Feeds

Articles about Miscreants

The Register breaking news

MiniDuke miscreants whip out old-school tricks to spy on world+dog

A new strain of malware designed to spy on multiple government entities and institutions across the world has been discovered by anti-virus firm Kaspersky Lab. MiniDuke has infected government entities in the Ukraine, Belgium, Portugal, Romania, the Czech Republic and Ireland. In addition, a research institute, two think-tanks, …
John Leyden, 27 Feb 2013
management regulation1

Data scrapers used Amazon cloud to reap biz bods' CVs, wails LinkedIn

LinkedIn is still waging its battle against “scrapers”, who use software to automatically harvest publicly available personal information from the social network. And that fight has today wound up in a California court where the website's bosses are trying to unmask the miscreants who have reaped the site for users' employment …
bug on keyboard

Cyber hostage-takers SCAMMED six times as many people last year

Malware-powered frauds that lock up victims' computers - or worse yet, encrypt files and force them to pay a fee to unlock their information - increased by 500 per cent during 2013, according to a study by Symantec. Symantec's latest global Internet Security Threat Report also revealed that targeted attack campaigns for the …
John Leyden, 09 Apr 2014

Police pen shortage threatens Irish public order

An Irish judge has expressed concerns that a police biro shortage may pose a serious threat to public order in Limerick. According to the Irish Independent, several miscreants have been dragged before the beak for "engaging in a threatening and abusive manner" in the public office at Henry Street gardaí station as a result of …
Lester Haines, 10 Mar 2014
cloud

ZeuS miscreants offer up honeypot

Cybercrooks are attempting to turn the tables on security researchers by setting up fake interfaces on their botnets in a bid to confuse and confound analysis. The fake honeypot tactic was brought into play by a group using a variant of the infamous Zeus crimeware toolkit. The unknown miscreants targeted quarterly federal …
John Leyden, 05 Nov 2010
Stourport cctv image 12.03.03

Dimwit hackers use security camera DVRs as SUPER-SLOW Bitcoin-mining rig

Miscreants are using hacked digital video recorders in a somewhat misguided attempt to mine cryptocurrency BitCoins. Hackers have created custom code to infect devices normally used for recording footage from security cameras. After getting in, likely to taking advantage of weak default passwords, a common security mistake with …
John Leyden, 02 Apr 2014

Every little helps: Dirty MOLE BANDITS clean out Tesco ATM from BELOW

The movies tell us that tunnels are normally dug when a person locked behind bars laboriously scrapes away dirt with just a spoon to secretly set themselves free. Now some naughty scamps in Salford, Greater Manchester, have used the technique, not to escape, but to break their way into a shop to steal cash out of an ATM. …
Team Register, 21 Mar 2014

A-list celebs, biz barons' privates EXPOSED in limo hire hack – report

Personal information, financial records and salacious details about 850,000 celebrities, top executives and other customers were swiped by hackers from a limo-booking software company, it is claimed. The attacked biz, said to be CorporateCarOnline based in Missouri, brokers reservations for limousines and other rental cars …
Shaun Nichols, 06 Nov 2013
Chrome browser

Chrome makes new password grab in version 34

Google has announced that Chrome 34 is now stable enough to be promoted to the Stable Channel. In a few days it will therefore become the default version for millions of users. Most of the updates to the browser are anodyne: there are 30-odd security fixes, a new look on Windows 8 and what Google labels “Lots of under the hood …
Simon Sharwood, 09 Apr 2014
bug on keyboard

Botnet PC armies gulp down 16 MILLION logins from around the web: Find out if you're a victim

Officials in Germany have warned that large networks of hijacked, hacker-controlled PCs – aka botnets – have harvested 16 million email address and password combinations for websites and other online services. The (German Office of Information Security) BSI said cops and security researchers have been closely following armies of …
Shaun Nichols, 22 Jan 2014
The Ultima Tool Chest's fridge

Cybercrooks slide fingers into TELLIES+FRIDGES, spam splurge ensues

Miscreants have launched an Internet of Things-based cyberattack involving household "smart" appliances. The global spam distribution campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets. Items such as home-networking routers, connected multi-media centres, …
John Leyden, 17 Jan 2014
Resident Evil zombie takeover

