Fortinet nabs wily Coyote and its slice of security appliance cake
Or perhaps we mean pie. Made of meaty customers, anyway
Network security firm Fortinet has agreed to to acquire application delivery, load balancing and acceleration firm Coyote Point Systems. Financial terms of the deal, structured as a merged and announced on Friday, were not disclosed.
Fortinet is best known for its Unified Threat Management all-in-one security appliances, which …
Whoops! Tiny bug in NetBSD 6.0 code ruins SSH crypto keys
'Random numbers are too important to be left to chance'
The brains behind NetBSD have warned a bug in the open-source OS creates weak cryptographic keys that can be cracked by attackers. Users attempting to secure sensitive communications, such as SSH terminal connections, using the dodgy keys could be easily snooped on and their data decrypted.
The use of a cryptographically flawed …
No Skype traffic released to cops or spooks, insists Microsoft
Analysis The numbers on Redmond's plod-spy squealing dealings
Microsoft's Skype subsidiary didn't hand over any user content to law enforcement, according to the software giant's first ever report on how it deals with official requests for data.
As previously reported), Microsoft's transparency report revealed that Redmond received 75,378 requests from law enforcement agencies worldwide …
South Korea data-wipe malware spread by patching system
Long dark teatime in Seoul saga continues to unfold
South Korea's data wiping malware that knocked out PCs at TV stations and banks earlier this week may have been introduced through compromised corporate patching systems.
Several South Korean financial institutions - Shinhan Bank, Nonghyup Bank and Jeju Bank - and TV broadcaster networks were impacted by a destructive virus ( …
Maybe don't install that groovy pirated Android keyboard
It could be loggin' your login, warn experts
A mobile software developer has turned an popular third party Android mobile keyboard called SwiftKey into a counterfeit package loaded with a trojan as a warning about the perils of using pirated or cracked apps from back-street app stores.
Georgie Casey, who runs a popular Android app-development blog in Ireland, created a …
Apple debuts two-step verification for Apple IDs
Something you know, and something you ought to lock in a cupboard
Apple is now offering two-factor authentication to Apple ID users.
The move, which follows similar moves by Google, will make it far harder for hackers to steal Apple ID login credentials. These credentials are important because they are used in conjunction with iCloud to store content, and in downloading apps from the App Store …
Adware-flinging Yontoo yahoos target Mac users: You like trailers, right fanboi?
Browser add-on threat bites Apple boxes
Miscreants are coining it by infecting fanbois beloved Apple boxes with a well-known ad-injecting Trojan previously only found on Windows machines.
Trojan.Yontoo.1, the specially crafted Mac OS X version, penetrates computers running OS X by offering what purports to be a browser plugin necessary to view content, but is actually …
Experts finger disk-wiping badness used in S Korea megahack
The long, dark teatime of the Seoul
Antivirus firms have identified the main malware behind a major internet attack that hit corporate computer networks in South Korea on Wednesday afternoon. However the source and motives behind the attack remain a mystery. Researchers have dubbed it DarkSeoul.
Computer networks at three South Korean TV stations and at least two …
TeamSpy snooped on governments, big biz undetected for 10 years
Experts lift lid on hacking crew
Computer security researchers say they have uncovered a decade-long espionage campaign against governments, businesses and human-rights activists in Eastern Europe and beyond.
We're told the spying operation was partially pulled off by subverting TeamViewer - a legitimate tool for remotely controlling computers and holding …
Syrian hacktivists hijack BBC Weather feed
Hang on, so should I put the washing up or not?
Syrian hacktivists took over the BBC Weather Twitter account on Thursday afternoon.
Instead of getting the usual updates such as "partly cloudy over the British Isles with a chance of rain later" the 60,000 followers of the @BBCWeather account on Twitter were confronted with a series of bizarre messages. These updates included …
Cyberspies send ZOMBIES to steal DRUGS from medical research firms
They're flinging RATs at us too, say US spooks
Cyber-espionage crews have been targeting the lucrative medical and life science industries using custom malware and spear-phishing, according to new research.
