Feeds

Security > More stories

australian credit cards fraud contactless

Credit card thieves setting up safe seller certifications

Breakpoint In the world of carding, you get what you pay for: stolen cards are cheaper on riskier public trading forums and more pricey on closed more reliable markets, according to recent analysis. Since 2007, Michigan State University associate professor Thomas Holt, University of North Carolina assistant professor Olga Smirnova and Yi- …
Darren Pauli, 8 Oct 2014

Mandiant to probe gaps in rusty unpatchable utility systems

Mandiant has launched a managed gap assessment for industrial control systems (ICS) it says will help administrators deal with temperamental systems. It was a "light touch" for legacy or leviathan systems that could fall over in the event of tinkering or patching. Mandiant SCADA bod Dan Scali said the system was geared to …
Darren Pauli, 8 Oct 2014

What's happened since Beijing's hacker unit was exposed? Nothing

Chinese hacker unit PLA 61398 is hacking US companies harder than ever after bilateral talks between Beijing and Washington were interrupted by Snowden leaks, according to Mandiant boss Kevin Mandia. The hack squad, also known as APT1, was subject to a high profile exposure by the company in February last year. Its state- …
Darren Pauli, 8 Oct 2014

Adobe spies on reading habits over unencrypted web because your 'privacy is important'

Adobe confirmed its Digital Editions software insecurely phones home your ebook reading history to Adobe – to thwart piracy. And the company insisted the secret snooping is covered in its terms and conditions. Version 4 of the application makes a note of every page read, and when, in the digital tomes it accesses, and then …
Iain Thomson, 8 Oct 2014

Aussie builds contactless card cloner app, shops at Woolies with fake card

Money hacker Peter Fillmore has created an Android app that can clone some of Australia's most popular contactless credit cards. In attacks that slipped beneath banks' and credit card providers' radars, the Aussie boffin probed the protocols behind Visa and Mastercard payment cards and proved the viability of an attack by …
Darren Pauli, 7 Oct 2014

Adobe spies on readers: 'EVERY page you turn, EVERY book you own' leaked back to base

Updated Adobe's Digital Editions 4 ebook reader software collects detailed information about the reading habits of its users – and sends it back to the company in a format that's easy for others to slurp. An investigation by Nate Hoffelder of The Digital Reader blog showed that ADE 4 was collecting telemetry on which pages of ebooks …
Iain Thomson, 7 Oct 2014

Britain’s snooping powers are 'too weak', says NCA chief

Keith Bristow, head of of the National Crime Agency (the UK’s FBI), is arguing Britain’s snooping powers are “too weak”. In an interview with The Guardian, the NCA’s director general said police need new powers to monitor data about emails and phone calls. He admits many don't see the police case for comms data snooping while …
John Leyden, 7 Oct 2014

Monster banking Trojan botnet claims 500,000 victims

Security researchers have uncovered the infrastructure behind one of largest and most voracious banking Trojan networks uncovered to date. The Qbot (aka Qakbot) botnet apparently infected 500,000 systems before sniffing "conversations" – including account credentials – for a whopping 800,000 online banking transactions. More …
John Leyden, 7 Oct 2014

FireEye, Singtel pull on SOCs in Sydney and Singapore

Telco and security giants SingTel and FireEye have injected $US50 million to establish two security operations centres (SOCs) in Sydney and Singapore as part of a new deal between the two companies to offer managed security services. The SOCs will run out of SingTel's network operation centre (NOCs) to leverage the telcos' …
Darren Pauli, 7 Oct 2014
2001: A Space Odyssey

Windows 10's 'built-in keylogger'? Ha ha, says Microsoft – no, it just monitors your typing

Don't want Microsoft tracking you online and collecting data on your computing habits? Then you probably shouldn't install the Windows 10 Technical Preview, Redmond says. The interwebs were abuzz on Monday over concerns about the Terms of Use and Privacy Policy of Microsoft's newly released, not-even-beta-yet OS, with some sites …
Brute force

Holey? COWL! Boffins build boxes to hold sketchy JavaScript libs

Researchers have developed what they say is a new web privacy system for Google Chrome and Mozilla Firefox: we're told it blocks dodgy JavaScript code from funneling sensitive information to crooks. The Confinement with Origin Web Labels (COWL) system tries to protect websites that rely on JavaScript libraries written by third …
Iain Thomson, 7 Oct 2014

Bugzilla code critters blab your security sinners, warns Mozilla

The Mozilla Foundation has warned of a number of recently discovered vulnerabilities in its Bugzilla bug-tracking tool that could give attackers access to sensitive information about software projects. One particularly serious flaw allows attackers to bypass email verification phase when creating new Bugzilla accounts, meaning …
Marissa Mayer working from home?

