Security > More stories

Loan application data hacked, company responds: Meh, not our customers

Hacker collective Rex Mundi has stolen 24,000 financial records from Belgian loan company AFC Kredieten, it claims, and if the company doesn't pay up before Friday at 8pm, it will publish every loan applicant record in its possession. As proof that they have successfully hacked the company, Rex Mundi has already published some …
Jennifer Baker, 17 Jul 2015
theresa_may_648

UK.gov will appeal against DRIPA-busting verdict, says minister

The government has announced it will appeal a High Court judgment which has ruled its DRIPA surveillance legislation unlawful. The High Court judgment, which was delivered this morning, ruled that the "emergency" DRIPA surveillance legislation rushed through Parliament last year is unlawful. Responding to the High Court …
Files in manager's desk drawers: manila folder marked "Redundancies". Image via shutterstock

Password manager Mitro will shutter itself on 31 August

Password manager service ‪Mitro‬ is to shut down permanently from the end of August. The announcement comes just less than twelve months after Mitro was acquired by Twitter for an undisclosed amount. Mitro open sourced its server and client software through GitHub at the same time in late July 2014. Mitro's team joined …
John Leyden, 17 Jul 2015

TalkTalk deactivates hundreds of email accounts after legacy spam scare

Hundreds of TalkTalk customers have been locked out of their email accounts after the network took steps to deactivate legacy addresses. Customers took to the company's forum to complain their accounts had been deactivated, seemingly without warning. The company appears to have only targeted Tiscali and Lineone email …
Kat Hall, 17 Jul 2015

Thanks for open sourcing .NET say Point of Sale villains

Trend Micro researcher Jay Yaneza says Point of Sales malware has begun using Microsoft .NET, following its release as open source last year. Yaneza found the new so-called GamaPoS malware being distributed to US organisations including credit unions, developers, and pet care businesses through the resurgent Andromeda botnet. …
Darren Pauli, 17 Jul 2015

Google, Adobe barricade Flash against hacker hordes – we peek inside

Google's team of computer security gurus have described the anti-hacker defenses they've helped Adobe add to Flash Player. It's hoped that these mechanisms will thwart or frustrate miscreants' attempts to exploit programming bugs in the software, and thus hopefully prevent attackers from hijacking victims' PCs and Macs. The …
Chris Williams, 17 Jul 2015

600 MEELLION apps open to brute force account guessing

Some of the world's most popular apps permit unlimited brute force password guessing attempts. The 53 exposed Android and Apple apps, collectively downloaded more than 600 million times, include SoundCloud, ESPN, CNN, Expedia, and Walmart. So far of the 15 apps named a dozen have failed to fix the server-side flaws after …
Darren Pauli, 17 Jul 2015
Malware image

Wicked WikiLeaks leaks considered harmful: Alert over malware lurking in dumped docs

Documents laced with malware have been found in WikiLeaks.org's cache of files obtained from hacked CIA wannabe Stratfor. Intelligence biz Stratfor was ransacked by Jeremy Hammond in late 2011, and its email archives passed to whistleblowing website WikiLeaks in early 2012. The Julian Assange™-led organization soon began …
Chris Williams, 17 Jul 2015

Ad slingers beware! Google raises Red Screen of malware Dearth

Watch out dodgy ad slingers and news sites; Google is expanding its 'last line of defence' Chrome feature to brand all security-slacker ad networks as unsafe. The Chocolate Factory will, over coming weeks, expand its Safe Browsing feature such that it throws an ominous Red Screen™ in front of ad networks it says have poor …
Darren Pauli, 17 Jul 2015

Running SAP? Checked for patches lately? Now's a good time

SAP has released its July pack of security fixes, including critical patches one researcher says demand your urgent attention. Alexander Polyakov of ERPScan noted a handful of security vulnerabilities patched by the release that could potentially be targeted for attacks. Among the patches is a fix for an authorization bypass …
Shaun Nichols, 17 Jul 2015
Australian attorney general George Brandis by https://www.flickr.com/photos/cebitaus/ cc 2.0 attribution https://creativecommons.org/licenses/by/2.0/

