Darren Pauli

Contact Mail Follow Twitter RSS feed

Java jockeys join Flash fans in the 0-day exploit club

Trend Micro has issued predictable-but-sensible advice that Java should be switched off, because there's a zero-day being exploited in the wild. Trend malware researchers Brooks Li and Feike Hacquebord said the exploit will hose systems running the latest Java platform. Because there's no patch, they added users should disable …
Darren Pauli, 13 Jul 2015

China makes internet shut-downs official with new security law

China is able to shut off internet access during major 'social security incidents' and has granted its Cyberspace Administration agency wider decision making powers under a draft law published this month. The draft also appears to require critical infrastructure organisations including foreign entities to store "important" …
Darren Pauli, 13 Jul 2015

One MEEELLION users download Facebook-pwning droid game

Threat researchers at security vendor ESET say a malicious Facebook-creds-stealing trojan masquerading as an Android game has been downloaded up to a million times. ESET chap Robert Lipovsky says the Cowboy Adventure game, and another also malicious game dubbed Jump Chess, has been since removed from Google's Play code bazaar …
Darren Pauli, 10 Jul 2015

Hacked Hacking Team team – like everyone in security – read The Register

Hacking Team CEO David Vincenzetti and his staff were avid readers of The Register, frequently recommending our articles to one another. A trawl through the company's email records, which were hacked and revealed to the world this week, reveals that Vincenzetti ran something of an in-house news service in which his researchers …
Darren Pauli, 10 Jul 2015

Link farmers bust Google search algos

Sophos threat hunter Dmitry Samosseiko says internet lowlife are implanting hundreds of thousands of malicious PDF files a day on compromised websites to build a new cloaking system that foils Google's search algorithm analysis. Samosseiko says the blackhat search engine optimisation method applies old keyword-stuffing and …
Darren Pauli, 09 Jul 2015

VXers charge Nintendo fans then p0wn their data

Palo Alto Networks researchers Cong Zheng and Zhi Xu are warning of a new form of malware that is masquerading as a paid Nintendo emulator for Android devices. The Gunpoder malware takes the form of an app packaged with the Airpush ad library making it difficult for anti-virus engines to detect. Zheng and Xu say the ads help …
Darren Pauli, 09 Jul 2015

Kali Linux 2.0 to launch at DEFCON 23

Video A small cadre of hackers have announced the next version of the Kali hacker arsenal, codenamed Sana, will be released on 11 August. The popular penetration testing platform brings hundreds of the best open source hacking tools into a Debian-based distribution that is a staple for hackers and forensic analysts. Kali Linux …
Darren Pauli, 08 Jul 2015

Berlin pours bucket of flat beer on Patriot missile hack report

Hackers hijacked German Patriot missiles stationed in Turkey on the Syrian border, according to reports since rebutted by the Government. The extraordinary claims suggest attacks were detected when "unexplained" orders were given to the weapons through two supposed weak spots. Germany's Defence Department told Die Welt says …
Darren Pauli, 08 Jul 2015

Oz Defence Dept 'not punitive' with crypto export controls

Australia's Department of Defence is meeting with security pros, including Google, to nut out the finer points of that country's dual-use control laws in what is described as a move away from a punitive crack-down on sharing data about information security. Nine Defence delegates and five of 15 invited industry and other …
Darren Pauli, 08 Jul 2015

BOT-GEDDON coming after ZeusVM leak, hacker warns

Former Kaspersky Japan boss now malware researcher Hendrik Adrian is warning of a boom of ZeusVM botnets, after the trojan source code was leaked online. Version two of the builder and panel source code leaked last month, and spotted by the French malware researcher known as Xylitol Adrian, who uses the online handle …
Darren Pauli, 07 Jul 2015

