Security > More stories

GCHQ Benhall doughnut aerial view

Former spook bigwigs ask for rewrite of UK’s surveillance laws

Blighty's Independent Surveillance Review, commissioned by former deputy prime minister Nick Clegg and conducted by the Royal United Services Institute (RUSI), has concluded that spy agencies aren't breaking the law - and recommends a new legislative framework and oversight regime. Ultimately aiming to enable "the public at …

Content delivery network CloudFlare's court order count soars

Content delivery network CloudFlare says it has received 50 court orders in the first half of this year, more than double that clocked in the whole of 2014. The statistics, which do not include search warrants, were revealed in the web defender's latest transparency report show it received 22 court orders in the first half of …
Darren Pauli, 15 Jul 2015

Microsoft nixes A-V updates for XP, exposes 180 MEEELLION luddites

Windows XP holdouts are even more danger than ever after Microsoft abandoned anti-malware support for the ancient platform. Redmond overnight stopped providing XP support for new and existing installs of its Security Essentials package. The run-as-needed Malicious Software Removal Tool has also been axed, while support for …
Darren Pauli, 15 Jul 2015

Salesforce unleashes red-tape-as-a-service for regulation-heavy users

Salesforce has launched its slightly-more-secure-software-as-a-service for organisations in industries compelled to wrap themselves in red tape. The Salesforce1 service, dubbed "Shield", offers encryption, monitoring, and archiving for the platform's apps. Salesforce says the platform includes field audit trail, platform …
Team Register, 15 Jul 2015

Microsoft kills TWO Hacking Team vulns: NOT the worst in this Patch Tues either

Microsoft has released fixes for 59 CVE-listed vulnerabilities in its software – including a patch for the elevation-of-privilege flaw in Windows exploited by spyware maker Hacking Team. There's a patch (MS15-065) for a remote-code execution bug in Internet Explorer 11 on Windows 7 and 8.1 that also emerged from the Hacking …
Shaun Nichols, 14 Jul 2015

GET PATCHED: Adobe plugs Hacking Team Flash holes and more

Adobe has released patches for its Flash software to fix a pair of critical security vulnerabilities exposed by the Hacking Team megabreach. The bugs can be exploited to hijack PCs and infect them with malware – and crooks are already doing just that, so apply the updates now. The security bulletin for Adobe Flash Player ( …
John Leyden, 14 Jul 2015
Connected headset

Tour de France leader's cycling data may have been hacked by doping critics

Professional cycling outfit Team Sky fears critics of team member and current Tour de France leader Chris Froome may have hacked into its systems and stolen training data. Froome's detractors have previously used power data in alleging the cyclist was using performance-enhancing drugs. The 30-year-old, who has always insisted …
John Leyden, 14 Jul 2015
Asus Z97-A UEFI BIOS

Hacking Team spyware rootkit: Even a new HARD DRIVE wouldn't get rid of it

‪Hacking Team RCS spyware came pre-loaded with an UEFI (‬Unified Extensible Firmware Interface) ‪BIOS rootkit to hide itself on infected systems, it has emerged following the recent hacking of the controversial surveillance firm.‬ The stealth infection tactic, which has been revealed through leaked emails arising from last …
John Leyden, 14 Jul 2015

Proxyham Wi-Fi relay SUPPRESSED. CONSPIRACY, yowl tinfoilers

Rhino Security has suddenly pulled the plug on its “ProxyHam” Wi-Fi relay project and withdrawn from the upcoming DefCon conference. The company's Bun Cuadill made the “announcement” in the way most likely to send conspiracists hyperventilating: a couple of Twitter messages that offered no explanation. Since the aim of …

Mozilla loses patience with Flash over Hacking Team, BLOCKS it

Mozilla has temporarily blocked Flash in Firefox while waiting for Adobe to release patches to fix yet more serious security holes in the Swiss-cheese-like plugin. These holes can be exploited by criminals to hijack PCs and infect them with malware; details of the bugs emerged from leaked Hacking Team files. Firefox began …
John Leyden, 14 Jul 2015
google_vs_ms_648

