Articles about Miscreants

It's 2015 and miscreants are still trying to dupe you with fake BSoDs

Tech support scammers have mocked up a web page with an even more dire version of Microsoft’s infamous Blue Screen of Death (BSoD) error page. The website, registered behind an anonymity service on 1 September, wants to convince surfers tricked into visiting it that their PC has been derailed in order to dupe prospective marks …
John Leyden, 11 Sep 2015
US cashpoint. Pic: Tax Credits

'Self-deleting' Mexican ATM malware let sneaky miscreants slurp cash

Security researchers have lifted the lid on a new ATM malware strain, dubbed GreenDispenser, which gives crooks the ability to walk up to a compromised machine and drain its cash. When installed, GreenDispenser displays an “out of service” message on the ATM – but attackers who enter the correct pin codes can then drain the …
John Leyden, 25 Sep 2015

Ashley Madison hack miscreants may have earned $6,400 from leak

Some blackmail attempts against victims of the ongoing Ashley Madison saga resulted in several – albeit modest – pay outs, according to new research. Extortionists seized on the data dump of the cheaters’ website database last month with demands to pay up, or risk having their friends and family told about their dalliances, as …
John Leyden, 03 Sep 2015

Miscreants rummage in lawyers' silky drawers at will, despite warnings

UK data privacy watchdogs at the ICO investigated 173 UK law firms for reported breaches of the Data Protection Act (DPA) last year. A total of 187 incidents were recorded last year, with 173 firms investigated for a variety of DPA-related incidents, of which 29 per cent related to "security" and a similar 26 per cent related to …
John Leyden, 16 Apr 2015

Major web template flaw lets miscreants break out of sandboxes

Black Hat 2015 A serious fresh category of web security vulnerability creates the potential for all sorts of mischief, security researchers warn. Template engines are widely used by web applications in order to present dynamic data via web pages and emails. The technology offers a server-side sandbox. The commonplace practice of allowing …
John Leyden, 05 Aug 2015

So which miscreants wrote the CosmicDuke info-slurping nasty?

Security researchers have uncovered a link between a Trojan and a recently discovered cyber-espionage tool which suggests cyber-spies behind recent attacks on Western governments cut their teeth writing conventional Trojans. CosmicDuke combines elements from the Cosmu Trojan and a backdoor known as MiniDuke, previously …
John Leyden, 04 Jul 2014

Miscreants leak banking baddie's secret source

Miscreants have released the source code for the Tinba banking Trojan in a move that may spawn the development of copycats. The secret source behind early versions of the small (some versions weigh in at just 20KB) but pernicious banking Trojan was released through an underground forum last week, reports Danish security …
John Leyden, 11 Jul 2014

Phishing miscreants THWART securo-sleuths with AES-256 crypto

Phishing fraudsters have begun using industry-standard AES-256 encryption to disguise the content of fraudulent sites. Obfuscated phishing sites are nothing new. Various techniques such as JavaScript encryption tools are commonly used but Symantec recently caught what it reckons is the first use of AES-256 encryption in dodgy …
John Leyden, 09 Sep 2014
PCS with a red X in front of them

Swiping your card at local greengrocers? Miscreants will swipe YOU in a minute

More than a thousand point-of-sale, grocery management and accounting systems worldwide have been compromised by a new strain of malware, results of a March 2014 probe have revealed. During a survey of compromised POS terminals, accounting systems and grocery management platforms, the Nemanja botnet was fingered as one of the …
John Leyden, 27 May 2014
Fail whale

TweetDeck XSS flap: Miscreants flash their naughty bits at users

Updated Twitter aficionados are being warned to log out of Twitter client TweetDeck and revoke its access to their accounts after an apparent cross-site scripting vulnerability was discovered. Multiple users – including El Reg's HQ in London, England – reported on Wednesday that they had seen a suspicious pop-up within Tweetdeck that …
Jack Clark, 11 Jun 2014
Android hanging

