Shaun Nichols

Contact Mail Follow RSS feed
Barbra Streisand photo from Shutterstock

SentinelOne makes YouTube delete Bsides vid 'cuz it didn't like the way bugs were reported

If you were at BSides Manchester in England this week, you hopefully caught James Williams' presentation on the shortcomings of some commercial antivirus tools. If not, and you hoped to watch it on YouTube, you may be out of luck for a while. That's because one of the vendors mentioned – SentinelOne – is rather upset with the …
Shaun Nichols, 18 Aug 2018
Portion of US Patent 6368268

Now you can tell someone to literally go f--k themselves over the internet: Remote-control mock-cock patent dies

It is a great day for those who dream of Internet-of-Flings sex toys. A key patent describing web-connected remote-controllable techno-dildos has expired. Friday marks the 20-year anniversary, and end of, US Patent 6,368,268, a controversial piece of intellectual property that has long been blamed for holding back the …
Shaun Nichols, 17 Aug 2018

Go Zuck Yourself: Facebook destroys patent suit over timeline

Facebook has prevailed in a suit over its iconic news feed and claims it ripped off the idea from a patent troll. Judge John Koetl granted Summary Judgement [PDF] to House Zuck, approving its motion to dismiss an allegation that the Facebook timeline violated Mirror Worlds' purchased patents on the organization of messages and …
Shaun Nichols, 16 Aug 2018
Crocodile Dundee, 20th Century Fox.

Who was it that hacked Apple? Ozzie Ozzie Ozzie, boy boy boy!

An overzealous Apple fanboy from Australia plead guilty to criminal charges after he allegedly cracked the Cupertino giant's systems in hopes of landing a job. The 16 year-old hackeroo, who was not named in accordance with local law, is said to have broken into the idiot tax racket's servers on more than one occasion, …
Shaun Nichols, 16 Aug 2018
China cybersecurity

Juno this ain't right! Chinese hackers target Alaska

An attack on US government facilities in Alaska has been traced back to China's Tsinghua University and a larger hacking effort. Researchers with security house Recorded Future say [PDF] that the attack, initially focused on seperatist activity in Tibet, grew to to target US government operations in the Pacific including bases …
Shaun Nichols, 16 Aug 2018
Online privacy image via Shutterstock

Mozilla-endorsed security plug-in accused of tracking users

A security plug-in for the Firefox browser is under fire after users discovered it was collecting and uploading their online activity. The outcry began after Mozilla featured the Web Security extension on its blog with a post titled "Make Your Firefox Browser a Privacy Superpower." The plug-in, developed by German company …
Shaun Nichols, 15 Aug 2018

Making money mining Coinhive? Yeah, you and nine other people

Mining internet currency on websites with Coinhive scripts is a lucrative endeavor, but only for a handful of people. This according to researchers from RWTH Aachen University, who used a new detection technique to track pages mining the cryptocurrency and found that [PDF] just 10 users were responsible for 85 per cent of the …
Shaun Nichols, 15 Aug 2018
DOor to a bank vault. Photo by Shutterstock

India's Cosmos bank raided for $13m by hackers

Cosmos Bank in India says that hackers made off with $13.4m in stolen funds over the weekend. Multiple reports out of the country say that a group of attackers used cloned cards to withdraw cash from ATMs at a set time and perform a fraudulent SWIFT money transfer. Together, the efforts resulted in about Rs 94 crore ($13.4m) …
Shaun Nichols, 15 Aug 2018
Money laundering

Florida Man laundered money for Reveton ransomware. Then Microsoft hired him

A former Microsoft network engineer will be spending a sojourn behind bars after pleading guilty to conspiracy to commit money laundering. Raymond Odigie Uadiale was this week given an 18-month sentence and three years supervised release – after he agreed to a plea deal that saw him cop to a conspiracy charge in exchange for a …
Shaun Nichols, 15 Aug 2018

Patch Tuesday heats up with pair of exploited zero-days squashed – plus 58 other vulns fixed

Microsoft and Adobe have teamed up to deliver more than 70 patches with this month's Patch Tuesday batch released today. Microsoft contributed the bulk of the fixes emitted this month, kicking out updates for 60 CVE-listed vulnerabilities in its products. These should be installed as soon as you're able to test and deploy them …
Shaun Nichols, 14 Aug 2018
scream

Oracle: Run, don't walk, to patch this critical Database takeover bug

Oracle is advising customers to update their database software following the discovery and disclosure of a critical remote code execution vulnerability. The flaw, dubbed CVE-2018-3110 was given a CVSS base score of 9.9 (out of 10) and Oracle warns that successful exploit of the bug "can result in complete compromise of the …
Shaun Nichols, 14 Aug 2018

Cisco patches IOS in response to boffins' IKE-busting breakthrough

Cisco has pushed out an update for its internetwork operating system (IOS) and IOS XE firmware in advance of a Usenix presentation on circumventing cryptographic key protocol. The networking behemoth is advising all customers running hardware that uses IOS and IOS XE to get the updates that address CVE-2018-0131, a security …
Shaun Nichols, 14 Aug 2018
Snail on a leaf... looking surprised (yes, that's possible). Photo by SHUTTERSTOCK

Intel finally emits Puma 1Gbps modem fixes – just as new ping-of-death bug emerges

