Feeds

Security > More stories

Do your execs take mobile security seriously?

Reader Poll One of the findings emerging from our latest poll is that many of you are highlighting a lack of exec awareness and air cover when it comes to mobile security. This in turn appears to translate to a lack of funding to put the systems in place to cope with new devices, BYOD and so on. Is this something you are experiencing? If …
Dale Vile, 11 Jul 2014

FBI and pals grab banking Trojan zombielord's joystick

Law enforcement and the security business have teamed up to disrupt the operation of the Shylock banking Trojan. The UK's National Crime Agency joined forces with Europol and the FBI to take down and seize the command and control servers key to running the botnet. Law enforcement also took control of the domains Shylock uses for …
John Leyden, 11 Jul 2014
Nyancoin logo

Exploit emerges for LZO algo hole

Security Mouse security researcher Don A Bailey has showcased an exploit of the Lempel-Ziv-Oberhumer (LZ0) compression algorithm running in the Mplayer2 media player and says it could leave some Linuxes vulnerable to attack. The LZO data compression algorithm was created by Markus Oberhumer in 1994 and was discovered to be …
Darren Pauli, 11 Jul 2014
Zombie Zero

Infected Chinese inventory scanners ships off logistics intel

A Chinese manufacturer has been accused of implanting malware that steals supply chain intelligence in its hand-held scanner firmware. Security firm TrapX says infected scanners have been sold to eight unnamed firms including a large robotics company. Variants of the malware broke into enterprise resource planning platforms to …
Darren Pauli, 11 Jul 2014
NSW Police car

Sydney coppers clobber cabbie carder crims

Sydney police have swooped on a fraud ring that implanted skimmers into taxis to clone customers' credit cards. Police on July 1 arrested four men involved in the ring including a 29 year-old taxi driver at Chullora, nabbed a fifth chap later that day, and raided a Sydney CBD unit where 800 credit cards, a laptop and cloning …
Darren Pauli, 11 Jul 2014

German government orders local CIA station chief to pack his bags

The German government has ordered the local station chief of the CIA to leave the country immediately – after a second German government official was arrested in an investigation into US surveillance on its erstwhile ally. "The representative of the US intelligence services at the embassy of the United States of America has been …
Iain Thomson, 10 Jul 2014

Dodgy Google, Yahoo! SSL certs nuked in Windows – finally

One week after Google spotted an SSL certificate issuer dishing out certs that could be used to impersonate Google and Yahoo! websites, Microsoft has taken action to block the illicit certificates from being used on its software. The certs, issued by India's National Informatics Centre (NIC), were detected on July 2 by Google's …
Iain Thomson, 10 Jul 2014

Adobe Flash: The most INSECURE program on a UK user's PC

Adobe Flash Player was the most insecure program installed on UK computer users PCs throughout the second quarter of 2014, according to stats from vulnerability management firm Secunia. Nearly seven in 10 (69 per cent) UK PC users were found to have an end-of-life version of Adobe Flash Player 13 installed during Q2 2014. Users …
John Leyden, 10 Jul 2014

UK's emergency data slurp: IT giants panicked over 'legal uncertainty'

The UK government secured the backing of the country's main political parties today to rush an emergency Data Retention and Investigation Powers Bill (DRIP) through Parliament just seven days before MPs break for summer recess. It comes after communications providers and telcos who operate in Britain but have headquarters based …
Kelly Fiveash, 10 Jul 2014
Silent Circle email

Silent Circle takes on Skype, Viber, mobile telcos with crypto-VoIP

Silent Circle has launched a global encrypted IP voice calling service that will go up against over-the-top services Skype and Viber, among others. The idea here, however, is that it will feature a way to communicate privately. It's more bad news for mobile carriers, which are already beating off roaming-revenue pinchers in the …
John Leyden, 10 Jul 2014
Facebook privacy image

Crusty API opened Facebook accounts to hijacking

A leftover API that Facebook forgot to kill has left accounts open to spammers and scammers, says security Stephen Sclafani. The flaw means an attacker could view other users' messages and post status updates. Sclafani found that a then mis-configured endpoint, since patched, allowed legacy REST API calls to be made on behalf of …
Darren Pauli, 10 Jul 2014
The chinese characters for China as used in the new .中国  domain