XSSposed launches pay-whatever bug bounty

Cross-site scripting war board XSSposed has opened a pay-whatever bug bounty to help its hackers earn cash and tee-shirts. Launched overnight, the program lets anyone register their interest in hearing about vulnerabilities for any web property. They then have the opportunity to pay researchers for the finding. Admins who …
Darren Pauli, 07 Jul 2015

Pwned Hacking Team tells cops, govts to shut down software

Flayed surveillance outfit Hacking Team is telling customers to suspend running instances of its software after 400GB of its source code and internal data was stolen and posted online. The Milan company sells spy software to law enforcement agencies, and has been accused by activist groups of happily signing up oppressive …
Darren Pauli, 07 Jul 2015

Borg slings patch at bonehead hardcoded admin password hole

Cisco has squashed a hardcoded admin password flaw in its Unified Communications Domain Manager, as it allowed remote hackers to mess with instant messaging and phone platforms. The Borg slapped the horrific boneheaded error with a 10 out of 10 severity rating given the ease of compromise and possible devastation of a hack. …
Darren Pauli, 06 Jul 2015

Hacking Team hacked: Spyware source code torrent blurts govt customers

Italian surveillance-ware developer Hacking Team has been infiltrated by hackers, who have leaked online 400GB of secret source code and other internal data. The plundered booty is being shared via BitTorrent, and appears to include audio recordings, emails, documentation, invoices, and source code. Hacking Team sells the Da …
Darren Pauli, 06 Jul 2015

DDoSers call 1988 and want its routing protocol hacked

Attackers are exploiting an ancient networking protocol to enslave small home and office routers in distributed denial of service attacks, Akamai says. The May attacks, described in a report by the global networking company, exploit routers operating version one of the Routing Information Protocol (RIP) developed in 1988 and …
Darren Pauli, 06 Jul 2015

It’s 2015 and we're being told not to send credit cards as cleartext

The payments card industry (PCI) council has reviewed its guidance to encourage businesses to stop slinging credit card data in cleartext by giving the tick to encryption solutions built from different components, rather than products that handle every step of data's journey from merchant to banker. The change is reflected in …
Darren Pauli, 03 Jul 2015

PureVPN calls pure BS on VPN insecurity study

Hong Kong virtual private network provider PureVPN has rejected claims in a study published this week that its service among many other popular providers are open to DNS hijacking and has pushed fixes to shore up security. Research revealed earlier this week ruffled privacy feathers after a five security bods identified that 14 …
Darren Pauli, 03 Jul 2015

Mastercard facial recog-ware will unlock your money using SELFIES

Mastercard will begin using selfies as a means to verify payments, it is being said. The "innovation" will allow some 500 pilot users to take a photo instead of punching in PINs, a move MasterCard chief product security officer Ajay Bhalla says will be popular with youth. Bhalla told CNN Mastercard partnered with all phone …
Darren Pauli, 03 Jul 2015

This box beams cafes' Wi-Fi over 4kms so you can surf in obscurity

Rhino Security founder Benjamin Caudill has created a tool to help privacy pundits (and criminals) connect to wireless networks from a distance of four kilometres, in a bid to foil eavesdropping authorities. The Proxyham Raspberry Pi hardware box is a complement to toolkits such as Tor that mask the source of web traffic. …
Darren Pauli, 03 Jul 2015

FBI updates Most Wanted cyber felons list, offers US$4.2m bounties

The mastermind of the Zeus trojan; a car scamming screwball; an identity thief; a malvertiser, and a keylogger monger: nail these five net crims to the wall and the FBI will pay you US$4.2 million. The agency has updated its 'Cyber Most Wanted'™ with the new hits who join the existing famous five hackers employed in the Chinese …
Darren Pauli, 02 Jul 2015

LG won't fix malware slinging bloatware update hole

The the Budapest University of Technology and Economics' Security Evaluation and Research Laboratory (SEARCH-LAB) says "malicious attackers controlling the network are able to install arbitrary applications" on LG's Android phones, thanks to a flaw in their software update mechanism. The Lab says the flaw impacts "all Android …
Darren Pauli, 02 Jul 2015

