Security > More stories

honda crv engine

Honda plant in Japan briefly stops making cars after fresh WannaCrypt outbreak

Honda said today that it had briefly halted operations at a car plant in Sayama, Japan earlier this week because of the infamous WannaCrypt ransomware. The Japanese car maker halted production for one day at a domestic vehicle plant on Monday after finding samples of the WannaCrypt ransomware in its computer network, Reuters …
John Leyden, 21 Jun 2017

Ad 'urgently' seeks company to build national e-ID system

An intriguing, and slightly concerning, job ad has appeared on freelancing website People Per Hour, entitled: "URGENT!!! Delivery of a National e-ID System". The post is from an unidentified small IT consultancy which is submitting a bid to deliver a National e-ID system, including a biometric enrolment for all citizens and …
Kat Hall, 21 Jun 2017
win10

Microsoft admits to disabling third-party antivirus code if Win 10 doesn't like it

Windows 10 does disable some third-party security software, Microsoft has admitted, but because of compatibility – not competitive – issues. Redmond is currently being investigated in the EU, Germany and Russia over alleged anti-competitive behavior because it bundles the Windows Defender security suite into its latest …
Iain Thomson, 20 Jun 2017

US is Number One! In sales register hacking attacks, at least

Hacking attacks against sales terminals have risen by nearly a third last year, and the US is still leading the way in being insecure. Incidents affecting sales tills and payment systems increased to 31 per cent in 2016, according to research by security firm Trustwave, while incidents affecting e-commerce environments fell to …
John Leyden, 20 Jun 2017
Angry Judge

Hacker exposed bank loophole to buy luxury cars and a face tattoo

A UK hacker who stole £100,000 from his bank after spotting a loophole in its systems has been jailed for 16 months. Unemployed James Ejankowski, 24, of Bridlington, squandered his ill-gotten gains by splurging on a BMW and a Range Rover, and getting his face tattooed (as shown in a story in the Teeside Evening Gazette here). …
John Leyden, 20 Jun 2017
Unlocked padlock

NSA had NFI about opsec: 2016 audit found laughably bad security

Second-rate opsec remained pervasive at the United States' National Security Agency, according to an August 2016 review now released under Freedom of Information laws. It's almost surprising that the agency was able to cuff Reality Winner, let alone prevent a wholesale Snowden-style leak. The Department of Defense Inspector …
A Ransom Note

South Korean hosting co. pays $1m ransom to end eight-day outage

A South Korean web hosting company is forking out just over US$1 million to ransomware scum after suffering more than eight days of nightmare. Nayana first announced the attack on June 10, saying customer video files and its database had been encrypted, and promising to work to recover the data. More than 150 servers were hit …

Stack Clash flaws blow local root holes in loads of top Linux programs

Powerful programs run daily by users of Linux and other flavors of Unix are riddled with holes that can be exploited by logged-in miscreants to gain root privileges, researchers at Qualys have warned. Essentially, it's possible to pull off a "Stack Clash" attack in various tools and applications to hijack the whole system, a …
Iain Thomson, 20 Jun 2017
SMS hacking

Mexican government accused of illegal phone hacking of citizens

An investigation by Mexican NGOs and a Canadian tech lab has revealed how the Mexican government is illegally targeting the mobile phones of journalists, lawyers and activists to spy on them. R3D, SocialTic, Article 19 and CitizenLab report that the government has been sending malware links to specific individuals' phones, …
Kieren McCarthy, 19 Jun 2017
Failure

US voter info stored on wide-open cloud box, thanks to bungling Republican contractor

A massive cloud-hosted database containing personal information on nearly 200 million people in America was left wide open by consultants hired by the US Republican National Committee, it is claimed. Security firm UpGuard said the records of 198 million US voters, including dates of birth, addresses and phone numbers, were …
Shaun Nichols, 19 Jun 2017

Fancy buying our aircraft carrier satnav, Raytheon asks UK

American defence firm Raytheon has said it is in talks with the Ministry of Defence to put the US Navy’s “satnav for F-35s” system onto new British carrier HMS Prince of Wales. The USN’s Joint Precision Approach and Landing System (JPALS) is already being integrated onto the service’s F-35Cs and the US Marine Corps’ F-35Bs – …
Gareth Corfield, 19 Jun 2017
A skull atop money

