Articles about Miscreants

Snowden's anti-snoop tool

NSA whistleblower Ed Snowden and hardware guru Andrew “Bunnie” Huang have designed a gizmo that wraps around your iPhone 6 and alerts you when the mobe unexpectedly leaks your location. Basically, if you put your smartphone into airplane mode – ie: maintain radio silence – to avoid being tracked, the gadget will kick off if …
Shaun Nichols, 21 Jul 2016

Tor for IoT toothbrushes

If you want to hide your Internet of Things devices within the anonymizing Tor network, there's now a guide here for you to follow. Basically, you run your devices behind a hidden service, keeping them out of sight of internet-scanning miscreants and protecting them with HTTPS encryption. You can find out more from the above …
Chris Williams, 21 Jul 2016
Pokemon toys

Trump? Terror? Turkey? Whoa, there's a Tentacool in that Bush...

If terror attacks, coups and the prospect of a Trump presidency aren’t enough to convince the end of days might just be at hand, a brief review of the weekend’s Pokemon Go related news should tip the balance. As the augmented reality monster hunting smartphone game rolled out across the real world, players were shot at and …
Joe Fay, 18 Jul 2016
Happy penguin, image via Shutterstock

Ubuntu forums hacked

Ubuntu maker Canonical says that its Linux distro's user forums have been hacked, and the usernames, IP addresses, and email addresses of roughly 2 million users have been swiped. Canonical CEO Jane Silber said no passwords were taken via an SQL injection attack, and that the miscreants did not appear to have accessed any …
Shaun Nichols, 15 Jul 2016

Exploit kit miscreants rush to plug gap in cyber-crime marketplace

Cybercrooks behind the Sundown Exploit Kit are rapidly updating the hacking tool in a bid to exploit a gap in the market created by the demise of the Angler and Nuclear exploit kits. While RIG and Neutrino have been the primary protagonists in the void left by Angler and Nuclear, Sundown is also vying for an increased share in …
John Leyden, 13 Jul 2016
Cthulu emerges from a printer. Image created by illustrator Andy Davies. Copyright: The Register

Webpages, Word files, print servers menacing Windows PCs – yup, it's Patch Tuesday

Microsoft will fix critical holes in Internet Explorer, Edge, Office and Windows with this month's Patch Tuesday security bundle. Meanwhile, Adobe has patched dozens of exploitable vulnerabilities in its Flash player. Redmond's July release includes 11 sets of patches, six rated as "critical" and five classified as "important …
Shaun Nichols, 12 Jul 2016

Eat my reports! Bart ransomware slips into PCs via .zip'd JavaScript

The cybercrooks behind ransomware Dridex and Locky have started distributing a new file-scrambling software nasty dubbed Bart. Bart has a payment screen just like Locky's, and encrypts documents without first connecting to a remote command-and-control server to receive its orders. Bart may therefore be able to encipher Windows …
John Leyden, 28 Jun 2016

25,000 malware-riddled CCTV cameras form network-crashing botnet

A massive network of hacked CCTV cameras is being used to bring down computers around the world, we're told. The unusual 25,000-strong botnet was apparently spotted by US security outfit Sucuri when it investigated an online assault against an ordinary jewelry store. The shop's website was flooded offline after drowning in 35 …
Iain Thomson, 28 Jun 2016
Silhouette of spy discerning password from code uses a command on graphic user interface

Carbonite online backup accounts under password reuse attack

If you're a user of online backup service Carbonite, you're getting a new password. Don't make it one you've used somewhere before. Carbonite has released a statement telling users it's run a system-wide password reset in the face of a password-reuse attack. The company claims its own systems haven't been compromised, but if …
Newspapers

Cybercrooks are pimping out pwned RDP servers

Cybercriminals are buying and selling access to compromised servers for as little as $6 each. The xDedic marketplace, which appears to be run by a Russian-speaking group, lists 70,624 hacked Remote Desktop Protocol (RDP) servers for sale. Kaspersky Lab researchers warn that crooks can abuse the compromised systems to hack …
John Leyden, 15 Jun 2016
hand with thumb up