20-yr-old Brazilian births 100 banking trojans

A 20 year-old Brazilian kid has pumped out more than 100 banking trojans selling each for around US$300 a pop, Trend Micro researchers say. The computer science student's extracurricular activities landed him the dishonourable title of his country's most prolific banking malware creator. Researchers say "Lordfenix", his chosen …
Darren Pauli, 02 Jul 2015

PeopleSoft p0wnage possible with a day of GPU brute-forcing

ERPScan researcher Alexey Tuyrin says hundreds of Oracle PeopleSoft users, including banks, are running publicly-exposed services that are open to a token-plundering vulnerability. The penetration tester says a breach could be worse than that of the Office of Personnel Management which recently lost millions of records in a hack …
Darren Pauli, 02 Jul 2015

A third of iThings open to VPN-hijacking, app-wrecking attacks

A trio of FireEye researchers have reported twin 'app-demolishing' iOS vulnerabilities Apple has partially fixed in its latest update that could wreck core apps such as the App Store and Settings. Researchers Zhaofeng Chen, Tao Wei, Hui Xue, and Yulong Zhang revealed the latest in five so-called Masque attacks that could wreck …
Darren Pauli, 01 Jul 2015

Script-blocker NoScript lets in ANYTHING from googleapis.com

Detectify security researcher Linus Särud has reported a weakness in popular Firefox security tool NoScript that allows attackers to have their malware whitelisted. The tool is used by some two million security-and-privacy-conscious folk who want to stop active content like JavaScript and Flash getting a foothold in their …
Darren Pauli, 01 Jul 2015
Padlocks by Simon Cocks Flickr CC2 license

Identity protection outfit LifeLock picked, popped

Security researchers Eric Taylor and Blake Welsh have disclosed a cross-site scripting vulnerability in US identity protection company LifeLock. The duo from US outfit Cinder say the vulnerability allows attackers to target the company's three million users with malware and phishing attacks, session jacking, among other acts …
Darren Pauli, 01 Jul 2015

Intel infosec folk TEE off open source app dev framework

A trio of Intel boffins have broken a vendor lock-down on trusted execution environments (TEEs) with the release of an open source framework that could help developers to build more secure apps. Intel wonks Brian McGillion, Tanel Dettenborn, and Thomas Nyman (plus N. Asokan of Aalto University and University of Helsinki) …
Darren Pauli, 30 Jun 2015

VPNs are so insecure you might as well wear a KICK ME sign

A team of five researchers from universities in London and Rome have identified that 14 of the top commercial virtual private networks in the world leak IP data. Vasile C. Perta, Marco V. Barbera, and Alessandro Mei of Sapienza University of Rome, together with Gareth Tyson, and Hamed Haddadi of the Queen Mary University of …
Darren Pauli, 30 Jun 2015

Amazon douses Fire phone man-in-the-middle diddle

MWR Labs researcher Bernard Wagner has reported three flaws in Amazon's Fire phone that could allow apps to facilitate man-in-the-middle attacks. Wagner says two Certinstaller (the CertInstaller tool enables the installation of certificates via various file formats) flaws allow apps to install certificates such that the large …
Darren Pauli, 30 Jun 2015

Sophos' putrid patch snuffs Citrix kit, kills call centre

A Sophos Web Appliance update has crashed users' PC fleets including knocking offline the Australian call centre of a global company for two days after support was quietly revoked for SSL 3.0 ciphers used in Citrix Receiver. The British security firm pushed out update version 4.0.2.3 last week to correct four non-critical issues …
Darren Pauli, 29 Jun 2015

Ransomware slinging exploit kit targets Flash remote code execution

Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit, according to respected independent malware researcher "Kafeine". The remote code execution vulnerability (CVE-2015-3113) revealed last week allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP. Web …
Darren Pauli, 29 Jun 2015