According to a current US counterintelligence report which it delivered to US Congress, healthcare services and medical equipment are expected to be two of the five …
UK bloke collared at home by bank-raid Trojan probe cops
Brit cyber-plod on the case of software nasty's masters
A 36-year-old from South Croydon, London, has been arrested by cops investigating allegations of fraud involving the bank-account-raiding Tilon Trojan.
The as-yet-unnamed man is suspected of conspiring to defraud and breaking drug laws. He was collared by officers from the Police Central eCrime Unit (PCeU) and the Serious …
South Korean TV and banks paralysed in disk-wipe cyber-blitz
Too early to blame network meltdown on Norks
Banks and TV stations in South Korea have been hit by a debilitating attack on their computer networks.
Three financial institutions - Shinhan, Nonghyup and Jeju - and two insurance firms as well as broadcasters KBS, MBC and YTN have either been partially or completely crippled by malware, it appears, according to South Korean …
SCADA honeypots attract swarm of international hackers
'Industrial control systems' faced attacks from US, China...and, er, Laos
Vulnerable internet-facing industrial systems controlling crucial equipment used by power plants, airports, factories and other critical systems are subjected to sustained attacks within hours of appearing online, according to new honeypot-based research by Trend Micro.
The security weaknesses of SCADA (supervisory control and …
Dear gov cyber-ninjas, try NOT to KILL PEOPLE. Love from the lawyers
Stick nuke plants and hospitals on no-go list too - war manual
A NATO-backed manual that attempts to pull together all the bits of international law regarding the "hostile use" of the internet has prohibited attacks against civilian targets.
According to the legal experts who helped draw up the manual, attacks in cyberspace should avoid anything that might affect civilian targets such as …
Chameleon botnet grabbed $6m A MONTH from online ad-slingers
Click fraudster bot fingered after analysts crack its signature
A web analytics firm has sniffed out a botnet that was raking in $6m a month from online advertisers.
The so-called Chameleon botnet mimicked human visitors on select websites, causing billions of display ad impressions to be served to compromised machines. As many as 120,000 infected drones have been discovered so far. Almost …
Doxer who? Toxic site drops offline after exposing Paris Hilton's privates
Major US credit agency Equifax confirms fraud
A rogue website that published the financial details on US celebs, politicians and other public figures was taken offline over the weekend - but not before it published the supposed credit reports of Bill Gates and CIA Director John Brennan. Meanwhile, all three of the major US credit agencies confirmed that fraudulent activity …
HTTPS cookie crypto CRUMBLES AGAIN in hands of stats boffins
Keep calm and carry on ciphering with RC4 - for now
Fresh cryptographic weaknesses have been found in the technology used by Google and other internet giants to encrypt online shopping, banking and web browsing.
The attack, developed by security researchers at Royal Holloway, University of London and University of Illinois at Chicago, targets weaknesses in the ageing but popular …
MIT crypto pioneers scoop Turing Award
Nobel Prize of computing goes to Goldwasser and Micali
Two professors from MIT have won the Turing Award for their pioneering cryptography work.
Shafi Goldwasser, the RSA Professor of Electrical Engineering and Computer Science at MIT and a professor at Israel's Weizmann Institute of Science, and Silvio Micali, the MIT Ford Professor of Engineering, secured the award for " …
UK cops, boffins to crack out war plan against cyber-crims
Shock find: Hackers not just title of an Angelina Jolie flick
UK ministers have discovered that computer hacking is no longer the preserve of awkward teens tapping away in their bedrooms - and will now wage war on gangs raiding Brits' online accounts.
