Shaun Nichols

Contact Mail Follow RSS feed
A DJI Phantom 4 with camera detail. Pic: Shutterstock

FYI: Drone maker DJI's 'Get it on Google Play' website button definitely does not get the app from Google Play...

Drone manufacturer DJI is under fire because the "Get it on Google Play" button on its website for its smartphone app does anything but that. An anonymous reader pointed El Reg on Thursday to a GitHub-hosted page outlining how users on Android devices who click the "Get it on Google Play" button on DJI's Spark software …
Shaun Nichols, 19 Oct 2018

From dank memes to Krispy Kremes: British uni eggheads claim viral lol pics make kids fat

Plus-sized pea-brained progenies, sorry, impressionable youths pile on the pounds because they're using internet memes as a handbook for living life. This is according to university researchers who say viral images online are contributing to unhealthy behavior and things like obesity in young people. A letter [PDF] provided to …
Shaun Nichols, 19 Oct 2018
Samsung Gear 2 smartwatch

All through the house, not a creature was stirring... especially Samsung smartwatches: Batteries empty at 3AM

Samsung Gear smartwatch owners are complaining the batteries in their strap-on gizmos are mysteriously and rapidly draining overnight – and it's only just started happening. Multiple Gear Sport owners have taken to the manufacturer's support forums to voice their frustration over a problem that appears to be related to an …
Shaun Nichols, 18 Oct 2018
IBM's new mainframe

IBM talks 'emerging, high value segments' – so you know the Q3 numbers aren't great

IBM saw its stock price take a hit Tuesday afternoon after the enterprise tech giant saw quarterly revenues miss the mark. For the Q3 2018 period, ending September 30: Revenues of $18.8bn were down 2 per cent from the year-ago total of $19.2bn and well short of analyst estimates of $19.2bn. Net income of $2.7bn was down 1 …
Shaun Nichols, 17 Oct 2018
dump truck

Thought Patch Tuesday was a load? You gotta check out this Oracle mega-advisory, then

Oracle has released a wide-ranging security update to address more than 300 CVE-listed vulnerabilities in its various enterprise products. The October release covers the gamut of Oracle's offerings, including its flagship Database, E-Business Suite, and Fusion Middleware packages. For Database, the update addresses a total of …
Shaun Nichols, 16 Oct 2018
florence

Insult to injury: Malware menace soaks water-logged utility ravaged by Hurricane Florence

A water company in the US state of North Carolina already dealing with the aftermath of Hurricane Florence will now have to juggle a complete database rebuild – thanks to a nasty ransomware infection. The Onslow Water and Sewer Authority (aka ONWASA) says it will have to completely restore a number of its internal systems …
Shaun Nichols, 16 Oct 2018

Dating app for Trump loners commits YUGE blunder: It leaks more than the West Wing

A much-hyped dating site for Donald Trump supporters in the US is being blasted for shoddy security that may have exposed all of its users to eavesdropping and account theft. Donald Daters pitches itself as "an American-based singles community connecting lovers, friends, and Trump supporters alike." The app, offered for both …
Shaun Nichols, 15 Oct 2018
army

Hunt for Red Bugtober: US military's weapon systems riddled with security holes – auditors

Computer security vulnerabilities are widespread in US military hardware, and the Pentagon is only beginning to understand how to fix them. This is according to a October report [PDF] on cybersecurity practices in Uncle Sam's armed forces, drawn up by the Government Accountability Office (GAO). Leading with the subtle title " …
The Pentagon, USA

Penta-gone! Personal records of 30,000 US Dept of Defense workers swiped by miscreants

Someone has reportedly siphoned personal information on 30,000 or more US Department of Defense workers. According to anonymous sources at the Pentagon in Washington DC, an unnamed individual was able to access department travel records earlier this year, and would have been able to log employees' submitted personal …
Shaun Nichols, 15 Oct 2018
Microsoft Azure

Azure goes quiet, Huawei Canada ban urged, US Senators are after Google, and more

Roundup This week we caught wind of another Facebook blunder, a dodgy Patch Tuesday bundle, and more China trouble. Here's the rest of what went down. Fake Flash, fake money, real malware Stop us if you'd heard this one before: but unsolicited Flash download pages on random sites can be a bit dodgy. Palo Alto Networks says it has …
Shaun Nichols, 13 Oct 2018
Doctors run to save patient. Photo by Shutterstock

It's the real Heart Bleed: Medtronic locks out vulnerable pacemaker programmer kit

The US Food and Drug Administration (FDA) is advising health professionals to keep an eye on some of the equipment they use to monitor pacemakers and other heart implants. The watchdog's alert this week comes after Irish medical device maker Medtronic said it will lock some of its equipment out of its software update service, …
Shaun Nichols, 12 Oct 2018

Now this might be going out on a limb, but here's how a branch.io bug left '685 million' netizens open to website hacks

Bug-hunters have told how they uncovered a significant security flaw that affected the likes of Tinder, Yelp, Shopify, and Western Union – and potentially hundreds of millions of folks using these sites and apps. The software sniffers said they first came across the exploitable programming blunder while digging into webpage …
Shaun Nichols, 12 Oct 2018
A broken front door

Yale Weds: Just some system maintenance, nothing to worry about. Yale Thurs: Nobody's smart alarm app works

