Darren Pauli

Contact Mail Follow Twitter RSS feed

Hackers use 'cartons' with 'sticks', may be foiled by 'watermelons'

Gaining an invite to the best of the nearly 60 websites powering the cybercrime underground is only half the fight for researchers; they also need to know that credit cards are called 'cartons', PayPal a 'stick', and bulletproof servers 'watermelons'. The linguistic mind-meld is thanks to the slang employed in the Russian …
Darren Pauli, 04 Aug 2015

RIG exploit kit scum pop 27,000 machines a day

The authors of the RIG exploit kit have bounced back after a source code leak and are now again happily infecting computers at the rate of around 27,000 machines a day. The exploit kit, widely available at underground cybercrime markets, had its source code leaked in February. Trustwave Spiderlabs researchers say that since …
Darren Pauli, 04 Aug 2015

OS X remote malware strikes Thunderbolt, hops hard drive swaps

BlackHat video Researchers Trammel Hudson and Xeno Kovah have built a self-replicating Apple firmware malware that can infect peripherals to spread to new computers. The ThunderStrike 2 malware is the second iteration of the attack forged earlier this year and liberates the requirement for attackers to have physical access to machines. …
Darren Pauli, 04 Aug 2015

Telstra's bush broadband boxes bugged, bashed, botted

Update Telstra has patched a vulnerability that could have seen regional Australians suffer interception of their internet connections through a remotely-exploitable vulnerability in a series of wireless terminals the nation's dominant telco deploys under its universal service obligation. Melbourne security researcher Tim Noise (@ …
Darren Pauli, 03 Aug 2015

Chrome extensions crocked with simple attack

Detectify researcher Mathias Karlsson says attackers can remove Google Chrome extensions, including the popular HTTPS Everywhere extension, if users do nothing else but visit a web page. Karlsson (@avlidienbrunn) says the vulnerability patched and pushed into the latest stable edition of Chrome allows users to be targeted …
Darren Pauli, 03 Aug 2015

Flash deserves to live, says Cisco security man

Don't kill Flash; that's the message from Cisco security veteran John Stewart who says the Adobe team have put in the hard yards into reforming security and needs to weather the current bug storm. The advice follows a call for the ravaged runtime to be expunged from the digital world by former Yahoo-cum-Facebook security man …
Darren Pauli, 31 Jul 2015
Locutus of Borg, aka Patrick Stewart aka Jean Luc Picard

Borg patches enterprise ASR router DoS hole

Cisco has closed a hole in its ASR 1000 line of enterprise and service provider-grade routers that could trigger denial of service. Attackers can exploit the hole by crafting a series of packets that cause the routers to reload and cut net services. The Borg says it has not witnessed attacks in the wild. "A vulnerability in …
Darren Pauli, 31 Jul 2015

World's worst exploit kit now targeting point-of-sale systems

Trend Micro researcher Anthony Joe Melgarejo says the sophisticated Angler exploit kit popular in cybercrime circles is now targeting point-of-sale (PoS) systems. It appears to be the first time an exploit kit has included PoS in its list of hackable platforms, putting them alongside the likes of Adobe Flash, Reader, Java, and …
Darren Pauli, 31 Jul 2015

Critical BIND bug scores PATCH YESTERDAY grading

Gird your loins internet: Attackers now have the ability to disrupt large swathes of the web through a remote denial of service vulnerability found in the most widely used software for DNS servers. The BIND bug (CVE-2015-5477) patched overnight affects all DNS servers running the software, and can be attacked with ease. In …
Darren Pauli, 30 Jul 2015

Researchers say Anthem health hack has Beijing's fingerprints

The case for a Beijing-orchestrated hack of health insurer Anthem has firmed up with new details suggesting that the sophisticated hacking group responsible for the heist shared zero days with rival outfits. Symantec has overnight dubbed the perps "Black Vine", suggesting the group was responsible for goring more than 70 …
Darren Pauli, 29 Jul 2015

Malvertising campaign hits 10 MEELLION users in 10 days

Cyphort researcher Nick Bilogorskiy says 10 million users may have been infected in as many as 10 days, thanks to a deadly malvertising and exploit kit campaign. The cybercrime investigator says the popular Angler exploit kit is driving the campaign targeting users across Asia, the US, and parts of Europe. It is the latest …
Darren Pauli, 29 Jul 2015

Bug hunter reveals Apple iTunes, Mac app store receipt deceit

Vulnerability Lab founder Benjamin Kunz Mejri says he's found a security bug in Apple's Mac and iOS app stores that could be exploited to inject malicious JavaScript code into victims' web browsers. Mejri reported the "application-side input validation web vulnerability" to Apple in early June, and went public with details of …
Darren Pauli, 29 Jul 2015