Android 5 lock-screens can be bypassed by typing in a reeeeally long password. In 2015

If you've got an Android 5 smartphone with anything but the very latest version of Lollipop on it, it's best to use a PIN or pattern to secure your lock-screen – because there's a trivial bypass for its password protection. The vulnerability, details of which were published here by University of Texas researchers on Tuesday, …
Flash patch

Hackers exploit fresh PC hijack bug in Adobe Flash Player, the internet's screen door

Adobe is advising users and administrators to patch its Flash Player after yet another remote-code execution vulnerability was discovered in the plugin. The patch fixes bug CVE-2015-3113, which allows attackers to take control of a system if it opens a malicious Flash file. Miscreants are exploiting the flaw in the wild to …
Shaun Nichols, 23 Jun 2015

Insert 'Skeleton Key', unlock Microsoft Active Directory. Simples – hackers

Miscreants have forged a strain of malware which is capable of bypassing authentication on Microsoft Active Directory (AD) systems. Hackers can use arbitrary passwords to authenticate as any corporate user, Dell SecureWorks warns. The malware, dubbed Skeleton Key, is deployed as an in-memory patch on a victim’s AD domain …
John Leyden, 13 Jan 2015

Thousands of 'directly hackable' hospital devices exposed online

Derbycon Thousands of critical medical systems – including Magnetic Resonance Imaging machines and nuclear medicine devices – that are vulnerable to attack have been found exposed online. Security researchers Scott Erven and Mark Collao found, for one example, a "very large" unnamed US healthcare organization exposing more than 68,000 …
Darren Pauli, 29 Sep 2015
Angela Merkel. Pic: Christliches Medienmagazin

Chancellor Merkel 'was patient zero' in German govt network hack

The recent cyberattack on the German government began with the compromise of Chancellor Angela Merkel's personal computer, it is alleged. German newspaper Bild claims Merkel's computer was one of the first systems to be infected with malware linked to miscreants in Russia. Hackers reportedly used Merkel's computer to send …
Shaun Nichols, 15 Jun 2015

Britain's FBI wants 'Five Eyes' cosy hookups with infosec outfits

Cloudsec The UK's National Crime Agency – Blighty's equivalent of the FBI – wants its staff to "colocate" with private-sector IT security companies around the world. In other words, investigators and infosec employees placed alongside each other to sniff out cyber-criminals. This will apparently help the agency reach across …
Hillary Clinton

Hillary spillery finds half-hearted phishery

In spite of US Presidential wannabe Hillary Clinton being one of the world's most recognisable names, hackers were so slack they only managed to get five phishing emails into her now-famous personal email server. The Associated Press calls the too-lazy-to-live attackers “Russian-linked”, but that's just because if the …

Win a free new car – just show Intel how you'd hack your existing one

Intel is getting serious – dead serious, apparently – about car hacking. And nothing says serious like a prize giveaway. If you join Chipzilla's new Automotive Security Review Board and make all the right noises, you can win a free new ride. The chip-baking giant revealed the review board on Monday, and is inviting seasoned …
Chris Williams, 14 Sep 2015
Marc Benioff of Salesforce. Pic: Techcrunch

Salesforce plugs silly website XSS hole, hopes nobody spotted it

A cross-site scripting (XSS) vulnerability on Salesforce's website might have been abused to pimp phishing attacks or hijack user accounts. Fortunately the bug has been resolved, apparently before it caused any harm. Cloud app and security firm Elastica said the issue affected a Salesforce sub-domain – …
John Leyden, 14 Aug 2015

MAC BOTNET uses REDDIT comments for directions

A zombie network that feasts on the computer brains of infected Macs has press-ganged 17,000 compromised machines into its ranks, Russian anti-virus firm Dr Web warns. The iWorm creates a backdoor on machines running OS X. Miscreants are using messages posted on Reddit as a navigational aid which points infected machines towards …
John Leyden, 03 Oct 2014

