Darren Pauli

Contact Mail Follow Twitter RSS feed

Cybercrime forum Darkode returns with security, admins intact

Crime forum Darkode has relaunched with renewed security two weeks after it was obliterated in a global police raid that shut down the site and saw members arrested. The English-speaking forum, established in 2007, was a major player in the cybercrime underground where vetted members could buy and sell zero days, trojans, and …
Darren Pauli, 28 Jul 2015

Sysadmins: Your great power brings the chance to RUIN security

Risk management bod Kris French Junior has offered 10 tips to help security teams bin their boring, technical, and uniformed education schemes The Hyland Software education aficionado takes aim at what he sees as pervasive checkbox compliance-driven and complicated training programs that lack the excitement and pizazz of crowd …
Darren Pauli, 28 Jul 2015

'Plague Scanner' controls multiple AV engines, for $0.00

Security researcher Robert Simmons has released a tool that offers a new level of stealth to the malware cat-and-mouse skirmish by shrouding binary analysis. "Plague Scanner" is a free on-premise anti-virus framework - a class of tool that drives multiple anti-virus scanners at once - and is the only free alternative to …
Darren Pauli, 27 Jul 2015

Invisible app ads slug smartmobes with 2GB of daily downloads

Invisible rogue mobile apps are wasting petabytes of data a day through an advertising hijacking technique researchers say could inflict US$1 billion in damages this year. Some 5000 malicious Android and iOS apps are hiding the rapidly-reloading ads from users and will continue to operate even if the apps are not in use. That …
Darren Pauli, 27 Jul 2015

LinkedIn ices over bountiful executive phishing spot

Kaspersky researcher Ido Naor says LinkedIn users could be phished thanks to vulnerabilities in its notification system. The since-patched flaws existed because the social network for suits misinterpreted and did not properly validate comment input. It meant malicious content could be sent to LinkedIn users who are notified …
Darren Pauli, 24 Jul 2015

Want longer battery life? Avoid the New York Times and The Grauniad

Software developer Santeri Paavolainen says the code powering today's websites is taxing browsers so much, it's having a significant impact on power consumption. The programmer came to that conclusion after a casual examination of news sites including the New Scientist, the BBC, Forbes, The Guardian, and The New York Times, as …
Darren Pauli, 24 Jul 2015

Boffins sting spooks with 'HORNET' onion router

Five academics have developed a Tor alternative network that can handle up to 93Gb/s of traffic while maintaining privacy. The HORNET system is more resistant to passive attacks than existing anonymity networks like Tor and delivers faster node speeds for a "practically unlimited" number of sources. It is the brainchild of …
Darren Pauli, 24 Jul 2015

Choc Factory research shows users just don't get security

Antivirus software has copped another beating from security experts, who axed the tool from their list of top five security-enhancing recommendations. The findings are contained in the Google study No one can hack my mind: Comparing Expert and Non-Expert Security Practices which polled 231 security experts, and 294 normal …
Darren Pauli, 24 Jul 2015

Flash zero-day monster Angler dominates exploit kit crime market

SophosLabs researcher Fraser Howard says the Angler exploit kit is dominating the highly competitive underground malware market: Angler's market share has exploded from a quarter to 83 per cent within nine months. The growth occurred between September and May this year, we'e told. Angler emerged in 2013 to become one of the …
Darren Pauli, 23 Jul 2015

OpenSSH server open to almost unlimited password-guessing bug

A flaw in OpenSSH lets attackers bypass simple limits on the number of password login attempts that can be made per connection. By default, the encrypted service accepts six tries within a grace period of two minutes before breaking off a connection, which hampers brute-force attacks, but this mechanism can be easily …
Darren Pauli, 23 Jul 2015

Nigerian prince swaps the sweet talk for keyloggers and exploits

Nigerian 419 scammers have taken to the crime-as-a-service model using cash to plug their technical capability shortfalls to build malware campaigns that could be making millions, according to FireEye researchers. Erye Hernandez, Daniel Regalado and Nart Villeneuv said that scammers, notorious for their attempts to fleece the …
Darren Pauli, 22 Jul 2015

Joomla Helpdesk Pro remote code exec vulns lead to server pwnage

Outpost24 researcher Kasper Bertelsen has warned of several vulnerabilities in Joomla's Helpdesk Pro which can lead to remote code execution on servers. The Helpdesk Pro Joomla extension allows users to categorise and log support tickets with managers who receive notifications. eBay, Heathrow Airport and the High Court of …
Darren Pauli, 22 Jul 2015

Google, Facebook and chums launch web blacklist to nail ad scammers

Tech big wigs including Facebook and Yahoo! have forged a giant blacklist to block fake web traffic contributing to advertising fraud, said Google ad man Vegard Johnsen. The Trustworthy Accountability Group (TAG) pilot program will nix bot traffic using a blacklist which could cut a significant portion of web traffic; Google's …
Darren Pauli, 22 Jul 2015

