Shaun Nichols

Contact Mail Follow RSS feed
Money laundering

Florida Man laundered money for Reveton ransomware. Then Microsoft hired him

A former Microsoft network engineer will be spending a sojourn behind bars after pleading guilty to conspiracy to commit money laundering. Raymond Odigie Uadiale was this week given an 18-month sentence and three years supervised release – after he agreed to a plea deal that saw him cop to a conspiracy charge in exchange for a …
Shaun Nichols, 15 Aug 2018

Patch Tuesday heats up with pair of exploited zero-days squashed – plus 58 other vulns fixed

Microsoft and Adobe have teamed up to deliver more than 70 patches with this month's Patch Tuesday batch released today. Microsoft contributed the bulk of the fixes emitted this month, kicking out updates for 60 CVE-listed vulnerabilities in its products. These should be installed as soon as you're able to test and deploy them …
Shaun Nichols, 14 Aug 2018
scream

Oracle: Run, don't walk, to patch this critical Database takeover bug

Oracle is advising customers to update their database software following the discovery and disclosure of a critical remote code execution vulnerability. The flaw, dubbed CVE-2018-3110 was given a CVSS base score of 9.9 (out of 10) and Oracle warns that successful exploit of the bug "can result in complete compromise of the …
Shaun Nichols, 14 Aug 2018

Cisco patches IOS in response to boffins' IKE-busting breakthrough

Cisco has pushed out an update for its internetwork operating system (IOS) and IOS XE firmware in advance of a Usenix presentation on circumventing cryptographic key protocol. The networking behemoth is advising all customers running hardware that uses IOS and IOS XE to get the updates that address CVE-2018-0131, a security …
Shaun Nichols, 14 Aug 2018
Snail on a leaf... looking surprised (yes, that's possible). Photo by SHUTTERSTOCK

Intel finally emits Puma 1Gbps modem fixes – just as new ping-of-death bug emerges

More than 18 months after the design blunder was first brought to light, Intel is still working to iron out the creases in its Puma high-speed broadband modem chipsets. In recent weeks, Chipzilla quietly put out an advisory as well as finally confirming a formal CVE entry – CVE-2017-5693 – for the security vulnerability. When …
Shaun Nichols, 14 Aug 2018
Microsoft Azure

Microsoft gets edge on AWS with Azure Stack for government

Microsoft has kicked out a build of its Azure Stack on-premise cloud for US government use. The release extends Microsoft's Azure program for the government into the on-prem market, and gives Redmond one more selling point in its battle with AWS to land the lucrative IT service contracts Uncle Sam regularly hands out. By …
Shaun Nichols, 13 Aug 2018

Snap code snatched, Pentagon bans bands, pacemakers cracked, etc

Roundup This week, the infosec world descended on Las Vegas for BlackHat and DEF CON to share stories of bug hunting, malware neural nets, hefty payout offers, and more. Meanwhile, outside of the desert… Snapchat source sourced Photo-slinging biz Snapchat had a pretty rough week, as a mystery code dump on GitHub turned out to be a …
Shaun Nichols, 11 Aug 2018
Henry Nicholas mugshot

What do a meth, coke, molly, heroin stash and Vegas allegedly have in common? Broadcom cofounder Henry Nicolas

Broadcom billionaire cofounder Henry Nicholas was this week cuffed on suspicion of drug trafficking – after cops allegedly seized a huge stash of narcotics in his Las Vegas hotel suite. The chip design giant's 59-year-old ex-CEO and his companion Ashley Fargo were arrested on Tuesday night after security staff at the Encore …
Shaun Nichols, 11 Aug 2018

Work at a startup? Think US military isn't good enough at killing? We've got the program for you

The Pentagon has upgraded to permanent status a previously temporary and experimental program that bankrolls technology startups. Known as the Defense Innovation Unit, the program allows tech upstarts to obtain contracts with the US government to develop military-focused software and hardware in areas including AI, IT …
Shaun Nichols, 10 Aug 2018
Delete me

Congresscritters want answers on Tillerson's rm -rf /opt/gov/infosec

US House Democrats are asking Republicans to subpoena the State Department over its decision to shut down a key government cybersecurity office. Reps Elijah Cummings (D-MD) and Robin Kelly (D-IL) penned an open letter [PDF] to Oversight and Government Reform committee chairman Trey Gowdy (R-SC) this week asking that he issue a …
Shaun Nichols, 10 Aug 2018
Privacy policy on a tablet

Kaspersky VPN blabbed domain names of visited websites – and gave me a $0 reward, says chap

Updated Kaspersky's Android VPN app whispered the names of websites its 1,000,000-plus users visited along with their public IP addresses to the world's DNS servers. The antivirus giant duly fixed up the blunder when a researcher reported it via the biz's bug bounty program – for which he received zero dollars and zero cents as a …
Shaun Nichols, 9 Aug 2018
china hacker

Japanese dark-web drug dealers are so polite, they'll offer 'a refund' if you're not satisfied

The concept of the "dark web" in Asia is way different to what peeps in Europe and the Americas are used to. This is according to researchers at New York computer security firm IntSights, which today outlined a number of quirks unique to Asian countries in the way underground sites, and those of questionable legality, operate …
Shaun Nichols, 8 Aug 2018
Doctor Nick Riviera

Hey, you know what a popular medical record system doesn't need? 23 security vulnerabilities