Multi-platform Java bot marshals ZOMBIE FORCE against spammers

Miscreants have brewed a multi-platform strain of malware capable of infecting Windows, Mac OS and Linux PCs. The evil bot, which surfaced in early January, was written entirely in Java and designed to take advantage of the CVE-2013-2465 vulnerability (a Java flaw patched by Oracle last June) to infect victims. The malware - …
John Leyden, 30 Jan 2014
Picture by Afonso Lima

'I like big butts and I cannot lie, hackers take Pinterest on a joyride'

Miscreants have made an ass out of users of bewildering photo-sharing website Pinterest – by hijacking their accounts to flood the boards with butt pics. The cheeky spammers gained control of the profile pages by tricking victims into clicking on “Pin This” widgets on websites or running dodgy apps, all of which had malicious …
John Leyden, 28 Mar 2014

Apple iOS 7 security bug allows fiendish wags to easily empty your wallet

Apple has updated iOS 7 to fix a security bug that allowed miscreants to buy stuff from the online Apple Store without having to tap in a valid password. The Cupertino idiot-tax operation said new version 7.0.4 patches a flaw that affected in-app and app purchases. Usually, one must supply his or her Apple account username and …
Shaun Nichols, 16 Nov 2013

Bank-raid ZeuS malware waltzes around web with 'valid app signature'

A variant of the bank-account-raiding ZeuS Trojan is masquerading as a legit Windows app using a valid digital signature – and packs a rootkit to burrow deep into victims' PCs. It appears miscreants have somehow gained access to the private signing key belonging to a Microsoft-registered third-party developer in Switzerland, and …
John Leyden, 05 Apr 2014
Bondi Blue Rev. A iMac - logo

What took you so long Apple? 26 remote exec bugs die in OS X Safari

Apple has fixed 27 vulnerabilities in its Safari web browser for OS X computers, 18 of which were uncovered by Google's Chrome Security Team. All but one of the flaws allow miscreants to execute arbitrary code on victims' computers. The iPhone giant said its Safari 7.0.3 and 6.1.3 update will close the holes, which were found in …
Shaun Nichols, 02 Apr 2014
The Can

Software containers for BYOD/mobile device management: Big Tin Can

An environment which runs on a number of mobile platforms seeks to solve lots of the BYOD issues faced by corporates. It creates a balance between locking down a device so completely that people won't or can't use it and leaving the door open to miscreants. Such environments these days are often known as "containers" (or " …
Simon Rockman, 28 Feb 2014
Hacker mug 06.12.02

Ethical hacker backer hacked, warns of email ransack

The IT security certification body that runs the Certified Ethical Hacker programme has itself been hacked. The EC-Council said the same hackers who ran the DNS poisoning attack that resulted in the defacement of its website in late February had also managed to access the control panel for its website after breaking into the …
John Leyden, 13 Mar 2014

It's 2014 and Microsoft Windows PCs can still be owned by a JPEG

Microsoft has fixed security bugs in Internet Explorer and Windows that allow hackers to remotely execute code on victims' vulnerable machines – one bug a result of poor JPEG handling. Redmond said the March edition of Patch Tuesday – out today, natch – tackles programming errors in the software giant's web browser, operating …
Shaun Nichols, 11 Mar 2014
The two Wicked Lasers fired up

FBI offers $10,000 bounty for arrest of laser-wielding idiots

While laser pointers are very useful for presentations and distracting cats, the FBI is fed up with idiots using them to try to blind airline pilots, and is offering $10,000 to anyone who provides information leading to an arrest. Laser blinding aircraft pilot Blinded by the light "Aiming a laser pointer at an aircraft is a …
Iain Thomson, 11 Feb 2014
Sorry we're closed

