Shaun Nichols • The Register

Shaun Nichols

Contact Mail Follow RSS feed
This is what SOCs do not look like

CISA's Palace: Congress backs new cybersecurity nerve-center for cyber-America's cyber-future

The US House of Representatives has unanimously passed a bipartisan bill that would create a new agency to lead the federal government's cybersecurity efforts. The Cybersecurity and Infrastructure Security Agency (CISA) Act, passed earlier this year by the Senate, would overhaul the Department of Homeland Security (DHS)'s …
Shaun Nichols, 15 Nov 2018

Oracle's JEDI mind-meld doesn't work on Uncle Sam's auditors: These are not the govt droids you are looking for

Oracle's bid to halt the Pentagon's JEDI $10bn winner-takes-all cloud IT contract has been turned down. Uncle Sam's Government Accountability Office (GAO) issued a statement on Wednesday explaining that it would not be taking up Oracle's appeal of the US Department of Defense's stipulation that the entire JEDI technology …
Shaun Nichols, 14 Nov 2018
Chinese computer keyboard

Did you by chance hack OPM back in 2015? Good news, your password probably still works!

More than three years after suffering one of the largest cyber-attacks in US government history, the Office of Personnel Management has yet to adopt dozens of the security measures investigators ordered – including basic stuff like changing passwords. A report issued this week by Government Accountability Office (GAO) …
Shaun Nichols, 14 Nov 2018

Want to hack a hole-in-the-wall cash machine for free dosh? It's as easy as Windows XP

ATM machines are vulnerable to an array of basic attack techniques that would allow hackers to lift thousands in cash. This according to researchers at Positive Technologies, who studied more than two dozen different models of ATMs and found (PDF) nearly all would be vulnerable to network or local access attacks that would …
Shaun Nichols, 14 Nov 2018
facepalm

OK Google, what is African ISP Main One, and how did it manage to route your traffic into China through Russia?

Monday's prolonged Google cloud and websites outage was triggered by a botched network update by a West Africa telco, it is claimed. Main One, a biz ISP based in Lagos, Nigeria, that operates a submarine cable between Portugal and South Africa, said a misconfiguration at its end caused Google-bound traffic to be redirected to …
Shaun Nichols, 14 Nov 2018
Shutterstock image of a turkey

It's November 2018, and Microsoft's super-secure Edge browser can be pwned eight different ways by a web page

Microsoft and Adobe have delivered the November edition of Patch Tuesday with another sizable bundle of security fixes to install as soon as you're able to. The trick is to test and deploy the fixes before exploits are developed to leverage the vulnerabilities. BitLocker bugs and TFTP troubles for Redmond This month, …
Shaun Nichols, 14 Nov 2018

OK Google, why was your web traffic hijacked and routed through China, Russia today?

Updated People's connections in the US to Google – including its cloud, YouTube, and other websites – were suddenly rerouted through Russia and into China in a textbook Border Gateway Protocol (BGP) hijack. That means folks in Texas, California, Ohio, and so on, firing up their browsers and software to connect to Google and its …
Shaun Nichols, 13 Nov 2018
Summit_racks

What's big, blue, and short on Intel? The supercomputer world's podium: USA tops Top500 with IBM Power9

IBM can now officially boast it has built the world's two most powerful publicly known supercomputers. The Big Blue-powered 144 PFLOPS Summit and 95 PFLOPS Sierra systems took the top two spots, first and second respectively, in the biannual Top500 supercomputing list, beating out the massive Chinese 93 PFLOPS Sunway …
Shaun Nichols, 13 Nov 2018

Scare Force: Pakistan military hit by Operation Shaheen malware

The Pakistan Air Force is the apparent target of a complex new state-sponsored attack campaign. Security house Cylance said this week a state-sponsored group – dubbed the White Company by researchers – has been looking to get into the networks of the Pakistani military in a long-term targeted attack campaign known as Operation …
Shaun Nichols, 12 Nov 2018
wacky_scientist

Irony meters explode as WordPress GDPR tool hacked, cell network hack shenanigans, crypto-backdoors, etc...

Roundup This week we had broken promises in China, broken keys in Steam, and broken ..err, everything in Apache Struts. Here's some other stuff kicking off in infosec beside everything else we've reported since this time last Saturday. FaceTime looks ugly after bug reports A Google researcher punched a trio of holes in Apple's …
Shaun Nichols, 10 Nov 2018

I found a security hole in Steam that gave me every game's license keys and all I got was this... oh nice: $20,000

A bloke has told how he discovered a bug in Valve's Steam marketplace that could have been exploited by thieves to steal game license keys and play pirated titles. Researcher Artem Moskowsky told The Register earlier this week that he stumbled across the vulnerability – which earned him a $20,000 bug bounty for reporting it – …
Shaun Nichols, 9 Nov 2018
teacher

Two fool for school: Headmaster, vice principal busted for mining crypto-coins in dorms, classrooms

The headmaster in China is in hot water after being caught using his school to house a crypto-mining operation. Chinese news site HK01 (via CCN this week) reports that principal Lei Hua was fired after authorities found he and vice principal Wang Zhipeng were found to be running a collection of rack-mounted cryptocoin mining …
Shaun Nichols, 9 Nov 2018
Boot print

Bruce Schneier: You want real IoT security? Have Uncle Sam start putting boots to asses

