Security Twitteratti: Twitter's 2FA does sweet FA for biz
Shared accounts? #FacebookIsBetter
Security-watchers don't appear overly impressed with Twitter's introduction of two-factor authentication (2FA) to its service.
While some infosec experts welcomed the move, others argued that while it might help protect the accounts of individuals, it is ill-suited to the safeguarding of shared accounts of organisations - many …
Feds slam hacker-friendly backdoors in jalopy, grub factories
Kit easily violated by miscreants with 'minimal skill'
Security researchers have uncovered hard-coded user accounts that could act as backdoors into food, car, and agricultural production systems across the world.
The flaw, which allows attackers to launch remote exploits, was found in a pair of industrial control devices.
The security hole was found in the BL20 and BL67 …
Microsoft exposes green users' privates in web quiz snafu
Web design 101 guys, this is basic stuff
Microsoft has plugged a flaw in its Greener IT Challenge website that leaked the names and email addresses of users who took a quiz on the site.
Users who passed the quiz by demonstrating their knowledge of buying environmentally sensitive PCs, choosing minimal power use options for new computers and how to dispose of obsolete …
Tipsters exposed after South Africa's national police force hacked
Whistleblowers, crime victims laid bare by 'Anon splinter group'
The identities of more than 15,000 South Africans who reported crimes or provided tip-offs to the police have been exposed following an attack on a SAPS (South African Police Service) website.
The names and personal details of whistleblowers and crime victims were lifted from www.saps.gov.za and uploaded to a bullet-proof …
New York cop in alleged love-polyhedron email hack spree
Veteran plod 'blew $4k on romanta-rival logins'
A New York detective allegedly hired hackers to spy on 19 fellow cops and at least 11 others - apparently in a bid to discover if any of them were sleeping with his ex.
Edwin Vargas, a 42-year-old Bronx investigator, is accused of spending $4,050 on an email-hacking service to obtain the usernames and passwords for 43 message …
China's exposed crack cyberspy crew dumps 'most' of its kit
APT1 team 'retooling' as they lick their wounds - report
The infamous APT1 cyberespionage crew is diminished but not defeated following its public exposure three months ago.
Mandiant, the cyber security intelligence firm that d0xed APT1, detailing its tools and tactics as well as its affiliation to a Chinese People's Liberation Army unit, has published a follow-up report this week …
Footy lovers hit in Wembley playoff card snatch scam
Man on - in the middle, claims club
Provider Ticket Zone is continuing a joint investigation with Brentford Football Club after it emerged that card details used to buy tickets for the League One playoff final last weekend were subsequently used for fraudulent purchases.
Yeovil beat Brentford 2-1 to reach The Championship on Sunday, piling on further misery for …
Blue Coat gobbles CCTV-for-network-traffic maker Solera
Packet inspector to aisle two, please
Web security outfit Blue Coat Systems is buying Big Data security, intelligence and analytics firm Solera Networks.
Solera's DeepSee platform offers security analytics and forensic capabilities to help defend against advanced persistent threats (APTs) and targeted malware attacks. Solera has created a type of CCTV system for …
Camby cash crypto-coders Cronto chomped on pronto by Vasco
Anti-banking-malware Brit biz gobbled in £15m deal
Swiss software firm Vasco has bought Cambridge-based banking security specialist Cronto in a deal valued at up to £14.5m.
Vasco will pay $19.3m (€15m, £12.7m), and a further $2.6m (€2m, £1.8m) depending on future earnings, to get its hands on the British upstart's malware-defeating technology. Its software attempts to shield …
Syrian hacktivists hijack Telegraph's Facebook, Twitter accounts
Updated Why social media needs 2-factor authentication... part VIII
Twitter accounts run by the Daily Telegraph were hijacked by pro-Assad hacktivists from the Syrian Electronic Army briefly on Monday evening.
The UK broadsheet's Facebook account was also purloined by group in the latest in a growing line of similar attacks against high-profile media outlets including the FT, The Guardian, …
A backdoor into Skype for the Feds? You're joking...