Crysis creeps: Our ransomware locks network drives and PCs. Bargain

Cybercrooks have put together a new strain of ransomware that lifts corporate data as well as encrypting files on compromised computers. Crysis grabs admin privileges, collects the victim computer's name and some encrypted files before uploading them to a remote command and control server. The ransomware encrypts files on …
John Leyden, 10 Jun 2016
A hammer and bent screw

French B&Q equivalent 'hacked' to offer visitors vulgar DIY tools

French DIY goods store Castorama has pulled its website offline after miscreants manipulated the site search function to suggest rude versions of household appliances. Yesterday Castorama.fr's home page was swapped out for a message translation experts reckon means: "Dear Internet, this site's page in unavailable. Thank you …
News room with blur motion effect

uTorrent forums hacked

The hosting provider behind BitTorrent Inc's uTorrent forum was hacked this month, but only 38,000 accounts have been dumped on the web. uTorrent is telling users to reset their passwords as a precaution. The HaveIBeenPwned website says email addresses, IP addresses, passwords, and usernames were taken from the forum database …

Oh snap! Facebook zaps crap yap gap in web chat, natter app flap

A vulnerability in Facebook's web chatrooms and its Messenger app would have let miscreants surreptitiously tamper with messages after they had been sent. The flaw was discovered by eggheads at security biz Check Point, who reported it to the social network giant. We're told attackers would have needed only a basic knowledge …
John Leyden, 08 Jun 2016
Hacker cons. Image: Darren Pauli

The rise and rise of Australia's community hacking conferences

Special report In Australia and New Zealand, hackers are doing it for themselves by creating vibrant security conferences that run on their own terms and actively avoid the corporate-speak and fear-mongering that characterises so many vendor-led events. These conferences, or "cons", are booming and showcase security skills that rival the …
Darren Pauli, 06 Jun 2016

You've got a patch, you've got a patch ... almost every Android device has a patch

It's the first Monday of the month, and that means another batch of patches for Android, fixing flaws that can be exploited by apps and webpages to hijack devices. As usual, if you're not using a Google Nexus device, you're at the mercy of your manufacturer and phone carrier to approve and distribute these updates, which may …
Iain Thomson, 06 Jun 2016
Open barn door

TeamViewer beefs up account security after rash of PC, Mac hijacks

TeamViewer is whacking anti-hacker protections into its remote-desktop tool – as its customers continue to report having their PCs and Macs remotely hijacked by criminals. Two new security checks in TeamViewer will warn users when a new device or location attempts to log into their TeamViewer account and remotely manage any …
Shaun Nichols, 03 Jun 2016
Mobile banking, image via Shutterstock

Flash. Bang. Wallet: Marcher crooks target UK Android users

Miscreants behind the Marcher mobile malware have begun targeting UK banking customers. The trojan - which already targets banks in other countries, including Germany, Austria, France, Australia and Turkey - has added nine major UK bank brands onto its roster, IBM's X-Force security research team warns. Marcher is an Android- …
John Leyden, 02 Jun 2016
Extortion

Miscreants demand Bitcoins to stay silent on 'dirty secrets' of Tumblr, LinkedIn hack victims

The FBI has issued an unusual warning about a new breed of scammers looking to get rich off the back of recent high-profile data breaches. According to the agency's Internet Crime Complaint Center (IC3), a large volume of emails are being reported where the sender claims to have used data from recent breaches at LinkedIn, …
Iain Thomson, 01 Jun 2016
Remote control

TeamViewer denies hack after PCs hijacked, PayPal accounts drained

Updated TeamViewer users say their computers were hijacked and bank accounts emptied all while the software company's systems mysteriously fell offline. TeamViewer denies it has been hacked. In the past 24 hours, we've seen a spike in complaints from people who say their PCs, Macs and servers were taken over via the widely used remote …
Shaun Nichols, 01 Jun 2016
A view from Babbage's eye-mounted Picam

