Shaun Nichols

Contact Mail Follow RSS feed
FBI

FBI agents take aim at VPNFilter botnet, point finger at Russia, yell 'national security threat'

The FBI says it is taking steps to stop the spread of the VPNFilter malware and botnet, warning that it's a national security issue. The bureau's offensive includes seizing a domain believed to have been used as part of the command and control structure for VPNFilter's 500,000-strong network of infected routers and storage …
Shaun Nichols, 24 May 2018
child browsing on tablet outdoors. pHOTO BY SHUTTERSTOCK

Kids and the web latest: 'Won't somebody please think of the children!' US Congresscritters plead

US Congress is pondering a bipartisan measure to expand the Children's Online Privacy Protection Act (COPPA) – the law that, well, protects children's privacy online. Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT), along with Represetnative Joe Barton (R-TX) and Bobby Rush (D-IL) have introduced bills in both houses …
Shaun Nichols, 23 May 2018

Lawyer warned FCC of Securus phone-tracking risks 10 months ago

Some ten months before Sen. Ron Wyden would request the FCC examine legal concerns over the service, a US lawyer had alerted the agency to potential problems with the Securus THREADS database. Law360 found that Lee Petro, a Washington DC-based attorney at Drinker, Biddle, and Reath LLP, noted in a July 25, 2017 filing (PDF) to …
Shaun Nichols, 23 May 2018
Putin

Advanced VPNFilter malware menacing routers worldwide

A newly-disclosed malware infection has compromised more than 500,000 home and small office routers and NAS boxes. Researchers with Cisco Talos say the malware, dubbed VPNFilter, has been spreading around the globe, but appears to primarily be largely targeting machines in the Ukraine. wifi Wish you could log into someone's …
Shaun Nichols, 23 May 2018
man in suit clutches briefcase full of cash. Photo by Shutterstock

HPE: Hell yeah, those job cuts worked out great… for our investors

Hewlett-Packard Enterprise is crediting the success of its Next corporate remake – as in, who should we fire Next – in helping it top expectations in its latest financial quarter. Execs at the IT goliath said Tuesday the ongoing efforts to focus its business and reduce headcount are working out better than planned, leading the …
Shaun Nichols, 23 May 2018

One year late, US senators act on fake net neutrality comments that drowned the FCC

Two US senators say they were among those whose identities were forged to file bogus comments on the FCC's net neutrality process. Senators Pat Toomey (R-PA) and Jeff Merkley (D-OR) are calling on Ajit Pai, chairman of the US broadband regulator, to look into how they and others were credited with posting opinions and views to …
Shaun Nichols, 22 May 2018

ISP TalkTalk's Wi-Fi passwords Walk Walk thanks to Awks Awks router security hole

A years-old vulnerability continues to menace the security of some home Wi-Fi networks in the UK. The WPS feature in TalkTalk's Super Router can be compromised to steal the gateway's wireless network password, according to folks at software development house IndigoFuzz. The British ISP and telco was warned of the shortcoming …
Shaun Nichols, 22 May 2018
Facebook Hello

'Facebook takes data from my phone – but I don't have an account!'

Anyone who uses the Facebook phone app knows what a toll it can take both on your mobile data and free time to be plugged into the social network through your device. But what happens if you don't even have an account, you can't remove the app, and the social network won't leave you alone? That's a problem facing folks around …
Shaun Nichols, 22 May 2018
iPhone 6S battery

Good news: It's still legal for Apple to keep its MacBook, iPhone batteries from melting

Apple has had a lawsuit, filed by notorious patent holder Uniloc over safety electronics in notebook and phone batteries, thrown out. Judge William Alsup, sitting in a US district court in northern California, found that Unlioc's claim to US patent 6,661,203 was invalid, as the technology it described was neither new nor …
Shaun Nichols, 21 May 2018
Big bill

Fella gets 2.5 years in the clink for coughing up cell numbers in $50m junk text message scam

A bloke armed with a fistful of cellphone numbers has been sent down for 30 months for his role in a scam that fleeced folks out of $50m in bogus monthly charges. Christopher Goff was sentenced by a US federal district court in Manhattan after being found guilty on one count of conspiracy to commit wire fraud. He will also …
Shaun Nichols, 21 May 2018
CCTV camera trained on a garden. Photo by Shutterstock

Signal bugs, car hack antics, the Adobe flaw you may have missed, and much more

Roundup Here's your guide to this week's infosec news beyond what we've already covered. ICE's extreme vetting plan melts away US Customs won't getting their massive terror predicting system after all. It's reported that America's immigration cops – ICE – have abandoned its call for the development of an artificially intelligent tool …
Shaun Nichols, 19 May 2018
Facebook

Facebook Android app caught seeking 'superuser' clearance

Updated Social networking giant and market-leading data broker Facebook is once again taking heat for playing fast and loose with its access to personal information. This time, it's the Facebook Android app that is under the spotlight after folks noticed it requesting an extraordinary amount of access privileges – specifically, …
Shaun Nichols, 18 May 2018
phone

LocationDumb: Phone tracker foul-up exposes world+dog to tracking

Updated The parade of bad privacy news this week has managed to get even worse, as one of the companies associated with the selling of phone locations for cash scandal was subject to a publicly exploitable bug. Researcher Robert Xiao says LocationSmart was running a site riddled with vulnerabilities that could allow anyone to look up …
Shaun Nichols, 18 May 2018
Chinese revolutionary panda

China changes its mind on Bain's Toshiba chip takeover plans

The government of China will not stand in the way of the Toshiba Memory Corporation's sale to US investment house Bain Capital. Both Bain and Toshiba announced on Thursday that they were set to finalize the deal next month after antitrust officials in China had cleared the merger that had already been approved in the US and …
Shaun Nichols, 17 May 2018
(An allegedly) Bad dog's police mug shot...