Uninstalled Google Photos? Thought your pics safe from slurping? WRONG, bozo

Uninstalling the Google Photos app from your Android device will not safeguard your pictures from being slurped up by Google, it turns out. Picture Nashville Business Journal journo David Arnott's horror upon discovering that the advertising giant had been collecting private photographs he had taken of his wife and daughter …
Range Rover. Credit: David Guo

Sixty-five THOUSAND Range Rovers recalled over DOOR software glitch

Jaguar Land Rover is recalling no less than 65,000 of its SUVs due to a software problem that caused the cars' doors to unlock themselves - potentially while in motion. The issue, which potentially creates a heightened theft-by-hijack risk, affects Range Rover and Range Rover Sport vehicles sold in the UK over the last two …
John Leyden, 14 Jul 2015

Been hacked? Now to decide if you chase the WHO or the HOW

Analysis Imagine a security researcher has plucked your customer invoice database from a command and control server. You're nervous and angry. Your boss will soon be something worse and will probably want you to explain who pulled off the heist, and how. But only one of these questions, the how, is worth your precious resources; …
Darren Pauli, 14 Jul 2015
Homer Simpson reading on a tablet

Adobe: We REALLY are taking Flash security seriously – honest

Adobe insists it is working hard to boost the security defenses in its pilloried Flash Player. The Photoshop giant, based in San Jose, California, says it is making an "extensive" push to secure its plugin before another wave of vulnerabilities are revealed in the software. We're told that, as a result of "recent developments …
Chris Williams, 14 Jul 2015

Telegram messaging app cops 200Gbps DDoS

Popular messaging platform Telegram has been hit with a 200Gbps distributed denial of service (DDoS) attack. The Tsunami TCP SYN flood kicked off on Friday and hurt users in Asia, Australia, and Oceania, knocking out the service for some five percent of the company's 60 million active users it has gained in 18 months. It is a …
Darren Pauli, 14 Jul 2015
Stacks of bitcoin CC2.0 attribution by FD Comite https://www.flickr.com/photos/fdecomite/

Hackers sell 79,267 Cloudminr accounts for ONE Bitcoin

Hackers appear to have stolen the entire user database of cloud-based Bitcoin mining outfit Cloudminr.io and are offering to sell 79,267 accounts including passwords for a single Bitcoin. The Norwegian company's website is offline and criminal advertisements showcasing some of the CSV database of members has popped up on web …
Darren Pauli, 14 Jul 2015

FLASH MUST DIE, says Facebook security chief

Newly-minted Facebook security chief Alex Stamos has called for Adobe Flash to be taken out behind the shed by a shotgun-wielding world. The former Yahoo! security head joined Menlo Park this year and over the weekend said in two Tweets that it is time the death knell chimed for the Adobe's much-hacked tool. "It is time for …
Darren Pauli, 14 Jul 2015
A Handful of Giant Weta by Mike Locke

Linux Foundation serves up a tasty dish of BUGS

The Linux Foundation's Core Infrastructure Initiative has completed its first-pass survey of the Linux toolset, and is highlighting which tools are most at risk. While there's lots of attention on high-profile packages like crypto tools, web servers and mail agents, there's also a lot of packages that everyone uses and nobody …
hacker

Hacking Team: We’ll be back in the spyware biz before you know it

Hacked snoopware maker Hacking Team says it will continue its operations as soon as possible – and claims the huge source-code leak it suffered didn’t get all of the company's crown jewels. "What happened earlier this summer in the attack on our company was a reckless and vicious crime," said CEO David Vincenzetti in the …
Iain Thomson, 13 Jul 2015
DATA RETENTION Guidelines for Service Providers

Brandis' metadata retention recipe doesn't prohibit USB drives stored in a garden shed

Service providers caught up in Australia's data retention scheme will have to encrypt customer information, but that's about as much guidance as the Attorney-General's Department offers. The advice issued by the Department offers scanty information on what constitutes suitable storage infrastructure, and no advice at all on …
Simon Sharwood, 13 Jul 2015
Traffic in Saigon. Pic: "M M"

Hacking Team's snoopware 'spied on anti-communist activists in Vietnam'

Security researchers are linking malware sent to anti-communist activists in Vietnam to controversial commercial spyware firm Hacking Team. The assault dating from 2012-13 appears to use Hacking Team's MSN+Skype tabs, according to preliminary analysis by MalwareMustDie. ‪"‬It seems their govt bought such solution as toolset …
John Leyden, 13 Jul 2015