TFTP abused by DDoSsers

Crooks have come up with a new technique for swamping websites with junk traffic. Miscreants have begun using a DDoS reflection and amplification method that abuses TFTP (Trivial File Transfer Protocol), Akamai reports. TFTP is mostly a LAN service used for configuration of devices such as phones and initial installations of …
John Leyden, 01 Jun 2016

IBM warns of 'bug poachers' who exploit holes, steal info, demand big bucks

At least 30 companies have been hit in the past year by so-called "bug poaching," where hackers break into corporate servers, steal data, and then demand a fee for showing how it was done. The technique, spotted by IBM's Managed Security Services researchers, involves miscreants breaking into a corp's servers, typically using …
Iain Thomson, 01 Jun 2016

CERT warns of hardcoded creds in medical app

The US computer emergency response team has issued a warning after admin credentials were found in a popular medical application used for acquiring patient data. The MEDHOST application is designed for handling the perioperative three stages of surgery including patient tracking, and patient conditions. It can be hosted and …
Darren Pauli, 30 May 2016
Laptop user, photo via Shutterstock

Tech support locker scam poses as failed Microsoft Update

Cybercrooks have put together a new scam that falls halfway between ransomware and old school browser lockup ruses. The new class of “tech support lockers” rely on tricking users into installing either a fake PC optimiser or bogus Adobe Flash update. Once loaded the malware mimicks ransomware and locks users out of their …
John Leyden, 20 May 2016

36 firms at risk from that unpatched 2010 SAP vuln? Try 500+

Analysis A vulnerability in SAP systems that some enterprises have failed to patch for six years is more difficult to fix than previously reported and estimates of enterprise exposure are way too low, according to the security consultancy that originally found it. US-CERT took the unprecedented move on Wednesday of enumerating in an …
John Leyden, 13 May 2016

Cracker hacker 'edits' biggest subreddits

A seemingly benign Twitter pest has popped what they claim is more than 100 Reddit subreddits including those devoted to the upcoming big ticket Battlefield One game, Marvel Studios, Star Wars, and Game of Thrones. Hugely popular subreddits including pics, and TIFU (today I f**ked up) were also defaced. In keystrokes of irony …
Darren Pauli, 13 May 2016

ImageMagick exploits spotted

Malicious images exploiting server-hijacking holes in ImageMagick have been spotted and documented by web host biz CloudFlare. As we reported last week, ImageMagick – a tool used by countless websites to process images submitted by users – has a pretty bad bug that allows images to execute commands on vulnerable systems. The …
Chris Williams, 09 May 2016
Blackmail

Ransomware grifters offer to donate proceeds of crime to charity

Ransomware crooks are offering to donate ransom fees to a children's charity. Security experts dismiss the promise as “psychological manipulation” from unscrupulous crooks. The offer comes from the “kind hearted” slingers of "CryptMix", one of a growing number of crypto-ransomware strains menacing Windows users worldwide. …
John Leyden, 06 May 2016

Miscreants tripled output of proof of concept exploits in 2015

Hackers collectively tripled the production of Proof-of-Concept exploits last year, according to a new study out on Thursday. Researchers and black hats develop proof-of-concept (PoC) exploits for research or demonstration purposes. These PoCs are developed for a various reasons – to demonstrate that software is vulnerable, …
John Leyden, 05 May 2016
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Suck on this: White hats replace Locky malware payload with dummy

Pranksters have infiltrated the control system behind the infamous Locky ransomware and replaced the malware’s main payload with a dummy file. Locky normally spreads using malicious and disguised JavaScript inside email attachments supposedly containing an invoice or similar. Malicious messages are sent to prospective marks in …
John Leyden, 05 May 2016
android_toys_648