AARNet warns of 'draconian overreach' in telco regulation

As the deadline for submissions on the Australian government's telecom security legislation approaches, concerns are emerging at the potential for the laws to stifle innovation. The laws, introduced to Federal Parliament late in June, are designed to make sure that telecommunications carriers protect their infrastructure …
classroom_shutterstock_648

Brit school software biz unchains lawyers after crappy security exposed

Brit biz Impero unleashed its legal eagles after someone published details of a security cockup in its school network management software. The disclosed design flaw in Impero's Education Pro can be exploited to execute commands and run malicious code on a school's Windows PCs. Last month, a security researcher called …
Iain Thomson, 16 Jul 2015
hacker

Bloke thrown in the clink for hacking SIXTY PER CENT of Americans

A Vietnamese crook has started a 13-year stretch behind bars for hacking into corporate America, and offering to sell personal information on 200 million US citizens. Hieu Minh Ngo, 25, pleaded guilty to wire fraud, identity fraud, and access device fraud charges, and four counts of computer fraud and abuse. Judge Paul J. …
Shaun Nichols, 16 Jul 2015
Angela Merkel's eyes

German spooks target officials who leaked govt docs to bloggers

Germany’s domestic secret service is backing a criminal case against government officials who passed documents to the press. Activists claim the investigation is an effort to clamp down on the freedom of the press, while others see it as a cynical move by interior spooks the Federal Office for the Protection of the …
Jennifer Baker, 16 Jul 2015
angry_woman_mobile_cropped_648

Yep, world+dog's spies are in our network, says Vodafone as it bares all

Vodafone has updated its annual report on what it must do to comply with the law enforcement disclosures in the countries where it operates – and is considering more detailed disclosures. Most interestingly, it has looked at publishing how often a government has asked it to intercept calls and block or intercept data. This …
Simon Rockman, 16 Jul 2015

Thunder-faced Mozilla lifts Flash Firefox block after 0-days plugged

Mozilla has lifted its blanket block on Flash in Firefox following the release of security updates by Adobe on Tuesday. Although the short-term block has been lifted, the whole flap appears to have re-energised efforts at Mozilla to work on Flash alternatives. The block – imposed on Monday – meant that all versions of Flash …
John Leyden, 16 Jul 2015

FireEye intern nailed in Darkode downfall was VXer, say the Feds

A former intern at security company FireEye has been arrested for creating and selling the slick and sophisticated Dendroid malware program after being caught in a global police sting that obliterated the Darkode cybercrime forum. Prosecutors say that Morgan Culbertson, 20, of Pittsburgh, was most recently working as a …
Darren Pauli, 16 Jul 2015
Flipside RFID-shielded wallet

Your security is just dandy, Apple Pay, but here comes Android

Analysis Most security experts estimate that the security offered within (and by) Apple Pay is superior to that seen in existing contactless credit or debit card systems. However, the success of the technology in the UK may well depend more on commercial factors than anything else, with one payments expert warning that merchants fees …
John Leyden, 16 Jul 2015
Microsoft Surface 3 Windows 8.1 tablet

Microsoft to Windows 10 consumers: You'll get updates LIKE IT or NOT

Microsoft's licensing on the upcoming Windows 10 OS means that most users will find their systems updating on command from Redmond without any option to stop this. The Licensing Agreement for Windows 10, as found in the latest release candidate build 10240 of Windows 10 Professional, stated: The software periodically checks …
Tim Anderson, 16 Jul 2015

Oracle slings 193 patches, nixes exploited Java zero day

Oracle has poured cold coffee on a recent Java zero-day that's already under active attack, with just one of the critical patches it's released to address 193 holes in its sprawling product suite. The zero day is the most urgent fix of the lot and of the two dozen other Java patches present among Big Red's quarterly patch …
Darren Pauli, 16 Jul 2015
firing range - target in cross hairs

RC4 crypto: Get RID of it already, say boffins

Remember how many times the crypto world has shouted that the RC4 crypto algorithm needs to be wiped from the face of the Earth? It just got even worse, with researchers demonstrating an attack that can be executed in 52 hours. Belgian researchers preparing for August's Usenix Security Symposium in Washington, DC, reckon they …
A Handful of Giant Weta by Mike Locke