Cybercrime forum Darkode returns with security, admins intact

Crime forum Darkode has relaunched with renewed security two weeks after it was obliterated in a global police raid that shut down the site and saw members arrested. The English-speaking forum, established in 2007, was a major player in the cybercrime underground where vetted members could buy and sell zero days, trojans, and …
Darren Pauli, 28 Jul 2015

Sysadmins: Your great power brings the chance to RUIN security

Risk management bod Kris French Junior has offered 10 tips to help security teams bin their boring, technical, and uniformed education schemes The Hyland Software education aficionado takes aim at what he sees as pervasive checkbox compliance-driven and complicated training programs that lack the excitement and pizazz of crowd …
Darren Pauli, 28 Jul 2015

'Plague Scanner' controls multiple AV engines, for $0.00

Security researcher Robert Simmons has released a tool that offers a new level of stealth to the malware cat-and-mouse skirmish by shrouding binary analysis. "Plague Scanner" is a free on-premise anti-virus framework - a class of tool that drives multiple anti-virus scanners at once - and is the only free alternative to …
Darren Pauli, 27 Jul 2015

Invisible app ads slug smartmobes with 2GB of daily downloads

Invisible rogue mobile apps are wasting petabytes of data a day through an advertising hijacking technique researchers say could inflict US$1 billion in damages this year. Some 5000 malicious Android and iOS apps are hiding the rapidly-reloading ads from users and will continue to operate even if the apps are not in use. That …
Darren Pauli, 27 Jul 2015

LinkedIn ices over bountiful executive phishing spot

Kaspersky researcher Ido Naor says LinkedIn users could be phished thanks to vulnerabilities in its notification system. The since-patched flaws existed because the social network for suits misinterpreted and did not properly validate comment input. It meant malicious content could be sent to LinkedIn users who are notified …
Darren Pauli, 24 Jul 2015

Want longer battery life? Avoid the New York Times and The Grauniad

Software developer Santeri Paavolainen says the code powering today's websites is taxing browsers so much, it's having a significant impact on power consumption. The programmer came to that conclusion after a casual examination of news sites including the New Scientist, the BBC, Forbes, The Guardian, and The New York Times, as …
Darren Pauli, 24 Jul 2015

Boffins sting spooks with 'HORNET' onion router

Five academics have developed a Tor alternative network that can handle up to 93Gb/s of traffic while maintaining privacy. The HORNET system is more resistant to passive attacks than existing anonymity networks like Tor and delivers faster node speeds for a "practically unlimited" number of sources. It is the brainchild of …
Darren Pauli, 24 Jul 2015

Choc Factory research shows users just don't get security

Antivirus software has copped another beating from security experts, who axed the tool from their list of top five security-enhancing recommendations. The findings are contained in the Google study No one can hack my mind: Comparing Expert and Non-Expert Security Practices which polled 231 security experts, and 294 normal …
Darren Pauli, 24 Jul 2015

Flash zero-day monster Angler dominates exploit kit crime market

SophosLabs researcher Fraser Howard says the Angler exploit kit is dominating the highly competitive underground malware market: Angler's market share has exploded from a quarter to 83 per cent within nine months. The growth occurred between September and May this year, we'e told. Angler emerged in 2013 to become one of the …
Darren Pauli, 23 Jul 2015

OpenSSH server open to almost unlimited password-guessing bug

A flaw in OpenSSH lets attackers bypass simple limits on the number of password login attempts that can be made per connection. By default, the encrypted service accepts six tries within a grace period of two minutes before breaking off a connection, which hampers brute-force attacks, but this mechanism can be easily …
Darren Pauli, 23 Jul 2015

Nigerian prince swaps the sweet talk for keyloggers and exploits

Nigerian 419 scammers have taken to the crime-as-a-service model using cash to plug their technical capability shortfalls to build malware campaigns that could be making millions, according to FireEye researchers. Erye Hernandez, Daniel Regalado and Nart Villeneuv said that scammers, notorious for their attempts to fleece the …
Darren Pauli, 22 Jul 2015

Joomla Helpdesk Pro remote code exec vulns lead to server pwnage

Outpost24 researcher Kasper Bertelsen has warned of several vulnerabilities in Joomla's Helpdesk Pro which can lead to remote code execution on servers. The Helpdesk Pro Joomla extension allows users to categorise and log support tickets with managers who receive notifications. eBay, Heathrow Airport and the High Court of …
Darren Pauli, 22 Jul 2015

Google, Facebook and chums launch web blacklist to nail ad scammers

Tech big wigs including Facebook and Yahoo! have forged a giant blacklist to block fake web traffic contributing to advertising fraud, said Google ad man Vegard Johnsen. The Trustworthy Accountability Group (TAG) pilot program will nix bot traffic using a blacklist which could cut a significant portion of web traffic; Google's …
Darren Pauli, 22 Jul 2015

