most interesting of these puzzlers is the identity of the mysterious sixth member …
Trying to kill undead Pushdo zombies? Hard luck, Trojan is EVOLVING
Malware remains undead, adds double-sneaky stealth mode
The crooks behind the Pushdo botnet agent have developed variants of the malware that are more resistant to take-down attempts or hijacking by rival hackers.
Dell SecureWorks and Damballa warned (PDF) on Wednesday that the latest variant of Pushdo comes packed with a fallback mechanism for cases where zombie clients are unable …
British LulzSec hackers hear jail doors slam shut for years
'Latter day pirates' cop hefty servings of porridge
Three British members of the notorious LulzSec hacktivist crew and a hacker affiliate were sentenced today for a series of attacks against targets including Sony, News International, the CIA and the UK's Serious Organised Crime Agency. The youngest of the four accused avoided jail with a suspended sentence while the other three …
Alleged CIA spook cuffed by Russians: US Gmail 'spycraft' revealed
Cloak and blather, sniffs ex-FBI bod
A US diplomat accused of attempting to recruit a Russian security services staffer as a double agent used a comical "spy arsenal" of equipment, it is claimed.
Ryan Fogle - third secretary of the political department of the US Embassy in Moscow - was allegedly caught redhanded by Russia's counterintelligence agency, the FSB, with …
All aboard the patch wagon! Next stop: Microsoft, Adobe, Mozilla
Come on, those security bugs won't fix themselves
Today, right on schedule, Microsoft's monthly security patch bandwagon rolled into town with updates for Internet Explorer, Office and Windows - with Adobe bringing up the rear.
This latest instalment of Patch Tuesday addresses 33 bugs in a range of Redmond software, as revealed late last week. The flaws have been grouped into …
McAfee all-in-one security suite covers PCs, tablets, and smartphones
Put your passport and ID docs in the cloud
McAfee has launched an all-in-one cross-platform security suite for consumers that incorporates online storage through biometric authentication as well as a host of other security technologies. Equally importantly, the Intel security division is trying to shake up the way security software is sold to consumers.
The McAfee …
Marlinspike: Saudi mobe network tried to recruit me to sniff citizens' privates
Gov plans to probe tweets, chat, claims crypto guru
Claims that a Saudi mobile network is attempting to spy on citizens emerged after the telco apparently tried to recruit top cryptographer Moxie Marlinspike - who promptly went public.
The cryptography expert and former hacker, who left Twitter's security team in January, said he had been asked to help Mobily in its state-backed …
Frenchie bean-counters sweet-talked into slipping on Trojans
Ne touchez pas à ce téléphone, mon ami!
Crooks hoping to empty company bank accounts are calling up the firms' bean-counters to chase invoices packed with hidden malware.
Finance staff are tricked into opening the booby-trapped messages in phone calls from con men, who claim to have emailed in legit paperwork that needs urgent attention. The documents instead include …
'WikiLeaks of financial data' prompts worldwide hunt for tax evaders
'We’re coming after you' - taxman warns
A cache of data amounting to a whopping 400 gigabytes of information leaked by bank insiders has triggered an offshore tax evasion investigation across the United States, the UK and Australia.
Tax authorities in the the three countries are examining the leaked data, which reveals the complex offshore vehicles used to stash …
Bloomberg blocks its hacks from snooping on financial terminals
Get your stories the old-fashioned way, you lot
Bloomberg has blocked its journalists from eavesdropping on users of its financial data terminals after it emerged that reporters were obtaining stories through their snooping.
Financial services firms, including merchant banks, pay about $20,000 a year to rent each Bloomberg terminal. Thousands of traders in stock exchanges …
MI5 spymasters axe intel database upgrade, pour '£90m' down drain
Double-oh-eight-figure-failure
MI5 has reportedly abandoned a planned £90m upgrade to an intelligence database after the delayed IT project failed to meet its requirements.
The record management system was supposed to be up to speed in time last year to tackle the threat of a terrorist attack on the London Olympics. Designed to collect intelligence data and …
The great $45m bank cyber-heist: Seven New Yorkers cuffed
Gang accused of turning gift cards into debit cards
Crooks allegedly stole $45m in hours from ATMs after hacking into a database of prepaid debit cards.
The gang created counterfeit cards using the data swiped from two Middle Eastern banks, investigators claim, and emptied the compromised accounts of greenbacks as quickly as possible – thus minimising the possibility that the …
Techies at The Onion: Here's how Syrian Electronic Army hacked our Twitter
New password: OnionMan77
Techies at satirical news outfit The Onion have posted an informative explanation about how pro-Assad hacktivists from the Syrian Electronic Army hijacked their official Twitter account on Monday.
