Articles about Variants

Malware figures out it's running on VMs and refuses to execute

Malware writers are looking for the absence of documents to figure out which PCs are potential victims and which are virtual machines being used by white hats. SentinelOne senior researcher Caleb Fenton found the novel technique while attempting to coax the malware into activating so it could be analysed. The worm he was …
Darren Pauli, 23 Sep 2016
NSA

Cisco plugs another 'Shadow Brokers' hole

Cisco's post-Shadow Brokers security review has uncovered an IKEv1 vulnerability that can leak memory contents of its (deprecated) PIX firewalls and various IOS environments. Don't delay the patch, because the investigation found the bug was exploited in “some Cisco customers”. It attributes the bug to “insufficient condition …

iPhone 7's Qualcomm, Intel soap opera dumps a carrier lock-out on us

Analysis Love rat Apple two-times its long-suffering squeeze Qualcomm with dishy Intel – and it's going to keep the baby but only let some of us see it. Over a cheap bottle of chardonnay one dark night in Cupertino, Intel wooed Apple with flimsy promises. The pair felt a connection (around the 1.9GHz mark) after the iPhone maker opened …
Chris Williams, 18 Sep 2016

Top infosec vendors, cops, liberate thousands from ransomware

Warriors from industry and law enforcement collective No More Ransom have cleansed more than 2500 machines of ransomware by distributing free decryption keys and other tools to eradicate infections. No More Ransom is an alliance of cops and anti-malware experts including McAfee and soon-to-be-former parent company Intel, …
Darren Pauli, 14 Sep 2016
Nine inch iPad Pro and Smart Keyboard

Apple killed OS X today and binned its $10,000 BlingWatch too

Amid all the glamour and excitement of the the iPhone 7 launch, Apple snuck out a few other nuggets, some of them a little unhappy. Reg readers administering Macs need to know that come September 20th Mac OS X is dead. It'll be replaced on that day by macOS Sierra and probably spur a download frenzy, accompanying social media …
Simon Sharwood, 08 Sep 2016
Child sized crash test dummies at the TRL

Crash test dummy? Love the excitement of breaking an OS? Fedora 25 Alpha has landed

If you're a chronic complainer and nit-picker with a spare machine and a willingness to suffer multiple crashes, weird screen artefacts and possible data loss: Fedora 25's alpha has landed ahead of its anticipated November 2016 release. If you want to help the developers by breaking stuff, don't risk dual-boot on OS X if you' …

OneLogin breached, hacker finds cleartext credential notepads

Password attic OneLogin has been breached, and it's bad, because the service that suffered the breach is one often used by people to store credentials like admin password and software keys. The online credential manager says its Secure Notes facility was breached, allowing the intruder to read in cleartext notes edited between …
Darren Pauli, 31 Aug 2016
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Demise of Angler, the world's worst exploit kit, still shrouded in mystery

The Angler exploit kit has all-but vanished and whoever knows why isn't talking. Angler was the most powerful and sought-after exploit kit on the market boasting rapid integration of new vulnerabilities that made it able to employ zero day attacks on Flash, Java, and Silverlight. It also employed a battery of complex …
Darren Pauli, 16 Aug 2016

Some benefits of digital health to NHS may be delayed by consent model consultation – expert

Opinion The realisation of some digital health benefits within the NHS might have been delayed by the extra requirement for consultation on a new consent model governing the use of patient data. A new consent and opt-out model could help clarify constraints that apply to data use in the NHS and promote new digital health initiatives. …
OUT-LAW.COM, 08 Aug 2016
HTTP/2 flow diagram

Two first-gen flaws carried over to HTTP/2, warn security bods

Black Hat Security researchers have unearthed four high-profile vulnerabilities in HTTP/2, a new version of the protocol. HTTP/2 introduces new mechanisms that effectively increase the attack surface of business critical web infrastructure, according to a study by researchers at data centre security vendor Imperva and released at the …
John Leyden, 03 Aug 2016

