Articles about Miscreants

It's 2015 and miscreants are still trying to dupe you with fake BSoDs

Tech support scammers have mocked up a web page with an even more dire version of Microsoft’s infamous Blue Screen of Death (BSoD) error page. The website, registered behind an anonymity service on 1 September, wants to convince surfers tricked into visiting it that their PC has been derailed in order to dupe prospective marks …
John Leyden, 11 Sep 2015
US cashpoint. Pic: Tax Credits

'Self-deleting' Mexican ATM malware let sneaky miscreants slurp cash

Security researchers have lifted the lid on a new ATM malware strain, dubbed GreenDispenser, which gives crooks the ability to walk up to a compromised machine and drain its cash. When installed, GreenDispenser displays an “out of service” message on the ATM – but attackers who enter the correct pin codes can then drain the …
John Leyden, 25 Sep 2015

Ashley Madison hack miscreants may have earned $6,400 from leak

Some blackmail attempts against victims of the ongoing Ashley Madison saga resulted in several – albeit modest – pay outs, according to new research. Extortionists seized on the data dump of the cheaters’ website database last month with demands to pay up, or risk having their friends and family told about their dalliances, as …
John Leyden, 03 Sep 2015

Cyber-miscreants use Brit e-tailers as personal cash machines

British e-tailers are trying to manage website disruption after they were systematically targeted this week by DDoS extortionists. Bolton-based online reseller Scan International confirmed it first noted “unusual” amounts of traffic visiting its home page on Sunday, which continued until today, peaking at lunchtime. MD Elan …
John Leyden, 21 Oct 2015

Miscreants rummage in lawyers' silky drawers at will, despite warnings

UK data privacy watchdogs at the ICO investigated 173 UK law firms for reported breaches of the Data Protection Act (DPA) last year. A total of 187 incidents were recorded last year, with 173 firms investigated for a variety of DPA-related incidents, of which 29 per cent related to "security" and a similar 26 per cent related to …
John Leyden, 16 Apr 2015

Major web template flaw lets miscreants break out of sandboxes

Black Hat 2015 A serious fresh category of web security vulnerability creates the potential for all sorts of mischief, security researchers warn. Template engines are widely used by web applications in order to present dynamic data via web pages and emails. The technology offers a server-side sandbox. The commonplace practice of allowing …
John Leyden, 05 Aug 2015

So which miscreants wrote the CosmicDuke info-slurping nasty?

Security researchers have uncovered a link between a Trojan and a recently discovered cyber-espionage tool which suggests cyber-spies behind recent attacks on Western governments cut their teeth writing conventional Trojans. CosmicDuke combines elements from the Cosmu Trojan and a backdoor known as MiniDuke, previously …
John Leyden, 04 Jul 2014

Miscreants leak banking baddie's secret source

Miscreants have released the source code for the Tinba banking Trojan in a move that may spawn the development of copycats. The secret source behind early versions of the small (some versions weigh in at just 20KB) but pernicious banking Trojan was released through an underground forum last week, reports Danish security …
John Leyden, 11 Jul 2014

Phishing miscreants THWART securo-sleuths with AES-256 crypto

Phishing fraudsters have begun using industry-standard AES-256 encryption to disguise the content of fraudulent sites. Obfuscated phishing sites are nothing new. Various techniques such as JavaScript encryption tools are commonly used but Symantec recently caught what it reckons is the first use of AES-256 encryption in dodgy …
John Leyden, 09 Sep 2014
PCS with a red X in front of them

Swiping your card at local greengrocers? Miscreants will swipe YOU in a minute

More than a thousand point-of-sale, grocery management and accounting systems worldwide have been compromised by a new strain of malware, results of a March 2014 probe have revealed. During a survey of compromised POS terminals, accounting systems and grocery management platforms, the Nemanja botnet was fingered as one of the …
John Leyden, 27 May 2014
Fail whale