The government has formed a new Cyber Crime Reduction Partnership to bring together top cops, security experts and boffins to come up with …
Watch out, office bods: A backdoor daemon lurks in HP LaserJets
Aah, telnet. We meet again
A range of HP LaserJet printers suffer a security flaw that can leak data and passwords, the US Computer Emergency Response Team (CERT) warns. Users have been told to apply the firmware patches issued by HP that resolve the issue.
HP says the security risk arose after it was discovered that several models of HP LaserJets feature …
Who's riddling Windows PCs with gaping holes? It's your crApps
New study: Microsoft slashes bugs, Java and Adobe bring up the rear
Nearly nine out of ten security vulnerabilities in Windows computers last year were the fault of popular third-party applications, as opposed to Microsoft's own software.
That's according to security biz Secunia, which analysed flaws found in the most-used 50 Windows programs - 29 from Microsoft (including its operating system …
We shall CRUSH you, puny ROBOT... with CHESS
Zugzwang, overlords: Chess puzzle acts as CAPTCHA
An online forum is using chess puzzles as CAPTCHAs rather than the more traditional challenge-response tests which ask the user to identify distorted text.
The CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a way for a website or online service to establish that a human has come calling …
Bromium launches security-through-virtualisation tech in the UK
Xen dads' spookware uses VM swarms to isolate foulness
Bromium has arrived as a sales force in the UK market with its strategy for making desktop computers secure using virtualisation technology.
The firm, which already employs a R&D/engineering team in Cambridge, has now added sales and support operations for the UK and wider European market. It's also looking to recruit channel …
Black Tuesday patchfest: A lot of digits plug security dykes
Adobe joins Redmond in game of vuln Twister
Microsoft carried out a fairly comprehensive spring cleaning of vulnerabilities on Tuesday, fixing 20 vulnerabilities with seven bulletins, four of which are rated critical.
Heading the critical list is an update for Internet Explorer (MS13-021) that tackles nine vulnerabilities, including a zero-day vulnerability in IE 8.
" …
PayPal privates exposed after breach on SECURITY shop
Aghast Avast: It was a reseller, not us
Antivirus firm Avast has said that it was not responsible for a breach on a website of a German reseller selling its security products that resulted in the apparent leak of the payment details of thousands of consumers over the weekend.
Turkish hacker Maxn3y defaced avadas.de on Saturday (archive here) before dumping what the …
Oops, they did it again? Britney Spears, Paris Hilton 'LAID BARE ALL OVER THE WEB'
FBI boss, Beyonce and Sarah Palin also in toxic doxing
A rogue website has leaked what's claimed to be the detailed financial records of US celebs, politicians and other public figures.
The site has published the alleged financial lowdown on US first lady Michelle Obama, blowhard Donald Trump, Arnold Schwarzenegger and both Paris Hilton and Britney Spears, among many others. Vice …
Hitachi and Siemens data-stalking firm not bugged by security bods' report
IT monitoring outfit should be more bovvered, claims infosec firm
An open-source IT monitoring software firm has clashed with a security consultancy over the seriousness of a security bug in its technology.
GroundWork's technology provides a platform for IT operations management (network, system, application, and cloud monitoring) that is used by customers including Hitachi Data Systems, the …
Tripwire buys nCircle
Squaring the circle
IT security firm Tripwire has agreed to acquire vulnerability management specialists nCircle. Terms of the deal, announced Monday, were undisclosed.
Combining forces will allow the development of technologies that will enable senior security officers to make risk-based security decisions that align with business priorities and …
Apple finally flips switch on HTTPS by default in App Store
Left mobile devices open to man-in-the-middle attacks for MONTHS
Apple has finally enabled secure App Store logins for mobile users, months after the issue was first reported to the consumer electronics giant.
Google researcher Elie Bursztein noticed that Apple's App Store protocols weren't secure back in July 2012, when he reported the issue to Cupertino. The App Store iOS app was running …
New UK cyber-champ: Chemist's winning formula cracks 'F1 race hack'
Updated Free radical beats year-long security challenge
A 28-year-old chemist is the new UK Cyber Security Champion after triumphing in a year-long competition that tested computer defence skills.
