Shaun Nichols

Contact Mail Follow RSS feed
password

Cracking the passwords of some WPA2 Wi-Fi networks just got easier

The folks behind the password-cracking tool Hashcat claim they've found a new way to crack some wireless network passwords in far less time than previously needed. Jens Steube, creator of the open-source software, said the new technique, discovered by accident, would potentially allow someone to get all the information they …
Shaun Nichols, 6 Aug 2018
Woman pays for something online with her credit card. Photo by Shutterstock

TSMC chip fab tools hit by virus, payment biz BGP hijacked, CCleaner gets weird – and more

Roundup This week we took a close look at Google security keys, bid adieu to Facebook's head security honcho, and had a few email credentials overshared by Atlassian. Here's everything else that happened in infosec land this week beyond what we've already reported. TSMC chip assembly line computers infected Chipmaker TSMC – which …
Shaun Nichols, 4 Aug 2018
Man in tie smashes printer with baseball bat in a field.

Ever seen printer malware in action? Install this HP Ink patch – or you may find out

HP Inc has posted an update to address a pair of serious security vulnerabilities in its InkJet printers. The firmware update patches CVE-2018-5924 and CVE-2018-5925, two flaws that can be exploited by printing a file that triggers a stack or static buffer overflow, giving you the ability to then execute malicious code on the …
Shaun Nichols, 3 Aug 2018
Coal miners

MikroTik routers grab their pickaxes, descend into the crypto mines

Researchers have found thousands of MikroTik network routers in Brazil serving up crypto-coin-crafting CoinHive code. Trustwave researcher Simon Kenin said this week one or more attackers have exploited a known vulnerability in Mikrotik's enterprise routers to inject error pages with code that uses visitors' machines to mine …
Shaun Nichols, 3 Aug 2018
Someone whispering a secret to another

Putting the ass in Atlassian: Helpdesk email server passwords blabbed to strangers

Exclusive Atlassian has warned users of its Jira Service Desk toolkit to change their helpdesk email account passwords – after a glitch caused the credentials to be sent to strangers' servers. Customers were today sent an advisory, seen by The Register, from Atlassian explaining that, due to a long-standing bug in its IT helpdesk …
Shaun Nichols, 2 Aug 2018
Bob Denver in Gilligan's Island

Castaway hacker guilty of sedating children's hospital computers

A self-styled Anonymous hacker who attempted to flee the US in a sailboat has been convicted of two felonies for his role in a 2014 distributed denial-of-service (DDoS) attack on a children's hospital. A jury in the Massachusetts US district court found Martin Gottesfeld guilty this week on charges of conspiracy to …
Shaun Nichols, 2 Aug 2018

Well, well, well. Crime does pay: Ransomware creeps let off with community service

Two men who masterminded various Coinvault ransomware infections will carry out 240 hours of community service as punishment for screwing over 1,200 computers and banking around €10,000 (£9k, $12k) in profit. The sentence was handed down by a court in Rotterdam, in the Netherlands, where it was ruled brothers Melvin and Dennis …
Shaun Nichols, 27 Jul 2018

Is it OK if we call $53bn-a-quarter Amazon the Bit Barns and Ignoble?

Amazon, a cloud computing monster with a gift shop tacked on the side, watched its sales surpass $52bn during its latest quarter. Despite big retail sales, much of the giant's profits in the second quarter of the year came from its Amazon Web Services division. The figures for Q2 2018, ending June 30, were revealed on Thursday …
Shaun Nichols, 27 Jul 2018
container_ship_hamburg_shutterstock_648

Oh no, what a rough blow: Cosco at a lossco over ransomware tossco

International shipping giant Cosco says it is recovering from an apparent ransomware infection on its American computer network. The biz said late Wednesday that its freight shipping operations will not be impacted, but phone and email systems were down in the US, Canada, and in some of the corp's Panama, and Peru and other …
Shaun Nichols, 26 Jul 2018
Money falling on a guy and woman

Official: AMD now stands for All the Money, Dudes!

AMD is crediting the continued success of Ryzen and Epyc processors, and Radeon graphics chips, in fueling its best quarter since 2011. The other-other CPU vendor turned in a massive Q2 FY2018 on Wednesday with big gains in both sales and net income. For the quarter, ending June 30: Revenues of $1.76bn were up 53 per cent …
Shaun Nichols, 25 Jul 2018
Two women hailing a ride

Prof claims Lyft did a hit-and-run on his ride-sharing tech patent

Lyft is the target of a lawsuit filed by a former Georgia Tech professor who alleges the dial-a-ride upstart ripped off his patented idea. Prof Stephen Dickerson and his company RideApp claim Lyft is infringing on US Patent 6,697,730: "Communications and computing based urban transit system." He filed the patent in 1999 and …
Shaun Nichols, 25 Jul 2018
SAP

US Homeland Security warns of latest hacker craze – ERP pwnage

Hackers are increasingly looking to target enterprise resource planning (ERP) systems to disrupt and steal data from large companies. This according to a report (PDF) from security companies Digital Shadows and Onapsis, who say that hacktivists and state-sponsored groups in particular have been looking to exploit flaws in …
Shaun Nichols, 25 Jul 2018

Whisk-y business: How Apache OpenWhisk hole left IBM Cloud Functions at risk of hijacking