Diablo backers toss $18m in pot to forge software keys to XPoint DIMM kingdom

Analysis Things are looking up for Diablo Technologies. It has pulled in another $18m in funding and has tier 1 server OEMs qualifying its Memory1 flash-as-memory technology. Also the Netlist lawsuits seem to be going away. Back in January it announced a $19m C‑round of funding, taking total funding to $77.8m. That C‑round was kept …
Chris Mellor, 02 Aug 2016
Hammer and hardhat, image via Shutterstock

My Microsoft Office 365 woes: Constant crashes, malware macros – and settings from Hell

Sysadmin blog Microsoft Office remains one of the most important software products available, despite some rather nasty flaws. For me, Microsoft Office and video games anchor me to Windows. While video games seem set to remain largely Windows-only for the foreseeable future, Office is losing its grip. For a long time, I used Office because …
Trevor Pott, 29 Jul 2016
Batman. Credit: DC Comics.

Cisco busts ransomware rodent targeting bitcoin, cryptocoin subreddits

The eager-but-pwned net menace behind the JigSaw ransomware has been found targeting Reddit users with multiple malware in a bid to snare victims. The VXer is thought to be behind three ransomware variants, including the well-known Jigsaw which sports iconography from the Saw film, each lurking behind websites that foist the …
Darren Pauli, 27 Jul 2016
Image by gyn9037 http://www.shutterstock.com/gallery-691846p1.html

Odds are your office is ill-prepared for network-ransacking ransomware

Organizations are unprepared for future strains of more sophisticated ransomware, a report by Cisco warns. The networking giant's 2016 Midyear Cybersecurity Report concludes that the next wave of ransomware is expected to be more pervasive and resilient. While current strains typically infect a single computer, future …
John Leyden, 26 Jul 2016

Security firms team to take down rudimentary ransomware

Two new ransomware efforts have been destroyed by meddling white hats. "PowerWare" and "Bart" have been dismembered and laughed at by good-guy hackers who found flaws that allow user machines infected by current forms of the threats to decrypt their files for free. Palo Alto's Tyler Halfpop, Jacob Soo and Josh Grunzweig, …
Darren Pauli, 25 Jul 2016
Seagate_Guardian_Brands

Seagate in 10TB drive brand brainstorm

Seagate has added three new 10TB helium drives, simultaneously re-branding its desktop/laptop disk and SSHDs, NAS and surveillance drive products in a complicated scheme involving disparate drive technologies. It introduced its first helium drive, the 7-platter 10TB Enterprise Capacity disk drive, in January. Now there are …
Chris Mellor, 21 Jul 2016

Ransomware gang: How can I extort you today?

Three out of four ransomware criminal gangs are willing to negotiate the shakedown price. And all the operators of file encrypting ransomware scams will give victims more time to pay up. So say security researchers at F-Secure, who investigated the "customer experience" of five active crypto-ransomware variants, beginning with …
John Leyden, 21 Jul 2016
Man reading newspaper with glasses on his head

Android malware blocks bank calls

Cybercrooks have put together a fake banking application that blocks victims’ outgoing calls to customer service. The Fakebank trojan blocks calls in order to stop victims from cancelling their stolen payment cards. The Android nasty is automatically programmed to cancel calls from being placed. Victims can, of course, use …
John Leyden, 14 Jul 2016
lychy 01 http://www.shutterstock.com/gallery-299362p1.html

400 million Foxit users need to catch up with patched-up reader

Makers of popular PDF reader Foxit have patched 12 dangerous vulnerabilities that could have resulted in remote code execution. Some 400 million users run the flagship reader billed as an alternative to Adobe Reader. Thedozen flaws are patched in Windows and Linux variants. Users would need to be conned into opening a …
Darren Pauli, 01 Jul 2016
Snake oil salesman

Deploying software every day is... actually... OK – what devs tell their real-life friends

“High-performing organisations” which have employed agile and devops methodologies are decisively pulling away from their fuddy-duddy peers in the number of software deployments they can manage. But while the idea of deploying software 200 times more frequently than low performing companies might fill some developers with …
Joe Fay, 23 Jun 2016
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

