Crap computers in a crap box: Smart-meter blackouts risk to UK
Analysis Sniff a device's wireless, pwn a power plant, warns Brit biz
You'd be forgiven for thinking this is the plot of a Saturday night BBC2 drama: hackers tinkering with smart electricity meters deliberately cut the power to whole neighbourhoods.
But, according to a UK computer security biz, weak authentication checks and a lack of other security controls on said equipment could allow just that …
Chinese cyber-spook crew back in business, say security watchers
Who can tell the spies from the robbers?
The widely feared Chinese cyber-espionage crew known as APT1 is back in business two month after a high profile report that lifted the lid off its activities, according to security researchers.
Cyber Squared has been tracking numerous Chinese cyber espionage threat groups within ThreatConnect.com and crowd-sourcing threat …
Serial killer hack threat to gas pipes, traffic lights, power plants
Analysis 'You could shut down the electricity grid' warns security biz
Medical systems to traffic light boxes are apparently wide open to hackers thanks to a lack of authentication checks in equipment exposed to the internet.
That's according to research from security toolmaker Rapid7, which says it found plenty of essential electronics that can be freely remotely controlled via public-facing …
UK faces hacking doom, but think of the money, security startups!
Infosec 2013 Every cloud breach has a silver lining, says minister
The UK government is hit by more than 33,000 pieces of malicious email a day, ranging from casual phishing to targeted espionage attacks.
Chloe Smith, minister for political and constitutional reform at the Cabinet Office, told delegates at the Infosecurity Europe conference on Wednesday that despite this onslaught cyber …
UK.gov coughed over £2 MEELLION in data breach fines in the past year
Overall fines have TRIPLED from the previous year
The total number of self-reported* data breaches in the UK increased from 730 between March 2011 and February 2012 to 1,150 in a similar period in the year up to early March 2013. The lion's share of the fines paid out originated from the public sector.
A Freedom of Information (FOI) request to the Information Commissioner’s …
Vulns, exploits, hacks: Trusteer touts tech to terminate troubles
Infosec 2013 If I don't know what you're doing, I'll kill you
Trusteer is expanding from its speciality of providing transaction protection security to financial institutions with an enterprise-level product designed to guard against zero-day exploits and social engineering.
Unpatched application vulnerabilities in widely deployed endpoint applications (such as web browsers) can be given …
Your phone may not be spying on you now - BUT it soon will be
Infosec 2013 Smash it with a hammer now, it's the only way to be sure
Tibetan political campaigners targeted by mysterious smartphone-spying software. Eastern European governments' mobiles allegedly snooped on by state-sponsored hackers. Malware feared injected into gadgets during customs inspections.
You've seen these headlines. And according to Kaspersky Lab’s senior malware analyst Denis …
CISPA row: Slurped citizen data is ENORMO HACK TARGET - infosec boss
US cyber-spook hub ultimate trophy for miscreants
The ability to identify common patterns in real-world attacks makes crowd-sourcing threat intelligence extremely useful, according to a study from security tools firm Imperva.
The report arrives just as a privacy row rages over the new Cyber Intelligence Sharing and Protection Act (CISPA) law in the US.
But the head of the …
Crypto guru: Don't blame users, get coders security training instead
Infosec 2013 Murdoch's infosec man adds 'arrogant' techies also 'vulnerable'
Experts on both sides of the vendor-customer divide in the UK and a US cryptographer are at odds over whether or not security training is a waste of time.
American crypto guru Bruce Schneier says the fact that "we still have trouble teaching people to wash their hands" means the dosh splurged on staff training is likely better …
8 in 10 small UK firms hacked last year - at £65k a pop: Report
Infosec 2013 Poor security practices blamed, according to gov survey
Over 80 per cent of small businesses in the UK suffered a computer security breach last year, according to new government research. And the proportion of large firms that reported attacks has reached a whopping 93 per cent.