Gov-enhanced hacking capability is bad, says PGP dude
Heavyweights of the cryptographic world have lined up behind a campaign against proposed US wiretapping laws that could require IT vendors to place new backdoors in digital communications services.
Technical details are vague at present, but the planned law could mandate putting wiretap capabilities in endpoints to cover …
'Lab-smashing' Stuxnet HELPED Iran's nuke effort, says brainiac
'No, it didn't' says former Foreign Secretary
The Stuxnet worm may have actually pushed forward Iran's controversial nuclear programme over the long term.
That's according to a report published by the Royal United Services Institute, an influential defence think tank in the UK.
The infamous worm infected systems at Iran's uranium enrichment facility at Natanz in 2009 and …
Securo-boffins uncover new GLOBAL cyber-espionage operation
Two-pronged attack hits victims in 100 countries
Government ministries, technology firms, media outlets, academic research institutions and non-governmental organisations have all fallen victim to an ongoing cyberespionage operation with tendrils all over the world, according to researchers.
Infosec researchers have uncovered SafeNet in as many as 100 countries.
SafeNet …
Gay marriage? We'll put a stop to that 'human BUG', says Nintendo
Sayōnara, Mr and Mr Robotto
A bug that permitted same-sex marriage in a Nintendo game was a mistake by the developer rather than a victory for equality, we're told.
Gamers playing Tomodachi Collection: New Life - the latest version of The Sims-like role-playing game for the 3DS handheld - noticed they had the option of allowing male characters to marry and …
Breaking news, LITERALLY: Financial Times vandalized by hackers
Stiff Pink 'Un left swinging in the wind
The Financial Times website and its Twitter accounts were this afternoon hijacked by pro-government hackers from the "Syrian Electronic Army".
The posh broadsheet's Tech Blog - at http://blogs.FT.com/beyond-brics - was compromised to run stories headlined "Syrian Electronic Army Was Here" and "Hacked by the Syrian Electronic …
Who is the mystery sixth member of LulzSec?
Analysis And, hang on, what happened to all the loot...
Thursday's sentencing of three core members of hacktivist crew LulzSec and an accomplice hacker who gave them access to a botnet closes an important chapter in the history of activism. But it also leaves a number of questions unanswered.
One of the most interesting of these puzzlers is the identity of the mysterious sixth member …
Trying to kill undead Pushdo zombies? Hard luck, Trojan is EVOLVING
Malware remains undead, adds double-sneaky stealth mode
The crooks behind the Pushdo botnet agent have developed variants of the malware that are more resistant to take-down attempts or hijacking by rival hackers.
Dell SecureWorks and Damballa warned (PDF) on Wednesday that the latest variant of Pushdo comes packed with a fallback mechanism for cases where zombie clients are unable …
British LulzSec hackers hear jail doors slam shut for years
'Latter day pirates' cop hefty servings of porridge
Three British members of the notorious LulzSec hacktivist crew and a hacker affiliate were sentenced today for a series of attacks against targets including Sony, News International, the CIA and the UK's Serious Organised Crime Agency. The youngest of the four accused avoided jail with a suspended sentence while the other three …
Alleged CIA spook cuffed by Russians: US Gmail 'spycraft' revealed
Cloak and blather, sniffs ex-FBI bod
A US diplomat accused of attempting to recruit a Russian security services staffer as a double agent used a comical "spy arsenal" of equipment, it is claimed.
Ryan Fogle - third secretary of the political department of the US Embassy in Moscow - was allegedly caught redhanded by Russia's counterintelligence agency, the FSB, with …
All aboard the patch wagon! Next stop: Microsoft, Adobe, Mozilla
Come on, those security bugs won't fix themselves
Today, right on schedule, Microsoft's monthly security patch bandwagon rolled into town with updates for Internet Explorer, Office and Windows - with Adobe bringing up the rear.