Cisco Videoscape bug could bring endless repeats to your tellie

Cisco is asking Web broadcasters using its Videoscape TV-over-IP streaming product to get patching, after a denial-of-service vulnerability was found in the software. The system, kicked off in 2011 and rolled into a bigger “Evolved Services Platform” in 2014, is a cloudy PVR with transcoder and video optimisation. The Borg's …

United Airlines bug bounty shells out 1.8M miles for three flaws

United Airlines has paid 1.5 million flight miles to two bug hunters who squelched 14 vulnerabilities under its newly hatched bug bounty program. Florida man Jordan Wiens reported two remote code execution bugs to the airline but could not detail the technical aspects given the program's non-disclosure agreement. The program …
Darren Pauli, 16 Jul 2015

Wi-Fi Alliance ushers in new era of intrusive apps

A lack of connectivity options in devices like smartphones is clearly what stops location-based advertising from being the saviour of physical retailing. That, or something like it, seems to be behind the Wi-Fi Alliance's “Wi-Fi Aware” project, announced at CES in January and now launching its product certification program. …

Europe a step closer to keeping records on all passengers flying in and out of the Continent

The European Parliament's civil liberties committee LIBE voted on Wednesday in favor of collecting and storing information about all air passengers traveling into or out of the EU. The so-called Passenger Name Record (PNR) scheme requires the storage of all data collected by airlines about passengers – including sensitive and …
Jennifer Baker, 15 Jul 2015
LG electronics US export photo from 1962

Infosec bigwigs rally against US cyber export control rule

Infosec heavyweights are uniting to oppose US government proposals to tighten up export controls against software exploits, a move critics argue threatens to imperil mainstream security research and information sharing. The proposed regulation, based on the Wassenaar Arrangement of 1996 and not originally intended to include …
John Leyden, 15 Jul 2015

Epic Games, Epic Fail: Forumers' info blown into dust by hack

Epic Games, known for its Unreal Engine and the Games of War series, sent a grovelling letter to its forum users this morning explaining that a hack "may have resulted in unauthorised access to your username, email address, password, and the date of birth you provided at registration." Emails announced that the company has …

Malwarebytes slurps startup, hopes to belch out Mac malware zapper

Security software firm Malwarebytes is moving into the Mac security software market with the acquisition of a start-up and the launch of its first anti-malware product for Apple computers. Malwarebytes Anti-Malware for Mac is designed to detect and remove malware, adware, and PUPs (potentially unwanted programs). The release …
John Leyden, 15 Jul 2015
GCHQ Benhall doughnut aerial view

Former spook bigwigs ask for rewrite of UK’s surveillance laws

Blighty's Independent Surveillance Review, commissioned by former deputy prime minister Nick Clegg and conducted by the Royal United Services Institute (RUSI), has concluded that spy agencies aren't breaking the law - and recommends a new legislative framework and oversight regime. Ultimately aiming to enable "the public at …

Content delivery network CloudFlare's court order count soars

Content delivery network CloudFlare says it has received 50 court orders in the first half of this year, more than double that clocked in the whole of 2014. The statistics, which do not include search warrants, were revealed in the web defender's latest transparency report show it received 22 court orders in the first half of …
Darren Pauli, 15 Jul 2015

Microsoft nixes A-V updates for XP, exposes 180 MEEELLION luddites

Windows XP holdouts are even more danger than ever after Microsoft abandoned anti-malware support for the ancient platform. Redmond overnight stopped providing XP support for new and existing installs of its Security Essentials package. The run-as-needed Malicious Software Removal Tool has also been axed, while support for …
Darren Pauli, 15 Jul 2015

Salesforce unleashes red-tape-as-a-service for regulation-heavy users

Salesforce has launched its slightly-more-secure-software-as-a-service for organisations in industries compelled to wrap themselves in red tape. The Salesforce1 service, dubbed "Shield", offers encryption, monitoring, and archiving for the platform's apps. Salesforce says the platform includes field audit trail, platform …
Team Register, 15 Jul 2015