The Department for Business, Innovation and Skills' 2013 hacking survey found that 87 per cent of small …
Firewall tech pioneer Gil Shwed: Former teen sysadmin on today's infosec biz
Feature Prince of State(ful) inspection 20 years on
Twenty years after the technology behind FireWall-1 was first developed, the teenage coding prodigy who founded Check Point says that "IT security is [still] very hot".
Shwed, 44, is the co-founder, chief exec and chairman of Check Point, whose FireWall-1 software, according to the firm, is installed at every Fortune 100 company …
Ex-LulzSec bloke to spend a YEAR in the cooler for Sony hack
And pay $600,000 to Hollywood giant. Who's laughing now?
A former LulzSec hacker has been jailed for a year for ransacking Sony Pictures Entertainment's computer systems.
Cody Kretsinger, 25, from Decatur, Illinois - better known to his fellow LulzSec cohorts as "Recursion" - was also ordered to carry out 1,000 hours of community service, and a year of home detention, following his …
Malwarebytes declares Windows 'malicious', nukes 1,000s of PCs
Biz boss apologies to the entire world
A dodgy software update for virus-killer Malwarebytes disabled thousands of PCs before a fix was issued this week.
Malwarebytes' database version v2013.04.15.12 erroneously flagged core Windows system files as malicious, resulting in unstable - and in some cases unbootable - machines. Windows system files were wrongly identified …
'Leccy-stealing, grid-crippling hackers could TAKE DOWN EV-juicing systems
Hack in the Box A computer on the street. What could possibly go wrong?
Hackers may soon starting abusing electric car charger systems to cripple the electricity grid or as part of money-making scams, a security researcher warns.
Ofer Shezaf, product manager security solutions at HP ArcSight, told delegates at the Hack in the Box conference in Amsterdam that if the industry fails to start securing …
Magic mystery malware menaces many UK machines - new claim
Who exactly is spying on thousands of Brit biz PCs?
Security researchers have found malware that communicates using an unknown protocol and is largely targeting UK businesses.
The mystery software nasty has infected thousands of machines at organisations in finance, education, telecoms and other sectors, we're told.
It initially phones home to its masters by establishing a HTTP …
Cyberthugs put YOUR PC to work as Bitcoin-mining SLAVE
E-currency just went mainstream
The recent volatility in the value of Bitcoins hasn't prevented cybercriminals from cooking up new ways to distribute malware engineered to mine the currency using compromised computers.
Security researchers at ThreatTrack Security have uncovered examples where the infamous Blackhole exploit kit is being used to distribute a …
Black hats attack popular Russian stock-trading software
Also used in Cyprus, as it happens ...
Security researchers have discovered a strain of malware that targets the QUIK stockbroking application.
The malware has been used in a string of attacks since November 2012, according to Russian security firm Group-IB. Cyber-criminals have traditionally targeted private and corporate banking accounts, using malware (such as …
Web host Linode, hackers clash over credit-card raid claim
Crooks boast of swiped privates via ColdFusion hole
Crooks claim they gained access to server hosting biz Linode's customer passwords and credit card numbers.
On Friday, Linode said someone tried to compromise one of its clients' machines, but insisted no financially sensitive information was leaked. Linode reset all account passwords as a precautionary measure. The virtual …
Sophos picks up axe again, 'plans to DECIMATE staff'
Insider says 1 in 10 face the chop - though Sophos says overall headcount to rise
Sophos plans to shed 150 jobs as part of restructuring exercise, according to a source who tipped off El Reg.
The security-software maker confirmed to The Register that cuts in some areas of its business were on the cards. But it declined to discuss the specifics of the planned redundancies; for example, it did not say which …
SWARMS of ZOMBIES unleashed on innocent bloggers
Major hack attack focused on WordPress users named, er, 'admin'
Hosting providers are reporting a major upsurge in attempts to hack into blogs and content management systems late last week, with WordPress installations bearing the brunt of the hackers' offensive.