FOURTH bank hit by SWIFT hackers

A fourth bank, this time in the Philippines, has been attacked by hackers targeting the SWIFT inter-bank transfer system. Security researchers at Symantec reckon the same group blamed for the infamous $81m Bangladesh central bank mega-heist back in February also mounted an earlier assault in the Philippines last year, itself …
John Leyden, 27 May 2016

Cryptxxx shipwrecked: Laughing white hats shred latest ransomware

Kaspersky white hats have again ruined the Cryptxxx malware by offering victims a free decryption tool that will unwind all variants of the menace. The infuriating researchers have followed their first decryption effort that busted up the earlier Cryptxxx variant causing VXers to re-write and reissue a patched ransomware …
Darren Pauli, 18 May 2016

Destroying ransomware business models is not your job, so just pay up

COMMENT It's not your job to defend the world against criminals, so the decision to pay a ransomware demand is all about business. The likes of FBI Cyber Division deputy chief James C. Trainor disagree. The Bureau recently advised organisations not to pay lest they "embolden" criminals and encourage others to take start using …
Darren Pauli, 17 May 2016
Image by Danomyte http://www.shutterstock.com/gallery-256714p1.html

Six-year-old patched Stuxnet hole still the web's biggest killer

The six-year-old vulnerability first burnt by Stuxnet remains the internet's chief pwning vector and is a key instrument of the world's worst exploit kit known as Angler. The vulnerability is a hole in Windows Shell that is both long since patched and well publicised as part of its discovery in the US' Stuxnet worm, the killer …
Darren Pauli, 09 May 2016
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Suck on this: White hats replace Locky malware payload with dummy

Pranksters have infiltrated the control system behind the infamous Locky ransomware and replaced the malware’s main payload with a dummy file. Locky normally spreads using malicious and disguised JavaScript inside email attachments supposedly containing an invoice or similar. Malicious messages are sent to prospective marks in …
John Leyden, 05 May 2016
EMC Cork's DSSD D5 unit

VxRackery dominates EMC World day 2

EMC World's second day saw hyper-converged rackery put front and centre, with a stronger DSSD offering, Neutrino* nodes coming to the VxRack 1000 as well as a DSSD variant, and a hybrid cloud VXrack offering. We'll check out the Neutrino rack stuff first. The VCE VxRack 1000 is a hyper-converged, servers+storage+networking+ …
Chris Mellor, 05 May 2016

Iranian cyberspy phishing rod pulled from the waters and exposed

Security researchers have lifted the lid on a decade long cyber-espionage campaign. The Infy malware, which originated in Iran, has been used to target businesses and governments across the world since 2007 and remains in use, according to security researchers from Palo Alto's Unit42 research unit. Over the time, the malware …
John Leyden, 03 May 2016
EMC_Unity_bezel

EMC re-engineers its VNX flashy boxen, puts Unity on the label

EMC's mid-range VNX/VNXe arrays have been re-engineered to make better use of flash, producing the Unity array with a starting price of less than $10,000. It is firmly in the active:active, dual-controller mode and comes in all-flash, hybrid flash/disk, and software-only (VSA) configurations. The array is positioned as an SME …
Chris Mellor, 03 May 2016
SanDisk Z410

Alphabetti spaghetti: SanDisk adds SLC cache to TLC SSD

Acronym alert: SanDisk has upgraded its Z400 PC SSD by changing it from an MLC drive to a TLC one with an SLC cache, doubling its capacity as well making it faster. The Z400 SSD used 15nm MLC (2 bits/cell) flash when it was introduced a year ago. SanDisk has kept the 15nm NAND but changed it to TLC (3bits/cell), upping its …
Chris Mellor, 28 Apr 2016
Traffic in Saigon. Pic: "M M"

Guess what's 'easily hacked'? Yes, that's right: Smart city transport infrastructure

Roadside sensors and the data gathered from them can be easily hacked, according to field tests by researchers from Kaspersky Lab on the streets of Moscow. Transport infrastructure in modern cities typically includes an array of traffic and road sensors, cameras, and even smart traffic light systems. Data from these devices is …
John Leyden, 22 Apr 2016
Curser icon over a news paper folded