TweetDeck XSS flap: Miscreants flash their naughty bits at users

Updated Twitter aficionados are being warned to log out of Twitter client TweetDeck and revoke its access to their accounts after an apparent cross-site scripting vulnerability was discovered. Multiple users – including El Reg's HQ in London, England – reported on Wednesday that they had seen a suspicious pop-up within Tweetdeck that …
Jack Clark, 11 Jun 2014
Android hanging

Android 5 lock-screens can be bypassed by typing in a reeeeally long password. In 2015

If you've got an Android 5 smartphone with anything but the very latest version of Lollipop on it, it's best to use a PIN or pattern to secure your lock-screen – because there's a trivial bypass for its password protection. The vulnerability, details of which were published here by University of Texas researchers on Tuesday, …

Vodafone UK blocks 1,800 accounts after 'external source' accesses accounts

Vodafone is the latest UK telco to suffer an attack on its databases, but reckons it shut the door on its data after just 1,800 records were compromised. The attack didn't arise from a breach of Vodafone's systems, the company says. Rather, the attackers had obtained e-mail addresses and passwords from “an unknown source …
Flash patch

Hackers exploit fresh PC hijack bug in Adobe Flash Player, the internet's screen door

Adobe is advising users and administrators to patch its Flash Player after yet another remote-code execution vulnerability was discovered in the plugin. The patch fixes bug CVE-2015-3113, which allows attackers to take control of a system if it opens a malicious Flash file. Miscreants are exploiting the flaw in the wild to …
Shaun Nichols, 23 Jun 2015

Fraudsters are using you and this Ammyy of malware downloads

Users of Ammyy Admin may have been unwittingly downloading malware along with their remote desktop software. A group called the Buhtrap gang is using the malware to spy on and control its victims’ computers as part of a series of targeted attacks, net security firm ESET warns. The tactics in play show that fraudsters are …
John Leyden, 12 Nov 2015
Dunce's cap graffiti by cc 2.0 attribution

Oz railway lets newspaper photograph train keys

Police are now saying that yesterday's Melbourne train-heist-and-wreck was possible because miscreants bought stolen keys online. The vandalism, the cost of which is now estimated at AU$3 million rather than the original $2 million, involved people getting into an idle train at Hurstbridge station, starting it, and taking it …

Insert 'Skeleton Key', unlock Microsoft Active Directory. Simples – hackers

Miscreants have forged a strain of malware which is capable of bypassing authentication on Microsoft Active Directory (AD) systems. Hackers can use arbitrary passwords to authenticate as any corporate user, Dell SecureWorks warns. The malware, dubbed Skeleton Key, is deployed as an in-memory patch on a victim’s AD domain …
John Leyden, 13 Jan 2015

Kill Flash: Adobe says patch to fix under-attack hole still days away

Just a day after its monthly batch of security updates, Adobe has confirmed it will issue an emergency critical patch for Flash next week. With somewhat regrettable timing, given Adobe's patching cycle, Trend Micro's security researchers announced on Tuesday that it had discovered in the plugin a vulnerability, CVE-2015-7645, …
Iain Thomson, 15 Oct 2015
Stock ticker board

Dow Jones rubbishes claims Russian hackers plundered its servers for insider-trading tips

Dow Jones has poured cold water on claims that its servers were penetrated by hackers harvesting information for insider dealing. On Friday Bloomberg reported that the FBI, US financial watchdog the SEC, and America's Secret Service were probing allegations that a Russian gang stole unpublished financial data and news articles …
Iain Thomson, 16 Oct 2015

'Hacked by China? Hack them back!' rages US Congress report

A report laid before the US Congress yesterday encouraged lawmakers to allow American companies responding to Chinese miscreants pilfering their data to hack those companies back to save their info. The US-China Economic and Security Review Commission was established by Congress "to report on the national security implications …

