Darren Pauli

Contact Mail Follow Twitter RSS feed

Chinese gambling site served near record-breaking complex DDoS

A chinese gambling company has been pulverised with multiple nine-vector, 470 Gbps, 110 million packet-per-second distributed denial of service (DDoS) attacks, some of the biggest and most complex ever recorded. The unnamed company was attacked by DDoS that used nine vectors in a very rare bid to bypass Incapsula's mitigation …
Darren Pauli, 01 Jul 2016

Boffins boggle, baffled by blobs deep inside the Earth

Scientists have revealed new data about two giant blobs at the edge of the Earth's core, larger than continents and possibly older than any rock on the planet. Unlocking the mystery of the blobs, known as thermochemical piles, could help reveal clue about the Earth's formation, volcanic eruptions, and earthquakes. A team of …
Darren Pauli, 01 Jul 2016
Mosasaurs illustration. Image credit: Julius T Csotonyi for the University of Yale

Hydra hacker bot spawns internet of things DDoS clones

Lizard Squad may be mostly behind bars, but their LizardStresser botnet has spawned more than 100 clones. According to Arbor Networks' Matthew Bing, the imitators have lit on the Internet of Things, enslaving thousands of dumb devices with code the hacker group published last year. LizardStresser is an illegal booter service …
Darren Pauli, 01 Jul 2016
lychy 01 http://www.shutterstock.com/gallery-299362p1.html

400 million Foxit users need to catch up with patched-up reader

Makers of popular PDF reader Foxit have patched 12 dangerous vulnerabilities that could have resulted in remote code execution. Some 400 million users run the flagship reader billed as an alternative to Adobe Reader. Thedozen flaws are patched in Windows and Linux variants. Users would need to be conned into opening a …
Darren Pauli, 01 Jul 2016
Image: Lessimol http://www.shutterstock.com/gallery-1612118p1.html

Hopeless Vic agencies have two years to hit infosec best practice

Government agencies in the Australian state of Victoria will have two years to move from near ground zero to stand up fully-fledged and updated information security, risk, and governance policies. The requirements are a big ask for agencies in the southern state, previously described as in information security turmoil after …
Darren Pauli, 30 Jun 2016
Image: Serazetdinov http://www.shutterstock.com/fr/pic-114819721/stock-vector-illustration-of-a-strong-blast-of-brain.html

Zero-interaction remote wormable hijack hole blasts Symantec kit

Scores (or thousands, or millions) of enterprise and home Symantec users are open to remote compromise through multiple now-patched (where possible) wormable remote code execution holes described by Google as 'as bad as it gets'. The flaws are "100 percent" reliable against Symantec's Norton Antivirus and Endpoint according to …
Darren Pauli, 29 Jun 2016

Global 'terror database' World-Check leaked

The "terrorist database" World-Check used by global banks and intelligence agencies has, we're told, leaked online. The mid-2014 version of the database contains some 2.2 million records and is used by 49 of the world's 50 largest banks, along with 300 government and intelligence agencies. Access to its contents is granted via …
Darren Pauli, 29 Jun 2016
I AM NIKOM / Shutterstock.com

Play Store malware roots phones, installs an app every two minutes

Google scans billions of "potentially harmful apps" on the Play store, but a malware app has slipped through, and is automatically rooting phones it infects. The since-scuppered malware masqueraded as a spirit level application dubbed LevelDropper. When installed it would root Android devices and install additional …
Darren Pauli, 29 Jun 2016
Venomous snake

Nuclear goes boom

Shake-ups at the top of the exploit kit world continue, with news the world's two top pop boxes have disappeared. Exploit kits are the all-in-one commercial crime offerings through which specifically vulnerable users can be targeted with a barrage of constantly updated and occasionally zero-day attacks. Victims subject to …
Darren Pauli, 28 Jun 2016

US hospitals hacked with ancient exploits

Attackers have popped three prominent US hospitals, using deliberately ancient malware so old that it slips under the radar of modern security controls to compromise Windows XP boxes and gain network beacheads. The attacks were foiled using deceptive honeypot-style frameworks, according to California-based TrapX. Hospitals …
Darren Pauli, 28 Jun 2016

Hackers peer into Uber passenger privates, find and plot trips on maps

Three hackers have found eight holes in Uber that can reveal user e-mail addresses, and found more than 1000 of valid coupon codes including one giving drivers $100 extra in fare rides. The flaws have been reported to Uber which is working through to develop fixes. The team of Vitor Oliveira (@r0t1v), Fábio Pires (@ …
Darren Pauli, 27 Jun 2016
Undrey http://www.shutterstock.com/gallery-950635p1.html

Lenovo Solution Center portal patched to shutter hacker god mode hole

Lenovo has patched a dangerous hole in its rebuilt Solution Center that could allow attackers to gain god mode access on hacked machines and to kill running processes including anti-virus. The pre-installed OEM software helps users update Lenovo tools and manage features like firewalls. Attackers with existing but …
Darren Pauli, 27 Jun 2016