WordPress installations across the world were hit by a brute force botnet attack, featuring attempts to hack into installations …
Ban drones taking snaps of homes, rages Google boss... That's HIS job, right?
Damn it, we're gonna need a new irony detector
Google supremo Eric Schmidt has demanded tough rules on civilians flying surveillance drones, branding the tech a threat to privacy.
The executive chairman of the internet advertising giant that snaps photos of millions of front doors worldwide is upset that cheap camera-toting aircraft can be used by anyone from terrorists to …
Under the microscope: The bug that caught PayPal with its pants down
Payment giant suffers textbook SQL injection flaw
Security researchers have published a more complete rundown of a recently patched SQL injection flaw on PayPal's website.
The Vulnerability Laboratory research team received a $3,000 reward after discovering a remote SQL injection web vulnerability in the official PayPal GP+ Web Application Service. The critical flaw, which …
Anons torn over naming 'n' shaming of 17yo's gang-rape suspects
Updated Rogue hacktivists may snub family plea for peace
Anonymous hacktivists have withdrawn threats to expose the identities of boys accused of gang raping a 17-year-old girl before her death. But rogue Anons may defy the decision and publish the information anyway.
Rehtaeh Parsons, from Dartmouth, Nova Scotia, Canada, was allegedly sexually assaulted while drunk by four lads in …
Windows 7 'security' patch knocks out PCs, knackers antivirus tools
Job done, lads. Now no one's getting infected
Windows 7 users should uninstall a security patch Microsoft issued on Tuesday because some PCs failed to restart after applying the update.
The software giant advised users of Win 7 and Windows Server 2008 R2* to roll-back a patch within MS13-036, a security update that closed two vulnerabilities in the Windows file system …
AVG: That World of Warcraft hack? RIDDLED with malware
Freebie scanner firm drapes arm 'round defenceless PC, smartphone users
A new cross-platform security product that covers desktops, smartphones and tablets is likely to be a key area of development for desktop freebie virus-scanner firm AVG during 2013.
AVG is best known for its free anti-virus scanner for Windows PCs, but over the years it has broadened its range to include more functional PC …
Check Point bakes anti-malware tech into firewall bricks
Software 'blades' whisper from scabbards. En garde
Check Point is baking in cyber-espionage defences to its enterprise firewall and gateway security products with the incorporation of sandbox-style technology.
"Threat emulation" software blades for Check Point firewalls will be available later in Q2 2013 and will add to other threat prevention layers, such as anti-virus and anti …
Malware-flinging Winnti crew has been RIPPING OFF gaming firms for YEARS
Researchers: Cyberespionage campaign still targeting vid game vendors
Security researchers have discovered an active cyber-crime campaign that targets online gaming companies worldwide.
According to Kaspersky Lab, the Winnti crew has been attacking companies in the online gaming industry since 2009, stealing digital certificates signed by legitimate software vendors in addition to intellectual …
AMI PC firmware upgrade scare: The global security meltdown that wasn't
Analysis Although someone did 'open source' its code
A computer hardware maker that leaked the source code to American Megatrends Inc's PC firmware did not reveal private keys for signing firmware updates - contrary to early reports.
The blueprints for AMI's UEFI firmware were found by a security researcher on a wide-open Taiwanese FTP server along with what appeared to be …
Malware-flingers target gullible corporate bods with office printer spam
LOL, that's not a picture of my cat
Sneaky cybercrooks are disguising links to malicious sites in spam emails posing as messages from Hewlett-Packard ScanJet printers.
