Feeds

Security > More stories

US Marshals commit DIRTBOX INTRUSION on Americans, says report

US marshals have reportedly fitted mini mobile phone cells, nicknamed dirtboxes, inside aircraft so that they can locate mobes from the sky. Or, in other words, another one of Uncle Sam's agencies has found another way to secretly track citizens. The g-men, who work for the courts and track down fugitives, have a fleet of light …
Iain Thomson, 14 Nov 2014

US carder gets nine years in cooler, must pay back $50 MEELLION

Georgia carder Cameron Harrison has been sentenced to nine years jail and ordered to pay US$50.8 million in restitution for purchasing stolen credit cards from scuttled website carder.su. Harrison, 28, who used the handle Kilobit pleaded guilty to three charges and was sentenced overnight by Nevada District Judge Andrew Gordon …
Darren Pauli, 14 Nov 2014

Lads from Lagos using 'Predator Pain' on hapless 419 victims

Advanced-fee fraudsters are adopting the tactics of state-sponsored hackers in attacks targeting small- to medium-sized businesses, rather than large corporates, according to research from Trend Micro. 419 gangs are using the Predator Pain and Limitless keyloggers to steal network credentials through spear-phishing attacks, …
John Leyden, 13 Nov 2014
Files

UK.gov teams up with moneymen on HACK ATTACK INSURANCE

+Comment The UK government last week partnered with 12 insurance companies to develop the "cyber-insurance" market. But experts are split on whether encouraging the development of the nascent market will result in the adoption of improved security practices. Cabinet Office Minister Francis Maude said that while cyber insurance adds an …
John Leyden, 13 Nov 2014

Pay-by-bonk chip lets hackers pop all your favourite phones

Blood is flowing on the floor of the Pwn2Own challenge slaughterhouse, after whitehats hacked their way through an Apple iPhone 5S, Samsung Galaxy S5, LG Nexus 5 and Amazon Fire, most often by using Near Field Communications. The annual contest backed by mobile giants BlackBerry and Google and run by HP's Zero Day Initiative …
Darren Pauli, 13 Nov 2014

'Chinese hackers' pop US weather bureau, flatten forecast feeds

Chinese hackers have breached the USA's weather forecasting systems, disrupting emergency and disaster planning in a hack one US congressman described as a cover-up, the Washington Post reports. The September hack was not discussed internally by the National Oceanic and Atmospheric Administration (NOAA) until 20 October and even …
Darren Pauli, 13 Nov 2014

ISPs are stripping encryption from netizens' email – EFF

Some ISPs are removing encryption from customers' connections to email servers – threatening the privacy of their communications – claims civil-liberties group the Electronic Frontier Foundation. Incidents in the US and Thailand over recent months have seen service providers intercepting their customers' data to strip a security …
John Leyden, 12 Nov 2014

Yorkshire man NICKS 1,000 Orange customer records. Court issues TINY FINE

A man who attempted to illegally access the passwords and login details of more than 1,000 Orange customers has been fined just £500 for his actions. The Information Commissioner's Office said that the 25-year-old company director Matthew Devlin was handed the financial penalty after he appeared before Calderdale Magistrates' …
Kelly Fiveash, 12 Nov 2014

Annus HORRIBILIS for TLS! ALL the bigguns now officially pwned in 2014

The appearance of a critical flaw in Microsoft SChannel - patched as part of this year's phenomenal November Patch Tuesday - means that every major TLS stack has now fallen victim to a critical flaw at some time during this year. The security flaw (MS14-066) in Microsoft's TLS cryptography library open the door to remote code …
John Leyden, 12 Nov 2014
Sky's Sainsbury's iPad shopping trolley

Target, Home Depot and UPS attacks: Dude, you need to rethink point-of-sale security

A new report on point-of-sale malware presents the most detailed examination of the malicious code behind high-profile attacks against US retailers to date. Cyphort Labs’ in-depth look focuses on Target, Home Depot and UPS breaches and involved an analysis of BlackPOS, FrameworkPOS and Backoff malware samples. The researchers …
John Leyden, 12 Nov 2014
Infosec

Cybersecurity? Nothing to do with us, mate – Google and Facebook

Google, eBay, Facebook, Yahoo! foursquare and Microsoft want nothing to do with the proposed new EU cybersecurity law. In an open letter to Europe’s telco ministers last week, CCIA (the Computer & Communications Industry Association) said the proposed Network and Information Security (NIS) Directive should excluding internet …
Jennifer Baker, 12 Nov 2014

DAY ZERO, and COUNTING: EVIL 'UNICORN' all-Windows vuln - are YOU patched?

