Shaun Nichols

Contact Mail Follow RSS feed
Drowning in a smartphone

LabCorp ransomed, 18k routers rooted, a new EXIF menace, and more

Roundup This was the week of blunders by Venmo, million-dollar bank heists, and beefier bug bounties. Here's a few more bits of news. Singapore sting Any large-scale data breach is bad news, but one that results in the loss of the health information of a quarter of the population is downright disastrous. Such was the case in …
Shaun Nichols, 21 Jul 2018

Microsoft: The Kremlin's hackers are already sniffing, probing around America's 2018 elections

Microsoft says it has already uncovered evidence of Russian government-backed hacking gangs attempting to interfere in the 2018 US mid-term elections. Speaking at an event in Aspen, Colorado, earlier this week, Microsoft vice president of security and trust Tom Burt revealed that the FancyBear hacking group has already begun …
Shaun Nichols, 20 Jul 2018
Putin

Crypto gripes, election security, and mandatory cybersec school: Uncle Sam's cyber task force emits todo list for govt

The US Department of Justice (DOJ) this week released the first report from its Cyber Digital Task Force – which was set up in February to advise the government on strengthening its online defenses. The report [PDF], compiled by 34 people from six different government agencies, examines the challenges facing Uncle Sam's …
Shaun Nichols, 20 Jul 2018
Satya Nadella

Bonkers Azure bookings give Microsoft a record-breaking $110bn year

Microsoft has closed out a massive fiscal 2018 that saw the Redmond giant lay claim to more than $110bn in total revenue. Azure and its cloud compute operation was singled out in Redmond's financial figures – released on Thursday – as one of Microsoft's top performers both in the full year and the past three months. Here's a …
Shaun Nichols, 19 Jul 2018

Fukushima reactors lend exotic nuclear finish to California's wines

Savants reckon radiation released by the 2011 Fukushima nuclear kerfuffle has made its way into California's wine. A paper emitted this month by researchers at the University of Bordeaux Centre d'Études Nucléaires de Bordeaux-Gradignan (CNRS) in France revealed that levels of cesium-137 in the atmosphere rose as a result of …
Shaun Nichols, 19 Jul 2018
Watson Power7 cluster. Pic: IBM

Big(ish) Blue: IBM sales creep up four per cent, share price follows suit

IBM is touting the growth in its "strategic imperatives" business lineup with helping its revenues once again gain over the year-ago quarter. It wasn't all great news for Big Blue, however, as other favored businesses such as Cognitive Solutions and Technology Services and Cloud were flat or down from the year-ago period. For …
Shaun Nichols, 19 Jul 2018
A man in handcuffs

Bloke accused of netting $5m on inside info about Lattice Semiconductor

A Chinese investor has been charged in America with insider trading after allegedly using Lattice Semiconductor secrets to turn a massive profit on Wall Street. Michael Yin, 45, of Beijing, China, faces 14 felony charges of securities fraud and conspiracy to commit securities fraud after he allegedly used confidential …
Shaun Nichols, 18 Jul 2018

Who's leaving Amazon S3 buckets open online now? Cybercroooks, US election autodialers

Security biz Kromtech has unearthed two more embarrassing – and potentially dangerous – cases of groups leaving mass data caches unguarded on the public internet. In the first case, the culprit was an improperly configured AWS S3 bucket owned and operated by Robocent, a political robocalling company based in Virginia Beach, VA …
Shaun Nichols, 18 Jul 2018
Hacker

Blood test biz LabCorp pulls plug on systems over hacker fears

Medical biz LabCorp shut down some of its systems last week after it detected "suspicious activity" on its network. A company spokesperson told The Register that, contrary to early claims the "entire network" was shut down and "millions" of records swiped, only its Diagnostics service was affected – the Covance pharmaceutical …
Shaun Nichols, 17 Jul 2018
hacker

Scumbag confesses in court: LuminosityLink creepware was my baby

A US software developer has admitted to selling and supporting spyware after originally claiming his remote access tool was legitimate admin software. Colton Grubbs agreed to plead guilty to three felony charges – two counts of conspiracy, and one count of removal of property to prevent seizure – in a US federal district court …
Shaun Nichols, 17 Jul 2018
Vote button

US voting systems (in Oregon) potentially could be hacked (11 years ago) by anybody (in tech support)

Updated A US voting machine manufacturer has admitted some of its systems sold in the early 2000s had a remote access tool installed. In a letter (PDF) sent to Senator Ron Wyden (D-OR) in April, and revealed today, voting systems vender ES&S said that, from 2000-2006, a handful of machines it sold to local governments in Wyden's home …
Shaun Nichols, 17 Jul 2018
Killer whale, photo via Shutterstock

Yar, thar she blows: Corp-cash-stealing email whaling attacks now a $12.5bn industry

Business email accounts remain a lucrative way for scammers to get into companies and turn a quick buck. The FBI's Internet Crime Complaint Center (IC3) says that attacks using Business Email Compromise (stealing a legit business account and then using it to transfer funds out to criminals) incidents have exploded, with …
Shaun Nichols, 17 Jul 2018
Drugs on a table