Yale Security UK says it is repairing its online systems after some unplanned maintenance turned into a total outage – and prevented folks from controlling their Yale smart home alarms via its smartphone app. The locksmith said it was working through the night into Friday morning to address the gremlins that had left its users …
Shaun Nichols, 12 Oct 2018
IBM PC

WebSphere and loathing in New York: IBM yanks buggy application server security fix from admins

IBM has withdrawn a patch for a significant security vulnerability in its WebSphere Application Server after the code knackered some systems. Just this week, Big Blue said it is working on a new fix for CVE-2018-1567, a remote-code execution vulnerability in versions 9.0, 8.5, 8.0, and 7.0 of the platform. The bug has received …
Shaun Nichols, 11 Oct 2018

Bloke gets six months for fixing up Russia's US election trolls with bank accounts, fake identities

A California man who provided bank accounts to Russian online trolls seeking to monkey with America's 2016 elections will spend the next six months or so behind bars. Richard Pinedo was sentenced on Wednesday in a Washington DC district court some eight months after admitting to one count of identity fraud in a plea deal with …
Shaun Nichols, 11 Oct 2018
Chairman Mao exhorting chinese workers to do their utmost for the nation

Oh no, Xi didn't! Chinese spymaster cuffed in Belgium, yoinked to US on aerospace snoop rap

US prosecutors have unsealed charges against a collared Chinese national, accusing him of stealing trade secrets from American aerospace companies. Yanjun Xu, who Uncle Sam says is the deputy director the Chinese Ministry of State Security (MSS), has been charged with one count each of economic espionage and trade secret theft …
Shaun Nichols, 11 Oct 2018

PINs and needled: Experian site blabbed codes to unlock credit accounts for fraudsters

Experian's website exposed to world-plus-dog the PINs needed to unlock frozen accounts, allowing crooks to potentially apply for loans and credit cards as their victims. The credit-monitoring agency lets people freeze their account using a PIN that has to be submitted in when applying for stuff like loans: it's a mechanism …
Shaun Nichols, 10 Oct 2018
Free range chicken and farmer photo via Shutterstock

Who needs custom malware? 'Govt-backed' Gallmaker spy crew uses off-the-shelf wares

A newly discovered spy gang is eschewing boutique attack tools to instead use publicly available exploits against unpatched systems. Known as Gallmaker, the cyber-espionage group is said to be targeting the embassies of an unnamed eastern European country and military defense installations in the Middle East. According to …
Shaun Nichols, 10 Oct 2018
people peer into camera. photo by shutterstock

World's largest CCTV maker leaves at least 9 million cameras open to public viewing

Yet another IoT device vendor has been found to be exposing their products to attackers with basic security lapses. This time, it's Chinese surveillance camera maker Xiongmai named and shamed this week by researchers with SEC Consult for the poor security in the XMEye P2P Cloud service. Among the problems researchers pointed …
Shaun Nichols, 9 Oct 2018
perplexed woman on phone

Rap for WhatsApp chat app chaps in phone-to-pwn security nap flap

WhatsApp has patched a vulnerability it its smartphone code that could have been exploited by miscreants to crash victims' chat app simply by placing a call. Google Project Zero whizkid and Tamagotchi whisperer Natalie Silvanovich discovered and reported the flaw, a memory heap overflow issue, directly to WhatsApp in August. …
Shaun Nichols, 9 Oct 2018
Girl and computer, photo via Shutterstock

It's October 2018, and Microsoft Exchange can be pwned by a plucky eight-year-old... bug

Microsoft has released the October edition of its monthly security update, addressing a total of 49 CVE-listed bugs. DLL bug a blast from the past Among the 49 fixes were three issues that have already been publicly disclosed and a fourth that was being targeted in the wild. On top of that, a remote code execution bug in …
Shaun Nichols, 9 Oct 2018
USMC

SAP bug beatdowns, Apple gets nasty with Mac repairs, Struts woe, and more from infosec

roundup This week we all worried about bugged servers, North Korean APTs, and GRU hacking groups. But those were far from the only security stories to hit the wires. Here are a handful of other pieces that may have slipped under the radar. Marketing firm parts with massive trove of customer data The last time an Apollo effort went …
Shaun Nichols, 6 Oct 2018

Iron Mike Pence blasts Google for its censor-happy Dragonfly Chinese search engine

US Vice-President Mike Pence has harsh words for Google over its involvement in the Dragonfly search platform, reportedly under development for use in the Middle Kingdom. The criticism came on Thursday in a scathing speech against China that the Veep gave to the Hudson Institute, a DC-based public policy organization. Shortly …
Shaun Nichols, 4 Oct 2018

Whose line of attack is it anyway? Cyber-assault whodunnits harder than ever to solve

Government-backed spies and hackers are increasingly using commercially available malware – thanks to a flourishing market of off-the-shelf software nasties – making it harder for researchers to identify who exactly is behind a cyber-attack. Traditionally, infosec bods have sought to pinpoint and unmask hacking crews by …
Shaun Nichols, 4 Oct 2018

Want some of that sweet government contract money? Obama's CIO gives tips to land deals with Uncle Sam

The former CIO of the US federal government says companies looking to nab IT contracts with agencies need to bring more than just a sales pitch. Tony Scott, who worked as Uncle Sam's CIO from 2015 to 2017, says that the key to getting any agency contract these days is to not only explain why your company is best for the job, …
Shaun Nichols, 3 Oct 2018

Biting the hand that feeds IT © 1998–2018