Blackhats using mystery Magento card stealers

Sucuri infosec researcher Peter Gramantik says carders are exploiting an unknown vulnerability to steal billing information from e-commerce sites that use eBay's Magento platform. Gramantik found an attack script that plunders POST data and identifies valuable payment data before storing it as an encrypted image file. He says …
Darren Pauli, 29 Jun 2015

Rivalry heats up as VXers bake Fobber crypto clobber

A malware development squad is so determined to thwart meddling white hat researchers that it has produced a trojan riddled with obfuscation techniques and neurotic encryption. The Fobber banking trojan is based off Tinba version two, regularly hops between programs, and is distributed through the elusive and dangerous HanJuan …
Darren Pauli, 26 Jun 2015

Vegan eats BeEf, gets hooked

Botnet slaughterer Brian Wallace has created a module to detect when attackers are using the popular browser-busting BeEF hacking framework. The Chrome extension codenamed Vegan allows victims to detect when attackers have hooked their web browser instances using the enormously powerful Browser Exploit Framework. Vegan could …
Darren Pauli, 26 Jun 2015

Facebook! exfiltrates! Yahoo! security! boss!

Facebook has poached NSA-clashing Yahoo! security man Alex Stamos to head up its infosec operations. The hire means Menlo Park has filled a three-month vacancy left when security boss Joe Sullivan who oversaw a crackdown on Facebook scammers and scum left for Uber. Stamos fittingly announced his migration on his Facebook …
Darren Pauli, 26 Jun 2015

Dyre banking VXers LOVE Mondays, Symantec says

Nobody can accuse trojan coders of being lazy; the masterminds behind the Dyre banking malware are putting in full five-day working weeks to maintain some 285 command and control servers handling stolen banking credentials. The malware is one of the worst in circulation using its fleet of command and control servers to handle …
Darren Pauli, 25 Jun 2015

BlackShades privacy raiding web rat gets five years in US cooler

Swedish BlackShades co-creator Alex Yucel has been sentenced to nearly five years in a US cooler for selling and distributing the remote access trojan (RAT). Yucel, 25, pled guilty February in a New York court to slinging the perverted mutation of a legitimate system administration tool and was forced to forfeit $US200,000 in …
Darren Pauli, 25 Jun 2015
Dragon

NOD32 AV remote root wormable hack turns corporate fleets to meat

Google Project Zero bod Tavis Ormandy has disclosed a "trivial" means of remotely hack the ESET NOD32 antivirus platform. Ormandy's finding prompted the Slovak company to rush a patch a day before his disclosure overnight. The remote-root exploit is potentially wormable and, he said, of practical value to criminals. "Any …
Darren Pauli, 25 Jun 2015

Killer ChAraCter HOSES almost all versions of Reader, Windows

Get patching: Google Project Zero hacker Mateusz Jurczyk has dropped 15 remote code execution vulnerabilities, including a single devastating hack against Adobe Reader and Windows he reckons beats all exploit defences. The accomplished offensive security researcher (@j00ru) presented findings at the Recon security conference …
Darren Pauli, 24 Jun 2015
Herdwick sheep walk towards the camera

Triple glitch grounds ALL aircraft in New Zealand

A trinity of network failures led to the grounding of all aircraft in New Zealand yesterday. Just four minutes of outage ended up keeping planes on the ground for two hours, affecting 200 flights on 23 June. It cut off radar systems and forced traffic controllers to revert to manual systems to land some of the fifty aircraft …
Darren Pauli, 24 Jun 2015

RubyGems slings patch at nasty redirect trojan holes

Get patching: new vulns in the RubyGems developer distribution platform could expose millions of users to malicious redirects. The hole (CVE-2015-3900) since patched means clients could be pushed to Gem severs hosting malicious content even if HTTPS is employed. Attackers further benefited since RubyGems Gems Server Discovery …
Darren Pauli, 24 Jun 2015