Yahoo servers? SHELLSHOCKED? by Bash?

Updated Yahoo! said "a handful" of its servers fell to hackers who may have been trying to exploit the Shellshock vulnerability in Bash. The miscreants took control of the web servers to build a botnet out of them, it is claimed. "As soon as we became aware of the issue, we began patching our systems and have been closely monitoring …
Iain Thomson, 6 Oct 2014
Mobile phone stolen by pickpocket

AT&T fires insider for slurping customers' social security numbers, driver licenses and more

AT&T has warned subscribers that a rogue staffer rifled through the telco's customer database without authorization. The telecoms giant said one of its workers pulled up sensitive information – including social security numbers – and was duly fired for breaking the corp's privacy rules. According to a letter [PDF] to customers …
Shaun Nichols, 6 Oct 2014
chalk outline of  human body at crime scene

Rise of the Machines: FIRST HUMAN VICTIM – 2015

Death via internet, online contract killers and crime-as-a-service were just three of the scarier elements discussed by international top cops at the Interpol-Europol cybercrime summit in Singapore last week. The Internet Organised Crime Threat Assessment, a report prepared by Europol’s cybercrime division, warns that the so- …
Malware

Apple tries to kill iWorm: Zombie botnet feasting on Mac brains

Apple has updated its XProtect anti-malware system to squash several variants of the iWorm before the malware causes any further damage. The changes to the program XProtect.plist allows OSX to detect and block three species of iWorm, helpfully named OSX.iWorm.A, OSX.iWorm.B, and OSX.iWorm.C. XProtect is Apple's rudimentary …
Jasper Hamill, 6 Oct 2014
Sad cloud

Chinese researchers develop fuzzy search algorithm for encrypted cloud data

Chinese researchers from Nanjing University have developed an encrypted search mechanism which they say is both more productive and secure than existing systems. Existing systems can search encrypted data only for exact keyword matches and nothing similar. Authors of such systems can employ fuzziness to detect phrases (such as “ …
Darren Pauli, 6 Oct 2014
Sydney harbour bridge poking out of the clouds

Azure Australia certified good enough for government work

Microsoft's Australian outpost still won't say when its pair of local Azure bit barns will go live for folks beyond the current cloud test dummies, but is waving around a newly-acquired letter that proves it “has appropriate and effective security controls in place for the processing, storage and transmission of Unclassified …

Uni boffins: 'Accurate' Android AV app outperforms most rivals

German researchers have built an Android app capable of detecting 94 percent of malware quick enough to run on mobile devices they say bests current offerings in effectiveness and description. Daniel Arp, Konrad Rieck, Malte Hubner and Hugo Gascon of the University of Gottingen – together with Michael Spreitzenbarth of Siemens …
Darren Pauli, 6 Oct 2014
android malware mobile iphone

Will we ever can the spam monster?

Spam may be the best known security threat in the world. Anyone with email or a Facebook account has experienced it, despite providers’ best efforts to block it from their inboxes. And although the world’s cyber warriors have taken down large chunks of infrastructure hosting massive spam campaigns, it remains a huge problem. As …
Tom Brewster, 6 Oct 2014
Hacked sarcasm

JPMorgan CYBER-HEIST: 9 US financial firms snared by 'Russian hackers', says report

Russian hackers with "loose connections" to Vladimir Putin's government were reportedly behind the massive JPMorgan cyber-heist understood to have hit 83 million households and businesses in the US. According to the New York Times, nine other Stateside financial institutions were also targeted by wrongdoers involved in the huge …
Kelly Fiveash, 5 Oct 2014