Stephen Miller, from Hertfordshire, beat thousands of other hopefuls after competing in several online and face-to-face heats. Miller, who works as a lab team manager at a major …
Yahoo! webmail! hijacks! are! back!...
Didn't! they! fix! that?!
Yahoo! has blamed cross-site scripting security bugs, which it claims to have squashed, for a recent upsurge in webmail account takeovers.
Over the last few days several Reg readers have been in touch to complain that their Yahoo! webmail accounts have been hijacked or to point us towards complaints on various support forums …
Leaked: The 'secret OAuth app keys' to Twitter's VIP lounge
Rogue apps could pose as micro-blogging site's Very Important Programs
Twitter's private OAuth login keys, used by the website's official applications to get preferential treatment from the micro-blogging site, have apparently been leaked. The secret credentials could now allow any software to masquerade as an approved Twitter client.
A set of key pairs uploaded to Github are supposedly used by …
Microsoft preps UPDATE EVERYTHING patch batch
Latest turn of the Hamster Wheel of Pain
Microsoft plans to deliver seven bulletins next week, four critical, and three important, as part of the March edition of its regular Patch Tuesday update cycle.
The most troublesome of the critical vulnerabilities carries a remote code execution risk and affects every version of Windows - from XP SP3 up to Windows 8 and Windows …
Malware devs offer $100 a pop for 'active' Google Play accounts
Underground market is full of Android wrongness
Virus writers are paying top dollar for access to "active" Google Play accounts to help them spread mobile malware across the Android ecosystem.
Google charges $25 to Android developers who wish to sell their wares through the Google Play marketplace but a denizen of an underground cybercrime forum is offering to purchase these …
Single IPv6 packet KILLS Kaspersky-protected PCs, fix emerges
Windows PCs frozen to death by firewall bug
Kaspersky Lab has fixed a bug that could freeze PCs with Kaspersky Internet Security 2013 installed if they received a specially malformed IPv6 packet.
Earlier this week infosec bod Marc Heuse reported that sending a fragmented IPv6 network packet with multiple extension headers, one of which is unusually long, to a Windows …
USA is the best country in the WORLD... for sending spam
Floats to top of Dirty Dozen - the junkmail conduit sh*t list
The US has reclaimed its position as the world's leading spam-relaying country, but you'd be wasting your time looking for junkmail crimelords...
In the last three months, almost one-fifth (18.3 per cent) of all global spam has been pushed through computers in the US, according to figures from anti-virus firm Sophos.
However, …
LinkedIn password hack sueball kicked to the kerb by judge
Leaked hashes not an automatic threat of identity theft
A class-action lawsuit launched against LinkedIn after hackers leaked the website's user passwords has been dismissed before reaching trial.
Northern California US District Judge Edward Davila ruled that two premium-account holders had been unable to demonstrate they suffered any actual harm as a result of the 2012 hack, which …
Malware-flingers can pwn your mobile with OVER-THE-AIR updates
German Fed-sponsored boffins: They have ways of hearing you talk
Vulnerabilities in the baseband processors of a wide range of mobile phones may allow attackers to inject malicious code, monitor calls, and extract confidential data stored on the device, according to recent research from mobile security experts. However, according to El Reg's mobile correspondent, Bill Ray, this would be …
'Million-strong' zombie army devours Raspberry Pi's crunchy base
Brit charity joins banks, gambling dens targeted by DDoS barons
The charity behind the tiny Brit computer Raspberry Pi apparently came under fire from a million-strong botnet army last night. Zombie machines were instructed by unknown assailants to launch a massive denial-of-service attack on the Raspberry Pi Foundation's website.
The organisation warned the world that its online home was …
PC World ordered to rip up promo for next-day repair promise
Watchdog bans blurb after bloke's PC troubles
PC World has been ordered by the UK ads watchdog to pull claims it offers a next-day collection service for repairs under its Care Plan Premier warranty.