Thousands of 'directly hackable' hospital devices exposed online

Derbycon Thousands of critical medical systems – including Magnetic Resonance Imaging machines and nuclear medicine devices – that are vulnerable to attack have been found exposed online. Security researchers Scott Erven and Mark Collao found, for one example, a "very large" unnamed US healthcare organization exposing more than 68,000 …
Darren Pauli, 29 Sep 2015
Angela Merkel. Pic: Christliches Medienmagazin

Chancellor Merkel 'was patient zero' in German govt network hack

The recent cyberattack on the German government began with the compromise of Chancellor Angela Merkel's personal computer, it is alleged. German newspaper Bild claims Merkel's computer was one of the first systems to be infected with malware linked to miscreants in Russia. Hackers reportedly used Merkel's computer to send …
Shaun Nichols, 15 Jun 2015

Good news: Adobe bangs out Flash patch fast. Bad news: Google's defenses were useless

Adobe's security engineers have pulled out all the stops to release a patch for a shocking vulnerability in Flash much earlier than expected. On Tuesday Trend Micro published details of a bug in all versions of the Flash player for Mac and PCs, and some Linux builds. The flaw is being actively exploited in the wild, Trend said …
Iain Thomson, 16 Oct 2015
Fake certificate

Faked NatWest, Halifax bank sites score REAL security certs

UK Banks Halifax and NatWest are among organisations targeted by fake sites that have won SSL certificates from certification authorities (CAs). Netcraft says certifiers who should know better – such as Symantec, Comodo, CloudFlare's certification partner GlobalSign and GoDaddy – have handed out certs to sites like …
Simon Sharwood, 13 Oct 2015

Britain's FBI wants 'Five Eyes' cosy hookups with infosec outfits

Cloudsec The UK's National Crime Agency – Blighty's equivalent of the FBI – wants its staff to "colocate" with private-sector IT security companies around the world. In other words, investigators and infosec employees placed alongside each other to sniff out cyber-criminals. This will apparently help the agency reach across …
Marc Benioff of Salesforce. Pic: Techcrunch

Salesforce plugs silly website XSS hole, hopes nobody spotted it

A cross-site scripting (XSS) vulnerability on Salesforce's website might have been abused to pimp phishing attacks or hijack user accounts. Fortunately the bug has been resolved, apparently before it caused any harm. Cloud app and security firm Elastica said the issue affected a Salesforce sub-domain – …
John Leyden, 14 Aug 2015

Win a free new car – just show Intel how you'd hack your existing one

Intel is getting serious – dead serious, apparently – about car hacking. And nothing says serious like a prize giveaway. If you join Chipzilla's new Automotive Security Review Board and make all the right noises, you can win a free new ride. The chip-baking giant revealed the review board on Monday, and is inviting seasoned …
Chris Williams, 14 Sep 2015
Hillary Clinton

Hillary spillery finds half-hearted phishery

In spite of US Presidential wannabe Hillary Clinton being one of the world's most recognisable names, hackers were so slack they only managed to get five phishing emails into her now-famous personal email server. The Associated Press calls the too-lazy-to-live attackers “Russian-linked”, but that's just because if the …

MAC BOTNET uses REDDIT comments for directions

A zombie network that feasts on the computer brains of infected Macs has press-ganged 17,000 compromised machines into its ranks, Russian anti-virus firm Dr Web warns. The iWorm creates a backdoor on machines running OS X. Miscreants are using messages posted on Reddit as a navigational aid which points infected machines towards …
John Leyden, 03 Oct 2014
Manneken pis wears football kit. Source: James Cridland, Flickr

Tesla Twitter account and website hijacked, Elon Musk pwned

The website and Twitter account of carmaker Tesla were hacked over the weekend, as part of what looks like a prank between rival hackers. Elon Musk’s personal Twitter account was also hijacked on Saturday night (US time) by miscreants who at one point claimed to be from the infamous Lizard Squad hacking crew. The name …
John Leyden, 27 Apr 2015

Sysadmins, patch now: HTTP 'pings of death' are spewing across web to kill Windows servers