Irish fella accused of being Silk Road admin 'Libertas' hauled to US

US prosecutors have extradited an Irish man to America, where he will face charges of allegedly overseeing the infamous Silk Road drugs e-souk. The US Attorney for the Southern District of New York said that 30-year-old Gary Davis, who went by the handle Libertas on the underground cyber-bazaar, is accused of conspiracy to …
Shaun Nichols, 16 Jul 2018
gps

Sad Nav: How a cheap GPS spoofer gizmo can tell drivers to get lost

Researchers have developed kit that masquerades as GPS satellites to deceive nearby GPS receivers and thus potentially trick drivers into heading off in the wrong direction. The team – a trio of groups at Microsoft, Virginia Tech in the US, and the University of Electronic Science and Technology of China – detailed in a paper …
Shaun Nichols, 16 Jul 2018

Hope for Hutchins, Navy sinks contractor, there's another Russian hacking scandal, and more

Roundup This week, when we weren't watching the football and sobbing uncontrollably, we saw security headaches at NPM and Ticketmaster, and a priest in hot water with cybercrime charges. But there's always more in the security world. Here are a few other bits of security news from recent days. Russians could be behind 'cyber caliphate …
Shaun Nichols, 14 Jul 2018
blackmail

Scam alert: No, hackers don't have webcam vids of you enjoying p0rno. Don't give them any $$s

Scumbags are trying to extort money from netizens by threatening to leak to friends and family videos of their marks watching X-rated videos. A Reg reader this week shared their story of being contacted by an extortionist who claimed to have obtained, through hacking our reader's PC, compromising webcam footage of them …
Shaun Nichols, 13 Jul 2018
trump

Indictment bombshell: 'Kremlin intel agents' hacked, leaked Hillary's emails same day Trump asked Russia for help

American prosecutors have accused 12 suspected Russian spies of hacking Democrat and Hillary Clinton campaign officials to publicly leak their sensitive emails and potentially influence the 2016 US Presidential Election. Deputy Attorney General Rod Rosenstein today announced criminal conspiracy charges against a dozen people …
Shaun Nichols, 13 Jul 2018
An American football player

Are you ready for some sueball?! NFL opens wallet, makes vid stream patent spat go away

The NFL, the home of America's favorite form of recreational brain trauma, will find itself a bit less wealthy, after it settled a lawsuit brought by a streaming video software developer. The football league on Thursday finalized a settlement with OpenTV, which had accused the NFL of ripping off parts of eight of its US …
Shaun Nichols, 13 Jul 2018
Cisco logo on wall

Party like it's 1999: Packets of death, code exec menace Cisco gear

Cisco has advised net admins using switches that run its Fabric Services on FXOS, or NX-OS software, to update their boxes following the discovery of a critical security flaw. Switchzilla said CVE-2018-0304 can be exploited by an attacker to shut down the network boxes or remotely execute malicious code on them simply by …
Shaun Nichols, 12 Jul 2018

Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders

Updated An unfortunate chain reaction was averted today after miscreants tampered with a widely used JavaScript programming tool to steal other developers' NPM login tokens. The open-source utility eslint-scope was altered by hackers so that, when used to analyze source code, it would copy the contents of the user's ~/.npmrc file to …
Shaun Nichols, 12 Jul 2018
jail

FBI for the Apple guy: Bloke accused of stealing robo-car tech

An ex-Apple engineer has been hit with trade secret theft charges after allegedly pinching copies and samples of Cupertino's autonomous car technology. A US federal district court in northern California will hear the case (PDF) of Xiaolang Zhang, a techie who in 2015 was hired to work on the Cupertino music seller's ultra- …
Shaun Nichols, 12 Jul 2018
Swarming bugs

Intel, Microsoft, Adobe release a swarm of bug fixes to ruin your week

IT admins face a busy week ahead as Microsoft, Intel, and Adobe have issued bundles of scheduled security fixes addressing more than 150 CVE-listed vulnerabilities. Surprise, surprise, Microsoft has a ton of browser fixes For Redmond, the July Patch Tuesday will bring fixes for 53 individual bugs, 25 of those allowing for …
Shaun Nichols, 11 Jul 2018
Taipei, Taiwan

Did you know? The word 'Taiwan' would crash iOS thanks to a buggy filter for the Chinese govt

Apple's attempt to filter out text on its iPhones to appease the Chinese government would crash iOS – and now that bug, or feature, has been fixed. Infosec whizkid Patrick Wardle revealed today that CVE-2018-4290, a denial of service flaw in iOS 11.3 and earlier, was in fact a programming blunder Apple introduced when it …
Shaun Nichols, 10 Jul 2018
A flying saucer in a field

AT&T abducts AlienVault to bolster business end of its security probing

AT&T has agreed to acquire security intel specialist AlienVault for an unspecified pile of cash. The two companies announced the deal on Tuesday, saying that AlienVault would join AT&T Business as part of its enterprise and SMB security services. Specifically, the telco giant says that after the deal wraps up it will offer …
Shaun Nichols, 10 Jul 2018
Open barn door

It's mid-year report time, let's see how secure corporate networks are. Spoiler alert: Not at all

Companies are still leaving basic security flaws and points of entry wide open for hackers to exploit. This according to research from security house Positive Technologies, which says that its penetration testers found that enterprises were rife with things like months-old unpatched vulnerabilities and unsecured access points …
Shaun Nichols, 10 Jul 2018

Biting the hand that feeds IT © 1998–2018