The roots go deep: Kill Adobe Flash, kill it everywhere, bod says

Fortinet security researcher Bing Lui has warned users that they can still be p0wned if they only disable Adobe Flash in web browsers. Lui's warning speaks to advice last week that users dump Flash to bolster security in the wake of the public disclosure of three zero day vulnerabilities (CVE-2015-5122. CVE-2015-5123, and CVE- …
Darren Pauli, 21 Jul 2015

Black Hat 2015: 32 SCADA, mobile zero-day vulns will drop

Gird your loins, admins; researchers are set to drop 32 zero-day vulnerabilities at the Black Hat hacking fest in Las Vegas in August. The vulnerabilities have not been disclosed but they will affect mobile devices and Supervisory Control and Data Acquisition (SCADA) systems among other platforms. "We have 32 different zero- …
Darren Pauli, 21 Jul 2015

Dumb MongoDB admins spew 600 TERABYTES of unauthenticated data

Shodan hacker John Matherly says system administrators have exposed some 595.2 terabytes of data by using poorly-configured or un-patched versions of the popular MongoDB database. eBay, Foursquare, and The New York Times are some of the prominent users of the open source MongoDB which is the most popular NoSQL database. …
Darren Pauli, 21 Jul 2015

North Korea's Red Star Linux inserts sneaky serial content tracker

ERNW security analyst Florian Grunow says North Korea's Red Star Linux operating system is tracking users by tagging content with unique hidden tags. The operating system, developed from 2002 as a replacement for Windows XP, was relaunched with a Mac-like interface in 2013's version three. The newest version emerged in January …
Darren Pauli, 20 Jul 2015
Wall of Spam. Pic: freezelight

Spamquake subsides: less than half of email is now processed pork

Spam levels have fallen to below 50 per cent of all email sent for the first time in a decade, according to security firm Symantec. The milestone comes from a 1.8 per cent decline in spam rates from last month, when spam accounted for 51.5 per cent of sent email. Threat bod Ben Nahorney said it was the lowest rate since …
Darren Pauli, 20 Jul 2015

Crims bait phishing hooks with Flash, cast at US Gov agencies

Hackers are attempting to break into US Government agencies using a recently patched Adobe Flash vulnerability, the FBI is warning. The attacks target flaw CVE-2015-5119 revealed and patched earlier this month that can if exploited allow attackers to run malware on victim machines. The agency warned of the attacks which began …
Darren Pauli, 20 Jul 2015

Thanks for open sourcing .NET say Point of Sale villains

Trend Micro researcher Jay Yaneza says Point of Sales malware has begun using Microsoft .NET, following its release as open source last year. Yaneza found the new so-called GamaPoS malware being distributed to US organisations including credit unions, developers, and pet care businesses through the resurgent Andromeda botnet. …
Darren Pauli, 17 Jul 2015

600 MEELLION apps open to brute force account guessing

Some of the world's most popular apps permit unlimited brute force password guessing attempts. The 53 exposed Android and Apple apps, collectively downloaded more than 600 million times, include SoundCloud, ESPN, CNN, Expedia, and Walmart. So far of the 15 apps named a dozen have failed to fix the server-side flaws after …
Darren Pauli, 17 Jul 2015

Ad slingers beware! Google raises Red Screen of malware Dearth

Watch out dodgy ad slingers and news sites; Google is expanding its 'last line of defence' Chrome feature to brand all security-slacker ad networks as unsafe. The Chocolate Factory will, over coming weeks, expand its Safe Browsing feature such that it throws an ominous Red Screen™ in front of ad networks it says have poor …
Darren Pauli, 17 Jul 2015

FireEye intern nailed in Darkode downfall was VXer, say the Feds

A former intern at security company FireEye has been arrested for creating and selling the slick and sophisticated Dendroid malware program after being caught in a global police sting that obliterated the Darkode cybercrime forum. Prosecutors say that Morgan Culbertson, 20, of Pittsburgh, was most recently working as a …
Darren Pauli, 16 Jul 2015

Oracle slings 193 patches, nixes exploited Java zero day

Oracle has poured cold coffee on a recent Java zero-day that's already under active attack, with just one of the critical patches it's released to address 193 holes in its sprawling product suite. The zero day is the most urgent fix of the lot and of the two dozen other Java patches present among Big Red's quarterly patch …
Darren Pauli, 16 Jul 2015

United Airlines bug bounty shells out 1.8M miles for three flaws

United Airlines has paid 1.5 million flight miles to two bug hunters who squelched 14 vulnerabilities under its newly hatched bug bounty program. Florida man Jordan Wiens reported two remote code execution bugs to the airline but could not detail the technical aspects given the program's non-disclosure agreement. The program …
Darren Pauli, 16 Jul 2015

