Darren Pauli

Contact Mail Follow Twitter RSS feed
gps jamming map

Russia tests sat jamming

Russia is reportedly testing weaponry to jam US communications satellites. Russian broadsheet Izvestia reports the Ministry of Defense has developed the technology to jam low-orbit satellites operated by the likes of GlobalStar, OneWeb, and Iridium. The Ministry did not confirm the report. Jammers would be placed in the …
Darren Pauli, 10 Oct 2016

Turkey blocks Drive, Github, OneDrive in bid to kill RedHack leaks

Turkey has blocked access to major technology sites and services including GitHub, Microsoft OneDrive and Dropbox, seemingly to suppress circulation of some 57,623 stolen emails allegedly felt to reveal a widespread campaign of propaganda and deception. The Government under president Recep Tayyip Erdogan eased a block on …
Darren Pauli, 10 Oct 2016
Image by Daniel Wiedemann http://www.shutterstock.com/gallery-89719p1.html

Yahoo! spymasters! patent! biometric! online! ad! tracking! IRL!

Privacy sell-out Yahoo! has filed patents for roadside billboards outfitted with biometric spy cameras and microphones to collect data from passers-by. The NSA's bed warmer described a billboard that contained video and audio collection capabilities, and even retina scans and speech recognition to determine what viewers are …
Darren Pauli, 09 Oct 2016
image by TSHIRT-FACTORYdotCOM http://www.shutterstock.com/gallery-110716p1.html

Smash and grab PoS pwners ready with pre-Xmas malware update

A smash and grab malware gang has updated its FastPoS point of sales hack app to plunder credit cards more efficiently ahead of the festive season. The FastPoS author is known for issuing an annual update to the malware which throws stealth to the wind in favour of quick and noisy raiding. The technique marks FastPoS as …
Darren Pauli, 07 Oct 2016

Google melts 78 Android security holes, two of which were critical

Google has crushed 78 Android security flaws in its October bug blitzkrieg, repairing critical core Android services along the way. The patch parade sees the tech giant return to a high-double-digit patch run after issuing only 47 fixes last month and a whopping 103 in August. The updates are split into essential Android …
Darren Pauli, 05 Oct 2016

Wasted: Kaspersky makes jokers of upstart ransomware VXers

Kaspersky has released a decryption tool that neuters the MarsJoke ransomware, less than a month after it was first revealed. The decryption effort is salvation for victims who are told they have 96 hours to pay the 0.7 Bitcoin (US$427) ransom before their data is permanently encrypted. MarsJoke, also known as Polyglot, …
Darren Pauli, 05 Oct 2016

Happy VXers get 400 enterprise-popping apps hosted on Google Play

More than 400 malicious apps from a single attacker have been successfully uploaded to the Google Play store, with one downloaded up to half a million times, Trend Micro malware researcher Echo Duan says. The malware is disguised as various games, phone boosters, and themes that when executed can compromise devices and …
Darren Pauli, 04 Oct 2016

Researchers gut EMC's VMAX, vApp with five god mode hack holes

Researchers with Digital Defence have reported six dangerous vulnerabilities in EMC's VMAX product line that can grant remote attackers arbitrary command execution with root privileges. The since-patched flaws affect Unisphere for VMAX and vApp Manager versions 8.0 to 8.2 – and also open up avenues for denial of service. Two …
Darren Pauli, 04 Oct 2016
Image: Serazetdinov http://www.shutterstock.com/fr/pic-114819721/stock-vector-illustration-of-a-strong-blast-of-brain.html

Security analyst says Yahoo!, Dropbox, LinkedIn, Tumblr all popped by same gang

Five hackers are said to be behind breaches totalling up to a staggering three billion credentials from some of the world's biggest tech companies including the Yahoo! breach that led to the loss of 500 million credentials. The claims, made to The Reg by recognised threat intelligence boffin Andrew Komarov, pin the world's …
Darren Pauli, 30 Sep 2016

Tokyo man arrested for selling jailbroken iPhones

A 24 year-old Tokyo man has been arrested on suspicion of trademark violation for allegedly selling five jailbroken iPhones, local media report. Daisuke Ikeda of Toyama prefecture allegedly sold the phones for a total of US$1186 (£915, A$1556) between 26 March and 23 May. He is alleged to have sold up to 200 iPhones over the …
Darren Pauli, 30 Sep 2016

Want to make US$1.5m this weekend? Just jailbreak iOS

Exploit broker Zerodium has tripled its bug bounty for a remote iOS 10 jailbreak vulnerability to US$1.5 million. The outfit previously offered US$500,000 for remote iOS 9 jailbreaks, which was temporarily increased last year when a US$1 million reward was paid out in November to an unnamed hacker group. The increase is …
Darren Pauli, 30 Sep 2016

Researchers crack Oz Govt medical data in 'easy' attack with PCs

Australian researchers have laid waste to the Federal Government's plan to criminalise the decryption of anonymised state data sets, just a day after it was announced, by 'easily' cracking government-held medical data. Federal attorney-general George Brandis yesterday announced that it would accept recommendations from the …
Darren Pauli, 29 Sep 2016
Image: Majivecka and Slobodan Djajic / Shutterstock