Fresh light has been shed on a batch of security vulnerabilities discovered in the widely used OpenEMR medical records storage system. A team of researchers at Project Insecurity discovered and reported the flaws, which were patched last month by the OpenEMR developers in version 5.0.1.4. With the fixes now having been out for …
Shaun Nichols, 7 Aug 2018

Funnily enough, no, infosec bods aren't mad keen on W. Virginia's vote-by-phone-app plan

The US state of West Virginia plans to allow some of its citizens to vote in this year's midterm elections via a smartphone app – and its seemingly lax security is freaking out infosec experts. Voters living overseas, including military personnel and their spouses, will, in theory, be able to install and use the Voatz mobile …
Shaun Nichols, 7 Aug 2018

Denial of denial-of-service served: There was NO DDoS on FCC net neutrality comments

An internal investigation has laid waste to the FCC's claims that its net neutrality comments system was knocked offline by a distributed denial-of-service (DDoS) attack. The broadband watchdog's own inspector general will any day now release its findings into the outage, and confirm what many people had suspected all along: …
Shaun Nichols, 7 Aug 2018

Sur-Pies! Google shocks world with sudden Android 9 Pixel push

Google today somewhat unexpectedly started rolling out to the masses its latest version of Android – dubbed Android 9 Pie. This major build of the mobile operating system is right now being released to Pixel devices as well as the Essential Phone. Google says other Android devices will get the update over the course of this …
Shaun Nichols, 6 Aug 2018
password

Cracking the passwords of some WPA2 Wi-Fi networks just got easier

The folks behind the password-cracking tool Hashcat claim they've found a new way to crack some wireless network passwords in far less time than previously needed. Jens Steube, creator of the open-source software, said the new technique, discovered by accident, would potentially allow someone to get all the information they …
Shaun Nichols, 6 Aug 2018
Woman pays for something online with her credit card. Photo by Shutterstock

TSMC chip fab tools hit by virus, payment biz BGP hijacked, CCleaner gets weird – and more

Roundup This week we took a close look at Google security keys, bid adieu to Facebook's head security honcho, and had a few email credentials overshared by Atlassian. Here's everything else that happened in infosec land this week beyond what we've already reported. TSMC chip assembly line computers infected Chipmaker TSMC – which …
Shaun Nichols, 4 Aug 2018
Man in tie smashes printer with baseball bat in a field.

Ever seen printer malware in action? Install this HP Ink patch – or you may find out

HP Inc has posted an update to address a pair of serious security vulnerabilities in its InkJet printers. The firmware update patches CVE-2018-5924 and CVE-2018-5925, two flaws that can be exploited by printing a file that triggers a stack or static buffer overflow, giving you the ability to then execute malicious code on the …
Shaun Nichols, 3 Aug 2018
Coal miners

MikroTik routers grab their pickaxes, descend into the crypto mines

Researchers have found thousands of MikroTik network routers in Brazil serving up crypto-coin-crafting CoinHive code. Trustwave researcher Simon Kenin said this week one or more attackers have exploited a known vulnerability in Mikrotik's enterprise routers to inject error pages with code that uses visitors' machines to mine …
Shaun Nichols, 3 Aug 2018
Someone whispering a secret to another

Putting the ass in Atlassian: Helpdesk email server passwords blabbed to strangers

Exclusive Atlassian has warned users of its Jira Service Desk toolkit to change their helpdesk email account passwords – after a glitch caused the credentials to be sent to strangers' servers. Customers were today sent an advisory, seen by The Register, from Atlassian explaining that, due to a long-standing bug in its IT helpdesk …
Shaun Nichols, 2 Aug 2018
Bob Denver in Gilligan's Island

Castaway hacker guilty of sedating children's hospital computers

A self-styled Anonymous hacker who attempted to flee the US in a sailboat has been convicted of two felonies for his role in a 2014 distributed denial-of-service (DDoS) attack on a children's hospital. A jury in the Massachusetts US district court found Martin Gottesfeld guilty this week on charges of conspiracy to …
Shaun Nichols, 2 Aug 2018

Well, well, well. Crime does pay: Ransomware creeps let off with community service

Two men who masterminded various Coinvault ransomware infections will carry out 240 hours of community service as punishment for screwing over 1,200 computers and banking around €10,000 (£9k, $12k) in profit. The sentence was handed down by a court in Rotterdam, in the Netherlands, where it was ruled brothers Melvin and Dennis …
Shaun Nichols, 27 Jul 2018

Is it OK if we call $53bn-a-quarter Amazon the Bit Barns and Ignoble?

Amazon, a cloud computing monster with a gift shop tacked on the side, watched its sales surpass $52bn during its latest quarter. Despite big retail sales, much of the giant's profits in the second quarter of the year came from its Amazon Web Services division. The figures for Q2 2018, ending June 30, were revealed on Thursday …
Shaun Nichols, 27 Jul 2018
container_ship_hamburg_shutterstock_648

Oh no, what a rough blow: Cosco at a lossco over ransomware tossco

International shipping giant Cosco says it is recovering from an apparent ransomware infection on its American computer network. The biz said late Wednesday that its freight shipping operations will not be impacted, but phone and email systems were down in the US, Canada, and in some of the corp's Panama, and Peru and other …
Shaun Nichols, 26 Jul 2018

Biting the hand that feeds IT © 1998–2018