Previously the Syrian Electronic Army (SEA) has shanghaied its way into the official Twitter feeds of AP and the Guardian, using the …
Enjoy the weekend, sysadmins: Next Tues fixes 33 Microsoft bugs
Including IE8 remote code execution hole that pwned US nuke lab
Microsoft has promised to fix a high-profile vulnerability in Internet Explorer 8, among other holes, in this month's Patch Tuesday rollout of security updates.
In all, next week's bucket of upgrades will address 33 bugs in a range of Redmond software. The flaws have been grouped into 10 sets of holes: two marked critical and …
German govt DUMPS 170 NEW PCs riddled with Conficker
Got €57,000 to spare? Natürlich
The German education ministry has binned new computers infected by the infamous Conficker worm - and bought replacements - rather than attempting to disinfect the machines.
It emerged this week that a grand total of 170 PCs and servers at German teacher training institutes in Schwerin, Rostock and Greifswald were dumped soon …
Alleged SpyEye big fish hauled in for US trial
Suspected banking botmaster extradited from Thailand
Alleged SpyEye kingpin Hamza Bendelladj now faces a 23-count computer hacking and fraud indictment following his extradition from Thailand to the US last week.
Bendelladj, a 24-year-old Algerian national, is suspected by the FBI of making millions from selling the SpyEye banking Trojan toolkit to cybercrooks through various …
Microsoft plasters IE8 hole abused in nuke lab PC meltdown
Security stopgap follows shock US boffinry attack
Microsoft has issued a temporary fix for a high-profile Internet Explorer 8 vulnerability. This is the bug linked to recent targeted attacks against web pages accessed by nuclear weapons research teams at the US Department of Labor website.
The Fix It, released late on Wednesday, is designed to offer a temporary block against …
Crap computers in a crap box: Smart-meter blackouts risk to UK
Analysis Sniff a device's wireless, pwn a power plant, warns Brit biz
You'd be forgiven for thinking this is the plot of a Saturday night BBC2 drama: hackers tinkering with smart electricity meters deliberately cut the power to whole neighbourhoods.
But, according to a UK computer security biz, weak authentication checks and a lack of other security controls on said equipment could allow just that …
Chinese cyber-spook crew back in business, say security watchers
Who can tell the spies from the robbers?
The widely feared Chinese cyber-espionage crew known as APT1 is back in business two month after a high profile report that lifted the lid off its activities, according to security researchers.
Cyber Squared has been tracking numerous Chinese cyber espionage threat groups within ThreatConnect.com and crowd-sourcing threat …
Serial killer hack threat to gas pipes, traffic lights, power plants
Analysis 'You could shut down the electricity grid' warns security biz
Medical systems to traffic light boxes are apparently wide open to hackers thanks to a lack of authentication checks in equipment exposed to the internet.
That's according to research from security toolmaker Rapid7, which says it found plenty of essential electronics that can be freely remotely controlled via public-facing …
UK faces hacking doom, but think of the money, security startups!
Infosec 2013 Every cloud breach has a silver lining, says minister
The UK government is hit by more than 33,000 pieces of malicious email a day, ranging from casual phishing to targeted espionage attacks.
Chloe Smith, minister for political and constitutional reform at the Cabinet Office, told delegates at the Infosecurity Europe conference on Wednesday that despite this onslaught cyber …
UK.gov coughed over £2 MEELLION in data breach fines in the past year
Overall fines have TRIPLED from the previous year
The total number of self-reported* data breaches in the UK increased from 730 between March 2011 and February 2012 to 1,150 in a similar period in the year up to early March 2013. The lion's share of the fines paid out originated from the public sector.
A Freedom of Information (FOI) request to the Information Commissioner’s …
Vulns, exploits, hacks: Trusteer touts tech to terminate troubles
Infosec 2013 If I don't know what you're doing, I'll kill you
Trusteer is expanding from its speciality of providing transaction protection security to financial institutions with an enterprise-level product designed to guard against zero-day exploits and social engineering.
Unpatched application vulnerabilities in widely deployed endpoint applications (such as web browsers) can be given …
Your phone may not be spying on you now - BUT it soon will be
Infosec 2013 Smash it with a hammer now, it's the only way to be sure
Tibetan political campaigners targeted by mysterious smartphone-spying software. Eastern European governments' mobiles allegedly snooped on by state-sponsored hackers. Malware feared injected into gadgets during customs inspections.
You've seen these headlines. And according to Kaspersky Lab’s senior malware analyst Denis …
CISPA row: Slurped citizen data is ENORMO HACK TARGET - infosec boss
US cyber-spook hub ultimate trophy for miscreants
The ability to identify common patterns in real-world attacks makes crowd-sourcing threat intelligence extremely useful, according to a study from security tools firm Imperva.
The report arrives just as a privacy row rages over the new Cyber Intelligence Sharing and Protection Act (CISPA) law in the US.