This latest instalment of Patch Tuesday addresses 33 bugs in a range of Redmond software, as revealed late last week. The flaws have been grouped into …
McAfee all-in-one security suite covers PCs, tablets, and smartphones
Put your passport and ID docs in the cloud
McAfee has launched an all-in-one cross-platform security suite for consumers that incorporates online storage through biometric authentication as well as a host of other security technologies. Equally importantly, the Intel security division is trying to shake up the way security software is sold to consumers.
The McAfee …
Marlinspike: Saudi mobe network tried to recruit me to sniff citizens' privates
Gov plans to probe tweets, chat, claims crypto guru
Claims that a Saudi mobile network is attempting to spy on citizens emerged after the telco apparently tried to recruit top cryptographer Moxie Marlinspike - who promptly went public.
The cryptography expert and former hacker, who left Twitter's security team in January, said he had been asked to help Mobily in its state-backed …
Frenchie bean-counters sweet-talked into slipping on Trojans
Ne touchez pas à ce téléphone, mon ami!
Crooks hoping to empty company bank accounts are calling up the firms' bean-counters to chase invoices packed with hidden malware.
Finance staff are tricked into opening the booby-trapped messages in phone calls from con men, who claim to have emailed in legit paperwork that needs urgent attention. The documents instead include …
'WikiLeaks of financial data' prompts worldwide hunt for tax evaders
'We’re coming after you' - taxman warns
A cache of data amounting to a whopping 400 gigabytes of information leaked by bank insiders has triggered an offshore tax evasion investigation across the United States, the UK and Australia.
Tax authorities in the the three countries are examining the leaked data, which reveals the complex offshore vehicles used to stash …
Bloomberg blocks its hacks from snooping on financial terminals
Get your stories the old-fashioned way, you lot
Bloomberg has blocked its journalists from eavesdropping on users of its financial data terminals after it emerged that reporters were obtaining stories through their snooping.
Financial services firms, including merchant banks, pay about $20,000 a year to rent each Bloomberg terminal. Thousands of traders in stock exchanges …
MI5 spymasters axe intel database upgrade, pour '£90m' down drain
Double-oh-eight-figure-failure
MI5 has reportedly abandoned a planned £90m upgrade to an intelligence database after the delayed IT project failed to meet its requirements.
The record management system was supposed to be up to speed in time last year to tackle the threat of a terrorist attack on the London Olympics. Designed to collect intelligence data and …
The great $45m bank cyber-heist: Seven New Yorkers cuffed
Gang accused of turning gift cards into debit cards
Crooks allegedly stole $45m in hours from ATMs after hacking into a database of prepaid debit cards.
The gang created counterfeit cards using the data swiped from two Middle Eastern banks, investigators claim, and emptied the compromised accounts of greenbacks as quickly as possible – thus minimising the possibility that the …
Techies at The Onion: Here's how Syrian Electronic Army hacked our Twitter
New password: OnionMan77
Techies at satirical news outfit The Onion have posted an informative explanation about how pro-Assad hacktivists from the Syrian Electronic Army hijacked their official Twitter account on Monday.
Previously the Syrian Electronic Army (SEA) has shanghaied its way into the official Twitter feeds of AP and the Guardian, using the …
Enjoy the weekend, sysadmins: Next Tues fixes 33 Microsoft bugs
Including IE8 remote code execution hole that pwned US nuke lab
Microsoft has promised to fix a high-profile vulnerability in Internet Explorer 8, among other holes, in this month's Patch Tuesday rollout of security updates.
In all, next week's bucket of upgrades will address 33 bugs in a range of Redmond software. The flaws have been grouped into 10 sets of holes: two marked critical and …
German govt DUMPS 170 NEW PCs riddled with Conficker
Got €57,000 to spare? Natürlich
The German education ministry has binned new computers infected by the infamous Conficker worm - and bought replacements - rather than attempting to disinfect the machines.
