Darren Pauli

Contact Mail Follow Twitter RSS feed
Dudley Do-Right Royal Canadian Mounted Police

Follow US please, say spies

Snarky Canuck spies have joined Twitter telling the world 'now it's your turn to follow us'. The Canadian Security Intelligence Service joined the flighty social media rabble better snoop engage with locals, agency director Michel Coulombe says. "Speaking publicly on the nature of our work isn’t always easy, but we want CSIS …
Darren Pauli, 14 Jul 2016
Office Space

It's 2016 and Windows lets crims poison your printer drivers

Among the Microsoft messes addressed in latest round of Patch Tuesday updates is a real doozy that allows remote attackers to compromise Windows machines thanks to a critical security vulnerability affecting printer drivers. The flaw is found in all desktop Windows since Vista and Windows Server since 2008 and means …
Darren Pauli, 13 Jul 2016

50 CELEBRITY SECRETS EXPOSED scores year behind bars

The New York man behind a 2014 data dump site exposed.su has been sentenced to a year in prison, plus 12 months for time already served, for doxing high-profile figures including First Lady Michelle Obama, Presidential candidate Donald Trump, and artist Jay Z, and placing dozens of highly-dangerous swatting calls. Mir Islam, …
Darren Pauli, 13 Jul 2016
Wordpress logo

Nasty session stealing hole filled in WordPress All in One SEO plugin

The developers have patched a hole in the popular All in One search engine optimisation WordPress plugin, a tool that's been downloaded by some 30 million users and is used on a million sites. Flaws exist in the Bot Blocker component which can be exploited to steal administrator tokens and conduct actions through cross-site …
Darren Pauli, 12 Jul 2016
Image by Alphonsine Sabine http://www.shutterstock.com/gallery-1997672p1.html

Android Nougat may contain traces of NOT for users of custom CAs

Google will sweeten the forthcoming Nougat release of Android by changing the way apps work with certificate authorities (CAs) and simplifying APIs. The changes will affect only some apps and users, Android security team software engineer Chad Brubaker says . The changes mean Google will not automatically trust user-selected …
Darren Pauli, 12 Jul 2016
Image: Marvel

Aussie researcher claims 'Antminer' bitcoin boxen can be broken

Australian security researcher Tim Noise says scores of popular Antminer Bitcoin mining devices could be commandeered. Noise demonstrated how a vulnerability in the configuration of the open source mining program CGminer running on an Antminer box can be abused to redirect the efforts of massive mining operations to fill an …
Darren Pauli, 12 Jul 2016
 People photographing bollywood actor Vivek Oberoi with smartphones

Google aims to train two million Indian Android devs by 2018

Google will train two million Android developers across India over the next three years. Mountain View will provide complete training in its Android operating system under a new program that is paired with the Modi Government's "Skill India" program. The course kicks off with Android Developer Fundamentals available in …
Darren Pauli, 12 Jul 2016
Daleks in Doctor Who – Witch's Familiar. Pic credit: BBC

Drowning Dalek commands Siri in voice-rec hack attack

University boffins have brewed one of the most complex mechanisms for loading malware onto phones by way of surreptitious Google Now and Siri voice commands hidden in YouTube videos. For the attack to work, phones need to be in a state where they can receive voice commands - a feature often left unlocked - and close enough to …
Darren Pauli, 11 Jul 2016
Image composite Alex Yeung, NesaCera, NesaCera Shutterstock

White hat banned for revealing vulns in news sites used by London councillors

Security consultant Andrew Tierney has claimed that web platform NeighbourNET contains nasty vulnerabilities that could compromise users. The company's sites are used for local news services, often by councils and councillors to communicate with residents. London districts favoured with sites powered by the service include …
Darren Pauli, 11 Jul 2016

Hacker bites Datadog, finds hard-to-chew bcrypt passwords

Software as a service monitoring platform Datadog, used by the likes of Facebook, Salesforce, and Citrix, has been breached and therefore suggested strongly that customers reset their passwords. The company says attackers hit multiple servers Friday including production servers, and a database of user credentials. Other …
Darren Pauli, 11 Jul 2016
Pokemon toys

Teen thugs lure, rob Pokemon Go gamers

Enterprising teen thugs have used a feature in the virally-popular Pokemon Go mobile game to lure and rob gamers. The mobile app, released last week, uses augmented reality to overlay Pokemon around the real world, requiring players to walk around to collect the famed characters. Police at the US State of Missouri's O’Fallon …
Darren Pauli, 10 Jul 2016
Cymmetria report

Copy paste slacker hackers pop corp locks in ode to stolen code

The ultimate copy paste slacker hacker group has busted security controls in some 2500 corporates and government agencies using nothing but stolen code. The targets focus on those affiliated with military and political assignments around Southeast Asia and the contentious South China Sea, and may have been compromised in a …
Darren Pauli, 08 Jul 2016

CloudFlare pros pen paranoid phone plan for pwn-free peregrination

Travelling executives should use modern iPhones with burner SIMs, no PINs, and minimal apps, CloudFlare security boffin Filippo Valsorda says. Valsorda of the anti- distributed denial of service attack firm's London office says his 'paranoid' guide focuses on iOS because he considers it the most secure operating system …
Darren Pauli, 08 Jul 2016