It's 2017, and UPnP is helping black-hats run banking malware

Another banking malware variant has been spotted in the wild, and it's using UPnP to pop home routers to expose unsuspecting home users, recruited as part of the botnet. McAfee Labs says the new campaign uses a variant of the ancient “Pinkslipbot”, and says it uses Universal Plug'n'Play (UPnP) to open ports through home …
voting

Worried about election hacking? There's a technology fix – Helios

Election hacking is much in the news of late and there are fears that the Russians/rogue lefties/Bavarian illuminati et al are capable of falsifying results. For example, voters in the state of Georgia's sixth district are going to the polls on Tuesday for a close-fought election, and serious doubts have been raised about the …
Iain Thomson, 16 Jun 2017
Keeping a secret photo via Shutterstock

FOIA documents show the Kafkaesque state of US mass surveillance

A mystery technology biz tried to fight off demands from the US government that it hand over people's communications flowing through its systems. The unnamed company refused to obey the surveillance order, and was also denied the ability to even review the outcomes of any previous challenges to help form its case. That's …
Iain Thomson, 16 Jun 2017

Brit hacker admits he siphoned info from US military satellite network

A UK-based computer hacker has admitted stealing hundreds of usernames and email addresses from a US military communications system. Sean Caffrey, 25, of Sutton Coldfield in the West Midlands, broke in and pinched the ranks, usernames and email addresses of more than 800 users of a satellite communications system and of about …
John Leyden, 16 Jun 2017
cherry blossom

WikiLeaks emits CIA's Wi-Fi pwnage tool docs

Hundreds of commercial Wi-Fi routers are, or were, easily hackable by the CIA, according to classified files published today by WikiLeaks. The confidential US government documents describe the Cherry Blossom project, which is the framework by which CIA operatives can subvert wireless routers; install software that harvests …
Iain Thomson, 15 Jun 2017
Death

BAE accused of flogging mass-spying toolkits to assh*le autocrats

A year-long investigation has uncovered evidence that British armaments conglomerate BAE Systems has been selling internet surveillance equipment to Middle Eastern regimes with questionable human rights records. BAE has its fingers in many pies, including the online sphere, and in 2011 it bought Danish firm ETI and added it to …
Iain Thomson, 15 Jun 2017

Look who's joined the anti-encryption posse: Germany, come on down

Germany has joined an increasing number of countries looking to introduce anti-encryption laws. Speaking on Wednesday, German interior minister Thomas de Maizière said the government was preparing a new law that would give the authorities the right to decipher and read private encrypted messages, specifically citing encrypted …
Kieren McCarthy, 15 Jun 2017
Office Space

If you haven't already obliterated your Jaff-infected comp, there is an antidote available

Security researchers have developed a free decryption tool for victims of the ‪Jaff‬ ransomware, meaning they can regain access to files without paying crooks. The utility – developed by boffins at Kaspersky Lab – works on all variants released to date. Of course there is still the possibility that the criminals behind Jaff …
John Leyden, 15 Jun 2017
Data breach

Banks could be stung for €5bn under GDPR, screams latest report on industry readiness

European banks could face fines totalling €4.7bn in the three years after General Data Protection Regulation comes into force, according to a report from data security solutions firm AllClear ID. The latest in a string of sales pitches reports on businesses' preparedness for GDPR to land in The Reg's inbox says that banks are …
Rebecca Hill, 15 Jun 2017

Banking websites are 'littered with trackers' ogling your credit risk

A new study has warned that third-party trackers litter banking websites and the privacy-invading tech is being used to rate surfers' creditworthiness. Among the top 10 financial institution websites visited in the US and UK, there are 110 third-party trackers snooping on surfers each time they visit. Online privacy firm …
John Leyden, 15 Jun 2017

Don't all rush out at once, but there are a million devices ripe to be the next big botnet