15 MILLION T-Mobile US customer records swiped by hackers

Experian's servers have been hacked – and now sensitive files on 15 million people who applied for T-Mobile US contracts have fallen into the wrong hands. In a letter published today, T-Mob boss John Legere said miscreants got hold of the database Experian uses when performing credit checks on folks enrolling for phone …
Shaun Nichols, 01 Oct 2015
Manneken pis wears football kit. Source: James Cridland, Flickr

Tesla Twitter account and website hijacked, Elon Musk pwned

The website and Twitter account of carmaker Tesla were hacked over the weekend, as part of what looks like a prank between rival hackers. Elon Musk’s personal Twitter account was also hijacked on Saturday night (US time) by miscreants who at one point claimed to be from the infamous Lizard Squad hacking crew. The name …
John Leyden, 27 Apr 2015

Sysadmins, patch now: HTTP 'pings of death' are spewing across web to kill Windows servers

The SANS Institute has warned Windows IIS web server admins to get patching as miscreants are now exploiting a flaw in the software to crash websites. The security bug (CVE-2015-1635) allows attackers to knock web servers offline by sending a simple HTTP request. Microsoft fixed this denial-of-service vulnerability on Tuesday …
Iain Thomson, 16 Apr 2015
Doctor Nick Riviera

Excellus healthcare hack puts 10m Americans at risk of identity theft

Health insurance company Excellus said hackers broke into its servers and may have made off with the personal details of 10.5 million people. The insurance firm said the information belongs to customers who lived in or sought treatment in the upstate New York area. The breach exposed the personal information of 7 million …
Shaun Nichols, 10 Sep 2015
F-16 falcon fighter jet

US Air Force: 'Loose tweets destroy fleets'

Pic The US Air Force has warned its personnel to keep quiet of their activities on Twitter – or as they put it: "Loose tweets destroy fleets." The notice reminds everyone that terrorist organizations and sympathizers will exploit any military information posted on social networks and other websites. The warning extends not only …
Shaun Nichols, 17 Aug 2015
The Kremlin in Moscow. Pic: Pavel Kazachkov

Kremlin hackers exploited TWO 0-day Flash, Windows vulns

A hacking group probably backed by Russia has been making use of two zero-day exploits to target foreign governments. The so-called "Operation RussianDoll" attackers used zero-day exploits in Adobe Flash and Windows to target a specific foreign government organisation. Security firm FireEye says the pattern of the attacks fits …
John Leyden, 20 Apr 2015

Dating gets even more dangerous after PlentyOfFish suffers tainted ads

Miscreants managed to squirt malware at users of dating site PlentyOfFish after planting malicious code in tainted ads. Users of PlentyOfFish are targeted by an array of fake adverts via the site’s ad network ( This malvertising serves up content from booby-trapped sites. The Nuclear Exploit Kit hosted on …
John Leyden, 21 Aug 2015

Google, Adobe barricade Flash against hacker hordes – we peek inside

Google's team of computer security gurus have described the anti-hacker defenses they've helped Adobe add to Flash Player. It's hoped that these mechanisms will thwart or frustrate miscreants' attempts to exploit programming bugs in the software, and thus hopefully prevent attackers from hijacking victims' PCs and Macs. The …
Chris Williams, 17 Jul 2015

It's 2015, and someone can pwn Windows PCs by inserting a USB stick

Patch Tuesday Microsoft has released 14 sets of software patches to address critical security vulnerabilities in Windows, Office, Internet Explorer, and Edge. Yes, even Edge: Microsoft's supposedly whizzbang super-secure web browser. Users and sysadmins should apply August's Patch Tuesday fixes as soon as possible: the bugs can be exploited …
Shaun Nichols, 11 Aug 2015

Four phone hijack bugs revealed in Internet Explorer after Microsoft misses patch deadline

Updated Microsoft has run out of time to fix four critical security vulnerabilities in the mobile edition of Internet Explorer – prompting HP's Zero Day Initiative (ZDI) to disclose their existence without revealing any damaging details. All four of the flaws present a remote code execution (i.e. malicious code injection on a Windows …
John Leyden, 23 Jul 2015

