Shaun Nichols

Contact Mail Follow RSS feed
A still from Total Recall's 'two weeks' scene

Now Europe wants a four-million-quid AI-powered lie detector at border checkpoints

The EU is readying an AI-based screening system designed to catch travelers who lie about their reasons for visiting the Continent. The European Commission has thrown more than €4.5m (£4m, $5.1m) into iBorderCtrl, a self-described "intelligent control system" that analyzes answers given by travelers to a series of questions at …
Shaun Nichols, 2 Nov 2018

Wow. Apple's only gone and killed off Mac, iPad, iPhone family... figures for units sold to fans

Cupertino tastemaker Apple Inc has logged yet another record quarter, though investors are worried that sales may be starting to slow. The renowned creator of the Pippin on Thursday delivered both its fourth quarter and full-year numbers for its fiscal 2018. For the Q4 FY 2018 period, ending September 29: Revenues of $62. …
Shaun Nichols, 2 Nov 2018
Micron_UDIMM_cards

Talk about Micron-aggression: US charges Chinese biz, staff over DRAM chip secrets theft

The US Department of Justice has unveiled charges against two companies and three individuals it says have been stealing trade secrets from American memory chipmaker Micron. The DOJ claims United Microelectronics Corporation and Fujian Jinhua Integrated Circuit – along with individuals Stephen Chen, JT Ho, and Kenny Wang – all …
Shaun Nichols, 1 Nov 2018
US/UK

US Republicans bash UK for tech tax plan

One of the top Republicans in the US House of Representatives had harsh words Wednesday for the UK government's plan to impose additional taxes on tech giants. Representative Kevin Brady (R-TX), chairman of the influential House Ways and Means Committee, said the tax was an unfair measure to extract cash from US-based …
Shaun Nichols, 1 Nov 2018
hub

This one weird trick turns your Google Home Hub into a doorstop

Updated A security researcher says an undocumented API in the Google Home Hub assistant can be exploited to kick the gizmo off its own wireless network. Flaw finder Jerry Gamblin says the API allows the device to receive commands from systems and handhelds sharing its local wireless network that can, among other things, reboot the …
Shaun Nichols, 31 Oct 2018
Image by LuckyN http://www.shutterstock.com/gallery-1795121p1.html

Nice work if you can get it: GandCrab ransomware nets millions even though it has been broken

The infamous GandCrab malware infection has netted its operators an estimated nine-figure payout from targeting large, high-value corporate systems. This according to security house Bitdefender, who reckon that in the last two months alone victims have forked over more than a quarter of a billion dollars to crooks in order to …
Shaun Nichols, 31 Oct 2018
Quick fix - worker running while carrying a wrench

Apple emits its much-anticipated updates to Mac, AppleTV, and iOS

Sneaking in behind the hoopla of Tuesday's MacBook spectacle was a set of security updates for virtually all of Apple's supported products. The Cupertino maker of shiny status symbols has posted security fixes for dozens of CVE-listed vulnerabilities in iOS, macOS, and AppleTV, as well as watchOS and individual applications …
Shaun Nichols, 30 Oct 2018
Dudley Do-Right Royal Canadian Mounted Police

D.O.Eh: Here's the new privacy law Canada can't really enforce

The Canadian government this week will be enforcing a strict new privacy law, with the term "enforcing" up to interpretation because the regulator says he can't enforce it. America's hat says the Personal Information Protection and Electronic Documents Act will be going into effect with the new data breach reporting rules on …
Shaun Nichols, 30 Oct 2018
Apple MacBook Air 13-inch, early 2015

Mac users burned after Nuance drops Dragon speech to text software

A seemingly insignificant product cancellation is having a far-reaching impact on a particular community of Mac users. Reg reader (and contributor) Colin Hughes wrote in to inform us about how Developer Nuance's decision to drop the OS X port of its Dragon Professional for Mac has left some customers with disabilities out in …
Shaun Nichols, 30 Oct 2018
Skull and Crossbones in the cloud

McAfee says cloud security not as bad as we feared… it's much worse

The average business has around 14 improperly configured IaaS instances running at any given time and roughly one in every 20 AWS S3 buckets are left wide open to the public internet. These are among the grim figures rolled out Monday by researchers with McAfee, who say that security practice has not kept up with the rapid …
Shaun Nichols, 30 Oct 2018
Arnie Total Recall

Pain in the brain! Kaspersky warns of hackable brain implants

A newly developed class of brain implants could also become hacking targets, researchers are warning. Kaspersky Lab and the University of Oxford Functional Neurosurgery Group warn in a joint report that the brain stimulation devices used to treat disorders like Parkinson's and OCD carry with them security vulnerabilities that …
Shaun Nichols, 29 Oct 2018

Yahoo! $50m! hack! damages! bill!, Russian trolls menaced by Uncle Sam inaction, computer voting-machine UI confusion, and more

Roundup This week's headlines included buggy cranes, WebEx cockups, and DNS drama. Here are a few more bits of security news, prepared just for you. Lost money in a crypto-coin scam? Dear Leader Kim Jong Un thanks you for the donation With economic sanctions making it hard to move cash around, North Korean officials have been using …
Shaun Nichols, 27 Oct 2018
Sad penguin photo via Shutterstock

The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

A security bug in Systemd can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box. The flaw therefore puts Systemd-powered Linux computers – specifically those using systemd-networkd – at risk of remote hijacking: maliciously crafted DHCPv6 …
Shaun Nichols, 26 Oct 2018
The Doctor from Star Trek: Voyager