More than 18 months after the design blunder was first brought to light, Intel is still working to iron out the creases in its Puma high-speed broadband modem chipsets. In recent weeks, Chipzilla quietly put out an advisory as well as finally confirming a formal CVE entry – CVE-2017-5693 – for the security vulnerability. When …
Shaun Nichols, 14 Aug 2018
Microsoft Azure

Microsoft gets edge on AWS with Azure Stack for government

Microsoft has kicked out a build of its Azure Stack on-premise cloud for US government use. The release extends Microsoft's Azure program for the government into the on-prem market, and gives Redmond one more selling point in its battle with AWS to land the lucrative IT service contracts Uncle Sam regularly hands out. By …
Shaun Nichols, 13 Aug 2018

Snap code snatched, Pentagon bans bands, pacemakers cracked, etc

Roundup This week, the infosec world descended on Las Vegas for BlackHat and DEF CON to share stories of bug hunting, malware neural nets, hefty payout offers, and more. Meanwhile, outside of the desert… Snapchat source sourced Photo-slinging biz Snapchat had a pretty rough week, as a mystery code dump on GitHub turned out to be a …
Shaun Nichols, 11 Aug 2018
Henry Nicholas mugshot

What do a meth, coke, molly, heroin stash and Vegas allegedly have in common? Broadcom cofounder Henry Nicolas

Broadcom billionaire cofounder Henry Nicholas was this week cuffed on suspicion of drug trafficking – after cops allegedly seized a huge stash of narcotics in his Las Vegas hotel suite. The chip design giant's 59-year-old ex-CEO and his companion Ashley Fargo were arrested on Tuesday night after security staff at the Encore …
Shaun Nichols, 11 Aug 2018

Work at a startup? Think US military isn't good enough at killing? We've got the program for you

The Pentagon has upgraded to permanent status a previously temporary and experimental program that bankrolls technology startups. Known as the Defense Innovation Unit, the program allows tech upstarts to obtain contracts with the US government to develop military-focused software and hardware in areas including AI, IT …
Shaun Nichols, 10 Aug 2018
Delete me

Congresscritters want answers on Tillerson's rm -rf /opt/gov/infosec

US House Democrats are asking Republicans to subpoena the State Department over its decision to shut down a key government cybersecurity office. Reps Elijah Cummings (D-MD) and Robin Kelly (D-IL) penned an open letter [PDF] to Oversight and Government Reform committee chairman Trey Gowdy (R-SC) this week asking that he issue a …
Shaun Nichols, 10 Aug 2018
Privacy policy on a tablet

Kaspersky VPN blabbed domain names of visited websites – and gave me a $0 reward, says chap

Updated Kaspersky's Android VPN app whispered the names of websites its 1,000,000-plus users visited along with their public IP addresses to the world's DNS servers. The antivirus giant duly fixed up the blunder when a researcher reported it via the biz's bug bounty program – for which he received zero dollars and zero cents as a …
Shaun Nichols, 9 Aug 2018
china hacker

Japanese dark-web drug dealers are so polite, they'll offer 'a refund' if you're not satisfied

The concept of the "dark web" in Asia is way different to what peeps in Europe and the Americas are used to. This is according to researchers at New York computer security firm IntSights, which today outlined a number of quirks unique to Asian countries in the way underground sites, and those of questionable legality, operate …
Shaun Nichols, 8 Aug 2018
Doctor Nick Riviera

Hey, you know what a popular medical record system doesn't need? 23 security vulnerabilities

Fresh light has been shed on a batch of security vulnerabilities discovered in the widely used OpenEMR medical records storage system. A team of researchers at Project Insecurity discovered and reported the flaws, which were patched last month by the OpenEMR developers in version 5.0.1.4. With the fixes now having been out for …
Shaun Nichols, 7 Aug 2018

Funnily enough, no, infosec bods aren't mad keen on W. Virginia's vote-by-phone-app plan

The US state of West Virginia plans to allow some of its citizens to vote in this year's midterm elections via a smartphone app – and its seemingly lax security is freaking out infosec experts. Voters living overseas, including military personnel and their spouses, will, in theory, be able to install and use the Voatz mobile …
Shaun Nichols, 7 Aug 2018

Denial of denial-of-service served: There was NO DDoS on FCC net neutrality comments

An internal investigation has laid waste to the FCC's claims that its net neutrality comments system was knocked offline by a distributed denial-of-service (DDoS) attack. The broadband watchdog's own inspector general will any day now release its findings into the outage, and confirm what many people had suspected all along: …
Shaun Nichols, 7 Aug 2018

Sur-Pies! Google shocks world with sudden Android 9 Pixel push

Google today somewhat unexpectedly started rolling out to the masses its latest version of Android – dubbed Android 9 Pie. This major build of the mobile operating system is right now being released to Pixel devices as well as the Essential Phone. Google says other Android devices will get the update over the course of this …
Shaun Nichols, 6 Aug 2018
password

Cracking the passwords of some WPA2 Wi-Fi networks just got easier

The folks behind the password-cracking tool Hashcat claim they've found a new way to crack some wireless network passwords in far less time than previously needed. Jens Steube, creator of the open-source software, said the new technique, discovered by accident, would potentially allow someone to get all the information they …
Shaun Nichols, 6 Aug 2018

Biting the hand that feeds IT © 1998–2018