Security > More stories

Cisco puts elastic in the fabric

Cisco has announced the next piece of its software-defined networking strategy: a long-distance interconnect designed to simplify workload mobility between data centres. The “stretched fabric” release of its Application Centric Policy Controller (APIC) allows each of the leaf and spine switches that form a fabric to be located …

Hackers break the bank to the tune of $300 MEEELLION

A series of bank hacker heists have hit more than 100 financial institutions, say Kaspersky researchers, and more than US$300 million appears to have walked as a result. The attacks targeted employees at as-yet-unnamed banks with malware dubbed Carbanak that gave access to corporate networks, giving criminals access for more …
Darren Pauli, 16 Feb 2015
Parking meter FAIL from Ryan Stele's Flickr account  https://www.flickr.com/photos/tweek/139509551/in/photolist-dk2k6-8VcmSf-5w27pU-7RdimR-7RdiiK-7RdifK-7Rgz8f-7Rdiai-czUVBh-9Ls61i-5cY5jG-9bGK2Y-6VH3Xz-5YVGNT-abaRJ9-6PjTC5-6opqMB-jitAoe-5Yvee7-65tNZD-5xf3hB-a9Zegh-845DZg-ocfXQT-bfZB5z-aWWvax-bVe3vu-6yra6f-6yra4A-8nudtt-6WhDiL-6qNQyT-7YYReC-6yra5N-6yra3w-6yra2Y-6yn2HX-a6MPYs-6yn2Qx-6yn2Pv-6yra49-6yra2q-6yn2Hx-6yra57-6qT1yb-55rYVK-6yra75-6yr9ZQ-6odx71-68EVsF

Microsoft's patchwork falls apart … AGAIN!

One of the patches Microsoft released this month, KB2920732, has been withdrawn because it breaks PowerPoint. The patch was billed as improving the stability of PowerPoint 2013 in a handful of ways, most pertaining to video playback. But once installed, the patch improved nothing, at least for the many users who reported that …
Simon Sharwood, 15 Feb 2015
Contact lens telescope

Wink if you want to see more of me, say Swiss boffins

Two years ago scientists from the École polytechnique fédérale de Lausanne (EPFL) demoed a contact lens with a telescope built in, and they've now refined the prototype to allow the user to control its functions with the wink of an eye. "We think these lenses hold a lot of promise for low vision and age-related macular …
Iain Thomson, 14 Feb 2015
Paul Winchell and dummy

Google cuts Microsoft and pals some slack in zero-day vuln crusade – an extra 14 days tops

Google has adjusted the terms of its controversial Project Zero vulnerability scouting effort, loosening its 90-day disclosure policy somewhat to give companies a better chance of fixing their security bugs before they become public knowledge. Among the changes, Google says it will no longer disclose bugs on weekends and public …
Neil McAllister, 14 Feb 2015
Obama

An NSA spy, a Fed and a sysadmin walk into a bar – that's Prez Obama's new cyber-security order

President Barack Obama has signed an executive order that will attempt to protect America's crucial computer networks by sharing knowhow between g-men and techies. The new order instructs federal agencies to set up a clearing house of real-time, up-to-the-minute information on what's menacing US infrastructure. Companies running …
Iain Thomson, 13 Feb 2015
FBI badge and gun

Accused Goldman Sachs code pilferer sues FBI for 'wrongful arrest'

A former programmer for banking firm Goldman Sachs who has been accused of stealing company secrets has filed suit against the FBI agents who arrested him for allegedly violating his constitutional rights. Sergey Aleynikov, 45, has been battling it out in the courts ever since his 2009 arrest on charges that he absconded with …
Neil McAllister, 13 Feb 2015
Samuel L Jackson locates late passengers with RFID

Euro ministers trade data for data protection – yes, your passenger records

After weeks of mounting pressure from national governments for increased access to personal data following the Charlie Hebdo attack, the European Parliament has pulled a switch that aims to simultaneously increase citizens’ privacy rights while also giving law enforcement agencies more ability to track travellers. As they twist …
Jennifer Baker, 13 Feb 2015

Vint Cerf: Everything we do will be ERASED! You can't even find last 2 times I said this

