Security > More stories

Random numbers

IETF takes rifle off wall, grabs RC4 cipher's collar, goes behind shed

The IETF is getting ready to finally kill off the venerable-but-vulnerable RC4 cipher. The group has issued a last call for comments before humming over a proposal that Internet-standard clients and servers need to quit using RC4 in Transport Layer Security (TLS). It's a simple enough change, but in the wide world of the …

Author fined $500k in first US spyware conviction

A US man has been handed a US$500,000 fine for selling the StealthGenie malware in the first prosecution of a mobile spyware slinger. Police collared Hammad Akbar, 31, in September after he allegedly sold the malware to an undercover agent in 2012. Akbar a Danish citizen, sold the StealthGenie malware capable of intercepting …
Darren Pauli, 30 Nov 2014

Did North Korean hackers nobble Sony Pictures?

Sony Pictures has reportedly begun investigating possible hacking links to North Korea, following a savage attack on its network earlier this week. According to Re/code, which cited insiders, the company was yet to determine whether Nork hackers, possibly operating from within China, were behind the attack. As The Register …
Kelly Fiveash, 30 Nov 2014
Hacker image

Sony employees face 'weeks of pen and paper' after crippling network hack

Sony Pictures still hasn't recovered from a comprehensive attack on its computer networks – and staff have been reduced to doing their work by hand – according to insiders. This notice stuck on lifts at Sony Pictures in London.. pic.twitter.com/RMZcQhjfYI — James Dean (@JamesDeanTimes) November 28, 2014 The infiltration by …
Iain Thomson, 28 Nov 2014
android tongue

That sub-$100 Android slab you got on Black Friday? RIDDLED with holes, say infosec bods

Those fighting through hordes of fellow crazed bargain junkies this Black Friday should avoid some of the cheapo Android tablets on offer. Security researchers at Bluebox Labs bought a dozen Android fondleslabs, each costing less than $100, and tested them for poor patching, dodgy OS installation, and sloppy security practices …
Iain Thomson, 28 Nov 2014

World's best threat detection pwned by HOBBIT

Some of the world's best threat detection platforms have been bypassed by custom malware in a demonstration of the fallibility of single defence security. Five un-named top advanced threat detection products were tested against four custom malware samples written by researchers at Crysys Lab, Hungary and MRG-Effitas, UK” The …
Darren Pauli, 28 Nov 2014
Edward Snowden

Edward Snowden: best ... security ... educator ... EVER!

A good deal of folk aware of NSA leaker Edward Snowden have improved the security of their online activity after learning of his exploits, a large survey has found. Researchers from think tank The Centre for International Governance Innovation collected responses from 23,376 users between October and November and found 60 …
Darren Pauli, 28 Nov 2014
Riecoin

Cryptocurrency cruncher cranks prime number constellation

Bitcoin mining, our own Simon Rockman wrote last January, “is essentially a brute-force attack on the generating algorithm”. “Bitcoin, and all the other alt-coins, is training a skillset for building password-cracking hardware that is both powerful and portable,” he wrote. It looks like cryptocurrencies are also helping to spot …
Simon Sharwood, 28 Nov 2014

Leaked Syrian log files reveal attempts to starve rebels of information

Syria's Bashar al Assad-led regime blocked scores of legitimate services and entire network regions in its bid to scrub out access to sites such as Reddit, Google and Skype, the first analysis of the nation's web filtering reveals. Research by three Sydney researchers from National ICT Australia (NICTA), together with three …
Darren Pauli, 28 Nov 2014
SEA hack the Independent website

Syrian Electronic Army in news site 'hack' POP-UP MAYHEM

The Syrian Electronic Army has compromised a number of news websites – apparently through DNS redirects via Gigya, a customer identity management platform used by all the sites. The Pro-Assad javascript popup appeared across several websites, including The Telegraph, The Independent, Forbes, Time Out, PC World and The Evening …
Jasper Hamill, 27 Nov 2014

Home Depot hacker hosing cost a wallet-draining $43m (so far)

Hacked hardware mart Home Depot has forked out $43m to quash spot fires emanating from the data breach inferno this year, SEC filing documents show. The payout covered damages from the theft of 56 million payment cards and 53 million email addresses. It covered the cost of investigating this year's five-month-long breach, …
Darren Pauli, 27 Nov 2014

Home Office: Fancy flogging us some SECRET SPY GEAR?