Why US Feds and g-men kick up a stink about a growing smartphone encryption trend

Analysis Over the last few weeks law enforcement officials on both sides of the Atlantic have been kicking up a fuss over Apple and Google deciding to include effective encryption on their smartphones. On Thursday, the Europol assistant director and head of European Cybercrime Centre issued a warning about the technology, and here in the …
Iain Thomson, 4 Oct 2014
George Clooney and Amal Alamuddin on their wedding weekend in Venice

'Encryption will make life very easy for criminals and terrorists'

QuoTW This was the week when the US Attorney General jumped on the bandwagon and took Apple and Google to task for improving encryption on mobile devices. Eric Holder said tightening security on their ecosystems was actually a bad thing, as it could allow child predators to evade authorities and hide illegal images and content on …
Angry woman on mobile

Marriott fined $600k for deliberate JAMMING of guests' Wi-Fi hotspots

The Marriott has been fined $600,000 by the FCC for paralyzing guests' personal Wi-Fi hotspots, forcing them to use the hotel giant's expensive network instead. The US watchdog today said the Marriott Gaylord Opryland in Nashville, Tennessee, used monitoring equipment to illegally boot hotel and convention center guests off …
Shaun Nichols, 3 Oct 2014
USB tampon

FLASH drive ... Ah-aaaaaah! BadUSB no saviour to plug and play Universe

The seriousness of a USB security weakness, which could potentially allow hackers to reprogram USB drives, has been ratcheted up a notch, with the release of prototype code. Researchers Karsten Nohl and Jakob Lell, from German security skunkworks SR Labs, demonstrated how it might be possible to reprogram the firmware within …
John Leyden, 3 Oct 2014

MAC BOTNET uses REDDIT comments for directions

A zombie network that feasts on the computer brains of infected Macs has press-ganged 17,000 compromised machines into its ranks, Russian anti-virus firm Dr Web warns. The iWorm creates a backdoor on machines running OS X. Miscreants are using messages posted on Reddit as a navigational aid which points infected machines towards …
John Leyden, 3 Oct 2014

Bored hackers flick Shellshock button to OFF as payloads shrink

Malicious and benign attacks against systems vulnerable to Shellshock had halved by Sunday after peaking three days following the bug's disclosure, Akamai researchers say. The variety of payloads targeting vulnerable sites increased dramatically over the same period before tapering off, in a possible sign that hackers were bored …
Darren Pauli, 3 Oct 2014
Car-2-Car

We're not Mr Brightside: Asda Car Insurance broker hacked

No customer data was exposed after the firm behind Asda Car Insurance was hacked, said the broker as it explained why the ACI website went offline earlier this week. Reg reader and Asda Car Insurance customer Arthur forwarded us a notice he received from Brightside Group, who provide white label insurance products for Asda and …
John Leyden, 3 Oct 2014

POISON PI sniffs WiFi from your mail room, goes on rampage

Security bod Larry Pesce has developed a chopping board-sized hacker package as an inexpensive weapon for hacking wireless networks through the post. The device is designed for so-called "war shipping" attacks described (vid) last year in which hacking hardware is posted to a target organisation with the aim of attacking …
Darren Pauli, 3 Oct 2014
Disney's Beagle Boys

JPMorgan Chase: 76 MILLION homes, 7 MILLION small biz thumped in cyber-heist

Mega-bank JPMorgan Chase has admitted to suffering a major data breach that has been rumored since August, saying that as many as 76 million households and 7 million small businesses have been affected. The bank, which has never discussed the breach publicly before, made the disclosure in a filing with the US Securities and …
anonymous logo

Apple, Google mobe encryption good news... for TERRORISTS – EU top cop

People don’t know the difference between privacy and anonymity, says EU top cop Troels Oerting: they want the former, but the latter will make life too easy for criminals. The Europol Assistant Director and head of European Cybercrime Centre (EC3) was joining a chorus of lawmakers and law enforcers reacting to news that Apple …
sabu