Content delivery network CloudFlare's court order count soars

Content delivery network CloudFlare says it has received 50 court orders in the first half of this year, more than double that clocked in the whole of 2014. The statistics, which do not include search warrants, were revealed in the web defender's latest transparency report show it received 22 court orders in the first half of …
Darren Pauli, 15 Jul 2015

Microsoft boffins borrow smartmobe brains to give wearables 9x kick

Microsoft and Georgia University researchers have developed a system that can make wearable devices up to nine times faster with four times the battery life by offloading processing to traditional mobile devices. The platform, dubbed WearDrive, offloads processing power using WiFi and Bluetooth connections so that watches or …
Darren Pauli, 15 Jul 2015

Microsoft nixes A-V updates for XP, exposes 180 MEEELLION luddites

Windows XP holdouts are even more danger than ever after Microsoft abandoned anti-malware support for the ancient platform. Redmond overnight stopped providing XP support for new and existing installs of its Security Essentials package. The run-as-needed Malicious Software Removal Tool has also been axed, while support for …
Darren Pauli, 15 Jul 2015

Pluto Pic: Is it a DOG? Is it a HEART? Or is it ... is it ... BIGFOOT?

NASA has announced that the New Horizons spacecraft has phoned home after passing behind Pluto. Images and analysis are beaming their way back across the solar system as you read this story. Here at The Reg, meanwhile, we've been gazing at the lovely image of Pluto NASA revealed to the world yesterday. That snap has been …
Darren Pauli, 15 Jul 2015

Been hacked? Now to decide if you chase the WHO or the HOW

Analysis Imagine a security researcher has plucked your customer invoice database from a command and control server. You're nervous and angry. Your boss will soon be something worse and will probably want you to explain who pulled off the heist, and how. But only one of these questions, the how, is worth your precious resources; …
Darren Pauli, 14 Jul 2015

Telegram messaging app cops 200Gbps DDoS

Popular messaging platform Telegram has been hit with a 200Gbps distributed denial of service (DDoS) attack. The Tsunami TCP SYN flood kicked off on Friday and hurt users in Asia, Australia, and Oceania, knocking out the service for some five percent of the company's 60 million active users it has gained in 18 months. It is a …
Darren Pauli, 14 Jul 2015
Stacks of bitcoin CC2.0 attribution by FD Comite https://www.flickr.com/photos/fdecomite/

Hackers sell 79,267 Cloudminr accounts for ONE Bitcoin

Hackers appear to have stolen the entire user database of cloud-based Bitcoin mining outfit Cloudminr.io and are offering to sell 79,267 accounts including passwords for a single Bitcoin. The Norwegian company's website is offline and criminal advertisements showcasing some of the CSV database of members has popped up on web …
Darren Pauli, 14 Jul 2015

FLASH MUST DIE, says Facebook security chief

Newly-minted Facebook security chief Alex Stamos has called for Adobe Flash to be taken out behind the shed by a shotgun-wielding world. The former Yahoo! security head joined Menlo Park this year and over the weekend said in two Tweets that it is time the death knell chimed for the Adobe's much-hacked tool. "It is time for …
Darren Pauli, 14 Jul 2015

'Save the teachers!' 184 cryptologists send Oz Govt cleartext petition

One hundred and eighty-four angry cryptologists have signed a letter appealing for Australia's Department of Defence to grant researchers and teachers specific exemption to the country's amended laws that crack-down on crypto and exploit trading. The International Association for Cryptologic Research (IACR) letter is in …
Darren Pauli, 13 Jul 2015

Someone at Subway is a serious security nerd

XDA comments screen shot App hacker Randy Westergren has outed the application developer at Sandwich kingpin Subway as a serious security nerd. The hacker set sights on the Subway Android app, which allows uses to order and pay for sandwiches from their devices, in a bid to uncover possible vulnerabilities. He instead …
Darren Pauli, 13 Jul 2015

Java jockeys join Flash fans in the 0-day exploit club

Trend Micro has issued predictable-but-sensible advice that Java should be switched off, because there's a zero-day being exploited in the wild. Trend malware researchers Brooks Li and Feike Hacquebord said the exploit will hose systems running the latest Java platform. Because there's no patch, they added users should disable …
Darren Pauli, 13 Jul 2015

China makes internet shut-downs official with new security law

China is able to shut off internet access during major 'social security incidents' and has granted its Cyberspace Administration agency wider decision making powers under a draft law published this month. The draft also appears to require critical infrastructure organisations including foreign entities to store "important" …
Darren Pauli, 13 Jul 2015