414,949 D-Link cameras, IoT devices can be hijacked over the net

Shodan has turned up half a million D-Link devices exposed to the internet, and subject to easy hijacking using zero-day vulnerabilities. The stack overflow vulnerabilities affect more than 120 D-Link products, from Wi-Fi cameras to routers and modems, and allow remote attackers to completely hijack the administer account of …
Darren Pauli, 08 Jul 2016
Image by Anastasia Omelyanenko http://www.shutterstock.com/fr/pic-436311205/stock-photo-mashmellow-and-lollipop.html?src=EXWdanl3s89L0aXGAQTtcQ-1-62

Cafe killer remote code execution affects 140 million MIUI Androids

The most popular stock and third-party Android ROM – used by 170 million people – contains a dangerous since-patched remote code execution hole that could hand attackers total control of handsets. The flaw, found by IBM X-Force researcher David Kaplan (@depletionmode), now of Microsoft, exists in MIUI (pronounced Me, You, I) …
Darren Pauli, 07 Jul 2016
IMage by Vadim Ivanov http://www.shutterstock.com/gallery-771946p1.html

Loose wrists shake chips: Your wrist-job could be a PIN-snitch

Chinese scientists have brewed a way to steal -- with 80 percent accuracy -- automatic teller machine PINs by infecting wearable devices. Five university boffins demonstrated the trick in a laboratory, finding even the slight hand movements a person makes while entering PINs can be captured through infected smart watches. The …
Darren Pauli, 07 Jul 2016

Palo Alto offers $16,000 in looming CTF hack off

In eight days, Palo Alto is launching a capture the flag competition offering a total of US$16000 (£12340, A$21,245) for the first to complete the six trials. The first to solve all six challenges will receive US$5000 (£3866, A$6640), and can score six lots of US$1000 (£773, A$1328) if they are also the first to complete each …
Darren Pauli, 07 Jul 2016

Sysadmins: Use these scripts to fully check out of your conference calls

Rejoice, system admins; Splunk developer Josh Newlan has created a series of scripts that will with the right tools get you out of time-wasting teleconference meetings. The scripts, built on Splunk and IBM Speech to Text Watson but which can be ported to use open source tools, allow over-worked crushed souls to have relevant …
Darren Pauli, 07 Jul 2016

⌘+c malware smacks Macs, drains keychains, pours over Tor

More malware capable of pilfering Mac keychain passwords and shipping them over Tor has been turned up, less than a day after a similar rare trojan was disclosed. Dubbed Keydnap, the malware is delivered as a compressed Mach-O file with a txt or jpg extension, with a hidden space character which causes it to launch in terminal …
Darren Pauli, 07 Jul 2016

'Double speak' squawk users as Silent Circle kills warrant canary

Silent Circle has quietly euthanized its warrant canary for 'business reasons' leading privacy pundits to freak out over double negatives and double speak. The much-loved privacy company offers the hardened BlackPhone geared to business folks who want to frustrate the surveillance state and criminals. Like others, its warrant …
Darren Pauli, 06 Jul 2016
Image composite Titima Ongkantong, Stephen Marques, Shutterstock

Outed China ad firm infects 10m Androids, makes $300k a month

Net scum behind the Hummingbird Android malware are raking in a mind-boggling US$300,000 (£233,125, A$404,261) a month through illegitimate advertising and app downloads from a whopping 10 million infected devices. The offending group, known as Yingmob, is an offshoot of a legitimate Chinese advertising analytics firm with …
Darren Pauli, 06 Jul 2016
Image by Iterum http://www.shutterstock.com/gallery-591613p1.html

Gigabyte BIOS blight fright: Your megabytes’ rewrite plight in the spotlight

Gigabyte has been swept into turmoil surrounding low-level security vulnerabilities that allows attackers to kill flash protection, secure boot, and tamper with firmware on PCs by Lenovo and other vendors. Unconfirmed reports suggest the hardware vendor has used the "ThinkPwn" vulnerable code, thought to be born of Intel …
Darren Pauli, 06 Jul 2016

Word hole patched in 2012 is 'unchallenged' king of Office exploits

Possibly the most exploited unchallenged Microsoft Office vulnerability of the last decade was found and patched in 2012. Sophos threat researcher Graham Chantry says the longevity of the dusty bug affecting Office 2003, 2007, and 2010, is thanks to its constant adaptation by exploit kit authors, and a pervasive unwillingness …
Darren Pauli, 05 Jul 2016

Researcher pops locks on keylogger, finds admin's email inbox

Trustwave researcher Rodel Mendrez has gained access to the inbox of the criminal behind a commercial keylogger used to attack industries including finance, cloud services, logistics, foreign trade, and government. Mendrez's reverse engineering effort found credentials buried within the Hawkeye keylogger that lead through …
Darren Pauli, 05 Jul 2016
Facebook's Mark Zuckerberg, speaking at the 2015 F8 conference

Israel's security minister suckers Zucker for Facebook'ed killings

Israel's Public Security Minister Gilad Erdan has blamed Facebook founder Mark Zukerberg for the killing of Hallel Ariel and Michael Marks. The Minister told local program Meet the Press Facebook does not do enough to alert security forces to terrorist-related posts after Ariel's killer Muhammad Tarari posted to the social …
Darren Pauli, 05 Jul 2016