China trawls top-secret US personnel lists – report

An attack suspected to have originated in China breached security at the US Office of Personnel Management, according to The New York Times. The paper's report suggests the attackers attempted to access personnel records describing government workers who have applied for high-level security clearances. Those records, the report …
Simon Sharwood, 10 Jul 2014
Brute force

Brute-force bot busts shonky PoS passwords

A botnet has compromised 60 point of sale (PoS) terminals by brute-force password attacks against poorly-secured connections, FireEye researchers say. The trio including Nart Villeneuve, Joshua Homan and Kyle Wilhoit found 51 of the 60 popped PoS boxes were based in the United States. The attacks were basic and targeted remote …
Darren Pauli, 10 Jul 2014
FireEye image

FireEye patches OS, torpedos Exploit-DB disclosure

FireEye has patched a series of publicly-disclosed flaws in its operating system (FEOS) that facilitated man-in-the-middle attacks and command injection. The vulnerabilities released over June affected versions NX, EX, AX, FX, and CM of the FEOS and were patched in the first individual security bulletin for the system. The …
Darren Pauli, 10 Jul 2014

Victim of Tor-hidden revenge smut site sues Tor Project developers

The Tor Project has found itself on the receiving end of a lawsuit that claims the privacy software's developers aided a revenge porn slinger. An attorney at the Electronic Frontier Foundation (EFF) told The Register the allegations against the Tor team are baseless. In a lawsuit, Shelby Conklin accuses the Tor Project of …
Shaun Nichols, 10 Jul 2014
NSA's Fort Meade headquarters

Ex-NSA boss Alexander joins bankers' CYBER WAR COUNCIL

Former NSA head Keith Alexander has been tapped up to advise a new cyber war council for government and financial institutions in the US, according to Bloomberg. The biz news site has seen a proposal from the Securities Industry and Financial Markets Association (SIFMA) that suggests that the industry needs a committee of execs …
Senator Joe McCarthy, of "Reds under the bed" infamy

Snowden leaks latest: NSA, FBI g-men spied on Muslim-American chiefs

New documents from whistleblower Edward Snowden confirm that the NSA and the FBI spy on Muslim-American leaders, including Republican Party politicians and military veterans. The Intercept reports that the Feds are using tactics and techniques intended for catching terrorists and spies to monitor the email accounts of prominent …
John Leyden, 9 Jul 2014
PCS with a red X in front of them

ATTACK of the Windows ZOMBIES on point-of-sale terminals

Security watchers have spotted a fresh Windows-based botnet that attempts to hack into point-of-sale systems. Cyber threat intelligence firm IntelCrawler reports that the “@-Brt” project surfaced in May through underground cybercrime forums. The malware can be used to brute-force point-of-sale systems and associated networks, …
John Leyden, 9 Jul 2014
iPad Psycho image

That 'wiped' Android phone you bought is stuffed with NAKED SELFIES – possibly

It's hard being a security researcher. Several of them just had to view thousands of nude selfies pulled from second-hand phones and tablets for a campaign warning people who sell old devices. The beleaguered infosec bods saw 750 photos of naked women and 250 images of manhood from a pool of 40,000 photos still stored on a mere …
Darren Pauli, 9 Jul 2014
Rosetta Flash diagram

Weaponised Flash flaw can pinch just about anything from anywhere

Get cracking with the latest Flash upgrade, because the vulnerability it patches is a peach, allowing a cross-site request forgery (CSRF) attack for stealing user credentials. According to the Switzerland-based Google engineer that turned up the vulnerability, Michele Spagnuolo, sites that are/were vulnerable to the attack …
Lecpetex

Facebook scuttles 250k-strong crypto-currency botnet

Facebook has taken down a Greek botnet that at its peak compromised 50,000 accounts and infected 250,000 computers to mine crypto-currencies, steal email and banking details and pump out spam. The scuttled Lecpetex botnet spread malware including the DarkComet remote access trojan by social engineering techniques and was adept …
Darren Pauli, 9 Jul 2014
australian credit cards fraud contactless