The Home Office is seeking suppliers for a £20m contract for a "bespoke tracking and surveillance system" for all law enforcement agencies. The tender for surveillance, security systems and devices also includes software "to meet the specific and unique operational requirements of a covert surveillance systems." Suppliers will …
Kat Hall, 27 Nov 2014

Stop selling spyware to despotic regimes, beg MEPs

The EU’s laws on snooping technology exports must be updated in light of the Regin breach, according to some MEPs. It has recently been been revealed that Regin super-spyware was used to successfully hack Belgian telco company Belgacom as far back as 2010. Belgacom counts the European Parliament and the European Commission among …
Jennifer Baker, 27 Nov 2014
Bitcoin bloodbath

Bitcoin laid bare: Boffins beat anonymity

The cyber-libertarian poster-child Bitcoin, meant to usher in a new age of anonymous transactions, is rubbish at protecting users' IP addresses according to research from the University of Luxembourg. In this Association of Computing Machinery (ACM) conference paper by Alex Biryukov, Dmitry Khovratovich and Ivan Pustogarov of …

Adobe Reader sandbox popped says Google researcher

The Acrobat Reader Windows sandbox contains a vulnerability that could allow attackers to break out and gain higher privileges, Google security bod James Forshaw claims. The NTFS junction attack is a "race condition" in the handling of the MoveFileEx call hook Forshaw said. While unpatched, subsequent September updates made the …
Darren Pauli, 27 Nov 2014

Hacker dodges FOUR HUNDRED YEARS in cooler for SCANNING sites

A US hacker has dodged 440 years in prison for computer crime offences that amount to scanning sites with automatic tools and filling in web forms with junk data. The charges, since reduced to a misdemeanor, could have seen Fidel Salinas, 28, spending his remaining days working off a 440-year sentence. Salinas was alleged to …
Darren Pauli, 27 Nov 2014
Ancient skull found in cave in northern Laos

Siemens issues emergency SCADA patch

Got Siemens SCADA? Get patching: the company has issued updates for software using its WinCC application to plug a bunch of remotely-exploitable vulnerabilities. According to the ICS-CERT advisory, versions of the company's SIMANTIC WinCC, SIMANTIC PCS7 and TIA Portal V13 (which includes a WinCC runtime) are all vulnerable. …
Australian Prime Minister Tony Abbott

Australia to conduct national cyber-security review

Australia will conduct a national “cyber-security review”. Speaking today at the launch of the new Australian Cyber Security Centre in Canberra today, prime minister Tony Abbott put network security on par with physical security, said it is a guarantor of economic security and added “it is so important we keep one step ahead of …
Simon Sharwood, 27 Nov 2014

Zero-day hacking group resorts to UNICORN SMUT-SLINGING

Sysadmins who have not yet patched their Windows boxes against the 18-year-old "unicorn-like" OLE bug disclosed last month could expect a deluge of spear phishing smut from a group once confined to lofty targeted zero-day attacks. The talented APT3 group was behind widespread zero-day attacks code-named Clandestine Fox earlier …
Darren Pauli, 26 Nov 2014

Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...

After Symantec published its report on the Regin super-spyware, there were many questions raised. Who coded it? What can it do? And – above all – why did it take so long for security vendors to notice it? Regin is a sophisticated piece of software. It can be customized for particular missions by inserting into its framework …
Iain Thomson, 26 Nov 2014

Privacy bods Detekt Hacking Team code nasty dressed as bookmark manager

The Detekt privacy tool has discovered Hacking Team's Windows spyware masquerading as a benign bookmark manager. Detekt was launched last week and offers users of Windows systems to inspect their machines for traces of known government spyware. Developer Claudio Guarnieri said on Twitter the tool discovered the malicious …
Darren Pauli, 26 Nov 2014