LulzSec supersnitch led attacks on UK, Australia – report

Hacktivist kingpin turned FBI snitch Hector Xavier "Sabu" Monsegur orchestrated attacks against 30 countries, including systems in the UK and Australia, according to a report that joins the dots between sealed court docs and leaked IRC chat logs. According to the court documents, Monsegur persuaded other hacktivists – among them …
John Leyden, 2 Oct 2014

IRONY ALERT: Former MI6 chief warns of 'mass snooping' - by PAEDOS

The former head of MI6 has warned parents that paedophile predators are capable of using location-based services to find and abuse their kids. In a warning that might sound a bit rich coming from a former chief spook, Sir John Scarlett said he was worried about how easily a youngster's movements could be traced. Young girls are …
Jasper Hamill, 2 Oct 2014

Etsy security rule #1: Don't be a jerk to devs

Businesses should deploy bug bounty programs, phish their staff and launch intelligent attacks against their networks, Zane Lackey says. The now chief security officer of SignalSciences ran through the experience of building and adapting Etsy's security team. Lackey (@zanelackey) and his colleagues, who left the hipster bazaar …
Darren Pauli, 2 Oct 2014

VMWare virtually in control of Shellshock

VMware is plugging away at Shellshock holes in 37 virtual appliance products, but has so far shipped clean code for just a handful of appliances. The company released a fix for cloud analytics kit vCenter Log Insight and offered updates on four others. The advisory said a variety of VMware appliances shipped with Shellshock- …
Darren Pauli, 2 Oct 2014

Researchers bypass Redmond's EMET, again

Researchers have again disarmed Microsoft's lauded Enhanced Mitigation Experience Toolkit (EMET) defence tool, and criticised Redmond for not improving its security controls by much. Offensive Security researchers, the brains behind the Kali Linux security platform and the gents that popped Version 4, examined the advanced …
Darren Pauli, 2 Oct 2014

Bash bug flung against NAS boxes

Hackers are attempting to exploit the BASH remote code injection vulnerability against Network Attached Storage (NAS) systems. Miscreants are actively exploiting the time-to-patch window in targeting embedded devices, security firm FireEye warns. We have evidence that attackers are actively exploiting the time-to-patch window …
John Leyden, 1 Oct 2014

Xen sticks pin in bug behind Rackspace GLOBAL CLOUD REBOOT

Details of the mysterious Xen vulnerability, which prompted the Amazon AWS/Rackspace cloud reboots late last week, have been revealed, with patches already available. The CVE-2014-7188 vulnerability creates a way to trick the hypervisor into reading unallocated memory. "A buggy or malicious HVM [hardware virtual machine] guest …
John Leyden, 1 Oct 2014
Taxi Driver

Wide Open Data: NYC taxi dump catches strip club Johns

Open Data zealots rarely give an individual’s privacy a thought – it’s just another obstacle to be driven over in their desire to provoke a data-powered revolution. But a gigantic dump of journeys made by licensed New York City taxis gives a vivid reminder of the dangers of careless data drops. Earlier this year a Freedom of …
Hacked sarcasm

Biz coughs up even less for security, despite mega breach losses

Information security budgets are falling despite a continuing rise in the number of attacks, according to a new report by management consultants PwC. Detected security incidents have increased 66 per cent year-over-year since 2009, reaching the equivalent of 117,339 attacks per day, according to PwC's "The Global State of …
John Leyden, 1 Oct 2014

You dirty RAT! Hong Kong protesters infected by iOS, Android spyware

Hong Kong activists who have taken to the streets to demand electoral freedom are being targeted by mobile spyware – an Android and iOS remote-access Trojan to be precise. Israeli security firm Lacoon Mobile Security spotted the Xsser mRAT spyware being distributed under the guise of an app to help coordinate the Occupy Central …
Darren Pauli, 1 Oct 2014

Researcher details nasty XSS flaw in popular web editor

A tool that's popular with Microsoft's in-house developers, the RadEditor HTML editor, contains a dangerous cross-site scripting (XSS) vulnerability, researcher GS McNamara says. The editor was developed by Telerik and used in trusted in-house code in many big enterprises and across Redmond products including MSDN, CodePlex, …
Darren Pauli, 1 Oct 2014