Medicos could be world's best security bypassers, study finds

Medicos are so adept at mitigating security controls that their bypassing exploits have become official policy, a university-backed study has revealed. The work finds that nurses, doctors, and other medical workers will so often bypass information security controls in a bid to administer rapid health care that the shortcuts …
Darren Pauli, 27 Jun 2016
Big Bang

LIGO team may have found dark matter

Scientists think the recent discovery of gravitational waves observed from the collision of two black holes may have also detected signatures of the astrophysics mystery of dark matter. Scientists at Johns Hopkins university behind the September 2015 discovery by Laser Interferometer Gravitational-Wave Observatory (LIGO) wrote …
Darren Pauli, 24 Jun 2016
MagMac83 http://www.shutterstock.com/gallery-2897194p1.html

Swagger staggered as hacker drops dapper code execution cracker

An unpatched remote code execution hole has been publicly disclosed in the popular Swagger API framework, putting users at risk. The client and server hole (CVE-2016-5641) exists in code generators within the REST programming tool, also know as the OpenAPI Specification. A module for the popular Metasploit hacking suite has …
Darren Pauli, 24 Jun 2016

Australia's Defence Department tips AU$12M to seat spies with students

The Department of Defence has tipped A$12 million (£6.1 million, US$9.1 million) into an information security facility to attract new blood by housing signals spooks alongside Australian National University academics. The "unusual" pairing is hoped to attract skilled students into the information security field and the country …
Darren Pauli, 24 Jun 2016
NHM First Life VR Experience (cropped)

Revive revived: Oculus DRM push shattered as DIY devs strike back

The Oculus DRM system has been shattered, opening the door to modders and pirates. The Revive library was developed to allow Oculus games to be played on other virtual reality units and as a side-effect opened the doors for users to play pirate games. Specifically, Revive functions as a "compatibility layer" between Oculus' …
Darren Pauli, 23 Jun 2016

US committee green-lights CRISPR-Cas9 human cancer cell trials

A United States advisory committee has green-lighted use of the ground-breaking CRISPR gene-editing technique in human trials. The committee within the US National Institutes of Health approved the use of CRISPR-Cas9 for cancer treatment in which tests will be conducted on immune T cells extracted from melanoma patients. The …
Darren Pauli, 23 Jun 2016

Queensland creep cops charged with snooping through police records

Police in the northern Australian state of Queensland have been busted accessing citizens' police files a huge number of times, in some cases without authorisation. The breaches include the accessing of a bikini model and social justice warrior's QPrime database file some 1,435 times. Former Miss Bikini World contestant Renee …
Darren Pauli, 23 Jun 2016
Onions

Tor onion hardening will be tear-inducing for feds

The University of California wants to defeat deanonymisation with a hardened version of the Tor browser. The uni boffins are with the Tor Project testing an address space layout randomisation (ASLR) -esque technique dubbed Selfrando. It is hoped the technique described in the paper Selfrando: Securing the Tor Browser against …
Darren Pauli, 23 Jun 2016

Hacker, Bromium donate $30,000 in bug bounty cash to charity

Google hacker Tavis Ormandy and security firm Bromium have handed Amnesty International US$30,000 (£20,443, AU$40,242) in bug bounty cash awarded after the former broke the latter's security controls. Ormandy donated his US$15,000 (£$10,214, A$20,104) winnings under Bromium's hacking challenge, in which researchers were …
Darren Pauli, 22 Jun 2016

Dr Craig Wright lodges 51 blockchain patents with Blighty IP office

Wannabe Bitcoin creator Dr Craig yeah Wright has filed more than 50 patent applications relating to the crypto currency with the UK Intellectual Property Office. Dr Wright submitted the paperwork in the UK through EITC Holdings registered in Antigua. EITC Holdings filed 25 patents with the Office last week. These bear titles …
Darren Pauli, 22 Jun 2016
Arcady http://www.shutterstock.com/gallery-450076p1.html

Google turns to codeless tap factor authenticaton

Google has set up an easier two factor authentication system to allow staff to login with a tap instead of codes. The Prompt feature is available to Google users and will allow them to sign into Mountain View services more easily than copying codes from its time-based Authentication app. Users will need to apply a screen lock …
Darren Pauli, 22 Jun 2016

No watershed: China hacker groups in decline before Xi-Obama deal

The US-China pledge to put an end to state-backed intellectual property theft was made when Middle Kingdom hacking groups had been receding for more than a year, researchers say. Presidents Barack Obama and Xi Jinping agreed September to not "conduct or knowingly support cyber-enabled theft of intellectual property" in a move …
Darren Pauli, 21 Jun 2016

Drubbed StubHub carder grub guilty, faces 12 years in cooler club

The Russian ringleader of a carding group has pled guilty to selling US$1.6 million (£1.1 million, A$2.1 million) worth of tickets to major events, bought using credit cards stolen from StubHub accounts. Vadim Polyakov, 32, led a group that broke into StubHub accounts using the access to buy tickets to premiere music, sports, …
Darren Pauli, 21 Jun 2016