Someone at Subway is a serious security nerd

XDA comments screen shot App hacker Randy Westergren has outed the application developer at Sandwich kingpin Subway as a serious security nerd. The hacker set sights on the Subway Android app, which allows uses to order and pay for sandwiches from their devices, in a bid to uncover possible vulnerabilities. He instead …
Darren Pauli, 13 Jul 2015

Java jockeys join Flash fans in the 0-day exploit club

Trend Micro has issued predictable-but-sensible advice that Java should be switched off, because there's a zero-day being exploited in the wild. Trend malware researchers Brooks Li and Feike Hacquebord said the exploit will hose systems running the latest Java platform. Because there's no patch, they added users should disable …
Darren Pauli, 13 Jul 2015

DEA agent slugged a MEELLION dollars for Silk Road snipe

Carl Mark Force, the Drug Enforcement Agency officer who in June took a plea bargain for misconduct during the Silk Road investigation, will lose a bunch of currency, both real and virtual. In a preliminary judgement filed on July 9, US District Judge Richard Seeborg has ordered that Force relinquish around 687 BitCoin held in …

China makes internet shut-downs official with new security law

China is able to shut off internet access during major 'social security incidents' and has granted its Cyberspace Administration agency wider decision making powers under a draft law published this month. The draft also appears to require critical infrastructure organisations including foreign entities to store "important" …
Darren Pauli, 13 Jul 2015

Hacking Team: We're the good guys, but SO misunderstood. Like Batman

The boss of Italian spy firm Hacking Team has spoken out for the first time about the recent massive hack of the company databases. This has exposed severe software security holes and gifted terrorists with zero-day exploits, among other things. David Vincenzetti, in an interview with La Stampa newspaper, claimed his firm …
Kelly Fiveash, 12 Jul 2015

Flash HOLED AGAIN TWICE below waterline in fresh Hacking Team reveals

Updated Two more serious Adobe Flash vulnerabilities have emerged from the leaked Hacking Team files, ones which allow malefactors to take over computers remotely – and crooks are apparently already exploiting at least one of them to infect machines. The use-after-free() programming flaws, for which no patches exist, are identified as …
Chris Williams, 12 Jul 2015

Brit teen who unleashed 'biggest ever distributed denial-of-service blast' walks free from court

An 18-year-old Brit dubbed a hacker-for-hire has been spared jail after launching crippling denial-of-service attacks against anti-spam outfit Spamhaus. At one point, the assault in early 2013 reached 300Gbps, somewhat straining the London Internet Exchange (LINX) and other interconnects. Seth Nolan-Mcdonagh, of Stockwell, …
John Leyden, 10 Jul 2015

Papa don't breach: Wannabe singer jailed for hacking Madonna

An aspiring-singer-turned-hacker has been jailed for accessing Madonna's online accounts and stealing her unreleased music tracks. Adi Lederman, 39, had unsuccessfully appeared on Israel’s Kochav Nolad TV talent show before breaking into Team Madonna's email inbox and cloud-based systems last year to steal photographs and …
John Leyden, 10 Jul 2015
Katherine Archuleta

US OPM boss quits after hackers stole chapter and verse on 21.5m Americans' lives

The director of the US Office of Personnel Management has handed in her resignation in the wake of further revelations about the scale of the hacking attack on the agency. "This morning, I offered, and the President accepted, my resignation as the Director of the Office of Personnel Management," she said in a statement. "I …
Iain Thomson, 10 Jul 2015

One MEEELLION users download Facebook-pwning droid game

Threat researchers at security vendor ESET say a malicious Facebook-creds-stealing trojan masquerading as an Android game has been downloaded up to a million times. ESET chap Robert Lipovsky says the Cowboy Adventure game, and another also malicious game dubbed Jump Chess, has been since removed from Google's Play code bazaar …
Darren Pauli, 10 Jul 2015