Bitdefender feeling a bit tender: Hackers enter anti-distemper vendor

One or more miscreants have been able to slurp and leak usernames and passwords from Bitdefender. The unencrypted login details belonged to some of the security biz's small business customers. Bitdefender, which makes antivirus software and other stuff, admitted its system was breached following rumors (here and here) that …
John Leyden, 31 Jul 2015

Google yanks fake Android battery monitor

Zscaler has spoiled someone's app-spoofing sting, discovering a fake battery monitor app on Google Play. Worryingly, the spoof app seems to have gotten past Google's self-lauded Bouncer app vetting system. The company reckons the malicious version of the BatteryBot battery indicator app was probably trying to put together an …
Funnel of cash. Credit: via SXC –

Bloke clicks GitHub 'commit' button in Visual Studio, gets slapped with $6,500 AWS bill

A web developer from South Africa said a bug in a tool for using Microsoft's Visual Studio IDE with code-sharing site GitHub inadvertently exposed his sensitive data – and the error cost him more than $6,500 (£4,250) in just a few hours. Carlo van Wyk of Cape Town–based Humankode said he used the GitHub Extension for Visual …
Neil McAllister, 01 Sep 2015

Google bakes W3C malware-buster into Gmail

If an online service offers even the slightest gap through which miscreants can launch an attack, they will do so. It's therefore not surprising that Google feels some extensions to its Gmail service may not be entirely friendly to users. The Chocolate Factory's, response, announced Tuesday, is to adopt the W3C's Content …
Simon Sharwood, 17 Dec 2014
Doctor Nick Riviera

Hackers invade systems holding medical files on 4.5 million Cali patients

UCLA Health hospitals say hackers may have accessed personal information and medical records on 4.5 million patients. The California medical group admitted today that miscreants infiltrated its computer systems as long ago as September. It is possible the intruders accessed databases holding patient names, addresses, dates of …
Shaun Nichols, 17 Jul 2015

Hackers spent at least a year spying on Mozilla to discover Firefox security holes – and exploit them

Hackers have known about unpublicized and unpatched critical security holes in the Firefox web browser for a year or more – all by invading Mozilla's systems. The Mozilla Foundation admitted on Friday that a privileged account on Firefox's Bugzilla bug-tracking software has been compromised since at least September 2014. Said …
Neil McAllister, 04 Sep 2015
register logo

What keeps CIOs awake? Leaky data centres – or leaky C-suites?

Reg Events If you’re a tech boss who wants to get yourself into the spotlight, one guaranteed route to notoriety is to preside over a major security breach. But it’s the last thing you really want to do. Rather, for the sake of your employer, your customers, or, let’s face it, the sake of your career, you’re going to want to keep your …
Team Register, 20 Apr 2015

Don't want pranksters 'bricking' your Android? Just stop using the internet, duh – Google

Video Trend Micro peeps say they have discovered a security bug that miscreants can exploit to seemingly murder millions of Android smartphones. A device will appear lifeless and unable to make calls, with a dead screen and no sound output, if an attack is successful, we're told. All a victim has to do is visit a dodgy webpage, or …
Iain Thomson, 30 Jul 2015

Patch Bugzilla! Anyone can access your private bugs – including your security vulns

If you or your organization is running Bugzilla, and you're using email-based permissions, make sure you've updated to the latest version – namely 5.0.1, 4.4.10, or 4.2.15. That's because someone's found a way to easily access private bugs in your codebase – such as critical security holes you're still working on to fix. An …
Chris Williams, 17 Sep 2015

BitTorrent kills bug that turns networks into a website-slaying weapon

BitTorrent has fixed a flaw in its technology that quietly turns file-sharing networks into weapons capable of blasting websites and other internet servers offline. The San Francisco company said Thursday the patch for its libuTP software will stop miscreants from abusing the peer-to-peer protocol to launch distributed …
Shaun Nichols, 28 Aug 2015