Revised trojan hits HK

Poison Ivy malware has been revamped as a more potent cyber-spying tool. The revised malware is been slung in targeted attacks against pro-democracy activists in Hong Kong. The latest version of the trojan features updated execution and communications mechanisms, as explained by researchers from Palo Alto Networks here. …
John Leyden, 22 Apr 2016
Android 5.0 "Lollipop"

Samsung's dimmer Galaxies can make calls when locked, cabled

A bunch of Samsung Galaxy variants leave their modems open to receiving AT commands over the USB cable, even when they're locked. The vulnerability is discussed by its discoverers at Github. Before you dismiss the vulnerability as a local privilege escalation (which it is), consider how many people would be happy leaving a …
London - Iconic Red telephone box with Big Ben at the background and blue sky - UK, England. Photo by Shutterstock

Spear phishers target gullible Brits more than anyone else – survey

There’s been a sharp (35 per cent) increase in crypto ransomware attacks, with the UK ranked as the nation third most targeted with ransomware. The UK is also ranked as the most targeted nation for spear phishing attacks and the second most hit-upon country with social media scams, according to other findings from Symantec's …
John Leyden, 12 Apr 2016
Parachutists and cloud image via Shutterstock

SoftLayer reveals per-CPU VMware pricing

SoftLayer's pricing for VMware-as-a-service has emerged and the IBM outfit has scored a deal for per-CPU licences. VMware and SoftLayer teamed up earlier this year in a deal that looked good for Virtzilla which, having more-or-less abandoned ambitions to build its own globe-spanning cloud, recognised that SoftLayer could get …
Simon Sharwood, 05 Apr 2016

Android's unpatched dead device jungle is good for security

Black Hat Asia Android's diverse and oft un-patched ecosystem is a strength, not a weakness. So says says Dino Dai Zovi, security lead at mobile payments outfit Square, because he feels diversity makes criminal hackers work harder. Android variants are a dime a dozen, thanks to customisations used to get the OS running on myriad phones and …
Darren Pauli, 31 Mar 2016

Infosec miscreants are peddling malware that will KO your router

Malware targeting embedded devices such as routers rather than computers is doing the rounds. A new and improved version of Kaiten, an Internet Relay Chat (IRC)-controlled malware typically used to carry out distributed denial-of-service (DDoS) attacks, is spreading, security firm ESET warns. KTN-Remastered or KTN-RM features …
John Leyden, 30 Mar 2016

Ransomware now using disk-level encryption

Ransomware has been detected infecting master file tables, rendering Windows PC useless unless payment is made. When first executed, the Petya malware will reboot the victim's machine, and run what appears to be a Windows check disk scan as a mask for the encryption process. A screen is then displayed that directs users to a …
Darren Pauli, 29 Mar 2016

Google gives away its internal $200 patch analysis tool for free

Google has released its popular BinDiff patch analysis plug-in for free, dropping its previous US$200 price tag. The tool is loved among security engineers who find it useful when analysing vendor patches and comparing binaries. Freeing the tool will help alleviate the cost of patch and malware analysis for independent …
Darren Pauli, 22 Mar 2016
dumb_and_dumber_648

Like masochism? Run a PC? These VXers want to help you pwn yourself

Masochistic Windows users have been given a helping hand from hackers, in the form of step-by-step instructions on how to get their PCs infected with malware. A recent malware-slinging banking trojan campaign targeting Germany last week comes with explicit instructions for the recipients describing how to get their computers …
John Leyden, 14 Mar 2016

Google screening missed hundreds of malicious Android apps, researchers say

Malicious apps that have breached Google's defences and made it onto the Play store have netted 1.2 million victims, often hijacking phones to place fraudulent clicks on pornography sites. ESET researcher Peter Stancik says his team found some 343 malicious Android applications that were uploaded to the official Google Play …
Darren Pauli, 29 Feb 2016
terminators_648