IBM has patched a critical vulnerability in its Cloud Functions platform that would have allowed miscreants to remotely overwrite customers' code – and execute malicious commands to hijack services. The flaws, designated CVE-2018-11756 and CVE-2018-11757, are actually present in Apache OpenWhisk, a component Big Blue uses to …
Shaun Nichols, 24 Jul 2018

Robo-drop: Factory bot biz 'leaks' automakers' secrets onto the web

Yet another organization has allegedly been caught accidentally exposing more than 100GB of sensitive corporate data to the open internet. This time it's Canadian outfit Level One Robotics, which specializes in building factory robots for automakers. The exposed information includes, it is claimed, confidential documents …
Shaun Nichols, 23 Jul 2018
Someone applying security updates

If at first you, er, make things worse, you're probably Microsoft: Bug patch needed patching

A remote code execution vulnerability in the Windows VBScript engine was left open for exploitation for two months after it was supposedly patched. In fact, the fix made things even worse by introducing another remotely exploitable bug in VBScript. This is all according to researchers at Qihoo 360, who today claimed a …
Shaun Nichols, 23 Jul 2018
Money and gavel

IT biz embezzlement brouhaha leaves bloke with $456k migraine

An investor in an IT biz has coughed up $456,000 after America's financial watchdog accused him of looking the other way while executives at the consultancy he backed allegedly embezzled millions of dollars. Late last week, Bhusan Dandawate was charged [PDF] by the SEC with allegedly aiding and abetting fraud – after he was …
Shaun Nichols, 23 Jul 2018
Drowning in a smartphone

LabCorp ransomed, 18k routers rooted, a new EXIF menace, and more

Roundup This was the week of blunders by Venmo, million-dollar bank heists, and beefier bug bounties. Here's a few more bits of news. Singapore sting Any large-scale data breach is bad news, but one that results in the loss of the health information of a quarter of the population is downright disastrous. Such was the case in …
Shaun Nichols, 21 Jul 2018

Microsoft: The Kremlin's hackers are already sniffing, probing around America's 2018 elections

Microsoft says it has already uncovered evidence of Russian government-backed hacking gangs attempting to interfere in the 2018 US mid-term elections. Speaking at an event in Aspen, Colorado, earlier this week, Microsoft vice president of security and trust Tom Burt revealed that the FancyBear hacking group has already begun …
Shaun Nichols, 20 Jul 2018
Putin

Crypto gripes, election security, and mandatory cybersec school: Uncle Sam's cyber task force emits todo list for govt

The US Department of Justice (DOJ) this week released the first report from its Cyber Digital Task Force – which was set up in February to advise the government on strengthening its online defenses. The report [PDF], compiled by 34 people from six different government agencies, examines the challenges facing Uncle Sam's …
Shaun Nichols, 20 Jul 2018
Satya Nadella

Bonkers Azure bookings give Microsoft a record-breaking $110bn year

Microsoft has closed out a massive fiscal 2018 that saw the Redmond giant lay claim to more than $110bn in total revenue. Azure and its cloud compute operation was singled out in Redmond's financial figures – released on Thursday – as one of Microsoft's top performers both in the full year and the past three months. Here's a …
Shaun Nichols, 19 Jul 2018

Fukushima reactors lend exotic nuclear finish to California's wines

Savants reckon radiation released by the 2011 Fukushima nuclear kerfuffle has made its way into California's wine. A paper emitted this month by researchers at the University of Bordeaux Centre d'Études Nucléaires de Bordeaux-Gradignan (CNRS) in France revealed that levels of cesium-137 in the atmosphere rose as a result of …
Shaun Nichols, 19 Jul 2018
Watson Power7 cluster. Pic: IBM

Big(ish) Blue: IBM sales creep up four per cent, share price follows suit

IBM is touting the growth in its "strategic imperatives" business lineup with helping its revenues once again gain over the year-ago quarter. It wasn't all great news for Big Blue, however, as other favored businesses such as Cognitive Solutions and Technology Services and Cloud were flat or down from the year-ago period. For …
Shaun Nichols, 19 Jul 2018
A man in handcuffs

Bloke accused of netting $5m on inside info about Lattice Semiconductor

A Chinese investor has been charged in America with insider trading after allegedly using Lattice Semiconductor secrets to turn a massive profit on Wall Street. Michael Yin, 45, of Beijing, China, faces 14 felony charges of securities fraud and conspiracy to commit securities fraud after he allegedly used confidential …
Shaun Nichols, 18 Jul 2018

Who's leaving Amazon S3 buckets open online now? Cybercrooks, US election autodialers

Security biz Kromtech has unearthed two more embarrassing – and potentially dangerous – cases of groups leaving mass data caches unguarded on the public internet. In the first case, the culprit was an improperly configured AWS S3 bucket owned and operated by Robocent, a political robocalling company based in Virginia Beach, VA …
Shaun Nichols, 18 Jul 2018
Hacker

Blood test biz LabCorp pulls plug on systems over hacker fears

Medical biz LabCorp shut down some of its systems last week after it detected "suspicious activity" on its network. A company spokesperson told The Register that, contrary to early claims the "entire network" was shut down and "millions" of records swiped, only its Diagnostics service was affected – the Covance pharmaceutical …
Shaun Nichols, 17 Jul 2018

Biting the hand that feeds IT © 1998–2018