The attack takes advantage of the fact corporate users often receive emailed messages from scanners and multi-function printers located in their own offices, which contain attachments of the scan …
'1337 hacker' scrawls all over careless coders' SourceForge sites
'If others did this, they might not have been so nice'
Someone claiming to be a "1337 hacker" has defaced programming projects hosted by SourceForge.net
Web pages for the network utility Angry IP Scanner and other open-source software hosted by the online coding vault were altered by the infiltrator. The individual responsible claimed the websites were "hacked" using a "backdoor", …
Half a MEELLION passwords reset after Scribd security snafu
Scribblers' YouTube claims 99% of users not dirtied
Scribd, which claims to be the world's largest online library, has been hacked - exposing the email addresses, usernames and password hashes of 500,000 users.
The document-sharing website admitted the database raid may have leaked the details of one per cent of its 50-million-plus users.
Potentially affected users have been …
Microsoft to slap 9 patches on Windows junkies on Tuesday
Nurse, prep the critical IE update and Windows Defender fix
Microsoft is lining up nine patches - two critical - as part of the April edition of its regular Patch Tuesday update cycle.
The nine bulletins due on 9 April affect all versions of Windows, some Office and Server components as well as Windows Defender on Windows 8 and RT.
The first of the two critical updates covers all …
Bitcoin exchange: Greedy traders to blame for DDoS attack
Bears bearing botnets?
The soaring value of crypto-currency Bitcoin stuttered slightly last night - after a main exchange for the currency was flooded with network traffic and Bitcoin wallet site Instawallet was suspended.
Mt Gox, the most popular Bitcoin exchange, blamed an ongoing distributed denial-of-service (DDoS) attack for trading lags and …
Anonymous joins forces with arch-enemy The Jester against Norks
If you're where that Venn diagram overlaps ... question yourself
Hacktivist collective Anonymous and - unusually - some of its enemies have all turned their ire against government websites, propaganda outlets and social media profiles linked to the North Korean regime.
DDoS attacks were launched on Nork government websites and Air Koryo, the country's airline, after North Korea threatened to …
Got a Sophos Web Protection box? Make sure it's up to date
Scary vuln left keys to your kingdom up for grabs
Sophos has plugged security holes in its Web Protection Appliance that could place its customers' internet connections in the hands of eavesdroppers.
The equipment is supposed to filter out suspicious or harmful web traffic for businesses. But the flaws allowed any unauthenticated user to access sensitive configuration files in …
Advanced Persistent Threats get more advanced, persistent and threatening
What it says on the security biz tin
Organisations are getting hit with a malicious email attachment or web link designed to evade legacy defences up to once every three minutes, according to a report by security biz FireEye.
FireEye's latest advanced threat report states tech businesses are at the forefront of cyber-espionage malfeasance, with one event per minute …
Provider of FIFA goal line tech chosen, tracks ball in space and time
Strangely a German firm, not one in Qatar
Football governing body FIFA has selected goal-line technology from German firm GoalControl as its preferred option in trials ahead of the 2014 World Cup.
The GoalControl-4D system features 14 high-speed cameras around a football pitch focused on both goal mouths to help match officials determine whether or not the ball has …
Bank card-slurp nasty 'infects tills, ATMs', corrupt staff fingered
Internet hitman flogs account-snaffling malware to forgers
Audacious crooks have infected hundreds of shopping tills and cash machines with malware to swipe sensitive debit and credit card data, we're told.
Researchers at Russian security firm Group-IB said the software nasty is called Dump Memory Grabber, which targets computers running Microsoft Windows. It can swipe information about …
Zombie apocalypse survivors frozen in terror by hacker raid
The War Z's horrific hash haemorrhage
Controversial online zombie-blasting video game The War Z is on pause after hackers raided its forum and its database of players.
Publisher OP Productions has advised survivors - what it calls its 600,000 or so gamers - to change their passwords: the as-yet unidentified infiltrators of its computer systems accessed players' …
Card skimmers targeting more than ATMs, says EU
Crooks claw cash creatively, con consumers
Crooks are branching out beyond bank ATMs by installing card skimming devices on a payment terminals ranging from train ticket kiosks to parking meters, according to European anti-fraud experts.
