Shaun Nichols

Contact Mail Follow RSS feed
zombie_648

That Drupal bug you were told to patch weeks ago? Cryptominers hope you haven't bothered

A set of high-severity vulnerabilities in Drupal that were disclosed last month are now the target of widespread attacks by a malware campaign. Researcher Troy Mursch of Bad Packets Report has spotted hundreds of compromised Drupal sites being used to host "cryptojacking" malware that uses the CPUs of visitors to mine …
Shaun Nichols, 7 May 2018
Spock

Congratulations, we all survived Star Wars day! Now for some security headaches

Roundup May is already upon us, and as usual it has been a busy week for security news. Here's a summary of what didn't make it into El Reg this week, well, until now. Son of a glitch! Brainiacs at Vrije Universiteit in Amsterdam have detailed an attack called GLitch. It exploits Adreno GPUs built into Qualcomm-powered system-on-chips …
Shaun Nichols, 5 May 2018

Google will vet political ads to ward off Phantom Menace of fake news

Google is overhauling its political advertising system in an effort to crack down on shady election ads. The Chocolate Factory says it will require additional verification and attribution for political ads that run on its search results page, including a new requirement that anyone paying for a political ad spot be a US …
Shaun Nichols, 4 May 2018
Spectre logo jazzed up

Fresh fright of data-spilling Spectre CPU design flaws haunt Intel

Researchers have unearthed a fresh new set of ways attackers could potentially exploit data-leaking Spectre CPU vulnerabilities in Intel chips. German publication Heise reported that eggheads are preparing to disclose at least eight new CVE-listed vulnerability reports describing side-channel attack flaws in Chipzilla's …
Shaun Nichols, 3 May 2018

Twitter: No big deal, but everyone needs to change their password

Twitter is ringing in World Password Day by notifying its users, all 330 million of them, that their login credentials were left unencrypted in an internal log file and should be changed. Chief technology officer Parag Agrawal broke the news on Wednesday that its internal team had found that, while passwords are usually stored …
Shaun Nichols, 3 May 2018

Hurry up patching those Oracle bugs: Attackers aren't waiting

Security experts are advising administrators to hurry up installing Oracle patches after finding that attackers are quick to target their vulnerabilities. The SANS Institute issued a warning after one of its honeypot systems was targeted by exploits of the CVE-2018-2628 remote code execution flaw in WebLogic just hours after …
Shaun Nichols, 3 May 2018
Bouncer photo via Shutterstock

Oracle Access Manager is a terrible doorman: Get patching this bug

A security vulnerability in Oracle Access Manager leaves the network authentication tool leaning more toward "access" than "manager." The flaw, classified as CVE-2018-2879, can be exploited by a remote attacker to bypass an Oracle Access Manager (OAM) authentication screen and, in the process, take over the account of any user …
Shaun Nichols, 3 May 2018
Illustration of someone taking off a mask

Cambridge Analytica dismantled for good? Nope: It just changed its name to Emerdata

The company formerly known as Cambridge Analytica shocked the media today when it announced an immediate shutdown and liquidation of its business. That "shutdown," however, may be short-lived as official documents indicate those behind the controversial analytics company will be launching as a new firm with a less-toxic brand …
Shaun Nichols, 2 May 2018

Ex-Netflix veep allegedly banked payola for tech deals with web TV giant

A former vice-president at Netflix has been indicted for allegedly taking illegal kickbacks while making multimillion-dollar deals with the streaming giant's tech providers. The US Attorney's Office for Northern California, in the US, said Michael Kail, formerly the VP of Internet Technology at the online telly goliath, took …
Shaun Nichols, 2 May 2018

Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores

Arm has released a new processor core design for Cortex-M-powered system-on-chips that will try to stop physical tampering and side-channel attacks by hackers. The microcontroller-grade Cortex M35-P CPU cores are aimed at embedded IoT devices that operate in public or areas where there is a risk someone will either crack open …
Shaun Nichols, 2 May 2018

Scammers use Google Maps to skirt link-shortener crackdown

Scam sites have been abusing a little-known feature on Google Maps to redirect users to dodgy websites. This according to security company Sophos, who says a number of shady pages are being peddled to users via obfuscated Maps links. According to security shop Sophos scammers are using the Maps API as a defacto link- …
Shaun Nichols, 1 May 2018
Cut cable

Open Internet lovin' Comcast: Buy our TV service – or no faster broadband for you!