Beat it, freetards! Dyn to shut down no-cost dynamic DNS next month

Domain-name service provider Dyn has announced that it will discontinue its last remaining free services, effective May 7. "For the last 15 years, all of us at Dyn have taken pride in offering a free version of our Dynamic DNS Pro product," Dyn CEO Jermey Hitchcock wrote in a Monday blog post. "What was originally a product …
Neil McAllister, 07 Apr 2014

Find NEXT Heartbleed, earn $$$: OpenSSL bug hunt needs donations

An effort to raise $250,000 for an OpenSSL bug-bounty program is underway – and its organisers hope it will help ensure the Heartbleed omnishambles is never repeated. The campaign, spearheaded by computer security startup Bugcrowd, aims to raise the cash by 29 April: the money will be distributed as rewards to infosec bods who …
John Leyden, 16 Apr 2014
chalk outline of  human body at crime scene

'Weev' attempts to overturn AT&T iPad 'hack' conviction

Lawyers for Andrew "Weev" Auernheimer went to court on Wednesday to appeal his conviction in a high-profile iPad data leak case. Auernheimer, a member of the grey-hat hacking collective Goatse Security, was jailed for three years and five months back in March 2013 after he was found guilty of leaking the private email addresses …
John Leyden, 20 Mar 2014
Github octodex

Huge horde of droids whacks code box GitHub in password-guess attack

Miscreants have fired up a large army of remote-controlled computers to get around GitHub's login rate-limiting policies, designed to thwart attempts to brute-force guess the passwords for its users' accounts. The bots, most likely unwitting PCs compromised by malware, have attacked the online source-code repository from "nearly …
Jack Clark, 21 Nov 2013
Dogecoin

Hackers force innocent mobes to join ALTCOIN MINING GANGS

Cybercrooks are turning smartphones into digital currency-mining bots using mobile malware. The cyber-menace, dubbed CoinKrypt by mobile security firm Lookout, is capable of hijacking the processor on smartphones to mine digital currency, enriching hackers in the process. CoinKrypt has been confined thus far to Spanish pirated …
John Leyden, 27 Mar 2014
 Dummy hand grenades are used by the Marines from the 3rd Low Altitude Air Defense Battalion, for practice before throwing the M-67 Fragment Grenades at the firing range.jpg

Hacker cracks Vodafone Germany, steals data of 2 million customers

A hack on a Vodafone Germany server has exposed the personal details – including banking information – of two million of its customers. Hackers accessed names, addresses, bank account numbers and dates of birth. Phone numbers, credit card details and passwords are thought to be safe, but the leaked information is still pretty …
John Leyden, 12 Sep 2013
bug on keyboard

How's it going, Microsoft users? Patching your PCs? You SHOULD be

Brace yourselves, users and administrators, Microsoft and Adobe have released another monthly batch of critical security updates for their products. The December edition of Patch Tuesday will fix five critical vulnerabilities in Microsoft software, two which are being exploited in the wild by miscreants. The first of the …
Shaun Nichols, 10 Dec 2013
balaclava_thief_burglar

Met Police vid: HIDE your mobes. Pavement BIKER cutpurses on the loose

The Metropolitan Police have put out a video showing just how easy it is to steal a mobile telephone, as long as one has a scooter and a mate to go pillion. The video demonstrates three grabs, caught on CCTV cameras and shared with the public to help them see just how easy it is to lose a mobile phone, at least until the thieves …
Bill Ray, 23 Oct 2013
Microsoft Cybercrime Center

Cybercrook? Bent on mischief? WE'LL GET YOU, vow Facebook and pals

Internet heavyweights have teamed up to form a non-profit organisation designed to supply internet infrastructure operators with free tools and intelligence in the fight against cybercrime. Facebook, security intelligence firm Crowdstrike, Verisign, ESET Anti-Virus, Verizon and the Anti-Phishing Working Group, among others, are …
John Leyden, 25 Mar 2014
The Register breaking news

Think you're streaming Superman? Think again, punk

Miscreants have begun abusing SlideShare, the web-based slide hosting service, to run movie stream scams supposedly offering a sneak peek at hot new films such as Man of Steel, Monsters University and zombie post-apocalypse action flick World War Z. Numerous spam accounts have gone live on SlideShare in recent days, promoting " …
John Leyden, 27 Jun 2013