Google tries to cross out XSS attacks by releasing its own test tool

Google has spent more than US$1.2 million (£920,400, A$1.6 million) in the last two years paying researchers for reporting cross-site scripting (XSS) attacks and has kicked off an effort to help crush the threat. XSS attacks are one of the most pervasive and enduring web application security threats because they allow …
Darren Pauli, 27 Sep 2016
Image by Lana839 http://www.shutterstock.com/gallery-2897530p1.html

Suspected Russian DNC hackers brew Mac trojan

Suspected Russian hackers fingered for hacking the United States Democratic National Committee (DNC) have brewed a trojan targeting Mac OS X machines in the aerospace sector, says Palo Alto researcher Ryan Olson. The malware relies on social engineering and exploits a well-known vulnerability in the MacKeeper security software …
Darren Pauli, 27 Sep 2016

Apple to crunch iOS 10 local backup password brute force hole

Apple is brewing a fix to patch an iOS password flaw that allows credentials to be stolen from backups. Elcomsoft researcher Oleg Afonin says the flaws mean cracking efforts against iOS 10 backups are 2500 times faster compared to similar efforts against iOS 9. If successful, the attack will grant access to device keychains. …
Darren Pauli, 26 Sep 2016
Value pack of two tins of Spam

Dev teaches bot to talk spammers' ears off

Brian Weinreich has been trolling spammers for two years using a bot that fires realistic and ridiculous replies to the pervasive online salespeople. The noted security developer created the bot as a means to waste the time of the blowflies of the internet after being affronted by a deluge of unsolicited sales pitches directed …
Darren Pauli, 26 Sep 2016
Image by robodread http://www.shutterstock.com/gallery-529180p1.html

Google rushes in where Akamai fears to tread, shields Krebs after world's-worst DDoS

Google has provided free distributed denial of service attack (DDoS) mitigation services to security publication Krebs on Security, stepping in after Akamai withdrew support. The information security site was last week hammered with a 620Gbps DDoS attack, widely rated one of the world's largest by volume of junk data. …
Darren Pauli, 26 Sep 2016

Australian Signals Directorate seeks offensive people

The antipodean spy agency the Australian Signals Directorate is seeking cleaning staff information security personnel for offensive and defensive operations. The Department of Defence agency is seeking warm bodies for "offensive cyber operators", penetration testing, vulnerability research, and development and support roles. …
Darren Pauli, 26 Sep 2016

Safe browsing checks fail as 16,000 WordPress sites hacked this year

At least 15,769 WordPress websites - and probably more - have been compromised this year, half slipping past Google's Safe Browsing checks, says security researcher Daniel Cid. The world's most popular content management system represented the lion's share of some 21,821 sites studied in the second 2016 Sucuri report on …
Darren Pauli, 23 Sep 2016

Malware figures out it's running on VMs and refuses to execute

Malware writers are looking for the absence of documents to figure out which PCs are potential victims and which are virtual machines being used by white hats. SentinelOne senior researcher Caleb Fenton found the novel technique while attempting to coax the malware into activating so it could be analysed. The worm he was …
Darren Pauli, 23 Sep 2016
image by Alexander_P http://www.shutterstock.com/gallery-493324p1.html

SWIFT warns of more 'sophisticated' attacks, readies anti-fraud tool

The chief information security officer for global money transfer network SWIFT says banks are still under attack from fraudsters hoping to cash in on identified security gaps to steal millions of dollars. Alain Desausoi, security head of the Society for Worldwide Interbank Financial Telecom made the comments at the Financial …
Darren Pauli, 22 Sep 2016

10-second hijack hole could kill any Facebook profile

University student Arun S Kumar has scored US$16,000 (£12,312, A$21,200) for finding and reporting a Facebook vulnerability that led to account hijacking. The flaw in Facebook's Business Manager reported through BugCrowd late last month and since patched was a form of direct object reference vulnerability which bypassed normal …
Darren Pauli, 21 Sep 2016
Person using a card reader

Hackers claim they breached Aussie point-of-sale tech firm, try to sell 'customer DB'

Exclusive Hackers are claiming to have hacked Australian point-of-sale technology (PoS) company H&L Australia, and have been claiming to potential buyers that they had lifted its customer database. They were already offering it for sale for AU$22,000 ($16,580, £12,723) more than two months ago. If indeed they have hacked into H&L, …
Darren Pauli, 20 Sep 2016

Microsoft lets Beijing fondle its bits in new source code audit hub

Microsoft has opened a technology centre in China to reassure Beijing it does not have backdoors in its software. The so-called Transparency Centre is the third Redmond has opened to reassure governments that Microsoft's wares are secure. Redmond's trustworthy computing corporate veep Scott Charney says the centre will allow …
Darren Pauli, 20 Sep 2016
Keen Security Lab senior researcher Sen Nie (left) with director Samuel Lv

Hackers hijack Tesla Model S from afar, while the cars are moving

Video Chinese hackers have attacked Tesla electric cars from afar, using exploits that can activate brakes, unlock doors, and fold mirrors from up to 20 kilometres (12 miles) away while the cars are in motion. Keen Security Lab senior researchers Sen Nie, Ling Liu, and Wen Lu, along with director Samuel Lv, demonstrated the hacks …
Darren Pauli, 20 Sep 2016