Comcast will only bump some customers up to its fastest broadband connectivity if they subscribe to its cable television service. The American telco'n'telly giant last week promised to increase people's bandwidth in a handful of US markets – Houston, Oregon, and south west Washington – provided they sign up for cable TV. How …
Shaun Nichols, 1 May 2018
Micron_UDIMM_cards

DRAM makers sued (yet again) for 'fixing prices' (yet again) of chips

Updated The three semiconductor giants responsible for nearly all of the world's DRAM supply are being sued for allegedly working together to keep memory chip prices high. A class-action complaint [PDF] filed to the US Northern California District Court late last week accuses Micron, Samsung, and Hynix of conspiring to keep the price …
Shaun Nichols, 30 Apr 2018
bars broken in jail cell

Failbreak: Bloke gets seven years in the clink for trying to hack his friend out of jail

A Michigan fella will spend up to seven years and three months behind bars – for trying to hack government IT systems in the US state to get a friend out of jail. Konrads Voits, 27, of Ypsilanti, Michigan, received the 87-month sentence after he pleaded guilty to one federal charge of damaging a protected computer. He will …
Shaun Nichols, 30 Apr 2018

Windows USB-stick-of-death, router bugs resurrected, and more

Roundup Here's your summary of infosec news – from router holes to Windows crashes – beyond what we've already covered this week. TPLink? More like TPwnedLink, amiright? Anyone? Tim Carrington at Fidus Infosec went public on Thursday with not-so-new remote-code execution flaws in TPLink router firmware. We're told the security holes ( …
Shaun Nichols, 28 Apr 2018
Facebook

Facebook confesses: Buckle up, there's plenty more privacy lapses where that came from

Facebook has confirmed what many of us have known for years: Cambridge Analytica was far from the only organization engaging in the wholesale hoarding of netizens' personal data via the social network. The Silicon Valley giant told America's financial watchdog, the SEC, on Thursday that it will probably reveal additional data- …
Shaun Nichols, 27 Apr 2018

Apple grounds AirPort once and for all. It has departed. Not gonna fly any more. The baggage is dropped off...

Apple is officially getting out of the home networking business. The Cupertino phone flinger has confirmed it is phasing out the AirPort, its wireless router line unveiled in 1999. The current stock will be allowed to run out, and new models are not planned for the foreseeable future. "We’re discontinuing the Apple AirPort …
Shaun Nichols, 27 Apr 2018
nadella

If you're looking for bad news about Microsoft, top tip: look away now

Microsoft's boss Satya Nadella march into the cloud seems to be paying off for the Windows 10 and Office 365 giant: on Thursday, the biz announced its sales for Q3 2018 jumped 16 per cent. For the quarter ending March 31, the third of Redmond's 2018 fiscal year, can be summarized thus: Revenues of $26.8bn were up 16 per cent …
Shaun Nichols, 26 Apr 2018
spy

'Alexa, listen in on my every word and send it all to a shady developer'

Amazon has shored up a security weakness in its technology to stop apps for Alexa-powered Echo personal assistants from secretly eavesdropping on folks. Alexa skills – software add-ons for the chatty voice-controlled assistant – could, once installed, have abused an Amazon-provided software development kit to continually …
Shaun Nichols, 26 Apr 2018
Rick Dickinson at Sinclair

RIP: Sinclair ZX Spectrum designer Rick Dickinson reaches STOP

Rick Dickinson, designer of Britain's iconic ZX Spectrum and ZX81 personal computers, has died following a lengthy battle with cancer. Dickinson joined Sinclair Research in 1979 after graduating from Newcastle Polytechnic's industrial design program. By 1981 he had won the Design Council award for his work in designing the …
Shaun Nichols, 26 Apr 2018
Value pack of two tins of Spam

In a touching Monty Python tribute today, Microsoft's Office 365 makes everything spam

A gremlin within the spam filters in Microsoft's Office 365 today caused the cloud-based service to toss all incoming emails into the junk folder. On Wednesday afternoon, US West Coast time, IT administrators and users publicly complained of similar issues: their Office 365 email systems were marking legitimate messages as …
Shaun Nichols, 26 Apr 2018
Seattle skyline

US schools' IT systems drop out after weekend firmware update misery

A botched network switch firmware update caused school IT systems to fall over in the US state of Washington, it is claimed. WSIPC, which provides technology and software for classrooms in the Pacific Northwest, said its Skyward and IEP Online services were both out of commission for three and a half days this week while it …
Shaun Nichols, 25 Apr 2018
prison

PC recycler gets 15 months in the clink for whipping up 28,000 bootleg Windows 7, XP recovery discs

PC reseller Eric Lundgren will spend up to 15 months behind bars after a US Court of Appeals upheld his sentence on charges of conspiracy to traffic in counterfeit goods and criminal copyright infringement. A three-judge panel with the Eleventh Circuit this month ruled in favor of a southern Florida district court's 15-month …
Shaun Nichols, 25 Apr 2018

Apple debugs debugger, nukes pesky vulns in iOS, WebKit, macOS

Apple has issued a trio of updates to patch security vulnerabilities in Safari, macOS, and iOS. For iOS, the update to 11.3.1 addresses a total of four CVE-listed vulnerabilities, including one that is present in the debugging tool used across both iOS and the macOS. That vulnerability, CVE-2018-4206, was spotted in Crash …
Shaun Nichols, 25 Apr 2018
Couple shocked by something on a smartphone

Oh dear... Netizens think 'private' browsing really means totally private

Netizens have the wrong idea about what their web browser's "private" or "incognito" mode actually does. This is according to researchers at the University of Chicago, in the US, and Leibniz University Hannover, in Germany, who this week declared that folks mistakenly believe that by enabling the incognito browsing mode, they …
Shaun Nichols, 24 Apr 2018

Biting the hand that feeds IT © 1998–2018