At least five countries have logged skimming attacks against railway, bus or metro ticket machines, the European ATM Security Team ( …
Merde! Dummkopf! Google Translate used as spam cloak
Cock-doc pillmongers use tech out of Inception movie
Spammers are using Google Translate to disguise links to dodgy websites.
All sorts of internet pond life, particularly purveyors of blue pills purporting to pump blokes' performance between the sheets, are relying on the reputation of Google's language translation service to smuggle web links through mail filters. Security …
Wisconsin man cuffed over Koch-blocking DDoS attack
Lawmen respond to Anonymous attack on right-wing moneymen
A 37-year-old Wisconsin man has been charged over his alleged involvement in denial-of-service attacks against Koch Industries.
Eric J. Rosol of Black Creek, Wisconsin, has been charged with damaging a protected computer and conspiring to damage a protected computer in the February 2011 attacks. At the time of the attacks, …
BIGGEST DDoS in history FAILS to slash interweb arteries
Analysis Bombardment without collateral damage - amazing
The massive 300Gbit-a-second DDoS attack against anti-spam non-profit Spamhaus this week didn't actually break the internet's backbone, contrary to many early reports.
The largest distributed denial-of-service (DDoS) assault in history began on 18 March, and initially hit the Spamhaus website and CloudFlare, the networking biz …
MI5 undercover spies: People are falsely claiming to be us
We, of course, are not us either. We 'work at the Home Office'
British spook hive MI5 has taken the unusual step of placing a front-page warning on its website about a financial scam carried out by people pretending to be spies or the agency's director general.
The online alert was prominently posted on mi5.gov.uk, and occupies more space than the UK security threat level indicator, which …
BIGGEST DDoS ATTACK IN HISTORY hammers Spamhaus
Plucky mail scrubbers battle internet carpet bombers
Anti-spam organisation Spamhaus has recovered from possibly the largest DDoS attack in history.
A massive 300Gbps was thrown against Spamhaus' website but the anti-spam organisation was able to recover from the attack and get its core services back up and running. CloudFlare, the content delivery firm hired by Spamhaus last …
Cyberwar playbook says Stuxnet may have been 'armed attack'
Would you rather be shot, blown up, stabbed - or hacked?
The Stuxnet attack on Iran was an illegal "act of force", according to at least some of the legal experts who helped draw up a NATO-commissioned Geneva Convention-style rules of cyberwarfare document.
"Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force," and are likely to violate …
British spooks chum up with IT-related biz to battle cyber threats
Will your firm have someone in the secret London ops room?
The UK government has launched a scheme designed to promote greater information sharing on cyber threats between businesses and government.
Francis Maude, the Cabinet Office minister responsible for the UK national cyber security strategy, is due to launch the Cyber Security Information Sharing Partnership (CISP) later today ( …
GCHQ attempts to downplay amazing plaintext password blunder
IDs of all our future spooks get pwned? No big deal
Red-faced crypto and intercept intelligence agency GCHQ has admitted emailing plain text password reminders to people who register on its careers micro-site.
The issue came to light after prospective job applicant Dan Farrall blogged about his experience of receiving a plain text reminder of his GCHQ recruitment site password by …
Are you in charge of a lot of biz computers? Got Java on them?
Your ass is 94% hanging in the breeze, my friend
Java security vulnerabilities - exploited to hack Apple and Facebook this month - are rife across business computers worldwide, according to new research.
The overwhelming majority (94 per cent) of PCs and other endpoints running Java software and surveyed by Websense are vulnerable to at least one Java runtime exploit, …
Experts doubt Anonymous Mossad spy outing claims are kosher
Tinker, tailor, soldier, cobblers
Hacktivists claim to have published leaked data on more than 30,000 Israeli officials, including members of Israel's Mossad secret service agency.
The boast by members of Anonymous follows a denial of service attack against the Mossad website (www.mossad.gov.il) over the weekend as part of the ongoing #OpIsrael protest. …