New Flash vuln exploited (again). Adobe posts emergency fix (again)

Adobe has released an update to address critical flaws in its Flash Player software, one of which is being actively targeted in the wild. The company said that the Windows and Mac OS X builds of Flash Player 12.0.0.44 and earlier, and Flash Player 11.2.202.336 and earlier for Linux, must be upgraded to fix a trio of bugs. Adobe …
Shaun Nichols, 20 Feb 2014

Cyberspies blast Icefog into US targets' backdoors

Miscreants behind a cyberespionage campaign have changed their methods to take advantage of Java-based malware. The Icefog APT (advanced persistent threat), discovered in September 2013, continues to be a problem, this time utilising a Java backdoor, according to the latest analysis of the threat by security researchers at …
John Leyden, 15 Jan 2014
Zombie experience

'Quarter' of TWO-MILLION-strong zombie PC army lured to their deaths

Symantec has claimed credit for luring a significant lump of the powerful ZeroAccess botnet into a sinkhole. ZeroAccess has been active since 2011 and is one of the largest known botnets in existence: it has upwards of 1.9 million infected computers forming its army, all remotely controlled by miscreants. This swarm of PC robots …
John Leyden, 01 Oct 2013
The Register breaking news

New online banking Trojan empties users' wallets, videos privates

Bank account-raiding Trojan Hesperbot has infected computers in UK, Turkey, the Czech Republic and Portugal, The Register has learned. Net security firm Eset said the software nasty is distributed via rather convincing-looking emails, which are dressed up as legit package tracking documents from postal companies or …
John Leyden, 05 Sep 2013
Facebook logo

Facebook makes Adobe fans change their horrible, horrible passwords

Facebook has scanned millions of email address and password pairs hackers dumped online from Adobe's user account database – so that it can force its social networkers to change their passwords if they used the same logins details for both websites. Late last month, Adobe warned of "sophisticated attacks" on its network in which …
Shaun Nichols, 12 Nov 2013

Krebs: Lexis-Nexis, D&B and Kroll hacked

Major data aggregators have been compromised “for months”, according to prominent security blogger Brian Krebs, including Lexis-Nexis and Dun & Bradstreet. Writing at Krebsonsecurity, Krebs says the ID theft invasion of the brokers' servers dated back at least as far as April this year, and that “the miscreants behind this ID …

Anonymous claims Parliament Wi-Fi hack during London protest

Anonymous hacktivists have claimed they used laptops to launch cyber attacks against the British government whilst attending a protest in Parliament Square last week, The Register has learned. The group claimed that over 1,000 masked protesters had gathered in the centre of London last week as part of a worldwide event called …
Jasper Hamill, 12 Nov 2013

CryptoLocker creeps lure victims with fake Adobe, Microsoft activation codes

Miscreants have brewed up a variant of the infamous CryptoLocker ransomware that uses worm-like features to spread across removable drives. The recently discovered CRILOCK-A variant can spread more easily than previous forms of CryptoLocker. The latest nasty is also notable because it comes under previously unseen guises - such …
John Leyden, 02 Jan 2014

ZeuS KICKS that SaaS: Trojan raids Salesforce.com accounts

Miscreants have forged a variant of the infamous ZeuS banking Trojan that targets enterprise data held by clients of CRM giant Salesforce.com. The ZeuS variant does not exploit a vulnerability in the Salesforce.com platform itself but rather penetrates the insecure devices of corporate workers accessing Salesforce.com. The …
John Leyden, 26 Feb 2014
Flag of Republic of China

'Honker Union' sniffs 270 hacktivism targets

Infamous Chinese hacktivist group Honker Union has shortlisted a whopping 270 Japanese targets for attack today - the anniversary of the Manchurian Incident, which was the precursor to the Japanese invasion of China. The group singled out Japan’s Ministry of Foreign Affairs, the Prime Minister’s Office and other ministries, …
Phil Muncaster, 18 Sep 2013
Snapchat logo

Snapchat: In 'theory' you could hack... Oh CRAP is that 4.6 MILLION users' details?