Hacked Hacking Team team – like everyone in security – read The Register

Hacking Team CEO David Vincenzetti and his staff were avid readers of The Register, frequently recommending our articles to one another. A trawl through the company's email records, which were hacked and revealed to the world this week, reveals that Vincenzetti ran something of an in-house news service in which his researchers …
Darren Pauli, 10 Jul 2015
Coconut face by https://www.flickr.com/photos/22327649@N03/ cc 2.0 attribution https://creativecommons.org/licenses/by/2.0/

Host privilege escalation vuln bites VMware in the desktop

VMware's security SNAFU email list has delivered news of a new issue in VMware Workstation, Player and Horizon View Client. The missive says “VMware Workstation, Player and Horizon View Client for Windows do not set a discretionary access control list (DACL) for one of their processes. This may allow a local attacker to …
Simon Sharwood, 10 Jul 2015

US govt now says 21.5 million people exposed by OPM hack – here's what you need to know

The US Office of Personnel Management has come clean on the full extent of the massive data breach that it first disclosed in June, and it's far worse than what was initially thought. On Thursday, OPM announced that records including data from background checks of some 21.5 million people – including present, former, and …
Sign outside the National Security Agency HQ

Wow, another NSA leak: Network security code appears on GitHub

The NSA today revealed it has uploaded source code to GitHub to help IT admins lock down their networks of Linux machines. The open-source software is called the System Integrity Management Platform (SIMP). It is designed to make sure networks comply with US Department of Defense security standards, but the spy agency says it …
Iain Thomson, 9 Jul 2015

Feared OpenSSL vulnerability gets patched, forgery issue resolved

The promised patch against a high severity bug in Open SSL is out, resolving a certificate forgery risk in many implementations of the crypto protocol. Versions 1.0.1n and 1.0.2b of OpenSSL need fixing to resolve a bug that created a means for hackers to run crypto attacks that circumvent certificate warnings, as an advisory …
John Leyden, 9 Jul 2015

Pro-privacy titan Caspar Bowden dies after short cancer battle

Highly regarded independent privacy researcher Caspar Bowden has died after a short battle with cancer. Bowden was a popular titan of privacy advocacy, and was one of Microsoft's leading privacy officers throughout his roles at the company between 2002 and 2011. While at Microsoft Bowden expressed concerns that the 2008 FISA …
Pwned

UK politicos easily pwned on insecure Wi-Fi networks

The well-understood risk of insecure, public Wi-Fi networks has been graphically illustrated with demonstration hacks against three prominent UK politicians. The pen-testing style experiment demonstrates the ease with which email, finance and social networking details can be stolen while using free Wi-Fi in cafes, hotels and …
John Leyden, 9 Jul 2015
Crop of doctor with pen and clipboard

Privacy campaigners question credibility of NHS ‘endorsed’ apps

Serious concerns have been raised over the credibility of the NHS Health Apps Library, with privacy campaign group MedConfidential having identified at least 60 apps that call into question the body's approval process. The library hosts 230 apps, although nearly half of the 130 to have been assessed by MedConfidential to date …
Kat Hall, 9 Jul 2015
LIZARD WEARING A TOP HAT SITS ON A BRANCH.  Brett Weinstein pic - ALTERED BY JUDE KARABUS - licensed under  CC 3.0

'I'm COMING for you, DIRTBAG!': Ex-Sony chief Smedley to Kid Lizard hacker

John Smedley, the former head of Sony Online Entertainment, has reacted to a Lizard Squad hacker's lenient sentence with utter fury, and has suggested he may take legal action to bring him back to court. 17-year-old Julius "zeekill" Kivimaki received a two-year suspended prison sentence and will have his internet activity …

Link farmers bust Google search algos

Sophos threat hunter Dmitry Samosseiko says internet lowlife are implanting hundreds of thousands of malicious PDF files a day on compromised websites to build a new cloaking system that foils Google's search algorithm analysis. Samosseiko says the blackhat search engine optimisation method applies old keyword-stuffing and …
Darren Pauli, 9 Jul 2015
Angela Merkel. Pic: Christliches Medienmagazin

NSA snooped on German chancellors for DECADES: Wikileaks

Less than a month after Germany abandoned its probe into alleged NSA spying on Chancellor Angela Merkel, a new Wikileaks drop suggests snooping on the Chancellory goes back decades. The leak, published here, draws the inference that prior chancellors were targeted, based on the list of telephone numbers targeted by the NSA. “ …