The SANS Institute has warned Windows IIS web server admins to get patching as miscreants are now exploiting a flaw in the software to crash websites. The security bug (CVE-2015-1635) allows attackers to knock web servers offline by sending a simple HTTP request. Microsoft fixed this denial-of-service vulnerability on Tuesday …
Iain Thomson, 16 Apr 2015

15 MILLION T-Mobile US customer records swiped by hackers

Experian's servers have been hacked – and now sensitive files on 15 million people who applied for T-Mobile US contracts have fallen into the wrong hands. In a letter published today, T-Mob boss John Legere said miscreants got hold of the database Experian uses when performing credit checks on folks enrolling for phone …
Shaun Nichols, 01 Oct 2015

US Navy grabs old-fashioned sextants amid hacker attack fears

Sextants have been off the curriculum for naval officers in the US for over a decade, but now the swabbies have reinstituted celestial navigation classes over hacking fears. The US Navy discontinued celestial navigation courses in 1998 because GPS made the old style of navigating redundant. Working out your position the old- …
Iain Thomson, 14 Oct 2015
Doctor Nick Riviera

Excellus healthcare hack puts 10m Americans at risk of identity theft

Health insurance company Excellus said hackers broke into its servers and may have made off with the personal details of 10.5 million people. The insurance firm said the information belongs to customers who lived in or sought treatment in the upstate New York area. The breach exposed the personal information of 7 million …
Shaun Nichols, 10 Sep 2015
The Kremlin in Moscow. Pic: Pavel Kazachkov

Kremlin hackers exploited TWO 0-day Flash, Windows vulns

A hacking group probably backed by Russia has been making use of two zero-day exploits to target foreign governments. The so-called "Operation RussianDoll" attackers used zero-day exploits in Adobe Flash and Windows to target a specific foreign government organisation. Security firm FireEye says the pattern of the attacks fits …
John Leyden, 20 Apr 2015
F-16 falcon fighter jet

US Air Force: 'Loose tweets destroy fleets'

Pic The US Air Force has warned its personnel to keep quiet of their activities on Twitter – or as they put it: "Loose tweets destroy fleets." The notice reminds everyone that terrorist organizations and sympathizers will exploit any military information posted on social networks and other websites. The warning extends not only …
Shaun Nichols, 17 Aug 2015

Dating gets even more dangerous after PlentyOfFish suffers tainted ads

Miscreants managed to squirt malware at users of dating site PlentyOfFish after planting malicious code in tainted ads. Users of PlentyOfFish are targeted by an array of fake adverts via the site’s ad network ( This malvertising serves up content from booby-trapped sites. The Nuclear Exploit Kit hosted on …
John Leyden, 21 Aug 2015

Google, Adobe barricade Flash against hacker hordes – we peek inside

Google's team of computer security gurus have described the anti-hacker defenses they've helped Adobe add to Flash Player. It's hoped that these mechanisms will thwart or frustrate miscreants' attempts to exploit programming bugs in the software, and thus hopefully prevent attackers from hijacking victims' PCs and Macs. The …
Chris Williams, 17 Jul 2015

It's 2015, and someone can pwn Windows PCs by inserting a USB stick

Patch Tuesday Microsoft has released 14 sets of software patches to address critical security vulnerabilities in Windows, Office, Internet Explorer, and Edge. Yes, even Edge: Microsoft's supposedly whizzbang super-secure web browser. Users and sysadmins should apply August's Patch Tuesday fixes as soon as possible: the bugs can be exploited …
Shaun Nichols, 11 Aug 2015

Four phone hijack bugs revealed in Internet Explorer after Microsoft misses patch deadline

Updated Microsoft has run out of time to fix four critical security vulnerabilities in the mobile edition of Internet Explorer – prompting HP's Zero Day Initiative (ZDI) to disclose their existence without revealing any damaging details. All four of the flaws present a remote code execution (i.e. malicious code injection on a Windows …
John Leyden, 23 Jul 2015