Super Cali goes ballistic: mugshot site atrocious

The state of California has brought felony charges against the group behind a site that collected mugshots and police records, then charged those featured to take down the pictures. Attorney General Xavier Beccara said the operators of Mugshots.com and Unpublisharrest.com committed extortion, money laundering, and identity …
Shaun Nichols, 17 May 2018
malware

DOJ convicts second bloke for helping malware go undetected

The US Federal government has got its second conviction in the dismantling of a service that helped malware writers get around security software. A jury in the Eastern Virginia District Court convicted 37 year-old Ruslan Bondars, on charges of computer intrusion, conspiracy to commit wire fraud, and conspiracy to violate the …
Shaun Nichols, 17 May 2018
A broken front door

Running Cisco DNA Center? Update right now to get rid of the static admin credential

Cisco has issued updates to address a trio of critical vulnerabilities in its Digital Network Architecture (DNA) Center appliance. The networking giant says DNA Center, a network management and administration box Cisco sells directly to customers, has three flaws that would each potentially allow an attacker to take over the …
Shaun Nichols, 16 May 2018

Lawyers for Marcus Hutchins: His 'I made malware' jail phone call isn't proper evidence

Malware reverse-engineer Marcus Hutchins has tried to throw out phone transcripts and legal documents used against him by US prosecutors, who have accused him of computer crimes and fraud. Lawyers for Hutchins, a British citizen facing trial in America, has asked an east Wisconsin district court to dismiss the Brits' Waiver of …
Shaun Nichols, 16 May 2018

Facebook stuck with IRS bill after court tosses $7 BEEELLION appeal

Facebook has lost its bid to throw out a tax bill on $7bn worth of income it had stashed overseas. A Northern District of California judge ruled in favor of the IRS this week, finding the Social Network did not have standing to challenge the tax bod's finding that Facebook underreported its revenues via its Ireland-based …
Shaun Nichols, 15 May 2018
Pentagon - building - houses the US dept of defense in Arlington Virginia

Ex-CIA man fingered as prime suspect in Vault 7 spy tool manuals leak

A former CIA employee has been named as the prime suspect behind last year's leak of thousands of top-secret documents on the agency's hacking practices. According to the Washington Post, court documents name Joshua Adam Schulte as the person authorities believe to be behind the massive Vault 7 online dump of CIA internal …
Shaun Nichols, 15 May 2018
Julian Assange via Shutterstock

Julian Assange said to have racked up $5m security bill for Ecuador

The government of Ecuador spent nearly $5m to provide protected internet access to asylum-seeker Julian Assange and he responded by hacking their systems, an anonymously sourced report has claimed. According to a report from The Guardian, internal documents show that the the Wikileaks boss required surveillance and security …
Shaun Nichols, 15 May 2018

How could the Facebook data slurping scandal get worse? Glad you asked

Yet another rogue Facebook app that gathered and sold "intimate" details on millions of users has come to light. A report from New Scientist finds that the myPersonality app had collected and shared the personal information for as many as three million users who had installed the app on their Facebook profile. The data has …
Shaun Nichols, 15 May 2018
Spy

S/MIME artists: EFAIL email app flaws menace PGP-encrypted chats

Security researchers have gone public with vulnerabilities in some secure mail apps that can be exploited by miscreants to decrypt intercepted PGP-encrypted messages. The flaws, collectively dubbed EFAIL, are present in the way some email clients handle PGP and S/MIME encrypted messages. By taking advantage of the way the …
Shaun Nichols, 14 May 2018

How many ways can a PDF mess up your PC? 47 in this Adobe update alone

Adobe has posted security updates for Acrobat, Reader, and Photoshop, many of them critical fixes. The developer says the Acrobat and Reader update will address a total of 47 CVE-listed vulnerabilities, including two dozen remote code execution flaws in the PDF readers. Adobe notes that none of the bugs are being actively …
Shaun Nichols, 14 May 2018
Hammer and hardhat, image via Shutterstock

Rowhammer strikes networks, Bolton strikes security jobs, and Nigel Thornberry strikes Chrome, and more

Roundup Here's a roundup of everything that's happened in the world of infosec this week, beyond what we've already covered. 7Zip gets 7Ripped Researchers have poked a hole in the 7-Zip archiving tool, and you'll want to update the software as soon as possible. The bug, discovered by researcher landave, allows remote code execution …
Shaun Nichols, 12 May 2018

Biting the hand that feeds IT © 1998–2018