Webpioneer Vint Cerf has warned – once again – that our digital lives are in danger of being wiped from human history. Cerf, who was speaking at the American Association for the Advancement of Science annual meeting, reiterated calls for a "digital vellum" – referring to the ancient parchment made from calf skin and known for …
Kat Hall, 13 Feb 2015

Hey, NUDE CELEBS! Apple adds SWEET 2FA to iMessage, Facetime

Apple has activated a two-factor authentication (2FA) system for Facetime and iMessage, extending the service to beyond iCloud accounts in a move that it hopes will help secure its communications platforms. The feature has become effective immediately, meaning any attempt to activate the services on a new device would first need …
Team Register, 13 Feb 2015
Punk-styled girl with piercing gazes at an apple

Gullible Apple users targeted by bogus order cancellation scam

Cybercrooks are targeting Apple iCloud users with phishing messages designed to steal financial information. A new run of spam messages offer a slight twist on the popular ”bogus order" scam. Instead of simply telling you about a payment you're supposed to have made, prospective marks are invited to cancel a transaction already …
John Leyden, 13 Feb 2015

Biter bitten as hacker leaks source code for popular exploit kit

A black hat trouble maker appears to have released recent source code for one of the most popular exploit kits, malware-probers say. The dump was posted online by a user known as (@EkMustDie) before it was removed. The leaker appears to have previously tried to sell access to the exploit kit. Independent malware investigators …
Darren Pauli, 13 Feb 2015
Facebook privacy image

Facebook bug could have ERASED the ENTIRE WORLD

Software engineer Laxman Muthiyah has reported a dangerous vulnerability capable of deleting any photo from Facebook, prompting The Social NetworkTM to patch the hole within two hours and issue one of its biggest bug-spotting cheques ever. The flaw potentially allowed mass deletion of photos using the identification number of a …
Darren Pauli, 13 Feb 2015
Taxi Driver

Uber: Sorry we're really awesome and all that (oh yeah, and for leaking your personal info)

Taxi cab app maker Uber left its list of customers' lost belongings wide open to the internet – exposing phone numbers and other personal info in the process. The privacy snafu, revealed and corrected this week, marks the latest controversy for the San Francisco-headquartered upstart. Vice reports the internal Uber document was …
John Leyden, 13 Feb 2015

CommBank app leaks 2FA tokens says Sydney dev

Sydney programmer Stuart Ryan has chipped Australia's dominant retail bank, the Commonwealth Bank, for allowing two factor authentication codes to be viewable on locked iPhones. The bank sends authentication tokens over push notifications on iOS devices, rather than SMS for users who had activated the second factor account log …
Darren Pauli, 12 Feb 2015
Clog dancers. image via shutterstock http://www.shutterstock.com/pic-138156878/

Dutch government websites KO'd by 10-hour DDoS

The Netherlands government’s websites were taken offline for around 10 hours on Wednesday following a DDoS attack. The motive for the sustained packet-flinging assault – directed against the Dutch government website's hosting provider, Prolocation – remains unclear. A brief statement (Google translation here) by the Dutch …
John Leyden, 12 Feb 2015
The European flag

EU parliament bans Outlook app over cloudy security: report

The EU Parliament has blocked politicians from using the Microsoft mobile Outlook app in the wake of security and privacy concerns centred on the siphoning of corporate credentials to a third party, according to reports. The Parliament's IT department, DG ITEC, has reportedly told staff to delete the app and reset corporate …
Darren Pauli, 12 Feb 2015

Hacker kicks one bit XP to 10 Windows scroll goal

Windows operating systems from XP to version 10 can be popped with a single bit, researcher Udi Yavo says. The hacker, formerly chief of the electronic warfare unit for Israeli defence contractor Rafael, detailed how the local privilege escalation vulnerability (CVE-2015-0057) fixed in this week's Patch Tuesday update could …
Darren Pauli, 12 Feb 2015
Close-up of the flu virus (artist's impression) - Shutterstock

VirusTotal wants YOU (but not you) to join its epic AV whitelist

Google-owned VirusTotal wants large software houses to send in their software catalogues so it can build what could well end up being one of the world's biggest anti-virus whitelists. The whitelist would clarify to users that software being checked for cleanliness came from a recognised developer, and warn vendors and anti-virus …
Darren Pauli, 12 Feb 2015

IBM says dating apps can give you a nasty infection DOWN THERE!