3-in-4 Android phones, slabs, gizmos menaced by fresh hijack flaws

Google has today issued a bundle of 40 security patches for its Android operating system. A dozen of the fixes correct critical vulnerabilities in versions 4.4.4 of the operating system and above. About 74 per cent of in-use Android devices run Android 4.4.4 or higher. These critical bugs can be potentially exploited by …
Iain Thomson, 02 May 2016

Facebook 'login hole'

Infosec biz Bitdefender says Facebook has patched a bug it found that potentially allowed miscreants to log into websites as other people. A hacker could create a Facebook account using an email address belonging to a victim, then at the right moment change the address to one controlled by the hacker to verify the contact …
Team Register, 27 Apr 2016

Hackers so far ahead of defenders it's not even a game

Cybercriminals are way ahead of the game against defenders without having to try anything new, according to the latest edition of Verizon's benchmark survey of security breaches. The study shows that miscreants have no need to switch up, because the same old tactics are still working fine. Security defenders are still …
John Leyden, 26 Apr 2016

Four bugs bait hooks in Asian phishing trip

Malware writers are exploiting four RTF parser vulnerabilities, in a long-running campaign to target journalists, human rights activists, and Tibetans across Hong Kong and Taiwan. An Arbor Networks study found miscreants are exploiting since-patched vulnerabilities in Microsoft Office's handling of rich text files (CVE-2012- …
Darren Pauli, 20 Apr 2016
Teacher

SamSam ransomware shifts from hospitals to schools via JBoss hole

Cisco has warned that the SamSam ransomware that has been plaguing US hospitals is now menacing schools, governments, and other organizations that have not kept their JBoss deployments up to date. According to the networking giant's Talos security team, SamSam exploits a hole in server middleware JBoss to drill its way into …
Iain Thomson, 19 Apr 2016
LIZARD WEARING A TOP HAT SITS ON A BRANCH.  Brett Weinstein pic - ALTERED BY JUDE KARABUS - licensed under  CC 3.0

Lizard Squad back to blast Blizzard’s gaming hub

Lizard Squad has hit gaming firm Blizzard’s servers with a massive DDoS attack. Blizzard's Battle.net services were left intermittently unavailable as a result of the assault, the latest in a long line of hacking attacks against gaming firms by the notorious black hat hacking crew. Blizzard confirmed an attack in the earlier …
John Leyden, 15 Apr 2016

Halfbreed trojan targets US banks

A new piece of malware has been linked to thefts of $4m from more than 24 American and Canadian banks in just a few days. Researchers at IBM reckon that hackers combined code from two malware types, known as Nymaim and Gozi, to create GozNym, a persistent and powerful trojan. Customers of numerous credit unions and popular e- …
John Leyden, 15 Apr 2016

How to make Cisco UCS servers roll over and obey: Send a HTTP poke

Cisco has patched a vulnerability in its Unified Computing System (UCS) Central Software that could be exploited by miscreants to take remote control of machines. Switchzilla said that the CVE-2016-1352 flaw in the UCS web framework is considered a "high" security risk as an unauthenticated attacker can execute arbitrary …
Shaun Nichols, 13 Apr 2016
Abstract newspaper letters

Hack hack jailed 2 years

A journalist has been sentenced to 24 months in prison in the US for knowingly handing his work login details to hackers. Matthew Keys was sentenced Wednesday for violating the Computer Fraud and Abuse Act (CFAA) by giving his username and password to his news organization's content management system out in an IRC channel of …
Shaun Nichols, 13 Apr 2016
hacker

What exactly is it that infosec miscreants get up to? A quick overview

If corporate IT infrastructures are a battlefield, then the cybercriminals are putting up a good fight. Last year saw some nasty breaches. Anthem Insurance, which lost nearly 80 million records, and the US Office of Personnel Management, which lost 21 million records after failing to encrypt its records. Cybercriminals are …
Danny Bradbury, 13 Apr 2016

Dear Windows, OS X folks: Update Flash now. Or kill it. Killing it works

Adobe has published new versions of Flash to patch a vulnerability being exploited right now by hackers to hijack PCs and Macs. The APSB16-10 update addresses a total of 24 CVE-listed flaws, including one (CVE-2016-1019) that's been exploited in the wild to inject malware into Microsoft Windows and Apple OS X systems. Users …
Shaun Nichols, 08 Apr 2016

