Shaun Nichols

Contact Mail Follow RSS feed
Spectre graphic

Virus screener goes down, Intel patches more chips, Pegasus government spying code spreads across globe

Roundup When we weren't dealing with malware bricked-breweries, poorly-wiped servers or litigious vendors, we had a number of other security headaches to keep busy with. Here's a few of them. Gov pay sites pilfered Government pay portals were in the crosshairs of cybercriminals this week. First, there was GovPayNow, who got the …
Shaun Nichols, 22 Sep 2018
panic

Twitter: Don't panic, but we may have leaked your DMs to rando devs

Twitter is in full damage control mode after disclosing that it may have inappropriately exposed some unlucky twits' private tweets and direct messages to strangers. The 280-character shoutfest admitted on Friday that a bug present in one of its APIs from May 2017 to September 10, 2018, could have caused some messages to leak …
Shaun Nichols, 21 Sep 2018
hacker

Couldn't give a fsck about patching? Well, that's your WordPress website pwned, then

Website admins are urged to update their WordPress installations as soon as possible to the latest version following a rash of attacks exploiting known vulnerabilities in the web publishing software. Researchers at Malwarebytes say miscreants don't appear to be targeting any one specific bug, but rather a full array of flaws …
Shaun Nichols, 21 Sep 2018
People voting with good old paper

Judge: Georgia's e-vote machines are awful – but go ahead and use them

A US judge has OK'd the use of paperless electronic voting machines in Georgia – despite being "gravely concerned" about the state's ability to defend them from hackers. District Judge Amy Totenberg said in a ruling (PDF) issued Tuesday that the state would be allowed to use the machines to collect and tabulate votes in this …
Shaun Nichols, 18 Sep 2018

US State Department confirms: Unclassified staff email boxes hacked

The US State Department has confirmed one of its email systems was attacked, potentially exposing the personal information of some of its employees. Uncle Sam's officials said in a statement to The Register on Tuesday that "suspicious activity" in its email system led it to send out warnings to a number of employees whose …
Shaun Nichols, 18 Sep 2018

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

Miscreants can potentially gain admin-level control over Western Digital's My Cloud gear via an HTTP request over the network or internet. Researchers at infosec shop Securify revealed today the vulnerability, designated CVE-2018-17153, which allows an unauthenticated attacker with network access to the device to bypass …
Shaun Nichols, 18 Sep 2018
Larry Ellison on stage at Oracle's cloud pricing announcement

No wonder Oracle exec Kurian legged it – sky darkens as cloudy tech does not make it rain

Oracle's stock price took a hit on Monday after the enterprise giant saw revenue growth come to a virtual crawl, crucial cloud segments stagnated, and overall performance fell short of forecasts. Here's a summary of Big Red's first quarter of its fiscal 2019, the three months to August 31, as released on Monday: Revenues of …
Shaun Nichols, 18 Sep 2018
Old people

What's Big and Blue – and makes its veteran staff sue? Yep, it's IBM

IBM once again finds itself the target of age discrimination complaints from workers who claim they were unfairly laid off just because of their age. A lawsuit – filed in a US district court in southern New York, where Big Blue is based – accuses the tech titan of violating California and North Carolina age discrimination laws …
Shaun Nichols, 17 Sep 2018
Image by Daniel Wiedemann http://www.shutterstock.com/gallery-89719p1.html

NUUO, do not want! CCTV webcams can be hacked to spy on you

Researchers have uncovered two flaws that leave more than 100,000 NUUO-powered internet-connected surveillance cameras open to remote takeover. Tenable Research on Monday laid claim to discovering two bugs in NUUO's Network Video Recorder firmware that can be exploited to covertly access a camera's video feed or simply take …
Shaun Nichols, 17 Sep 2018
Swiss cheese

Kronos crims go retro, Apple builds cop portal, Swiss cheesed over Russian hack bid, etc

Roundup This was the week of ice cold exploits, re-appearing JavaScript nasties, and of course Patch Tuesday. A few other things happened too… Android gets its monthly patch-up Microsoft and Adobe weren't the only ones to kick out monthly updates recently. Google also issued the September update for Android. This month, fixes …
Shaun Nichols, 15 Sep 2018
mountain

Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers

An infosec bod has documented a remote-code execution flaw in Alpine Linux, a distro that pops up a lot in Docker containers. Max Justicz, researcher and creator of crowd-sourced bug bounty system Bountygraph, said on Thursday that the vulnerability could be exploited by someone with man-in-the-middle (MITM) network access, or …
Shaun Nichols, 15 Sep 2018

US Treasury goes after IT shops for funneling cash to North Korea

The US Treasury department is placing new sanctions on two IT companies it believes to be sending money to North Korea. The ruling bars two companies, China Silver Star and Volasys Silver Star, and one person, Jong Song Hwa, from owning any assets in the US or doing business with any US companies or contractors. Based in …
Shaun Nichols, 14 Sep 2018
prison

Princely five years in US big house for Nigerian biz email scammer

A Nigerian scumbag will be spending the next five years in an American clink after pleading guilty to operating an email phishing scam targeting businesses around the world. Onyekachi Emmanuel Opara was given a 60-month sentence and ordered to pay $2.5m in restitution after pleading guilty to charges of wire fraud and …
Shaun Nichols, 13 Sep 2018
bribe