Valentine's Day is just around the corner – and, purely coincidentally, IBM is warning techies about the risks of dating apps and websites. Big Blue has published a report outlining the potential security risks associated with users running sex scheduling software on their smartphones and tablets. Big Blue says it studied 41 …
Shaun Nichols, 12 Feb 2015
Petrol behind bars in Willowra

Anonymous HACKED GAS STATIONS - and could cause FUEL SHORTAGES

Hackers – possibly affiliated with Anonymous – have already attacked at least one internet-connected gas (petrol) station pump monitoring system. Evidence of malfeasance, uncovered by Trend Micro, comes three weeks after research about automated tank gauge vulnerabilities from Rapid7, the firm behind Metasploit. Automated tank …
John Leyden, 11 Feb 2015
His master's voice

Never mind, Samsung, GOOGLE will EAVESDROP as you browse on Chrome

Those uneasy about Samsung's "smart" television terms and conditions are going to have a nervous wobble about a project along the same lines underway at Google’s Chocolate Factory. The realisation that anything spoken near your Smart TV might be recorded and transmitted to a third party is bad enough, but how about the …
John Leyden, 11 Feb 2015

Facebook: Hey guys, come share all your securo-blunders with us!

Facebook is teaming up with other big names on the interwebs to create a security information sharing portal, dubbed ThreatExchange*, which went live on Wednesday. ThreatExchange is billed as a platform that enables security professionals to “share threat information more easily, learn from each other's discoveries, and make …
John Leyden, 11 Feb 2015
android tongue

Silent but violent: Foul Google Play flaw lets hackers emit smelly apps

A couple of related vulnerabilities on the Google Play Store have left Android users vulnerable to malware-slingers. Security watchers warn that an X-Frame-Options flaw – when combined with a recent Android WebView (Jelly Bean) bug – creates a means for hackers to silently install any app from the Google Play store. Tod …
John Leyden, 11 Feb 2015

REVEALED: TEN MEEELLION pinched passwords and usernames

Security consultant Mark Burnett has dumped 10 million username and passwords onto the world, in what he claims is an effort to improve research. The huge pile, collected from caches revealed after years of breaches, was scrubbed clean of corporate information and domain data before its release. Burnett said he went to " …
Darren Pauli, 11 Feb 2015

Air gaps: Happy gas for infosec or a noble but inert idea?

Feature Last year Michael Sikorski of FireEye was sent a very unusual piece of malware. The custom code had jumped an air gap at a defence client and infected what should have been a highly-secure computer. Sikorski's colleagues from an unnamed company plucked the malware and sent it off to FireEye's FLARE team for analysis. "This …
Darren Pauli, 11 Feb 2015

Linux kernel set to get live patching in release 3.20

A collaboration between SUSE and Red Hat is going to bring relief to Linux users the world over: they'll be able to patch their systems without reboots. The live patching infrastructure looks set to become available in version 3.20 of the Linux kernel. The two organisations introduced their distribution-specific live patching …

US plots to KILL hackers – with bureaucracy!

A new US government "cyber threat" agency will take information on computer security breaches at private companies, pair it with classified intelligence – and put it back out to businesses so they can learn how to beef up their defences. That's the dream, anyway, according to President Obama's homeland security and …
Kieren McCarthy, 11 Feb 2015

Bitcoin, Litecoin, cash, watches seized from alleged software pirates

US authorities, moving on what they allege was a ring selling pirated Microsoft license keys, have seized US$7 million of assets from companies in Missouri, Nevada, Washington state and Maryland. The seizures include US$25,000 worth of Bitcoin and US$1,269 from an individual identified in the filing in the Western District Court …
Jeb's emails

Jeb Bush, the man who may lead the US in 2016, dumps Floridians' private data on the web

Former Florida governor, and likely US presidential candidate, Jeb Bush is taking heat after he published online a massive dump of email correspondence – which included highly personal records detailing the affairs of his constituents. JebEmails.com was set up by Team Bush to provide "transparency" into his eight-year stint at …
Shaun Nichols, 11 Feb 2015

Blackberry hires new security chief

Blackberry has hired security luminary David Kleidermacher to head its security division. Kleidermacher served as the chief technology officer at Green Hills Software which developed secure embedded software for clients in military, industrial and medical industries including the EAL6-rated Integral operating system. He brings …
Darren Pauli, 11 Feb 2015