Security researcher Robert Freeman has discovered an 18-year-old, critical, remotely-exploitable vulnerability di tutti vulnerabiliti which affects just about ALL versions of Windows - all the way back to Windows 95. The vulnerability (CVE-2014-6332) rated a critical score of 9.3 in all versions of Windows and was described as a …
Darren Pauli, 12 Nov 2014

Iranian contractor named as Stuxnet 'patient zero'

Malware researchers have named five Iranian companies infected with Stuxnet , identifying one as 'patient zero' from which the worm leaked to the world after causing havoc in the Natanz uranium plant. Joint research by Kaspersky Lab and Symantec found the organisations, contractors to Natanz, were targeted between June 2009 and …
Darren Pauli, 12 Nov 2014

Patch Windows boxes NOW – unless you want to be owned by a web page or network packet

"Remote code execution if an attacker sends specially crafted packets" is not what many of you want to hear today – nor "remote code execution if a user views a specially crafted webpage using Internet Explorer" – but it's Patch Tuesday, so what do you expect? Microsoft has issued a batch of security fixes for Internet Explorer …
Shaun Nichols, 11 Nov 2014

Most convincing PHISHING pages hoodwink nearly half of you – Google

Nearly half (45 per cent) of those who visit the most convincing phishing pages are tricked into handing over personal information, according to Google. This effectiveness drops to just three per cent in the case of the most obviously scummy phishing sites, while the online giant reports that the account hijackers work quickly, …
John Leyden, 11 Nov 2014

German spies want millions of Euros to buy zero-day code holes

Germany's spooks have come under fire for reportedly seeking funds to find bugs – not to fix them, but to hoard them. According to The Süddeutsche Zeitung, the country's BND – its federal intelligence service – wants €300 million in funding for what it calls the Strategic Technical Initiative. The Local says €4.5 million of that …
The MQ-9 Reaper drone in flight

British drones target ISIS for the first time

The RAF has launched its first drone strikes against Islamic fundamentalists ISIS, marking an escalation of Blighty's air war in Iraq. A British Reaper drone attacked a terrorist encampment near Bayji, north of Baghdad, where militants were planting improvised explosive devices. It then circled the area, providing real-time …
Jasper Hamill, 11 Nov 2014

EMET 5.0 crashes Patch Tuesday party

Microsoft has issued a new version of its Enhanced Mitigation Toolkit (EMET) to address a variety of compatibility issues in the system-hardening environment. Version 5.1 fixed compatibility and Export Address Table Filtering Plus (EAF+) issues with security updates for 64-bit Internet Explorer version 11, Adobe Reader, Adobe …
Darren Pauli, 11 Nov 2014

Hacker Hammond's laptop protected by pet password

Former LulzSec member Jeremy Hammond - once the FBI's most wanted and charged with hacking security firm Stratfor - seems to have failed to prevent police accessing his laptop due to a poor password. During a police raid in March 2012 he raced through a friend's Chicago home to shut and lock his laptop. But the effort appeared …
Darren Pauli, 11 Nov 2014

Mozilla makeover to boost Tor torque, capacity

Mozilla will tweak its flagship Firefox browser and host relays to speed up and boost the capacity of Tor under the Polaris project launched today. The browser baron joined the Tor Project and the Centre for Democracy and Technology, under the Polaris initiative, to create warmer, fuzzier relationships between the organisations …
Darren Pauli, 11 Nov 2014
Beware of the dog

Names, ages, addresses, SSNs of US postal staff slurped in 'mega-hack'