One MEEELLION users download Facebook-pwning droid game

Threat researchers at security vendor ESET say a malicious Facebook-creds-stealing trojan masquerading as an Android game has been downloaded up to a million times. ESET chap Robert Lipovsky says the Cowboy Adventure game, and another also malicious game dubbed Jump Chess, has been since removed from Google's Play code bazaar …
Darren Pauli, 10 Jul 2015

Hacked Hacking Team team – like everyone in security – read The Register

Hacking Team CEO David Vincenzetti and his staff were avid readers of The Register, frequently recommending our articles to one another. A trawl through the company's email records, which were hacked and revealed to the world this week, reveals that Vincenzetti ran something of an in-house news service in which his researchers …
Darren Pauli, 10 Jul 2015

Link farmers bust Google search algos

Sophos threat hunter Dmitry Samosseiko says internet lowlife are implanting hundreds of thousands of malicious PDF files a day on compromised websites to build a new cloaking system that foils Google's search algorithm analysis. Samosseiko says the blackhat search engine optimisation method applies old keyword-stuffing and …
Darren Pauli, 09 Jul 2015

VXers charge Nintendo fans then p0wn their data

Palo Alto Networks researchers Cong Zheng and Zhi Xu are warning of a new form of malware that is masquerading as a paid Nintendo emulator for Android devices. The Gunpoder malware takes the form of an app packaged with the Airpush ad library making it difficult for anti-virus engines to detect. Zheng and Xu say the ads help …
Darren Pauli, 09 Jul 2015

Kali Linux 2.0 to launch at DEFCON 23

Video A small cadre of hackers have announced the next version of the Kali hacker arsenal, codenamed Sana, will be released on 11 August. The popular penetration testing platform brings hundreds of the best open source hacking tools into a Debian-based distribution that is a staple for hackers and forensic analysts. Kali Linux …
Darren Pauli, 08 Jul 2015

Berlin pours bucket of flat beer on Patriot missile hack report

Hackers hijacked German Patriot missiles stationed in Turkey on the Syrian border, according to reports since rebutted by the Government. The extraordinary claims suggest attacks were detected when "unexplained" orders were given to the weapons through two supposed weak spots. Germany's Defence Department told Die Welt says …
Darren Pauli, 08 Jul 2015

Oz Defence Dept 'not punitive' with crypto export controls

Australia's Department of Defence is meeting with security pros, including Google, to nut out the finer points of that country's dual-use control laws in what is described as a move away from a punitive crack-down on sharing data about information security. Nine Defence delegates and five of 15 invited industry and other …
Darren Pauli, 08 Jul 2015

BOT-GEDDON coming after ZeusVM leak, hacker warns

Former Kaspersky Japan boss now malware researcher Hendrik Adrian is warning of a boom of ZeusVM botnets, after the trojan source code was leaked online. Version two of the builder and panel source code leaked last month, and spotted by the French malware researcher known as Xylitol Adrian, who uses the online handle …
Darren Pauli, 07 Jul 2015

XSSposed launches pay-whatever bug bounty

Cross-site scripting war board XSSposed has opened a pay-whatever bug bounty to help its hackers earn cash and tee-shirts. Launched overnight, the program lets anyone register their interest in hearing about vulnerabilities for any web property. They then have the opportunity to pay researchers for the finding. Admins who …
Darren Pauli, 07 Jul 2015

Pwned Hacking Team tells cops, govts to shut down software

Flayed surveillance outfit Hacking Team is telling customers to suspend running instances of its software after 400GB of its source code and internal data was stolen and posted online. The Milan company sells spy software to law enforcement agencies, and has been accused by activist groups of happily signing up oppressive …
Darren Pauli, 07 Jul 2015

Borg slings patch at bonehead hardcoded admin password hole

Cisco has squashed a hardcoded admin password flaw in its Unified Communications Domain Manager, as it allowed remote hackers to mess with instant messaging and phone platforms. The Borg slapped the horrific boneheaded error with a 10 out of 10 severity rating given the ease of compromise and possible devastation of a hack. …
Darren Pauli, 06 Jul 2015

Hacking Team hacked: Spyware source code torrent blurts govt customers

Italian surveillance-ware developer Hacking Team has been infiltrated by hackers, who have leaked online 400GB of secret source code and other internal data. The plundered booty is being shared via BitTorrent, and appears to include audio recordings, emails, documentation, invoices, and source code. Hacking Team sells the Da …
Darren Pauli, 06 Jul 2015

DDoSers call 1988 and want its routing protocol hacked

Attackers are exploiting an ancient networking protocol to enslave small home and office routers in distributed denial of service attacks, Akamai says. The May attacks, described in a report by the global networking company, exploit routers operating version one of the Routing Information Protocol (RIP) developed in 1988 and …
Darren Pauli, 06 Jul 2015