Security seals clobbered ahead of Black Friday bonanza

This Black Friday, beware the shop with the security seal: researchers have shown that issuers of common good webkeeping seals of approval sometimes miss basic flaws, happily certify phishing sites and inadvertently function as a hackers' black book of vulnerable sites. The research examined the effectiveness of the top 10 …
Darren Pauli, 26 Nov 2014
Adobe security

Second time's a charm: Adobe has another go at killing Flash hijack flaw

Ready to enjoy the Thanksgiving holiday? Can't wait to open your advent calendar? Not so fast – there's one more patch to install before the month is over. Adobe has posted an update for its Flash plugin, version 15.0.0.239, to address a critical remote-code-execution vulnerability. This will be the Photoshop giant's second …
Shaun Nichols, 25 Nov 2014
Rickmote

Who's been writing in my apps? Googlilocks builds new apps-tracker

Google has bolstered the security of its Apps platform with new reports providing insight into the number of devices accessing the account over the past month. The Devices and Activity dashboard displayed all devices active on an account in the last 28 days and those still signed in. Google Apps security. Google Apps security …
Darren Pauli, 25 Nov 2014

Craigslist pushes punters to YouTube, hacker site

Craigslist is asking users to flush their DNS after one or more pranksters twice changed the DNS records of the popular flesh and furniture classifieds site so it redirects users to a website and video. The attack, launched on 23 November, saw some users to some pages redirected to a site previously used in 2008 to sell stolen …
Darren Pauli, 25 Nov 2014
The MSN Santa (unconfirmed)

Google's elves work on Santa to rein(deer) in grinchware

Google's elves have been busy working on a toy for all the girls and boys who run Mac OS and worry about getting a virus. “Santa” is billed as “a binary whitelisting/blacklisting system for Mac OS X”, can be found on GitHub and “keeps track of binaries that are naughty and nice.” Nice binaries get to run. Naughty binaries get a …
Simon Sharwood, 25 Nov 2014
Hacked sarcasm

Sony Pictures in IT lock-down after alleged hacker hosing

Sony Pictures is investigating a breach that has seen hackers supposedly steal reams of internal data and splash defacements across staff computers. The company is now in lock-down as it wrestles with the problem. The beleaguered company, writes Variety, has requested staff disconnect their computers and personal devices from …
Darren Pauli, 25 Nov 2014

How secure is Docker? If you're not running version 1.3.2, NOT VERY

A nasty vulnerability has been discovered in the Docker application containerization software for Linux that could allow an attacker to gain elevated privileges and execute code remotely on affected systems. The bug, which has been corrected in Docker 1.3.2, affects all previous versions of the software. "No remediation is …
Neil McAllister, 25 Nov 2014
Malware image

Regin: The super-spyware the security industry has been silent about

A public autopsy of sophisticated intelligence-gathering spyware Regin is causing waves today in the computer security world. But here's a question no one's answering: given this super-malware first popped up in 2008, why has everyone in the antivirus industry kept quiet about it until now? Has it really taken them years to …
Iain Thomson, 24 Nov 2014

You stupid BRICK! PCs running Avast AV can't handle Windows fixes

Security software outfit Avast are trying to figure out why the combination of recent Windows patches and updates to the latter company's software are breaking PCs. Hordes of users have found that their PCs, especially those running Windows 8 and 8.1, grind to a halt after they apply both Microsoft's recent KB3000850 update …
Simon Sharwood, 24 Nov 2014

Sony quietly POODLE-proofs Playstations

Sony has patched the POODLE SSL vulnerability in its Playstation 3 and 4 gaming consoles. The rolling patch, introduced over the last fortnight, brings Transport Layer Security into Playstation's browsers and apps. SSL 3.0 is dispelled, off the Padding Oracle on Downgrade Legacy Encryption attack. The patch is a 200MB mandatory …
Darren Pauli, 24 Nov 2014