It emerged this week that a grand total of 170 PCs and servers at German teacher training institutes in Schwerin, Rostock and Greifswald were dumped soon …
Alleged SpyEye big fish hauled in for US trial
Suspected banking botmaster extradited from Thailand
Alleged SpyEye kingpin Hamza Bendelladj now faces a 23-count computer hacking and fraud indictment following his extradition from Thailand to the US last week.
Bendelladj, a 24-year-old Algerian national, is suspected by the FBI of making millions from selling the SpyEye banking Trojan toolkit to cybercrooks through various …
Microsoft plasters IE8 hole abused in nuke lab PC meltdown
Security stopgap follows shock US boffinry attack
Microsoft has issued a temporary fix for a high-profile Internet Explorer 8 vulnerability. This is the bug linked to recent targeted attacks against web pages accessed by nuclear weapons research teams at the US Department of Labor website.
The Fix It, released late on Wednesday, is designed to offer a temporary block against …
Crap computers in a crap box: Smart-meter blackouts risk to UK
Analysis Sniff a device's wireless, pwn a power plant, warns Brit biz
You'd be forgiven for thinking this is the plot of a Saturday night BBC2 drama: hackers tinkering with smart electricity meters deliberately cut the power to whole neighbourhoods.
But, according to a UK computer security biz, weak authentication checks and a lack of other security controls on said equipment could allow just that …
Chinese cyber-spook crew back in business, say security watchers
Who can tell the spies from the robbers?
The widely feared Chinese cyber-espionage crew known as APT1 is back in business two month after a high profile report that lifted the lid off its activities, according to security researchers.
Cyber Squared has been tracking numerous Chinese cyber espionage threat groups within ThreatConnect.com and crowd-sourcing threat …
Serial killer hack threat to gas pipes, traffic lights, power plants
Analysis 'You could shut down the electricity grid' warns security biz
Medical systems to traffic light boxes are apparently wide open to hackers thanks to a lack of authentication checks in equipment exposed to the internet.
That's according to research from security toolmaker Rapid7, which says it found plenty of essential electronics that can be freely remotely controlled via public-facing …
UK faces hacking doom, but think of the money, security startups!
Infosec 2013 Every cloud breach has a silver lining, says minister
The UK government is hit by more than 33,000 pieces of malicious email a day, ranging from casual phishing to targeted espionage attacks.
Chloe Smith, minister for political and constitutional reform at the Cabinet Office, told delegates at the Infosecurity Europe conference on Wednesday that despite this onslaught cyber …
UK.gov coughed over £2 MEELLION in data breach fines in the past year
Overall fines have TRIPLED from the previous year
The total number of self-reported* data breaches in the UK increased from 730 between March 2011 and February 2012 to 1,150 in a similar period in the year up to early March 2013. The lion's share of the fines paid out originated from the public sector.
A Freedom of Information (FOI) request to the Information Commissioner’s …
Vulns, exploits, hacks: Trusteer touts tech to terminate troubles
Infosec 2013 If I don't know what you're doing, I'll kill you
Trusteer is expanding from its speciality of providing transaction protection security to financial institutions with an enterprise-level product designed to guard against zero-day exploits and social engineering.
Unpatched application vulnerabilities in widely deployed endpoint applications (such as web browsers) can be given …
Your phone may not be spying on you now - BUT it soon will be
Infosec 2013 Smash it with a hammer now, it's the only way to be sure
Tibetan political campaigners targeted by mysterious smartphone-spying software. Eastern European governments' mobiles allegedly snooped on by state-sponsored hackers. Malware feared injected into gadgets during customs inspections.
You've seen these headlines. And according to Kaspersky Lab’s senior malware analyst Denis …
CISPA row: Slurped citizen data is ENORMO HACK TARGET - infosec boss
US cyber-spook hub ultimate trophy for miscreants
The ability to identify common patterns in real-world attacks makes crowd-sourcing threat intelligence extremely useful, according to a study from security tools firm Imperva.
The report arrives just as a privacy row rages over the new Cyber Intelligence Sharing and Protection Act (CISPA) law in the US.