A wormable vulnerability involving an estimated one million digital video recorders (DVR) is at risk of creating a Mirai-style botnet, security researchers warn. UK-based security consultancy Pen Test Partners said that the issue stems from a zero-day (unpatched) flaw in networking software from Chinese manufacturer XiongMai …
John Leyden, 15 Jun 2017

RSA SecurID admin console can issue emergency access to decent social engineers

Stop us if you've heard this one: an emergency access feature offered by RSA for SecurID token customers isn't completely secure. That's the opinion of pentest outfit Netspi, whose Alexander Leary worked out how to abuse the SecurID Emergency Access Tokencodes (EAT). The use-once codes are intended to provide a temporary …

It's 2017 and someone's probably still using WINS naming. If so, stop

Sysadmins should already have purged WINS from their Microsoft Windows Server environments – but if they haven't, there's a new reason to take it for one last walk out behind the shed. Fortinet's Honggang Ren says a WINS Server remote memory corruption vulnerability in the MS-proprietary name server isn't going to get fixed, …
Oops icon

Researcher says fixes to Windows Defender's engine incomplete

In spite of a flurry of patches designed to fix Windows Defender, at least one security researcher reckons there's still work to be done. James Lee, who has presented at conferences like Zer0con, has contacted The Register to say the key vulnerable component, MsMpEng, is still subject to remote code execution. As with the …
scam

Soldiers bust massive click-farm that used 500k SIM cards, 100s of mobes to big up web tat

A massive click-fraud farm has been raided in Thailand by police and army troops, who seized nearly half a million SIM cards and hundreds of iPhones used to promote products online. The raid on two rented houses in Ban Mai Nong Sai in the Aranyaprathet District led to the arrest of three Chinese suspects: Wang Dong, 33, Niu …
Iain Thomson, 14 Jun 2017

Crouching cyber, Hidden Cobra: Crack North Korean hack team ready to strike, says US-CERT

The Norks are coming and it won't be fun, according to a new bulletin from the United States Computer Emergency Readiness Team (US-CERT). The advisory warns that a North Korean hacking team, dubbed Hidden Cobra, is actively targeting media, aerospace, financial, and critical infrastructure sectors in the US and around the …
Iain Thomson, 14 Jun 2017

Don't touch that mail! London uni fears '0-day' used to cram network with ransomware

Updated University College London is tonight tackling a serious ransomware outbreak that has scrambled academics' files. It is feared the software nasty may be exploiting a zero-day vulnerability, or is a previously unseen strain of malware as antivirus defenses did not spot it in time, we're told. Eggheads at the UK uni are urged to …
Shaun Nichols, 14 Jun 2017

Internet hygiene still stinks despite botnet and ransomware flood

Network security has improved little over the last 12 months – millions of vulnerable devices are still exposed on the open internet, leaving them defenceless to the next big malware attack. A follow-up audit by Rapid7 – the firm behind the Metasploit pen-testing tool – found that more than a million endpoints were confirmed …
John Leyden, 14 Jun 2017

Telegram chat app founder claims Feds offered backdoor bribe

The founder of chat app Telegram has publicly claimed that feds pressured the company to weaken its encryption or install a backdoor. "During our team's 1-week visit to the US last year we had two attempts to bribe our devs by US agencies + pressure on me from the FBI," Pavel Durov said on Twitter. "It would be naive to think …
John Leyden, 14 Jun 2017
Vulnerability

Buggy devices and lazy operators make VoLTE a security nightmare

Voice over LTE leaks like a sieve, because nobody's paying attention to the details. That's the conclusion in a paper (PDF) presented to the Symposium on Information and Communications Technology Security in Rennes, France last week. The researchers, from Priority 1 Security, warn the vulnerabilities could affect any of the …
Tails OS -  The Amnesic Incognito Live System

Tails OS hits version 3.0, matches Debian's pace but bins 32-bit systems

The developers of privacy-protecting Linux distribution Tails have decided to get closer to Debian with the project's 3.0 release. Tails - aka The Amnesic Incognito Live System - is designed to boot and run from removable storage and not to leave any trace of what you did while running it. Users booting into version 3.0 will …
5eyes