Fake CEOs pilfer $2.3bn from US biz pockets in three years – Feds

Scammers have bilked American companies out of $2.3bn from 17,642 victims since 2013, the FBI has warned, and the problem is going to get worse before it gets better. Basically, the hustle works like this: miscreants pretending to be top bosses send emails to employees, particularly those handling sensitive financial …
Iain Thomson, 07 Apr 2016
PayPal inStore app in action

PayPal plugs phishing-enabling vulnerability, stumps up $500

PayPal has patched a flaw which created a means for miscreants to abuse its platform to lend authenticity to fraudulent or otherwise malicious emails. The input validation and mail encoding web vulnerability in the official PayPal online web app was discovered by Vulnerability Laboratory researcher Benjamin Kunz Mejri. The …
John Leyden, 01 Apr 2016

Infosec miscreants are peddling malware that will KO your router

Malware targeting embedded devices such as routers rather than computers is doing the rounds. A new and improved version of Kaiten, an Internet Relay Chat (IRC)-controlled malware typically used to carry out distributed denial-of-service (DDoS) attacks, is spreading, security firm ESET warns. KTN-Remastered or KTN-RM features …
John Leyden, 30 Mar 2016

Ransomware scum sling PowerShell, Word macro nasty at healthcare biz

Miscreants have put together a strain of ransomware written in Microsoft Word macros and PowerShell, Redmond's scripting language. The malware is designed to infect organizations, encrypting files and demanding money to unscramble files. Interestingly, installation of the ransomware begins after someone opens a booby-trapped …
John Leyden, 29 Mar 2016

X-ray scanners, CCTV cams, hefty machinery ... let's play: VNC Roulette!

Pics X-ray equipment, farm machinery, electricity generators. Security cameras, desktops with browsers logged into Facebook, stock inventory software. Sales registers, home alarm equipment ... the list goes on. All this and more on VNC Roulette: a website that popped up this week to remind us of the kinds of sensitive systems …
Chris Williams, 25 Mar 2016
Keep out sign with deleted expletive

Tor Project works on anti-FBI defenses amid iOS row with Apple

In a blog post timed for the start of Apple's now-delayed FBI showdown, Mike Perry, lead developer of Tor Browser, said the project is stepping up efforts to keep its anonymizing network free of government interference. The Feds' attempt to compel Apple to build a deliberately weakened version of iOS with its security …
Iain Thomson, 22 Mar 2016
Apple iMac 27-inch with Retina Display

Apple Macs, iPhones, iPads, Watches, TVs can be hijacked by evil Wi-Fi, PDFs – update now

Updated Apple has today emitted security updates for pretty much everything it makes, and you should install them as soon as you can because it's all bad news. iPhones, iPads and iPods should grab iOS 9.3, Macs should fetch OS X 10.11.4 or Security Update 2016-002 for non-El Capitan Macs, Apple Watches should get watchOS 2.2, and …
Chris Williams, 21 Mar 2016
Twitter's 10th birthday message to users

Twitter at ten: The social network designed for 2006 struggles into a second decade

Twitter turns 10 today and I, for one, would like to thank for sustaining my career by connecting me to important people and giving Reg writers an almost-car-wreck to chronicle. Some back story: in 2007 an Alpha Geek friend told me about Twitter as we stood in the playground of a school making sure our kids didn't experience …
Simon Sharwood, 21 Mar 2016

Infosec bods pop mobile money crypto by 'sniffing' e-mag radiation

Researchers have broken the encryption schemes used in mobile money transfers by “sniffing” electromagnetic radiation from smartphones. The work, by researchers from the Check Point Institute for Information Security at Tel Aviv University and the University of Adelaide, offers further evidence that TEMPEST-style side channel …
John Leyden, 17 Mar 2016