Humans – 1 Robots – 0: Mercedes deautomates production lines

In a surprise win for humanity, Mercedes Benz has announced that it's ditching the robots used on its assembly line in favor of human workers because they can cope with the job better. "Robots can't deal with the degree of individualization and the many variants that we have today," Markus Schaefer, the luxury car-maker's head …
Iain Thomson, 25 Feb 2016

Dangerous Android banking bot leak signals new malware wave

Android users could be hit with a new wave of dangerous banking malware following the leak of source code for a capable Android trojan. Users could be targeted with variants of the malware, known as "GM Bot", that is capable of harvesting usernames and passwords using slick keystroke-capturing website overlays. Since it …
Darren Pauli, 23 Feb 2016
New Monopoly game

New Monopoly version features an Automatic Teller Machine

Iconic vulture capitalism trainer family-friendly property trading game Monopoly has adopted an automatic teller machine in a new edition of the game. Monopoly’s had a cash-free version since about 2014, when players were offered credit cards that, when inserted into a custom device, credited them with new cash for going …
Team Register, 17 Feb 2016
Scotty - Star Trek

EMC energizes Star Trek-style matter-phasing warp field coils, emits VxRack Neutrinos

As well as the VxRack 1000, EMC has two more VxRack variants coming: SDDC and Neutrino. VxRack is a hyper-converged, rack-level system for large data centers running scale-out workloads. It slots in EMC VCE's product range underneath Vblocks, which are rack-level converged infrastructure for large data centers running …
Chris Mellor, 16 Feb 2016

EMC's hardware 'quantum leap' is more of a brisk catchup stroll

EMC's VCE converged systems unit is heading into hyperconverged country with new VxRail appliances that look and behave an awful lot like existing products from upstart rivals, but are promised to be simpler and cheaper. The Register foreshadowed the launch of VxRail. Forgive us a little smugness because we mostly got it right …
Simon Sharwood, 16 Feb 2016
Croteam's Talos Principle is among the first games to support Vulkan

Khronos releases Vulkan 1.0 open graphics specification

Khronos has released Vulkan 1.0, the next generation open graphics API, and a Vulkan SDK for Windows and Linux is now available from LunarG. Khronos is an industry consortium which creates open graphics standards, including OpenGL and WebGL. Vulkan was announced in March 2015 and represents the next generation after OpenGL, …
Tim Anderson, 16 Feb 2016

ESA's Sentinel satellite to ride converted ICBM

The European Space Agency's (ESA) Sentinel 3-A satellite will soar heavenwards tomorrow from Plesetsk Cosmodrome in northern Russia, riding a "Rockot" converted ICBM lifter. Sentinel 3-A will form part of the European Commission’s Copernicus Earth-monitoring programme. From an altitude of 814.5km, the satellite will "measure …
Lester Haines, 15 Feb 2016
The_A-Team

HDS brings out all-flash A series array

Hitachi Data Systems is taking its marketing attack direct to XtremIO and Pure Storage with a brand new, entry-level, all-flash array storage line, the HFS A series, separate from its existing VSP and HUS arrays. The HFS (Hitachi Flash Storage) product comes in three models: A220, A250 and A270, each with dual active:active …
Chris Mellor, 19 Jan 2016

Exploit kits throw Flash bash party, invite Crypt0l0cker, spam bots

Criminals behind some of the most potent exploit kits, Neutrino and RIG, are ramping up attacks slinging the latest ransomware and hosing users who have not applied recent Adobe Flash patches. The patched vulnerabilities permit code execution and allow the dangerous hacking kits to compromise user machines. The two above- …
Darren Pauli, 11 Jan 2016

Devs get malicious root app militia on Play Store, sell pumped up ratings

Google has punted from its Play Store 13 apps, including one installed a million times and capable of gaining persistent root, downloading additional apps, and leaving fake positive reviews. The Brain Test apps slipped past the Chocolate Factory's Google Verify Apps (formerly Bouncer) vetting system and were downloaded scores …
Darren Pauli, 08 Jan 2016