Hackers claim to have lifted millions of Snapchat usernames and phone numbers, apparently taking advantage of a vulnerability that the messaging service last week dismissed as mostly theoretical. A partially redacted database of 4.6 million usernames and phone numbers (minus two digits) - purportedly of Snapchat users - have …
John Leyden, 02 Jan 2014
The Register breaking news

Windows Phones BLAB passwords to hackers, thanks to weak crypto

Microsoft has warned IT departments to batten down their Wi-Fi networks following the discovery of a security vulnerability in Windows Phones that leaks users' passwords. Miscreants who set up rogue hotspots can grab from devices employees' encrypted domain credentials, needed to authenticate with corporate systems and access …
Gavin Clarke, 06 Aug 2013
Q and Bond, Skyfall

Kaspersky rips The Mask from sneaky Spanish spy campaign

Security researchers have discovered a sophisticated string of cyberattacks from a group of Spanish-speaking miscreants who have been operating since at least 2007. ”The Mask” (aka Careto) is one of the most advanced campaigns to date due to the complexity of the toolset used by the attackers, according to Kaspersky Lab. This …
John Leyden, 11 Feb 2014

Biz bods, politicos, beware: 'BOTS are on the loose, and they're coming for YOU

Businesses and governments in the US, UK, Canada, and India are under assault from a malware-based cybercrime campaign using the Tor anonymizing relay network to hide its authors, say infosec researchers. A strain of malware called Mevade, previously blamed for a massive Tor traffic spike is being used to compromise systems at …
John Leyden, 25 Oct 2013

Does Apple make you puke? Take this iOS 7.0.3 update with your tablets

Apple has released an iOS 7 update that will be welcomed by iPhone and iPad owners who were sickened by the mobile operating system's user interface. We hasten to point out that we're referring to those users actually sickened – made nauseous, dizzy, or given headaches – by their gadgets' zoom-happy interface. For those of you …
Rik Myslewski, 25 Oct 2013

'Thousands of iPhone, iPad apps' vulnerable to simple redirect joyriders

An Israeli security firm will expose a flaw common to thousands of iPhone and iPad applications, which allows miscreants to hijack software using persistent man-in-the-middle attacks. "We identified a very large number of applications that are vulnerable to this problem," Skycure's CTO Yair Amit told The Register. The …
Iain Thomson, 29 Oct 2013
The Register breaking news

RAT-flingers target human right activists in watering-hole attack

The Reporters without Borders website was compromised on Tuesday to run a watering-hole attack. Researchers speculated that the attackers were likely targeting the human rights activists who visit the NGO's online address. So-called watering hole attacks are named for the passive technique of injecting malicious code where its …
John Leyden, 24 Jan 2013
Compared to a normal bulb

It's the Inter-THREAT of THINGS: Lightbulb ARMY could turn on HUMANITY

Fujitsu’s CTO has sketched a nightmare vision of lightbulbs turning on their human masters in massive denial of service attacks if industry doesn’t get a grip on the security of the “internet of things”. And even if they don’t get that incandescent, the much vaunted internet-connected lightbulb leaves users open to having their …
Joe Fay, 06 Nov 2013
The Register breaking news

Adware-flinging Yontoo yahoos target Mac users: You like trailers, right fanboi?

Miscreants are coining it by infecting fanbois beloved Apple boxes with a well-known ad-injecting Trojan previously only found on Windows machines. Trojan.Yontoo.1, the specially crafted Mac OS X version, penetrates computers running OS X by offering what purports to be a browser plugin necessary to view content, but is actually …
John Leyden, 22 Mar 2013
Shot of the new radiation sign

Mexican Cobalt-60 robbers are DEAD MEN, say authorities

Mexican troops have recovered a stolen shipment of radioactive Cobalt-60 isotope, abandoned by truck thieves who face the risk of a slow lingering death from radiation poisoning. A truck carrying a substantial quantity of the radioactive isotope Cobalt-60 from a hospital in Tijuana to a waste centre was robbed by armed bandits …
John Leyden, 06 Dec 2013