Feds count Cryptowall cost: $18 million says FBI

Cryptowall authors have wrought some US$18 million in damages on US users and businesses alone, according to the FBI. The Cryptolocker-imitation ransomware family has etched itself as one of the most prolific and capable since it was first detected in April 2014. Global damage reported to the US agency are likely considerably …
Darren Pauli, 24 Jun 2015
Stacks of bitcoin CC2.0 attribution by FD Comite https://www.flickr.com/photos/fdecomite/

Slippery Silk Road spook will plead guilty to duping dealers

A US Secret Service information security bod is going to enter a guilty plea to pilfering US$820,000 in Bitcoins from scuttled drug souk the Silk Road. Shaun W. Bridges admitted to harvesting the anonymous currency before cashing out at the then Mx Gox Bitcoin exchange and going into hiding. “Mr. Bridges has regretted his …
Darren Pauli, 23 Jun 2015
spy_eye_648

Pirate captain blasts Google for its 'mystery' Chrome blob

Pirate Party captain Rick Falkvinge has weighed into the Google Chrome 'listening blob' debate, saying Mountain View silently downloaded an 'eavesdropper' to Chrome users' machines. The row arose last week, when Debian users first noticed that The Chocolate Factory was dropping the blob on their machines. Falkvinge rejects …
Darren Pauli, 23 Jun 2015

Redmond: IE Win 8.1 defence destroying hack ain't worth patch, natch

HP security research bod Dustin Childs says the company couldn't get Microsoft to patch an IE exploit, so it's gone public. Childs says the Address Space Layout Randomisation (ASLR) hole affects millions of 32bit systems and should have been patched. He says his former paymasters at Redmond did not consider the bug 'worth it' …
Darren Pauli, 23 Jun 2015

Phishing gone: eBay patches to block session-jacking Magento holes

Vulnerability Lab researcher Hadji Samir says eBay has squashed three vulnerabilities in its Magento shopping platform that could permit session hijacking and man-in-the-middle attacks. The penetration tester disclosed this month the vulnerabilities along with proof-of-concept videos showing how attackers could steal session …
Darren Pauli, 22 Jun 2015

Dev probes bad proxies, writes white hat checker, black hat DIY guide

Developer Christian Haschek is building an online tool to allow users to check whethre their free proxy is potentially harvesting their details, or is one of the few to be relatively secure. The ProxyChecker service allows users to enter the IP address and port of their favourite free proxy service, to see if it is messing with …
Darren Pauli, 22 Jun 2015
FJ cruiser by https://www.flickr.com/photos/paperstainer/ Cc 2.0 attribution  https://creativecommons.org/licenses/by/2.0/

Two foreigners, a desert and a jeep full of bank statements

On-Call Welcome again to On-Call, our weekend regular in which we share readers' tales of odd things that happen at odd times in odd places. This week, reader Alex tells us he once worked in the Saudi Arabian capital of Riyadh, for a major bank. “There had been a bunch of problems, which meant the customer account statements were …
Darren Pauli, 21 Jun 2015

BIG RED BUTTON exploits Redis flaw to fix Redis flaw

Reckless sys admins rejoice: entrepreneurial security bod Ben Murphy has created a daring quick patch for the popular Redis data structure server. Murphy (@benmmurphy) created an alluring red Hot Patcher™ button that when pushed will exploit a flaw in Redis in order to patch a Lua sandbox bypass vulnerability he disclosed this …
Darren Pauli, 19 Jun 2015

Drupal flicks fix to nix OpenID admin account hijack hole

Drupal has shuttered a flaw in its implementation of OpenID that allows attackers to log in as web site administrators. The flaw (CVE-2015-3234) is the most critical of four and affects versions six and seven of the content management system. Drupal's security team say attackers can target unpatched systems if they hold an …
Darren Pauli, 19 Jun 2015