Any sort of lasting security standard in IoT devices may only happen if governments start doling out stiff penalties. So said author and computer security guru Bruce Schneier, who argued during a panel discussion at the Aspen Cyber Summit this week that without regulation, there is little hope the companies hooking their …
Shaun Nichols, 9 Nov 2018
The international uniform of hackers, the hoodie

Guess who's back, back again? China's back, hacking your friends: Beijing targets American biz amid tech tariff tiff

Three years after the governments of America and China agreed not to hack corporations in each other's countries, experts say Beijing is now back to its old ways. And if that's the case, we can well imagine Uncle Sam having a pop back. Speaking at the Aspen Cyber Summit in San Francisco on Thursday, a panel including top NSA …
Shaun Nichols, 9 Nov 2018

GDPR USA? 'A year ago, hell no ... More people are open to it now' – House Rep says EU-like law may be mulled

The rash of high-profile IT security breaches, data thefts, and other hacks that have erupted over the last year or so may push US legislators to consider laws similar to Europe's privacy-protecting GDPR. This is according to Representative Will Hurd (R-TX), who told attendees at the Aspen Cyber Summit in San Francisco today …
Shaun Nichols, 8 Nov 2018
Poison pill

StatCounter fingers cache-poisoning caper for Bitcoin-slurping JavaScript hijack

This week's hijacking of StatCounter's JavaScript to swipe Bitcoins from a crypto-coin exchange was the result of a web cache poisoning attack, apparently. The cyber-heist, in which a malicious snippet of JavaScript code was inserted into StatCounter's tracking script, which websites embed in their pages to monitor visitor …
Shaun Nichols, 8 Nov 2018
Person eating an apple

Premiere Pro bug ate my videos! Bloke sues Adobe after greedy 'clean cache' wipes files

Adobe is being sued after Premiere Pro unexpectedly deleted a snapper's valuable media files. David Keith Cooper on Wednesday sued Adobe in San Jose, USA, on behalf of himself and anyone who purchased Premiere Pro 11.1.0, and, as a result, had their personal media files nuked by the video-editing suite. The sueball claims a …
Shaun Nichols, 8 Nov 2018

Vulns in online shopping toolkit WooCommerce can blast a hole in your WordPress security

Updated A vulnerability in the WooCommerce online store platform, used by over four million vendors, can be exploited to hijack WordPress installations hosting the software. Researchers at RIPSTech discovered and reported the flaw directly to WooCommerce's developers, who cleaned up the bug in version 3.4.6 – so make sure you're …
Shaun Nichols, 7 Nov 2018

Stop us if you've heard this one: Remote code hijacking flaw in Apache Struts, patch ASAP

The Apache Foundation is urging developers to update their Struts 2 installations and projects using the code – after a critical security flaw was found in a key component of the framework. A warning this week from Apache reveals that devs should make sure their websites and other applications are running Struts versions 2.5. …
Shaun Nichols, 7 Nov 2018

Hackers seed StatCounter with nasty JavaScript in elaborate Bitcoin cyber-heist caper

Updated One of the top traffic metrics websites on the internet is apparently being used by criminals to steal Bitcoins from a currency exchange. Researchers at ESET have found that the JavaScript used by StatCounter's analytics platform has been modified by miscreants so that when embedded into the pages of Gate.io, a cryptocurrency …
Shaun Nichols, 6 Nov 2018
bank robbery

HSBC now stands for Hapless Security, Became Compromised: Thousands of customer files snatched by crims

HSBC has admitted miscreants have probably made off with personal details of thousands of its online-banking customers. The bank submitted paperwork [PDF] to the California Attorney General's office late last week outlining its plan to notify folks of the significant data theft. California law requires that the AG be notified …
Shaun Nichols, 6 Nov 2018
Shutterstock image of Android mascot on a laptop

Android fans get fat November security patch bundle – if the networks or mobe makers are kind enough to let 'em have it

Google today pushed out the November edition of its monthly Android security updates, giving carriers and device makers a fresh set of patches to install. Fingers cross the patches are rolled out to you ASAP. The November bulletin contains fixes for three remote code execution flaws as well as a number of information …
Shaun Nichols, 6 Nov 2018

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)

Fundamental flaws in the encryption system used by popular solid-state drives (SSDs) can be exploited by miscreants to easily decrypt data, once they've got their hands on the equipment. A paper [PDF] drawn up by researchers Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands, and made public today, …
Shaun Nichols, 5 Nov 2018
china hacking

Google logins make JavaScript mandatory, Huawei China spy shock, Mac malware, Iran gets new Stuxnet, and more

Roundup This week there were Hacked Home Hubs, buggered BBC Bits, and PortSmash privilege punch-ups. But that wasn't all that happened – here's a weekend roundup just for you. Huawei helped China with hacks, says Australia So it turns out all those governments weren't just being paranoid when they barred Huawei from working on …
Shaun Nichols, 3 Nov 2018
Shutterstock image of a google search bar

30 spies dead after Iran cracked CIA comms network with, er, Google search – new claim

Iran apparently infiltrated the communications network of CIA agents who allowed their secret websites, used to exchange messages with informants, to be crawled by Google. A report from Yahoo! News this week claims that a 2009 breach of the US spy bods' communications channels came after the Iranian government infiltrated a …
Shaun Nichols, 2 Nov 2018

Biting the hand that feeds IT © 1998–2018