Articles about security

Man reading newspaper with glasses on his head

Guys, you're killing us! LA Times homicide site hacked to mine crypto-coins on netizens' PCs

A Los Angeles Times' website has been silently mining crypto-coins using visitors' web browsers and PCs for several days – after hackers snuck mining code onto its webpages. The newspaper's IT staffers left at least one of the publication's Amazon Web Services S3 cloud storage buckets wide open to anyone on the internet to …
Shaun Nichols, 22 Feb 2018

World's cyber attacks hit us much harder in past year – major infosec chief survey

Cyber security breaches were twice as severe in the past year, with total financial losses reaching $500,000 (£356,00) per business, according to an extensive survey of CISOs across the globe. Some 32 per cent of breaches affected more than half of an organisation's systems in 2017, up from 15 per cent the previous year, …
Kat Hall, 21 Feb 2018

Oh, Bucket! AWS in S3 status-checking tool free-for-all

Amazon Web Services has signalled it's still worried about poorly configured buckets in its Simple Storage Service (S3) by making one of the tools to manage them free. AWS suffered last year after a rash of data leaks caused by customers who had improperly configured their S3 storage. It's an easy mistake to make because the …
Simon Sharwood, 21 Feb 2018
fingers

Global security crackdown, a host of code nasties, Brit cops mocked, and more

Roundup Here's a summary of this week's security news beyond what we've already reported. At the Munich Security Conference in Germany, major companies, including Siemens, Airbus, Allianz, Daimler Group, IBM, NXP, SGS and Deutsche Telekom, signed a Charter of Trust for cybersecurity. The signatories were joined by Elżbieta Bieńkowska …
Iain Thomson, 17 Feb 2018

Oi! Verizon leaked my fiancée's nude pix to her ex-coworker, says bloke

A bloke is suing Verizon Wireless in the US because, he claims, personal pictures from his Verizon phone, including intimate snaps of his fiancée, turned up on the phone of another subscriber – who happened to know her. "On February 8, 2018, the plaintiff discovered for the first time that Verizon’s advertisements about the …
Thomas Claburn, 17 Feb 2018
Grand Theft Auto (1997)

Former ICE top lawyer raided US govt database to steal aliens' identities

Yet again an insider has been caught misusing a workplace computer system to conduct identity theft and fraud. Unusually, the perp was, at the time, serving as the head lawyer for the US government's Immigration and Customs Enforcement’s (ICE) Office of Principal Legal Advisor (OPLA) at the time. And rather than turning to the …
Thomas Claburn, 15 Feb 2018
Spraying bugs with insecticide

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits

When details of the Meltdown and Spectre CPU security vulnerabilities emerged last month, the researchers involved hinted that further exploits may be developed beyond the early proof-of-concept examples. It didn't take long. In a research paper – "MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting …
Thomas Claburn, 14 Feb 2018
Lady looking at phone with the world map in the background connecting with the phone

US govt staffers use personal gear on work networks, handle biz docs on the reg – study

Employees of US government agencies are largely ignoring basic security measures. This is according to a study published this month by security biz Lookout, which suggests Uncle Sam's staffers may be putting confidential information at risk. According to a survey of 200 IT and security admins at US federal agencies, 67.5 per …
Shaun Nichols, 14 Feb 2018

From tomorrow, Google Chrome will block crud ads. Here's how it'll work

Starting tomorrow, Google, which makes most of its money from online advertising, will begin blocking egregious ads in its Chrome browser under limited circumstances – though it would really rather not. The reason, explained Chrome veep Rahul Roy-Chowdhury in a blog post on Tuesday, is that some ads suck. "It’s clear that …
Thomas Claburn, 14 Feb 2018

You dopes! US state's pot dealer database pwned after security goes up in smoke

The US state of Washington says a miscreant was able to access the system it uses to track the manufacturing and sale of marijuana. The Evergreen State's Liquor and Cannabis Board – a job that sounds way cooler than it actually is – yesterday admitted that last weekend someone was able to exploit a vulnerability in one of its …
Shaun Nichols, 9 Feb 2018

From July, Chrome will name and shame insecure HTTP websites

Three years ago, Google's search engine began favoring in its results websites that use encrypted HTTPS connections. Sites that secure their content get a boost over websites that used plain-old boring insecure HTTP. In a "carrot and stick" model, that's the carrot: rewarding security with greater search visibility. Later …
Uber CISO John Flynn

PSA: If your security starts and ends with bug bounties, you're gonna have a bad time

Analysis Remember when Uber tried to cover up the fact its AWS datastore containing records on 57 million riders and drivers had been hacked? And that it bunged the hackers $100,000 to shut them up, and then disguised the expense as a bug bounty payout? Who could forget? Certainly not shocked US lawmakers, who held a hearing in …

Unlucky 13 collared by cops hunting cyber-crew who stole up to $2.2bn

Thirteen out of 36 individuals indicted for their alleged involvement in a transnational cybercrime group know as Infraud have been arrested, the US Department of Justice announced on Wednesday. The Infraud Organization, according to prosecutors, coordinated various flavors of internet fraud including identity theft, bank …

Beware the looming Google Chrome HTTPS certificate apocalypse!

Tens of thousands of websites are going to find themselves labeled as unsafe unless they switch out their HTTPS certificate in the next two months. Thanks to a decision in September by Google to stop trusting Symantec-issued SSL/TLS certs, from mid-April Chrome browser users visiting websites using a certificate from the …
bouncer

You can find me in da club, database full of faces… but this ain't privacy watchers' jam

Five clubs in Bournemouth are now accepting ID in the form of an app that verifies who you are through facial recognition – to the disdain of privacy activists. The town is the first in the UK to accept the digital identity app Yoti, which claims to offer users a safer way to prove they are who they claim to be. Users sign up …
Rebecca Hill, 2 Feb 2018

New click-to-hack tool: One script to exploit them all and in the darkness TCP bind them

Python code has emerged that automatically searches for vulnerable devices online using Shodan.io – and then uses Metasploit's database of exploits to potentially hijack the computers and gadgets. You set this script running, it crawls the internet looking for machines that are possibly vulnerable to attack – typically due to …
Thomas Claburn, 31 Jan 2018
A piggy bank in a pile of pound coins

Watchdog: Uh, sit down, AriseBank. This crypto-coin looks more like a $600m crypto-con

Updated America's financial watchdog today suspended an initial coin offering (ICO) from AriseBank, claiming it's a scam. The US Securities and Exchange Commission obtained a court order to halt the investment scheme based on a complaint filed under seal last week. According to the regulator, AriseBank – based in Dallas, Texas – and …
Thomas Claburn, 30 Jan 2018

Fella faked Cisco, Microsoft gear death – then sold replacement kit for millions, say Feds

A US bloke allegedly defrauded Cisco and Microsoft by faking problems with computing and networking gear he didn't own to trick the tech giants into sending him replacements. The suspected crook then sold the gear online and through New Jersey-based resellers for millions of dollars, prosecutors claim. Justin David May, 28, …
Thomas Claburn, 29 Jan 2018

Create a news alert about security, or find more stories about security.

Biting the hand that feeds IT © 1998–2018