But the head of the …
Crypto guru: Don't blame users, get coders security training instead
Infosec 2013 Murdoch's infosec man adds 'arrogant' techies also 'vulnerable'
Experts on both sides of the vendor-customer divide in the UK and a US cryptographer are at odds over whether or not security training is a waste of time.
American crypto guru Bruce Schneier says the fact that "we still have trouble teaching people to wash their hands" means the dosh splurged on staff training is likely better …
8 in 10 small UK firms hacked last year - at £65k a pop: Report
Infosec 2013 Poor security practices blamed, according to gov survey
Over 80 per cent of small businesses in the UK suffered a computer security breach last year, according to new government research. And the proportion of large firms that reported attacks has reached a whopping 93 per cent.
The Department for Business, Innovation and Skills' 2013 hacking survey found that 87 per cent of small …
Firewall tech pioneer Gil Shwed: Former teen sysadmin on today's infosec biz
Feature Prince of State(ful) inspection 20 years on
Twenty years after the technology behind FireWall-1 was first developed, the teenage coding prodigy who founded Check Point says that "IT security is [still] very hot".
Shwed, 44, is the co-founder, chief exec and chairman of Check Point, whose FireWall-1 software, according to the firm, is installed at every Fortune 100 company …
Ex-LulzSec bloke to spend a YEAR in the cooler for Sony hack
And pay $600,000 to Hollywood giant. Who's laughing now?
A former LulzSec hacker has been jailed for a year for ransacking Sony Pictures Entertainment's computer systems.
Cody Kretsinger, 25, from Decatur, Illinois - better known to his fellow LulzSec cohorts as "Recursion" - was also ordered to carry out 1,000 hours of community service, and a year of home detention, following his …
Malwarebytes declares Windows 'malicious', nukes 1,000s of PCs
Biz boss apologies to the entire world
A dodgy software update for virus-killer Malwarebytes disabled thousands of PCs before a fix was issued this week.
Malwarebytes' database version v2013.04.15.12 erroneously flagged core Windows system files as malicious, resulting in unstable - and in some cases unbootable - machines. Windows system files were wrongly identified …
'Leccy-stealing, grid-crippling hackers could TAKE DOWN EV-juicing systems
Hack in the Box A computer on the street. What could possibly go wrong?
Hackers may soon starting abusing electric car charger systems to cripple the electricity grid or as part of money-making scams, a security researcher warns.
Ofer Shezaf, product manager security solutions at HP ArcSight, told delegates at the Hack in the Box conference in Amsterdam that if the industry fails to start securing …
Magic mystery malware menaces many UK machines - new claim
Who exactly is spying on thousands of Brit biz PCs?
Security researchers have found malware that communicates using an unknown protocol and is largely targeting UK businesses.
The mystery software nasty has infected thousands of machines at organisations in finance, education, telecoms and other sectors, we're told.
It initially phones home to its masters by establishing a HTTP …
Cyberthugs put YOUR PC to work as Bitcoin-mining SLAVE
E-currency just went mainstream
The recent volatility in the value of Bitcoins hasn't prevented cybercriminals from cooking up new ways to distribute malware engineered to mine the currency using compromised computers.
Security researchers at ThreatTrack Security have uncovered examples where the infamous Blackhole exploit kit is being used to distribute a …
Black hats attack popular Russian stock-trading software
Also used in Cyprus, as it happens ...
Security researchers have discovered a strain of malware that targets the QUIK stockbroking application.
The malware has been used in a string of attacks since November 2012, according to Russian security firm Group-IB. Cyber-criminals have traditionally targeted private and corporate banking accounts, using malware (such as …
Web host Linode, hackers clash over credit-card raid claim
Crooks boast of swiped privates via ColdFusion hole
Crooks claim they gained access to server hosting biz Linode's customer passwords and credit card numbers.
On Friday, Linode said someone tried to compromise one of its clients' machines, but insisted no financially sensitive information was leaked. Linode reset all account passwords as a precautionary measure. The virtual …
Sophos picks up axe again, 'plans to DECIMATE staff'
Insider says 1 in 10 face the chop - though Sophos says overall headcount to rise
Sophos plans to shed 150 jobs as part of restructuring exercise, according to a source who tipped off El Reg.
The security-software maker confirmed to The Register that cuts in some areas of its business were on the cards. But it declined to discuss the specifics of the planned redundancies; for example, it did not say which …
SWARMS of ZOMBIES unleashed on innocent bloggers
Major hack attack focused on WordPress users named, er, 'admin'
Hosting providers are reporting a major upsurge in attempts to hack into blogs and content management systems late last week, with WordPress installations bearing the brunt of the hackers' offensive.