Teensy card skimmers found in gullets of ATMs

A series of tiny and sometimes transparent card-skimming devices have been detected in ATMs across Europe, researchers say. Boffins with the European ATM Security Team (EAST) have plucked out and displayed some clever thumb-sized skimmers that hide from victims' view by fitting in cash terminals' gullets. The devices paraded in …
Darren Pauli, 9 Jul 2014

FAKE Google web SSL certificates tip-toe out from Indian authorities

Google is warning that dodgy SSL certificates have been issued by India's National Informatics Centre (NIC): these certs can be used by servers to masquerade as legit Google websites and eavesdrop on or tamper with users' encrypted communications. According to this blog post by Google's security team, the Googlers noticed …
Iain Thomson, 9 Jul 2014

Russian MP fears US Secret Service cuffed his son for Snowden swap

The US Secret Service has announced the arrest of a man accused of being "one of the world's most prolific traffickers in stolen financial information," touching off a diplomatic firestorm in the process. Roman Valerevich Seleznev, who goes by the online handle Track2, is accused of hacking into point-of-sale systems to steal …
Iain Thomson, 8 Jul 2014

Dear Windows Journal, today I got owned: 29 security bugs swatted

Microsoft has released patches for 29 security vulnerabilities, while Adobe has released an update for Flash Player. Redmond's latest Patch Tuesday batch is composed of six bulletins, two of which have been rated as critical updates. Three others have been rated important, and the sixth is considered a moderate risk. The …
Shaun Nichols, 8 Jul 2014

China's 'Deep Panda' crew targets Middle East policy wonks - report

A group of China-based cyber spies have begun targeting national security think tanks, initially targeting analysts focusing on the Asia-Pacific region before switching their focus to Iraq. Infosec threat intelligence firm CrowdStrike warns that a group it dubs Deep Panda has begun targeting think tanks, particularly those …
John Leyden, 8 Jul 2014

Panic like it's 1999: Microsoft Office macro viruses are BACK

Macro viruses involving infected Word and Excel files were a plague in the late 1990s. Yet, like grunge music, the genre fell into decline as techniques and technologies moved on. More recently macro viruses have staged something of a revival, thanks to social-engineering trickery. Windows executable malware has dominated macro …
John Leyden, 8 Jul 2014
Prison window

Computing student jailed after failing to hand over crypto keys

+Comment A computer science student accused of hacking offences has been jailed for six months for failing to hand over his encryption passwords, which he had been urged to do in "the interests of national security". Christopher Wilson, 22, of Mitford Close, Washington, Tyne and Wear, was jailed for refusing to hand over his computer …
John Leyden, 8 Jul 2014

IEEE expands malware initiatives

Standards body the IEEE has launched two new anti-malware initiatives designed to help software and security vendors spot malware that's been inserted into other software, and improve the performance of malware detection by cutting down on false positives. The organisation's Anti-Malware Support Service (AMSS) is designed to …
Doctor Who meme

Doctor Who season eight scripts leak online

Scripts for the first five episodes of the yet-to-be-screened and highly-anticipated series eight of Doctor Who have been leaked online. The leak is said to have come from BBC Worldwide's new Miami office, which was arranging translation of the new series for non-English speaking markets. The scripts are said to bear a BBC …
Darren Pauli, 8 Jul 2014
Bloatware foistware

Insecure AVG search tool shoved down users' throats, says US CERT

The US Computer Emergency Response Team (CERT) has warned users about software download sites' practice of including unasked-for downloads, after one such program - AVG's Secure Search toolbar - was found to be insecure. Known as "bloatware" or "foistware", unasked-for software is bundled into to the installation wrappers used …
Darren Pauli, 8 Jul 2014
Bitcoin bloodbath

Gendarmes grab French Bitcoin exchange in €200k sting

The operators of an illegal French Bitcoin exchange have been collared by the gendarmes and their Bitcoin holdings confiscated. A sketchy story out of Reuters says that the raid netted €200,000 worth of the crypto-currency, but doesn't outline what specific laws the exchange is accused of breaking. The Reuters story merely …
Feinstein