But the head of the …
Crypto guru: Don't blame users, get coders security training instead
Infosec 2013 Murdoch's infosec man adds 'arrogant' techies also 'vulnerable'
Experts on both sides of the vendor-customer divide in the UK and a US cryptographer are at odds over whether or not security training is a waste of time.
American crypto guru Bruce Schneier says the fact that "we still have trouble teaching people to wash their hands" means the dosh splurged on staff training is likely better …
8 in 10 small UK firms hacked last year - at £65k a pop: Report
Infosec 2013 Poor security practices blamed, according to gov survey
Over 80 per cent of small businesses in the UK suffered a computer security breach last year, according to new government research. And the proportion of large firms that reported attacks has reached a whopping 93 per cent.
The Department for Business, Innovation and Skills' 2013 hacking survey found that 87 per cent of small …
Firewall tech pioneer Gil Shwed: Former teen sysadmin on today's infosec biz
Feature Prince of State(ful) inspection 20 years on
Twenty years after the technology behind FireWall-1 was first developed, the teenage coding prodigy who founded Check Point says that "IT security is [still] very hot".
Shwed, 44, is the co-founder, chief exec and chairman of Check Point, whose FireWall-1 software, according to the firm, is installed at every Fortune 100 company …
Ex-LulzSec bloke to spend a YEAR in the cooler for Sony hack
And pay $600,000 to Hollywood giant. Who's laughing now?
A former LulzSec hacker has been jailed for a year for ransacking Sony Pictures Entertainment's computer systems.
Cody Kretsinger, 25, from Decatur, Illinois - better known to his fellow LulzSec cohorts as "Recursion" - was also ordered to carry out 1,000 hours of community service, and a year of home detention, following his …
Malwarebytes declares Windows 'malicious', nukes 1,000s of PCs
Biz boss apologies to the entire world
A dodgy software update for virus-killer Malwarebytes disabled thousands of PCs before a fix was issued this week.
Malwarebytes' database version v2013.04.15.12 erroneously flagged core Windows system files as malicious, resulting in unstable - and in some cases unbootable - machines. Windows system files were wrongly identified …
'Leccy-stealing, grid-crippling hackers could TAKE DOWN EV-juicing systems
Hack in the Box A computer on the street. What could possibly go wrong?
Hackers may soon starting abusing electric car charger systems to cripple the electricity grid or as part of money-making scams, a security researcher warns.
Ofer Shezaf, product manager security solutions at HP ArcSight, told delegates at the Hack in the Box conference in Amsterdam that if the industry fails to start securing …
Magic mystery malware menaces many UK machines - new claim
Who exactly is spying on thousands of Brit biz PCs?
Security researchers have found malware that communicates using an unknown protocol and is largely targeting UK businesses.
The mystery software nasty has infected thousands of machines at organisations in finance, education, telecoms and other sectors, we're told.
It initially phones home to its masters by establishing a HTTP …
Cyberthugs put YOUR PC to work as Bitcoin-mining SLAVE
E-currency just went mainstream
The recent volatility in the value of Bitcoins hasn't prevented cybercriminals from cooking up new ways to distribute malware engineered to mine the currency using compromised computers.
Security researchers at ThreatTrack Security have uncovered examples where the infamous Blackhole exploit kit is being used to distribute a …
Black hats attack popular Russian stock-trading software
Also used in Cyprus, as it happens ...
Security researchers have discovered a strain of malware that targets the QUIK stockbroking application.
The malware has been used in a string of attacks since November 2012, according to Russian security firm Group-IB. Cyber-criminals have traditionally targeted private and corporate banking accounts, using malware (such as …
Web host Linode, hackers clash over credit-card raid claim
Crooks boast of swiped privates via ColdFusion hole
Crooks claim they gained access to server hosting biz Linode's customer passwords and credit card numbers.
On Friday, Linode said someone tried to compromise one of its clients' machines, but insisted no financially sensitive information was leaked. Linode reset all account passwords as a precautionary measure. The virtual …