Five Eyes nations stare menacingly at tech biz and its encryption

Officials from the United States, the United Kingdom, Canada, Australia and New Zealand will discuss next month plans to force tech companies to break encryption on their products. The so-called Five Eyes nations have a long-standing agreement to gather and share intelligence from across the globe. They will meet in Canada …
Kieren McCarthy, 13 Jun 2017

Discredit a journo? Easy, that'll be $55k. Fix an election? Oh, I can do that for just $400k

Fake news has come to be associated with political intrigue but the same propaganda techniques are also abused by cybercriminals, according to a study by Trend Micro. The techniques and methods used to spread fake news and manipulate public opinion have a wide range of objectives and even a price list. Cybercriminals produce …
John Leyden, 13 Jun 2017
Hipster pizza guy photo via Shutterstock

Pizza proffer punctures privacy protection, prompts pals' perfidy

Researchers from the Massachusetts Institute of Technology and Stanford University have found that people say they want privacy but make choices suggesting the opposite, and can be easily manipulated through interface design, reassuring statements, and pizza. In "Digital Privacy Paradox: Small Money, Small Costs, Small Talk," …
Thomas Claburn, 13 Jun 2017
touched by the hand of electrical gods

Connectivity's value is almost erased by the costs it can impose

I spent the first half of my career coding and while I don't miss the day-in-day-out grind of coding, but do still enjoy the computer-as-infinite-toy. So from time to time I try to spend a few days with my head in the machine, playing, exploring and learning. Lately I've done that with Glitch, a browser-based programming …
Mark Pesce, 13 Jun 2017
Raspberry Pi Official Case

Raspberry Pi sours thanks to mining malware

Anti-virus vendor Dr. Web has found something nasty: malware named “Linux.MulDrop.14” that turns the Raspberry Pi into a cryptocurrency mining machine. To catch the malware you'll need to leave your rPi on with SSH ports open. If you've done so and the malware's scripts make their way in to your Pi, they'll install zmap, …
Simon Sharwood, 13 Jun 2017
Prison

Jailed fraudster admits running same cold-caller con from behind bars

The jailed kingpin behind a multimillion-pound fraud has admitted attempting to run an almost identical con from behind bars. Feezan "Fizzy" Hameed, 26, ran a voice-based phishing fraud which claimed 750 RBS group victims (mainly small businesses such as accountants and solicitors) and resulted in loses of £113m. He used his …
John Leyden, 12 Jun 2017

Google's news algorithm serves up penis pills

+Comment Our Monday here at The Reg's London offices has been cheered to no end by Google News, which has been spitting out odd pharmaceutical-related "journalism" throughout the day. Over the past few days*, we've watched in amazement as our inbox filled up with emails from readers, and journos in the newsroom today have been …
Jude Karabus, 12 Jun 2017

Move over, Stuxnet: Industroyer malware linked to Kiev blackouts

Security researchers have discovered malware capable of disrupting industrial control processes. Industroyer can cause the same sort of damage as BlackEnergy, a malware strain blamed for attacks on energy firms that caused blackouts in Ukraine in December 2015. The malware may have featured in follow-up attacks last December …
John Leyden, 12 Jun 2017

German police nick alleged admin of dark web gun sales site

German police have arrested a man they suspect of being the administrator of a dark net website. The site is said to have been used to buy a gun used in a 2016 mass murder. The unnamed 30-year-old man was arrested on 8 June in “south west Germany”, according to Sky News. The server used to host the site is said to have been …
Gareth Corfield, 12 Jun 2017
A_KUDR http://www.shutterstock.com/gallery-1864778p1.html

Mac ransomware author is giving away malicious code to script kiddies

Security researchers have discovered a ransomware variant that targets Macs rather than Windows PCs. Although technically inferior to most current ransomware targeting Windows, it still encrypts or prevents access to victim's files, thereby causing real damage, according to researchers at Fortinet. MacRansom uses symmetric …
John Leyden, 12 Jun 2017

Biting the hand that feeds IT © 1998–2017