Cyber-Senate's cyber-security cyber-law cyber-scares cyber-rights cyber-fighters

On Tuesday the US Senate will meet in a closed-door session to mark up the forthcoming Cybersecurity Information Sharing Act of 2014 (CISA) – and the proposed new rules on data sharing between big biz and government have privacy groups seriously worried. CISA is an offshoot of the proposed Cyber Intelligence Sharing and …
Iain Thomson, 8 Jul 2014
Fail and You

Vid shows how to easily hack 'anti-spy' webmail (sorry, ProtonMail)

Video + Update A security researcher has demonstrated a classic JavaScript-injection attack against ProtonMail – the webmail system developed by boffins and CERN to withstand surveillance by the world's intelligence agencies. German security expert Thomas Roth published a video over the weekend showing how he exploited a trivial …
Iain Thomson, 7 Jul 2014
Evil Android

App permissions? Pah! Rogue Android soft can 'place phone calls at will'

Researchers at German security firm Curesec have identified bugs present in most versions of Android that can allow malicious applications to place phone calls, even when they lack the necessary permissions. By exploiting these vulnerabilities, rogue apps can get up to such mischief as surreptitiously dialing out to expensive …
Li-Fi D-Light

Fridge hacked. Car hacked. Next up, your LIGHT BULBS

Those convinced that the emerging Internet of Things (IoT) will become a hackers' playground were given more grist for their mill with news on Friday that security researchers have discovered a weakness in Wi-Fi/mesh networked lightbulbs. Researchers at Context Information Security discovered that LED light bulbs from …
John Leyden, 7 Jul 2014

German spy agency staffer spied for NSA during gov probe into NSA spying – report

A German intelligence agency staffer has been arrested after allegedly being caught spying on behalf on the US, according to reports by German newspapers. The country's Federal Prosecutor's office has confirmed that a man had been arrested on suspicion of being a foreign spy, but gave no further details. According to reports in …
John Leyden, 7 Jul 2014
Sign outside the National Security Agency HQ

Don't panic! Mega cloud biz group says NSA just one among many threats

Enterprises are being told to not abandon the cloud out of fear of possible threats to their data security posed by US government snoops. The Open Data Center Alliance (ODCA) has advised big companies the benefits of cloud – escaping their legacy IT – far outweigh risks of the National Security Agency pilfering their secrets. …
Gavin Clarke, 7 Jul 2014
Street View spymobile captures Street View spymobile on Street View

Brit celebs' homes VANISH from Google's Street View

Google is scrubbing out the homes of Blighty's rich and famous from its nosey Street View site. It has been reported that the likes of former Labour Prime Minister Tony Blair, former Beatle Paul McCartney and Led Zeppelin axeman Jimmy Page have had their houses blurred on the mapping service. Popstar Lily Allen and former RBS …
Team Register, 7 Jul 2014
North Korea South Korea hacking

NORKS hacker corps reaches 5,900 sworn cyber soldiers - report

North Korea has doubled the number of government hackers it employed over the last two years according to military sources from the South. The allegations claim 5900 "elite" personnel were employed in Pyongyang's hacking unit, up from 3000 in 2012. The hackers had their crosshairs firmly fixed on Seoul but operate from bureaux …
Darren Pauli, 7 Jul 2014
Mobile phone stolen by pickpocket

USA to insist on pre-flight mobe power probe

The USA's Transport Security Administration (TSA) has announced new, “enhanced security measures” that will require mobile phones to be charged before taken aboard international flights to the nation. The new requirement is simple. As explained here, the new arrangements will mean that “During the security examination, officers …

'Spy-proof' IM launched: Aims to offer anonymity to whistleblowers

Security experts have teamed up to created a stealthy internet messenger client designed especially for whistleblowers. The ‪invisible.im project promises an instant messenger that leaves no trace‬. The team behind the project include Metasploit Founder HD Moore and noted infosec and opsec experts The Grugq. That's the infosec …
John Leyden, 4 Jul 2014