How to build your own IT infosec holodeck: A blueprint for crafting a virtual enterprise to prod, test and hack

A group of Italian researchers have developed a blueprint for a massive virtualized enterprise network to allow for large-scale security tests without ruining an IT manager's day. The University of Rome team constructed a large-scale simulated enterprise environment where everything from public-facing servers to DMZ subnets …
Shaun Nichols, 26 Oct 2018
Amazon CEO Jeff Bezos

Amazon is at this point a money-printing cloud machine with a grocery store in the parking lot

Amazon, a global cloud compute provider with a gift shop on the side, is slipping in the stock market despite posting another solid quarter. The AWS side of the Bezos biz stayed strong in the three-month Q3 FY 2018 period, ending September 30. Here's a summary of the digits: Revenues of $56.6bn were up 29 per cent from $43. …
Shaun Nichols, 26 Oct 2018
malware

Word up: Embedded vids in Office docs can hide embedded nasties, infosec bods warn

Updated Microsoft Word documents can potentially smuggle in malicious code using embedded web videos, it is claimed. Opening a booby-trapped file, and clicking on the vid, will trigger execution of the code. Miscreants can leverage this weakness to potentially trick marks into installing malware on their PCs. It's useful for hackers …
Shaun Nichols, 25 Oct 2018
People working with a crane

What a crane in the ass: Bug leaves construction machinery vulnerable to evil command injection

US-CERT is advising some customers of Telecrane construction cranes to patch their control systems – following the disclosure of a security bug that could allow a nearby attacker to wirelessly hijack the equipment. The government security body this week issued an alert on CVE-2018-17935, a vulnerability in the Telecrane F25 …
Shaun Nichols, 25 Oct 2018
Stack of money from shutterstock

Grumbling about wobbly Windows 10? Microsoft can't hear you over the clanging cash register

If Microsoft is sweating from the heat it's taking on Windows 10 release quality, its financial figures certainly aren't showing it. Virtually every part of the Redmond giant's major businesses reported a gain as Microsoft turned in a record FY 2019 first quarter on Wednesday. For the three months to September 30, its GAAP …
Shaun Nichols, 25 Oct 2018
burning laptop

Worrying Windows 10 wrecking-ball weapon weirdly wanders wildly on worldwide web

A skilled Microsoft bug hunter with a penchant for public disclosures via Twitter has openly floated a new Windows 10 zero-day flaw. The researcher, who goes by the pseudonym SandboxEscaper, says the bug is present in the code handling advanced local procedure calls (ALPCs). It can be exploited by a malicious logged-in user or …
Shaun Nichols, 24 Oct 2018
illustration showing russian president vladimir putin winking

That Saudi oil and gas plant that got hacked. You'll never guess who could... OK, it's Russia

A malware infection at a Saudi petrochemical plant last year was likely the work of a Moscow-based research operation backed by the Russian government. Security shop FireEye says this week it is confident in labeling the Kremlin-backed Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM) as the source of …
Shaun Nichols, 24 Oct 2018
Flyswat

You patch my back(up) and I'll patch yours... Arcserve bugs burrow remotely exploited holes in UDP storage systems

Companies running Arcserve Unified Data Protection to manage their backups and archives are being advised to update their software after bug hunters discovered four remotely exploitable security vulnerabilities. Researchers with Digital Defense identified this month four holes that, if exploited via a phishing attack or …
Shaun Nichols, 24 Oct 2018
Tom Baker Doctor Who

US congress-critters question prime directive of Pentagon's $10bn JEDI cloud contract

A pair of US congressmen are calling for an investigation into the Pentagon's $10bn single-vendor IT contract dubbed JEDI – aka the Joint Enterprise Defense Infrastructure. House Reps Tom Cole (R-OK) and Steve Womack (R-AR) have sent a letter asking the inspector general of the Department of Defense (DOD) to probe and report …
Shaun Nichols, 23 Oct 2018
Linus Torvalds with toy penguins

PC version of Linux 4.19 lands with PC version of Linus Torvalds: Kernel handed back to creator

Woke Linus Torvalds has returned from a four-week exile to once again steer the Linux kernel, the widely used software project he founded nearly 30 years ago. The American-Finnish ex-firebrand programmer is back as its official custodian, according to temporary lead Greg Kroah-Hartman in an announcement for version 4.19 of the …
Shaun Nichols, 22 Oct 2018
Man has panic attack in front of computer

jQuery? More like preyQuery: File upload tool can be exploited to hijack at-risk websites

A serious vulnerability in a widely used, and widely forked, jQuery file upload plugin may have been exploited for years by hackers to seize control of websites – and is only now patched. Larry Cashdollar, a bug-hunter at Akamai, explained late last week how the security shortcoming, designated CVE-2018-9206, allows a …
Shaun Nichols, 22 Oct 2018
Finding bugs in code

Patch me, if you can: Grave TCP/IP flaws in FreeRTOS leave IoT gear open to mass hijacking

Serious security flaws in FreeRTOS – an operating system kernel used in countless internet-connected devices and embedded electronics – can be potentially exploited over the network to commandeer kit. Simply sending specially crafted malicious data to a vulnerable gadget, over the internet or network, can be enough to crash or …
Shaun Nichols, 22 Oct 2018

Biting the hand that feeds IT © 1998–2018