Former Detroit IT boss sent down 20 months for bathroom bung bonanza

The former head of IT for the US city of Detroit will spend the next 20 months behind bars for taking bribes while he was in office. Charles Dodd had served as director of the city's Departmental Technology Services (DTS) from 2014 to 2016, during which time he bagged nearly $30,000 in bungs from tech companies. He pleaded …
Shaun Nichols, 13 Sep 2018
bank robbery

Solid password practice on Capital One's site? Don't bank on it

Capital One is facing criticism for using policies on its banking website that prevent the use of password managers. Joseph Carrigan, a Reg reader and senior security engineer at the Johns Hopkins University Information Security Institute in the US, says he was trying to reset the password for his Capital One bank account …
Shaun Nichols, 13 Sep 2018
People playing whack-a-mole game

Card-stealing code that pwned British Airways, Ticketmaster pops up on more sites via hacked JS

A Javascript library hosted by Feedify and used by e-commerce websites globally has been repeatedly infected this week to potentially siphon off countless victims' bank card details to crooks. The library code is typically embedded into retail webpages by site administrators and developers to add a means for shoppers to leave …
Shaun Nichols, 12 Sep 2018
ddos

Whisky business: Uni of Edinburgh servers Irn-Scru'd by cyber-attack

Updated The University of Edinburgh has gone offline from what appears to be a massive distributed denial-of-service attack on the campus network. As a result, the Scottish college's websites and wireless network gateways are down due to a flood of junk traffic during its first week of class. So far no student or faculty data is …
Shaun Nichols, 12 Sep 2018
Blurry image of people

Cisco loses focus over TelePresence blurry videoconferencing bug

Have you noticed that your big expensive Cisco TelePresence unit seems like it needs a pair of glasses? You're not alone. Switchzilla is advising companies using two of the older models of its video conferencing system to install software update to address a defect in the camera that leaves users with a blurry picture. cisco …
Shaun Nichols, 12 Sep 2018
Flyswatter picture from Shutterstock

It's September 2018, and Windows VMs can pwn their host servers by launching an evil app

Admins will again be working overtime as Microsoft and Adobe have posted their monthly scheduled security updates for September. This month's Patch Tuesday bundle includes critical fixes for Windows, SQL Server, and Hyper V, as well as Flash and Cold Fusion. Rude guests and ugly images menace Microsoft In total, Microsoft …
Shaun Nichols, 11 Sep 2018

When is a patch not a patch? When it's for this McAfee password bug

A privilege escalation flaw in McAfee's True Key software remains open to exploitation despite multiple attempts to patch it. This according to researchers with security shop Exodus Intel, who claim that CVE-2018-6661 was not fully addressed with either of the two patches McAfee released for it. The flaw is an elevation of …
Shaun Nichols, 11 Sep 2018
phishing

Safari, Edge fans: Is that really the website you think you're visiting? URL spoof bug blabbed

A security researcher has disclosed a bug that could be abused to spoof website addresses in either Edge or Safari. Rafay Baloch told The Register that while Microsoft has since patched the flaw (CVE-2018-8383) in its browser, Apple has been dragging its feet on a fix for Safari for weeks, and the browser remains vulnerable …
Shaun Nichols, 11 Sep 2018

Tor(ched): Zerodium drops exploit for version 7 of anonymous browser

Bug broker Zerodium has released word of a flaw in the Tor browser that would potentially allow an attack site to bypass security protections and execute malicious code in the supposedly secure internet system. The flaw was disclosed in a Zerodium Tweet Monday morning that provides some detail on the nature of the flaw. …
Shaun Nichols, 10 Sep 2018
Man being kicked by oversized leg with city in background

Trend Micro tools tossed from Apple's Mac App Store after spewing fans' browser histories

Updated A bunch of Trend Micro anti-malware tools have vanished from Apple's Mac App Store – after they were spotted harvesting and siphoning off users' browser histories. Dr Cleaner, Dr Antivirus, and App Uninstall – utilities owned by the Japan-headquartered security house and distributed on the Mac App Store – are no longer …
Shaun Nichols, 10 Sep 2018
spank

Gits exposed, kinky app devs spanked, Feds spy on spyware buyers, etc

Roundup This week brought with it a Supermicro shoring up firmware security, a North Korean hacking charge, and a spying anti-adware macOS tool getting yanked by Apple from its App Store. Elsewhere, we had… BrokenType broken out with source code release A software vulnerability probing tool called BrokenType had appeared in public on …
Shaun Nichols, 8 Sep 2018
trump

$200bn? Make that $467bn: Trump threatens to balloon proposed bonus China tech tariffs

US President Donald Trump is threatening to tack import duties on $267bn of imported Chinese tech gear and other goods – on top of the $200bn already planned. The President told reporters aboard Air Force One on Friday that he may expand his proposed tariffs as part of his ongoing trade war with China in which the two nations …
Shaun Nichols, 7 Sep 2018

Biting the hand that feeds IT © 1998–2018