The roots go deep: Kill Adobe Flash, kill it everywhere, bod says

Fortinet security researcher Bing Lui has warned users that they can still be p0wned if they only disable Adobe Flash in web browsers. Lui's warning speaks to advice last week that users dump Flash to bolster security in the wake of the public disclosure of three zero day vulnerabilities (CVE-2015-5122. CVE-2015-5123, and CVE- …
Darren Pauli, 21 Jul 2015

Black Hat 2015: 32 SCADA, mobile zero-day vulns will drop

Gird your loins, admins; researchers are set to drop 32 zero-day vulnerabilities at the Black Hat hacking fest in Las Vegas in August. The vulnerabilities have not been disclosed but they will affect mobile devices and Supervisory Control and Data Acquisition (SCADA) systems among other platforms. "We have 32 different zero- …
Darren Pauli, 21 Jul 2015

Dumb MongoDB admins spew 600 TERABYTES of unauthenticated data

Shodan hacker John Matherly says system administrators have exposed some 595.2 terabytes of data by using poorly-configured or un-patched versions of the popular MongoDB database. eBay, Foursquare, and The New York Times are some of the prominent users of the open source MongoDB which is the most popular NoSQL database. …
Darren Pauli, 21 Jul 2015

North Korea's Red Star Linux inserts sneaky serial content tracker

ERNW security analyst Florian Grunow says North Korea's Red Star Linux operating system is tracking users by tagging content with unique hidden tags. The operating system, developed from 2002 as a replacement for Windows XP, was relaunched with a Mac-like interface in 2013's version three. The newest version emerged in January …
Darren Pauli, 20 Jul 2015
Wall of Spam. Pic: freezelight

Spamquake subsides: less than half of email is now processed pork

Spam levels have fallen to below 50 per cent of all email sent for the first time in a decade, according to security firm Symantec. The milestone comes from a 1.8 per cent decline in spam rates from last month, when spam accounted for 51.5 per cent of sent email. Threat bod Ben Nahorney said it was the lowest rate since …
Darren Pauli, 20 Jul 2015

Crims bait phishing hooks with Flash, cast at US Gov agencies

Hackers are attempting to break into US Government agencies using a recently patched Adobe Flash vulnerability, the FBI is warning. The attacks target flaw CVE-2015-5119 revealed and patched earlier this month that can if exploited allow attackers to run malware on victim machines. The agency warned of the attacks which began …
Darren Pauli, 20 Jul 2015

Thanks for open sourcing .NET say Point of Sale villains

Trend Micro researcher Jay Yaneza says Point of Sales malware has begun using Microsoft .NET, following its release as open source last year. Yaneza found the new so-called GamaPoS malware being distributed to US organisations including credit unions, developers, and pet care businesses through the resurgent Andromeda botnet. …
Darren Pauli, 17 Jul 2015

600 MEELLION apps open to brute force account guessing

Some of the world's most popular apps permit unlimited brute force password guessing attempts. The 53 exposed Android and Apple apps, collectively downloaded more than 600 million times, include SoundCloud, ESPN, CNN, Expedia, and Walmart. So far of the 15 apps named a dozen have failed to fix the server-side flaws after …
Darren Pauli, 17 Jul 2015

Ad slingers beware! Google raises Red Screen of malware Dearth

Watch out dodgy ad slingers and news sites; Google is expanding its 'last line of defence' Chrome feature to brand all security-slacker ad networks as unsafe. The Chocolate Factory will, over coming weeks, expand its Safe Browsing feature such that it throws an ominous Red Screen™ in front of ad networks it says have poor …
Darren Pauli, 17 Jul 2015

FireEye intern nailed in Darkode downfall was VXer, say the Feds

A former intern at security company FireEye has been arrested for creating and selling the slick and sophisticated Dendroid malware program after being caught in a global police sting that obliterated the Darkode cybercrime forum. Prosecutors say that Morgan Culbertson, 20, of Pittsburgh, was most recently working as a …
Darren Pauli, 16 Jul 2015

Oracle slings 193 patches, nixes exploited Java zero day

Oracle has poured cold coffee on a recent Java zero-day that's already under active attack, with just one of the critical patches it's released to address 193 holes in its sprawling product suite. The zero day is the most urgent fix of the lot and of the two dozen other Java patches present among Big Red's quarterly patch …
Darren Pauli, 16 Jul 2015

United Airlines bug bounty shells out 1.8M miles for three flaws

United Airlines has paid 1.5 million flight miles to two bug hunters who squelched 14 vulnerabilities under its newly hatched bug bounty program. Florida man Jordan Wiens reported two remote code execution bugs to the airline but could not detail the technical aspects given the program's non-disclosure agreement. The program …
Darren Pauli, 16 Jul 2015