Pcworld.co.uk boasted that the biz would pick up a customer's dicky gear the following day if the punter called before 3pm and had shelled out for the aforementioned warranty. …
Bank whips out palm-recognition kit - and a severed hand won't work
New payment system to tackle identity fraud
Italian banking group UniCredit has developed a commercial biometric payment system based on Fujitsu PalmSecure palm vein reader technology.
UniCredit selected palm vein reader technology instead of more widely touted biometric technologies, such as fingerprint readers and retina scanners, to underpin a prototype mobile payment …
Google blats bugs in Chrome - days before $560k hacking contest
Pwn2Own 2013 Ads giant stumps up cash, then raises the bar
Google patched 10 security vulnerabilities in its web browser Chrome on Monday - two days before the start of Pwn2Own, the annual hacking contest in which experts race to compromise software to win prizes.
The latest update fixes flaws in Chrome's Windows and Linux builds. Six of the 10 holes addressed are rated as "high" risk, …
Cyber-007 MiniDuke stalked Europe for at least 21 MONTHS
Espionage malware addicted to Twitter since 2011
MiniDuke, the recently discovered cyber-spy malware aimed at governments and their agencies in Europe and elsewhere, has been operating for at least 21 months.
A sample of the software nasty, discovered by researchers at Romanian antivirus firm Bitdefender, dates back to at least 20 June, 2011. Later variants of the spying tool …
Wannabe infosec kiddies put Enigma Bombe machine to the test
Shove off, Simon Cowell. This is the X Plus Why? Factor
GCHQ historians will this month put the team that rebuilt the British code-cracking Bombe machine to the test in a third Enigma Challenge.
The Bombe squad will race against time to break Enigma-encoded messages sent by members of the public and GCHQ’s Historical Section. The exercise is due to take place at The Big Bang Fair, a …
Banged-up Brit hacker hacks into his OWN PRISON'S 'MAINFRAME'
Packet lag signed up for IT classes in the clink
A UK hacker behind bars for computer fraud hacked into his prison's computer system during an IT lesson.
Nicholas Webber, 21, of Southsea, Hampshire, was able to access the network after being allowed to join the jail's technology classes.
Webber was sent down for five years in May 2011 for masterminding the infamous …
WHY would survey-slingers give YOU a free $1,500 Google Glass?
34bangbang_fun@imail.ru wants sir/madam as a beta tester. Oh ok, carry on then
Credulous punters' desire to get their hands on Google's new Project Glass head-mounted display is already being used against them by cyberscammers.
The Chocolate Factory's augmented reality glasses may be still at the prototype stage, but cybercrooks have latched onto the recent release of a demo video with their own cyber- …
Need an army of killer zombies? Yours for just $25 per 1,000 PCs
Bring out your dead - there's a price per botnet head
As little as $25 will buy you access to a thousand malware-infected PCs, neatly packaged as a botnet army to control or spy on. That's according to a security researcher studying underground souks of zombie computers.
But the prices increase steeply for the more discerning crook who only wants to use compromised machines in …
New class of industrial-scale super-phishing emails threatens biz
Bulk messages are highly targeted and able to slip past defences
Security watchers are warning of a surge of highly convincing spear-phishing emails sent in bulk.
More than one in 10 recipients of these so-called longlining* messages click on links to compromised websites because the phishing email look utterly plausible, according to cloud-based security services firm Proofpoint.
The …
Bank Muscat hit by $39m ATM cash-out heist
Duplicated cards fingered
Cybercrooks have pulled off a $39m ATM heist against a bank in Oman using pre-paid travel cards.
Bank Muscat put out a statement through the Muscat Securities Market admitting the loss:
12 Bank Muscat prepaid Travel Cards were compromised on February 20, 2013. The gross value of transactions on these cards, which were …