Bitdefender feeling a bit tender: Hackers enter anti-distemper vendor

One or more miscreants have been able to slurp and leak usernames and passwords from Bitdefender. The unencrypted login details belonged to some of the security biz's small business customers. Bitdefender, which makes antivirus software and other stuff, admitted its system was breached following rumors (here and here) that …
John Leyden, 31 Jul 2015

Government Gateway online hack claims 'nonsense', say multiple folk in the know

Claims the Government Gateway online identity portal has been "hacked" have been dismissed as "nonsense" by the man originally responsible for the project and by two government information security experts. Earlier this week the Financial Times (behind paywall) reported that “tens of thousands” of Britons’ identities were …
Kat Hall, 29 Oct 2015
airplane just kidding shot

No C&C server needed: Russia menaced by offline ransomware

Miscreants have cooked up a new strain of ransomware that works offline and so might be more resistant to law enforcement takedown efforts as a result. The ransomware family (identified by various names by antivirus firms) manages to encrypt files on infected Windows PCs without storing the entire decryption key locally – and …
John Leyden, 05 Nov 2015

Google yanks fake Android battery monitor

Zscaler has spoiled someone's app-spoofing sting, discovering a fake battery monitor app on Google Play. Worryingly, the spoof app seems to have gotten past Google's self-lauded Bouncer app vetting system. The company reckons the malicious version of the BatteryBot battery indicator app was probably trying to put together an …

Robotic arm provides infosec automation for dodgy card readers

Video Blighty-based infosec firm MWR InfoSecurity has created an automated fuzz tester to shore up vulnerabilities which may be affecting any device people are slotting their "Chip and Pin" cards into. Most infosec researchers who have dug into the terminal-smartcard authentication procedure have found that vulnerabilities are often …

Google bakes W3C malware-buster into Gmail

If an online service offers even the slightest gap through which miscreants can launch an attack, they will do so. It's therefore not surprising that Google feels some extensions to its Gmail service may not be entirely friendly to users. The Chocolate Factory's, response, announced Tuesday, is to adopt the W3C's Content …
Simon Sharwood, 17 Dec 2014
Mac malware

Got an Apple Mac, iThing? Update it right now – there's a shedload of security holes fixed

Apple has posted security updates and feature improvements for its desktop, mobile, and developer gear. The Cupertino giant today issued updates for iOS, OS X, and watchOS, plus iTunes on Windows, Safari on OS X, and Mac firmware. The OS X El Capitan update also "improves compatibility with Microsoft Office 2016," so if you' …
Shaun Nichols, 21 Oct 2015
Funnel of cash. Credit: via SXC –

Bloke clicks GitHub 'commit' button in Visual Studio, gets slapped with $6,500 AWS bill

A web developer from South Africa said a bug in a tool for using Microsoft's Visual Studio IDE with code-sharing site GitHub inadvertently exposed his sensitive data – and the error cost him more than $6,500 (£4,250) in just a few hours. Carlo van Wyk of Cape Town–based Humankode said he used the GitHub Extension for Visual …
Neil McAllister, 01 Sep 2015
Doctor Nick Riviera

Hackers invade systems holding medical files on 4.5 million Cali patients

UCLA Health hospitals say hackers may have accessed personal information and medical records on 4.5 million patients. The California medical group admitted today that miscreants infiltrated its computer systems as long ago as September. It is possible the intruders accessed databases holding patient names, addresses, dates of …
Shaun Nichols, 17 Jul 2015
Dell Inspiron 15-7537

Superfish 2.0: Dell ships laptops, PCs with huge internet security hole

Dell ships computers with all the tools necessary for crooks to spy on the owners' online banking, shopping, webmail, and more. The US IT titan installs a powerful root CA certificate, including its private key, on its Windows notebooks and desktops. These can be abused by eavesdropping miscreants to silently decrypt encrypted …
Shaun Nichols, 23 Nov 2015