The US Postal Service has called in the FBI after hackers apparently grabbed names, addresses, social security numbers and other sensitive records from its staff database. It's feared miscreants got into USPS corporate servers, and swiped data that will be a lucrative haul for identity thieves and other fraudsters. USPS employs …
Iain Thomson, 10 Nov 2014
Eve in the Garden of Eden talking to a rather angry God on Snapchat

Got an iPhone or iPad? LOOK OUT for MASQUE-D INTRUDERS

Security experts have now probed further into the vuln in non-jailbroken iOS 7 and iOS 8 devices which was exploited by the previously revealed WireLurker USB-hopping malware. Dubbed a “Masque Attack”, the tactic allows hackers to install iOS apps on iPhone or iPad via email or text message. The attack takes advantage of a …
John Leyden, 10 Nov 2014
Artist's rendering of the concave Vdara hotel

Feeling safe in your executive hotel suite, Mr CEO? Well, DON'T

Corporate bosses are coming under attack from a shadowy new group that spreads malware by hijacking the networks of luxury hotels. Kaspersky Labs' Global Research & Analysis Team has issued a warning about an advanced persistent threat designed by a crew called Darkhotel, who target top execs as they relax in plush hotel rooms …
Jasper Hamill, 10 Nov 2014

BrowserStack HACK ATTACK: Service still suspended after rogue email

Browser testing service BrowserStack has temporarily suspended its services while it recovers from a "hack attack" by someone apparently bent on discrediting the security of the widely used tool. "We did get hacked. Currently sanitising entire BrowserStack, so service will be down for a while. We're on top of it and will keep …
John Leyden, 10 Nov 2014
Hacked sarcasm

Someone has broken into your systems. Now what?

So, you've been hacked. Compromised. Breached and violated. Some criminal Goldilocks has been inside your network and found that your data was neither too hot nor too cold but just right. What are you going to do about it? This could happen to any organisation and what you do to mitigate the problem could define your public …
Danny Bradbury, 10 Nov 2014
Tommy lee image

Aussie feds consider job offer to 'LulzSec leader' who wasn't

Shackled hacker and supposed "leader of Lulzsec" Matthew Flannery is welcome to apply for a job with the Australian Federal Police (AFP_, the force says. Flannery was arrested last April as one of two crackers behind the defacement of the then-unpatched Narrabri shire council. He's since been sentenced to, and is serving, 15 …
Darren Pauli, 10 Nov 2014

Emoticons blast three security holes in Pidgin :-(

Cisco researchers have reported a trio of vulnerabilities in popular instant messaging client Pidgin that allow for denial of service by way of emoticon abuse and remote arbitrary file creation. Researchers Yves Younan and Richard Johnson say the flaws have since been quietly patched, but rated a maximum CVSS score of 6.4 but …
Darren Pauli, 10 Nov 2014
Toilet

Sysadmins disposed of Heartbleed certs, but forgot to flush

Sysadmins' need for sleep and attempts to stop working at weekends have slowed down the response to Heartbleed, according to University of Maryland researchers – but more seriously, it's possible that a bunch of half-fixed websites retain some vulnerability to the bug. The problem, the researchers told the 2014 Internet …
NHS Files on a desk

TORpedo'd dev dumps Doxbin files after police raids

An administrator of Tor hidden service site Doxbin taken down by the FBI last week has released log files in a bid to crowd-source an analysis of how the sites were captured. Former Doxbin admin NaChash (@loldoxbin) released the website files in hopes users would discover how it was discovered and shut down. His site was …
Darren Pauli, 9 Nov 2014

Crooks are using proxy servers to build more convincing phishing sites – new claim

Crooks using phishing pages to grab victims' passwords have apparently upped their game – by using proxy servers rather than static pages to craft legit-looking websites. Normally, thieves recreate a web page – such as a login page for an online shop or webmail – and stick it on a compromised server, then direct marks towards …
John Leyden, 7 Nov 2014

EU cyber-cop: Dark-net crooks think they're beyond reach (until now)

Hundreds of website domains seized, 17 arrested and $1m in Bitcoin confiscated – Thursday was, apparently, a busy day for the West's cyber-cops. Operation Onymous, in which police and g-men in more than a dozen European countries as well as the US, has claimed some big scalps including the Silk Road 2.0, Hydra and Cannabis Road …
Routers