Microsoft kills TWO Hacking Team vulns: NOT the worst in this Patch Tues either

Microsoft has released fixes for 59 CVE-listed vulnerabilities in its software – including a patch for the elevation-of-privilege flaw in Windows exploited by spyware maker Hacking Team. There's a patch (MS15-065) for a remote-code execution bug in Internet Explorer 11 on Windows 7 and 8.1 that also emerged from the Hacking …
Shaun Nichols, 14 Jul 2015

GET PATCHED: Adobe plugs Hacking Team Flash holes and more

Adobe has released patches for its Flash software to fix a pair of critical security vulnerabilities exposed by the Hacking Team megabreach. The bugs can be exploited to hijack PCs and infect them with malware – and crooks are already doing just that, so apply the updates now. The security bulletin for Adobe Flash Player ( …
John Leyden, 14 Jul 2015
Connected headset

Tour de France leader's cycling data may have been hacked by doping critics

Professional cycling outfit Team Sky fears critics of team member and current Tour de France leader Chris Froome may have hacked into its systems and stolen training data. Froome's detractors have previously used power data in alleging the cyclist was using performance-enhancing drugs. The 30-year-old, who has always insisted …
John Leyden, 14 Jul 2015
Asus Z97-A UEFI BIOS

Hacking Team spyware rootkit: Even a new HARD DRIVE wouldn't get rid of it

‪Hacking Team RCS spyware came pre-loaded with an UEFI (‬Unified Extensible Firmware Interface) ‪BIOS rootkit to hide itself on infected systems, it has emerged following the recent hacking of the controversial surveillance firm.‬ The stealth infection tactic, which has been revealed through leaked emails arising from last …
John Leyden, 14 Jul 2015

Proxyham Wi-Fi relay SUPPRESSED. CONSPIRACY, yowl tinfoilers

Rhino Security has suddenly pulled the plug on its “ProxyHam” Wi-Fi relay project and withdrawn from the upcoming DefCon conference. The company's Bun Cuadill made the “announcement” in the way most likely to send conspiracists hyperventilating: a couple of Twitter messages that offered no explanation. Since the aim of …

Mozilla loses patience with Flash over Hacking Team, BLOCKS it

Mozilla has temporarily blocked Flash in Firefox while waiting for Adobe to release patches to fix yet more serious security holes in the Swiss-cheese-like plugin. These holes can be exploited by criminals to hijack PCs and infect them with malware; details of the bugs emerged from leaked Hacking Team files. Firefox began …
John Leyden, 14 Jul 2015
google_vs_ms_648

Uninstalled Google Photos? Thought your pics safe from slurping? WRONG, bozo

Uninstalling the Google Photos app from your Android device will not safeguard your pictures from being slurped up by Google, it turns out. Picture Nashville Business Journal journo David Arnott's horror upon discovering that the advertising giant had been collecting private photographs he had taken of his wife and daughter …
Range Rover. Credit: David Guo

Sixty-five THOUSAND Range Rovers recalled over DOOR software glitch

Jaguar Land Rover is recalling no less than 65,000 of its SUVs due to a software problem that caused the cars' doors to unlock themselves - potentially while in motion. The issue, which potentially creates a heightened theft-by-hijack risk, affects Range Rover and Range Rover Sport vehicles sold in the UK over the last two …
John Leyden, 14 Jul 2015

Been hacked? Now to decide if you chase the WHO or the HOW

Analysis Imagine a security researcher has plucked your customer invoice database from a command and control server. You're nervous and angry. Your boss will soon be something worse and will probably want you to explain who pulled off the heist, and how. But only one of these questions, the how, is worth your precious resources; …
Darren Pauli, 14 Jul 2015
Homer Simpson reading on a tablet

Adobe: We REALLY are taking Flash security seriously – honest

Adobe insists it is working hard to boost the security defenses in its pilloried Flash Player. The Photoshop giant, based in San Jose, California, says it is making an "extensive" push to secure its plugin before another wave of vulnerabilities are revealed in the software. We're told that, as a result of "recent developments …
Chris Williams, 14 Jul 2015