ANOTHER US court smacks down EFF's NSA wiretap sueball – but won't say why

A California court has once again upheld the legality of the US National Security Agency's Bush-era mass telephone surveillance program, but has withheld its reasoning on grounds of national security. In a ten-page ruling [PDF] on Tuesday, US District Judge Jeffrey White of the Northern District of California said that the …
Neil McAllister, 11 Feb 2015
Smart home

Internet of Thieves: All that shiny home security gear is crap, warns HP

In a recent study, every connected home security system tested by HP contained significant vulnerabilities, including but not limited to password security, encryption, and authentication issues. HP's Fortify on Demand security service assessed the top 10 home security devices – such as video cameras and motion detectors – along …
John Leyden, 10 Feb 2015
Smilin' Marv

Patch now: Design flaw in Windows security allows hackers to own corporate laptops, PCs

Another month, another Patch Tuesday, but this release has a special sting in the tail: a flaw in the fundamental design of Windows that's taken a year to correct, and is unfixable on Server 2003. The critical blunder allows miscreants to completely take over a domain-configured Windows system if it is connected to a malicious …
Iain Thomson, 10 Feb 2015
Smart TV privacy issues

Samsung: Our TVs? SPYING on you? HA HA! Whee! Just a JOKE of course

Samsung has responded to the worldwide paroxysm of excitement over its smart TVs listening to people in their living rooms – by insisting that its voice-control technology isn't in any way at all as creepy as its own privacy policy made out. "Samsung takes consumer privacy very seriously and our products are designed with …
Neil McAllister, 10 Feb 2015
Sad Anonymous

Anonymous loose cannon admits DDoSing social services and housing websites

A middle-aged Briton has admitted running a series of debilitating denial of service attacks against social services, social housing and crime prevention websites. Ian Sullivan, 51, of Bootle, Merseyside, also admitted responsibility for a series of Distributed Denial of Service (DDoS) attacks against private sector firms, …
John Leyden, 10 Feb 2015

ACHTUNG! Scary Linux system backdoor turns boxes into DDoS droids

Cybercrooks have cooked up a backdoor for Linux-powered systems that boasts multiple malicious functions. The Swiss Army Knife-style malware – dubbed Xnote.1 by Russian anti-virus company Doctor Web – can be used as a platform to mount distributed denial-of-service attacks and other evil activities. To spread the software nasty …
John Leyden, 10 Feb 2015

Keyless vehicle theft suspects cuffed after key Met Police, er, 'lockdown'

Police have arrested 16 suspects on suspicion of car theft during the first week of an operation targeting keyless vehicle theft. Operation Endeavour was launched by the Metropolitan Police in response to a rise in theft of motor vehicles. Organised criminals increasingly stealing keyless vehicles using a device which bypasses …
John Leyden, 10 Feb 2015

Why 1.6 million people will miss Microsoft's Windows Server 2003 date with fate

Upgraded your Windows Server 2003 yet? Don’t worry, you’re not alone. Gartner reckons there are eight million Windows Server 2003 OS instances in operation, and SI Avanade reckons that of those instances, a full 20 per cent – 1.6 million – will blow past the 14 July end-of-support date. What happens six months from now, on 14 …
Gavin Clarke, 10 Feb 2015

Bad romance: Ransomware, exploit kits in criminal cuddle

The lowlifes behind the Cryptowall ransomware seem to have decided it's no longer worth developing their own exploit kits. Instead, according to analysis by Cisco, they're relying on other popular exploits to distribute the malware. The ransomware was considered one of the most effective ransomware offerings that encrypted a …
Darren Pauli, 10 Feb 2015

Received surprise new Redmond licenses? You might be pwned

Black hats are flinging supposedly free licenses at enterprises in a bid to get malware on corporate networks, security bod Martin Nystrom says. They wrote malware that was slightly neurotic in its bid to evade detection and would make use of the Tor network to receive stolen data. The Cisco threat defence man said realistic …
Darren Pauli, 10 Feb 2015
Smart TV

Data retention: It seems BORING ... until your TV SPIES ON YOU

If there's one thing we can thank this whole Samsung privacy brouhaha for, it's casting data retention debates in a whole new light. As readers of The Register now know, Samsung decided that the best way to process voice commands in its new smart TVs is to send them off to the cloud. Since it can't distinguish speech meant to …