Content delivery network CloudFlare's court order count soars

Content delivery network CloudFlare says it has received 50 court orders in the first half of this year, more than double that clocked in the whole of 2014. The statistics, which do not include search warrants, were revealed in the web defender's latest transparency report show it received 22 court orders in the first half of …
Darren Pauli, 15 Jul 2015

Microsoft boffins borrow smartmobe brains to give wearables 9x kick

Microsoft and Georgia University researchers have developed a system that can make wearable devices up to nine times faster with four times the battery life by offloading processing to traditional mobile devices. The platform, dubbed WearDrive, offloads processing power using WiFi and Bluetooth connections so that watches or …
Darren Pauli, 15 Jul 2015

Microsoft nixes A-V updates for XP, exposes 180 MEEELLION luddites

Windows XP holdouts are even more danger than ever after Microsoft abandoned anti-malware support for the ancient platform. Redmond overnight stopped providing XP support for new and existing installs of its Security Essentials package. The run-as-needed Malicious Software Removal Tool has also been axed, while support for …
Darren Pauli, 15 Jul 2015

Pluto Pic: Is it a DOG? Is it a HEART? Or is it ... is it ... BIGFOOT?

NASA has announced that the New Horizons spacecraft has phoned home after passing behind Pluto. Images and analysis are beaming their way back across the solar system as you read this story. Here at The Reg, meanwhile, we've been gazing at the lovely image of Pluto NASA revealed to the world yesterday. That snap has been …
Darren Pauli, 15 Jul 2015

Been hacked? Now to decide if you chase the WHO or the HOW

Analysis Imagine a security researcher has plucked your customer invoice database from a command and control server. You're nervous and angry. Your boss will soon be something worse and will probably want you to explain who pulled off the heist, and how. But only one of these questions, the how, is worth your precious resources; …
Darren Pauli, 14 Jul 2015

Telegram messaging app cops 200Gbps DDoS

Popular messaging platform Telegram has been hit with a 200Gbps distributed denial of service (DDoS) attack. The Tsunami TCP SYN flood kicked off on Friday and hurt users in Asia, Australia, and Oceania, knocking out the service for some five percent of the company's 60 million active users it has gained in 18 months. It is a …
Darren Pauli, 14 Jul 2015
Stacks of bitcoin CC2.0 attribution by FD Comite https://www.flickr.com/photos/fdecomite/

Hackers sell 79,267 Cloudminr accounts for ONE Bitcoin

Hackers appear to have stolen the entire user database of cloud-based Bitcoin mining outfit Cloudminr.io and are offering to sell 79,267 accounts including passwords for a single Bitcoin. The Norwegian company's website is offline and criminal advertisements showcasing some of the CSV database of members has popped up on web …
Darren Pauli, 14 Jul 2015

FLASH MUST DIE, says Facebook security chief

Newly-minted Facebook security chief Alex Stamos has called for Adobe Flash to be taken out behind the shed by a shotgun-wielding world. The former Yahoo! security head joined Menlo Park this year and over the weekend said in two Tweets that it is time the death knell chimed for the Adobe's much-hacked tool. "It is time for …
Darren Pauli, 14 Jul 2015

'Save the teachers!' 184 cryptologists send Oz Govt cleartext petition

One hundred and eighty-four angry cryptologists have signed a letter appealing for Australia's Department of Defence to grant researchers and teachers specific exemption to the country's amended laws that crack-down on crypto and exploit trading. The International Association for Cryptologic Research (IACR) letter is in …
Darren Pauli, 13 Jul 2015

Someone at Subway is a serious security nerd

XDA comments screen shot App hacker Randy Westergren has outed the application developer at Sandwich kingpin Subway as a serious security nerd. The hacker set sights on the Subway Android app, which allows uses to order and pay for sandwiches from their devices, in a bid to uncover possible vulnerabilities. He instead …
Darren Pauli, 13 Jul 2015

Java jockeys join Flash fans in the 0-day exploit club

Trend Micro has issued predictable-but-sensible advice that Java should be switched off, because there's a zero-day being exploited in the wild. Trend malware researchers Brooks Li and Feike Hacquebord said the exploit will hose systems running the latest Java platform. Because there's no patch, they added users should disable …
Darren Pauli, 13 Jul 2015

China makes internet shut-downs official with new security law

China is able to shut off internet access during major 'social security incidents' and has granted its Cyberspace Administration agency wider decision making powers under a draft law published this month. The draft also appears to require critical infrastructure organisations including foreign entities to store "important" …
Darren Pauli, 13 Jul 2015

One MEEELLION users download Facebook-pwning droid game

Threat researchers at security vendor ESET say a malicious Facebook-creds-stealing trojan masquerading as an Android game has been downloaded up to a million times. ESET chap Robert Lipovsky says the Cowboy Adventure game, and another also malicious game dubbed Jump Chess, has been since removed from Google's Play code bazaar …
Darren Pauli, 10 Jul 2015