WordPress installations across the world were hit by a brute force botnet attack, featuring attempts to hack into installations …
Ban drones taking snaps of homes, rages Google boss... That's HIS job, right?
Damn it, we're gonna need a new irony detector
Google supremo Eric Schmidt has demanded tough rules on civilians flying surveillance drones, branding the tech a threat to privacy.
The executive chairman of the internet advertising giant that snaps photos of millions of front doors worldwide is upset that cheap camera-toting aircraft can be used by anyone from terrorists to …
Under the microscope: The bug that caught PayPal with its pants down
Payment giant suffers textbook SQL injection flaw
Security researchers have published a more complete rundown of a recently patched SQL injection flaw on PayPal's website.
The Vulnerability Laboratory research team received a $3,000 reward after discovering a remote SQL injection web vulnerability in the official PayPal GP+ Web Application Service. The critical flaw, which …
Anons torn over naming 'n' shaming of 17yo's gang-rape suspects
Updated Rogue hacktivists may snub family plea for peace
Anonymous hacktivists have withdrawn threats to expose the identities of boys accused of gang raping a 17-year-old girl before her death. But rogue Anons may defy the decision and publish the information anyway.
Rehtaeh Parsons, from Dartmouth, Nova Scotia, Canada, was allegedly sexually assaulted while drunk by four lads in …
Windows 7 'security' patch knocks out PCs, knackers antivirus tools
Job done, lads. Now no one's getting infected
Windows 7 users should uninstall a security patch Microsoft issued on Tuesday because some PCs failed to restart after applying the update.
The software giant advised users of Win 7 and Windows Server 2008 R2* to roll-back a patch within MS13-036, a security update that closed two vulnerabilities in the Windows file system …
AVG: That World of Warcraft hack? RIDDLED with malware
Freebie scanner firm drapes arm 'round defenceless PC, smartphone users
A new cross-platform security product that covers desktops, smartphones and tablets is likely to be a key area of development for desktop freebie virus-scanner firm AVG during 2013.
AVG is best known for its free anti-virus scanner for Windows PCs, but over the years it has broadened its range to include more functional PC …
Check Point bakes anti-malware tech into firewall bricks
Software 'blades' whisper from scabbards. En garde
Check Point is baking in cyber-espionage defences to its enterprise firewall and gateway security products with the incorporation of sandbox-style technology.
"Threat emulation" software blades for Check Point firewalls will be available later in Q2 2013 and will add to other threat prevention layers, such as anti-virus and anti …
Malware-flinging Winnti crew has been RIPPING OFF gaming firms for YEARS
Researchers: Cyberespionage campaign still targeting vid game vendors
Security researchers have discovered an active cyber-crime campaign that targets online gaming companies worldwide.
According to Kaspersky Lab, the Winnti crew has been attacking companies in the online gaming industry since 2009, stealing digital certificates signed by legitimate software vendors in addition to intellectual …
AMI PC firmware upgrade scare: The global security meltdown that wasn't
Analysis Although someone did 'open source' its code
A computer hardware maker that leaked the source code to American Megatrends Inc's PC firmware did not reveal private keys for signing firmware updates - contrary to early reports.
The blueprints for AMI's UEFI firmware were found by a security researcher on a wide-open Taiwanese FTP server along with what appeared to be …
Malware-flingers target gullible corporate bods with office printer spam
LOL, that's not a picture of my cat
Sneaky cybercrooks are disguising links to malicious sites in spam emails posing as messages from Hewlett-Packard ScanJet printers.
The attack takes advantage of the fact corporate users often receive emailed messages from scanners and multi-function printers located in their own offices, which contain attachments of the scan …
'1337 hacker' scrawls all over careless coders' SourceForge sites
'If others did this, they might not have been so nice'
Someone claiming to be a "1337 hacker" has defaced programming projects hosted by SourceForge.net
Web pages for the network utility Angry IP Scanner and other open-source software hosted by the online coding vault were altered by the infiltrator. The individual responsible claimed the websites were "hacked" using a "backdoor", …
Half a MEELLION passwords reset after Scribd security snafu
Scribblers' YouTube claims 99% of users not dirtied
Scribd, which claims to be the world's largest online library, has been hacked - exposing the email addresses, usernames and password hashes of 500,000 users.
The document-sharing website admitted the database raid may have leaked the details of one per cent of its 50-million-plus users.
Potentially affected users have been …
Microsoft to slap 9 patches on Windows junkies on Tuesday
Nurse, prep the critical IE update and Windows Defender fix
Microsoft is lining up nine patches - two critical - as part of the April edition of its regular Patch Tuesday update cycle.
The nine bulletins due on 9 April affect all versions of Windows, some Office and Server components as well as Windows Defender on Windows 8 and RT.
The first of the two critical updates covers all …