Belkin flings out patch after Metasploit module turns guests to admins

Belkin has patched a vulnerability in a dual band router that allowed attackers on guest networks to gain root access using an automated tool. The flaw reported overnight targeted the Belkin N750 dual-band router – which was launched in 2011 and is still sold by the company and other commerce sites. IntegrityPT consultant Marco …
Darren Pauli, 7 Nov 2014

Home Depot: Someone's WEAK-ASS password SECURITY led to breach

Hackers gained access to Home Depot's network via a third-party vendor system, according to preliminary results of an investigation into the September mega-breach. Cybercrooks used access to the US retail giants' network gained via ineffective password security at an unnamed third party vendor's system to run a stepping-stone …
John Leyden, 7 Nov 2014
apple mac malware vxer

'Older' WireLurker previously tried, failed to leap from Windows to iThings

An older version of WireLurker, the newly discovered malware capable of spreading onto Apple iOS devices from infected Mac OS X systems, once targeted Microsoft Windows, it has emerged. WireLurker is the first malware capable of attacking non-jailbroken iPhones and iPads, smashing the conventional wisdom that such devices are …
John Leyden, 7 Nov 2014

Security products: Best of breed or create your own monster?

IT security is not just about antivirus or firewall products anymore. There is a whole layer cake of different product types designed to protect your organisation in different ways. It is a stack, in much the same way as TCP-IP networking or web server functionality has stacks of functionality. The question is, what's the best …
US Military hacking team

Spyware-for-cops Hacking Team faces off against privacy critics

Controversial spyware-for-cops outfit Hacking Team has defended its snooping and come out on the offensive against security research critics. Last week Glenn Greenwald’s The Intercept published what it asserted were secret manuals illustrating how Hacking Team sold its spyware sold to authoritarian regimes around the world. The …
John Leyden, 7 Nov 2014
The tag in question

Shove over, 2FA: Authentication upstart pushes quirky login tech

Security upstart LiveEnsure is trying to shake up the authentication market with technologies that verify users by device type, location and user behaviour, as an alternative to established authentication systems. The firm is pushing its smartphone-based services as an alternative to security tokens, biometrics, one-time- …
John Leyden, 7 Nov 2014

By the way, Home Depot hackers also grabbed 53 million email addresses

Hackers made off with a whopping 53 million email addresses as part of the high profile April breach of Home Depot in which 56 million credit cards were compromised, the company says. The haul bagged enough email addresses to contact everyone in England, but it was unknown if the information had been implicated in further …
Darren Pauli, 7 Nov 2014
Windows 7

Microsoft warns of super-sized Patch Tuesday next week

It's getting close to security update time in Redmond yet again, and Microsoft has given notice that Windows and Office users can expect another nice, big pile of fixes on November's Patch Tuesday. The software giant gave advance notice of no less than 16 security bulletins to be addressed on November 11, five of which have been …

If you're suing the UK govt, Brit spies will snoop on your briefs

British agents spy on lawyers and their clients who are suing the UK government – and then pass their confidential conversations onto the government's legal team, it's claimed. Evidence of dirty tricks surfaced amid a court case brought against the British government by two Libyan families, who were kidnapped and sent back to …
Iain Thomson, 7 Nov 2014
frustration_anger_irritation_annoyance pain

Ex-NSA lawyer warns Google, Apple: IMPENETRABLE RIM ruined BlackBerry

An ex-NSA lawyer believes BlackBerry's ongoing downfall stems from the company's use of strong encryption – and Apple and Google are next to wither on the vine. Nope, it makes no sense to us, either. Speaking at the Dublin Web Summit this week, Stewart Baker, a former NSA lawyer and assistant secretary for the Department of …
Shaun Nichols, 7 Nov 2014

Aussie spooks warn of state-sponsored online attacks during G20

Australia's top spy agency has warned of 'real and persistent' threats to organisations, agencies and individuals linked to the G20 leaders conference in to be held down under next week. The advice issued by the Australian Signals Directorate (ASD) warns that large diplomatic and defence conferences attract attacks such as …
Darren Pauli, 7 Nov 2014