Darren Pauli

Some 200,000 systems are still susceptible to Heartbleed more than two years and 9 months after the huge vulnerability was disclosed. Patching efforts spiked after news dropped in April 2014 of the world's most well-known and at the time then most catastrophic bug. The vulnerability (CVE-2014-0160) that established the …

Satan is infecting computers, encrypting files and demanding ransoms. No, we're not talking about the prince of darkness itself, but an underground ransomware service bearing its name. It's devilish code: net demons wielding it can create a customised ransomware payload that will encrypt a victim's files with RSA-2048 bit and …

Mozilla has issued a prototype of its first internet health report in a bid to make humans give security and privacy the same level of attention they devote to climate change. The prototype report details rising breaches affecting healthcare and medical industries but largely serves as a pulpit from which the browser baron and …

Cisco is warning of possible return of a massive ransomware spam campaign after researchers noticed traces of traffic from the hitherto dormant Necurs botnet. The attacks are tiny: Cisco's security team has so far found fewer than a thousand Necurs spam messages. Those numbers pale in comparison to attacks when Necurs' …

PICThe Meitu selfie horrorshow app going viral through Western audiences is a privacy nightmare, researchers say. The app harvests information about the devices on which it runs, includes invasive advertising tracking features and is just badly coded. But worst of all, the free app appears to be phoning some to share personal …

The author of the massive distributed denial-of-service attack malware Mirai, which ropes infected routers and internet of things devices into remotely controlled armies, is a New Jersey man, according to journo Brian Krebs. On his website this week, Krebs names a chap called Paras Jha, owner of a distributed denial-of-service …

Google Chrome engineer Eric Lawrence has described the battle of browser barons against the 'line of death', an ever-diminishing demarcation between trusted content and the no-man's land where phishers dangle their poison. The line, Lawrence (@ericlaw) says, is a conceptual barrier between content that browser developers …

Facebook has paid US$40,000 to vulnerability hunter Andrew Leonov for disclosing how the hacker gained remote code execution on its servers through the widely-reported ImageMagick flaw. Leonov (@4lemon) described how he discovered the so-called ImageTragick flaw still impacting Facebook in a post that detailed all but the most …

The US computer emergency readiness team is recommending organisations ditch old versions of the Windows SMB protocol and firewall off access to file servers – after a potential zero-day exploit was released by the Shadow Brokers hacking group. The call from the US security clearing house does not name the Shadow Brokers as …

A cup of tea, coffee or even a mocha could extend your life, new research shows. The Stanford University research published in the journal Nature reveals how a cuppa can directly combat underlying chronic inflammatory processes, particularly in older people. Inflammation is a critical process which helps the body fight …

UpdateDutch police are this week warning 20,000 users that their email accounts were hacked after a malicious web developer left backdoors in the sites he built. Cops found the credentials in the un-named 35-year-old man's email account and say he used the stolen personal details to open accounts, convince family members to transfer …

The Rave Panic Button app, designed to allow businesses to summon emergency services, allows miscreants to easily 'swat' targets by making false reports of emergencies says security researcher Randy Westergren. The app, which has a small install base of up to 10,000 users, has shuttered the holes Westergren identified. The …

POP and IMAP mailserver suite Dovecot has passed an extensive audit by hackers, who were able to find only three minor vulnerabilities. Dovecot is especially popular with service providers, so the news that four Cure53 researchers have given it a "thoroughly all-encompassing" audit and found the software to have "excellent …

Microsoft says its Windows 10 Anniversary Update squashes more exploit delivery chains than ever. The August updates brought in a series of operating system security improvements including boosts to Windows Defender and use of AppContainer, designed to raise the difficulty of having zero day exploits execute on patched systems …

Dutch software engineer Tijme Gommers has revealed a still-active reflected cross-site scripting vulnerability and borked password controls in McDonald's main website that could be fodder for phishing attacks. The attack, reported on Gommers' blog, is possible thanks to an Angular expression injection vuln present in mcdonalds …

UPDATEAn newly-detected Gmail phishing attack sees criminals hack and then rifle through inboxes to target account owners' contacts with thoroughly convincing fake emails. The new attack uses the file names of sent attachments and applies that name into new attachments that appear to be PDFs but are actually images that, when …

The security industry's ongoing efforts to educate users about strong passwords appears to be for naught, with a new study finding the most popular passwords last year were 123456 and 123456789. Keeper Security wonks perused breached data dumps for the most popular passwords when they made the despondent discovery. Some 1.7 …

It is open season on open services as net scum migrate from sacking MongoDB databases to insecure ElasticSearch instances. Some 35,000 mostly Amazon Web Services ElasticSearch servers are open to the internet and to ransoming criminals, Shodan boss John Matherly says. So far more than 360 instances have had data copied and …

US president-elect Donald Trump's freshly minted cyber-tsar Rudy Giuliani runs a website with a content management system years out of date and potentially utterly hackable. Former New York City mayor and Donald loyalist Giuliani was today unveiled by Trump's transition team as the future president's cybersecurity adviser – …

Researchers from Japan's National Institute of Informatics say people's fingerprints could be extracted from photographs using yet-to-be built technology. The eggheads warn that fingerprints can be copied from photographs snapped up to three metres from targets. Prints would need to be captured clearly in strong lighting, …

Hackers of unknown origin cut power supplies in Ukraine for a second time in 12 months as part of wide-ranging attacks that hit the country in December. The attacks were revealed at the S4x17 conference in Miami in which Honeywell security researcher Marina Krotofil offered reporters some detail into the exploitation that …

Authors of the Sundown exploit kit have integrated a since patched and limited Microsoft Edge vulnerability from a security firm's public proof-of-concept. The addition of the twin bugs (CVE-2016-7200 and CVE-2016-7201) means unpactched users of one of the world's most unpopular web browsers are likely to be targeted by a wide …

A Los Angeles school has made a whopping US$28,000 ransomware payment after hackers raided its network. Attackers had encrypted enough to ruin computer services, email, and messaging at the Los Angeles Community College District. The school paid the bitcoin ransom after learning it had no other alternatives by way of backups …

Phishers have a new tool in their arsenal with the discovery that web browsers Chrome and Safari along with LastPass will autofill hidden registration form fields. Finnish web developer Viljami Kuosmanen discovered the flaws affecting the world's most popular browser, along with Apple's offering. The attack vector is manifest …

More than 6,000 online stores running eBay's Magento platform have been hacked with credit cards stolen under a campaign that could span almost two years, Germany's Federal Office for Information Security says. Attackers are injecting carding malware on unpatched Magento shops, which steals payment information during …