FireEye: The face of hacking is changing – and it's getting uglier

Cyberattacks from Russia have increased because of sanctions related to the Ukraine while assaults from Iran have dropped over recent months, thanks to the recent Iran nuclear deal. David DeWalt, FireEye chief exec, said these changes show how the diplomatic landscape affects what is happening in cyberspace even though the …
John Leyden, 21 Sep 2015

Crims bait phishing hooks with Flash, cast at US Gov agencies

Hackers are attempting to break into US Government agencies using a recently patched Adobe Flash vulnerability, the FBI is warning. The attacks target flaw CVE-2015-5119 revealed and patched earlier this month that can if exploited allow attackers to run malware on victim machines. The agency warned of the attacks which began …
Darren Pauli, 20 Jul 2015

Compromised Cisco routers spotted bimbling about in the wild

More than a dozen compromised router infections have been found in the wild, all targeting Cisco kit as part of sophisticated attempts to hack into corporate and government networks. Once considered only a theoretical risk, the finding of malware-infected routers by FireEye/Mandiant shows that the threat is all too real. A …
John Leyden, 15 Sep 2015

D-Link spilled its private key onto the web – letting malware dress up as Windows apps

Updated Taiwanese networking kit maker D-Link leaked a private code-signing key onto the internet for anyone to download. This is rather embarrassing because this key can be used to trick Windows computers into trusting and running malware. An eagle-eyed netizen told on Thursday that the code-signing key appeared in a …
Chris Williams, 18 Sep 2015

Web advertising giant (Google) to spew ads over web – using HTTPS

Google has vowed to serve ads over HTTPS from its massive advertising network. The move will make it easier for website owners to go fully SSL-protected, serving their webpages and ads over HTTPS rather than just the pages over HTTPS and mixing in ads over HTTP, which is insecure. It also means each ad and its link can't be …
Darren Pauli, 20 Apr 2015 website hacked: Scan your PC for malware if you stopped by

The website for the Internet Systems Consortium, which develops the BIND DNS and ISC DHCP tools, has been hacked. Anyone who recently browsed is urged to check their PC for malware as miscreants booby-trapped the site to infect visitors. The website has been replaced by a placeholder page warning netizens of the attack …
Chris Williams, 26 Dec 2014
Github octodex

GitHub ordered to hand over access logs to Uber

GitHub has been ordered to hand over records on some of its users to taxi-booking app Uber after unsuccessfully challenging a subpoena. Last month, Uber announced its driver database had been hacked in May 2014, but it had only noticed in September of that year. Uber discovered that a supposedly secret database access key had …
Kieren McCarthy, 25 Mar 2015

Calling all cybercrooks: Ready-made phone attack rig for sale

Cybercrooks are marketing a hardware-based tool for running denial of service attacks on telephone systems. The Telephone Denial of Service attacks (TDoS) rig is being sold by a group of cybercriminals called “TNT” from Eastern Europe via underground cybercrime forums. The tool, called “TNT Instant Up”, features a special …
John Leyden, 23 Feb 2015
The Queen Mother by Phil Houghton

Sony-blasting Lizard Squad suspects quizzed by UK and Finnish cops

UK police have arrested a suspected member of the infamous Lizard Squad crew. The 22-year-old from Twickenham, south-west London, was arrested by police on Tuesday, and questioned about alleged fraud against PayPal as well as claims he is reportedly linked to Lizard Squad – a group of cyber-miscreants who made headlines …
John Leyden, 02 Jan 2015

Hey kids, who wants to pwn a million BIOSes?

The overlooked task of patching PC BIOS and UEFI firmware vulnerabilities leaves corporations wide open to attack, a new paper by security researchers warns. Xeno Kovah and Corey Kallenberg argue that the poor state of low-level software security is among the easiest ways for hackers to deeply infiltrate organizations. A …
John Leyden, 12 Jun 2015