'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described

A highly advanced malware instance said to be as sophisticated as the famous Stuxnet and Duqu has has been detected. "Regin" has security researchers opining it may be nastier than both. "Regin" malware is thought to have been developed by a nation-state because of the financial clout needed to produce code of this complexity. …
Darren Pauli, 24 Nov 2014
padlock

Crypto protocols held back by legacy, says ENISA

The EU Agency for Network Information and Security (ENISA) has updated its 2013 crypto guidelines, designed to help developers protect personal information in line with EU law, and has sternly told crypto designers they're doing it wrong, in two reports released late last week. At the protocol level, cryptography suffers from …
Sandworm vulnerability logo

SandWorm thrived thanks to botched MSFT patch says HP

Microsoft had a chance to crush the SandWorm bug before it crawled out of the dunes, but botched the job, says HP. HP says that the Windows Object Packager, which SandWorm attacks, “had suffered a similar issue in 2012 with security bulletin MS12-005. HP researcher Matt Oh goes on to write that he “found striking similarities“ …
Simon Sharwood, 23 Nov 2014
Toshiba Betamax and VHS video recorder ad

HACKERS can DELETE SURVEILLANCE DVRS remotely – report

Updated DVR systems from Hikvision have vulnerabilities that open the door to hacking, security researchers have warned. Digital Video Recorders (AKA Network Video Recorders), such as those from the likes of Hikvision, are used to record surveillance footage of office buildings and surrounding areas. However, the range of …
John Leyden, 21 Nov 2014
Kryptos

CIA crypto-king offers new 'clock' clue to crack Kryptos code

The man who built a cryptographic sculpture for the CIA has provided a second clue to help crack its infamously difficult code. Standing in a courtyard inside the CIA headquarters in Langley, Virginia, the last part of the Kryptos sculpture has remained unsolved for almost 25 years. Now Jim Sanborn, its creator, has given a one …
Jasper Hamill, 21 Nov 2014
Hacker image

DoubleDirect hackers snaffle fandroid and iPhone-strokers' secrets

Hackers are running “Man-in-the-Middle” attacks (MitM) against smartphones using a new attack technique, security researchers warn. The so-called DoubleDirect technique enables an attacker to redirect a victim’s traffic to the attacker’s device. Once redirected, the attacker can steal credentials and deliver malicious payloads …
John Leyden, 21 Nov 2014
Paypal vulnerability

PayPal takes 18 months to patch critical remote code execution hole

Paypal has closed a remote code execution vulnerability some 18 months after it was reported. The flaws reported earlier this month rated critical by Vulnerability Lab affected a core Paypal profile application. "A system specific arbitrary code execution vulnerability has been discovered in the official in the official PayPal …
Darren Pauli, 21 Nov 2014

GCHQ and Cable and Wireless teamed as Masters of the Internet™

Cable and Wireless provided UK intelligence agency GCHQ with access to the internet connections of millions of global users, going as far as to tap India's second largest telco, Snowden documents reveal. The telco, since acquired by Vodafone, operated under the GCHQ pseudonym "Gerontic" when it opened and managed a secret fibre …
Darren Pauli, 21 Nov 2014

Citadel Trojan snooped on password managers to snatch victims' logins

Crooks have unsheathed a variant of the Citadel Trojan that targets password managers. The malware is designed to steal a victim's master passphrase, thus unlocking his or her database of website passwords in the process. The software nasty runs a key-logger to intercept what people type into the Password Safe and KeePass open- …
John Leyden, 21 Nov 2014
Sean Connery in Dr. No

Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER

Amnesty and Privacy International are offering a free-of-charge spyware detection tool designed to help journalists and human rights activists stay one step ahead of government surveillance. The Windows-only Detekt anti-spyware tool is designed to be a supplement, rather than an alternative, to pre-existing anti-virus protection …
John Leyden, 20 Nov 2014

A life of cybercrime, a caipirinha and a tan: Fraudsters love a Brazilian

Brazil is the only market that offers training services for cybercriminal wannabes, making it possible to start a new career in cybercrime for just $500. Training modules, hands-on exercises, interactive guides, instructional videos, as well as post-training support are available, according to a new report of the Brazilian …
John Leyden, 20 Nov 2014