Author Archives: Shaun Nichols

In case you’re not already sick of Spectre… Boffins demo Speculator tool for sniffing out data-leaking CPU holes

First proof-of-concept, SplitSpectre, requires fewer instructions in victim

Analysis  You've patched your Intel, AMD, Power, and Arm gear to crush those pesky data-leaking speculative execution processor bugs, right? Good, because IBM eggheads in Switzerland have teamed up with Northeastern University boffins in the US to cook up Spectre exploit code they've dubbed SplitSpectre.…

Little FYI: Wi-Fi calling services on AT&T, T-Mobile US, Verizon are insecure, say boffins

Subscribers using wireless calls wide open to attack

Boffins from Michigan State University in the US and National Chiao Tung University in Taiwan have found that the Wi-Fi calling services offered by AT&T, T-Mobile US, and Verizon suffer from four security flaws that can be exploited to attack mobile phone users, leaking private information, harassing them, or interfering with service.…

Sacked NCC Group grad trainee emailed 300 coworkers about Kali Linux VM ‘playing up’

Then took her employers to the Employment Tribunal

An NCC Group graduate trainee who emailed 300 coworkers to ask for help with what she deemed to be "unusual" behaviour from her Kali Linux VM; contacted the firm’s incident response team to complain about a faulty laptop; and said the machine had been "deliberately sabotaged", has had her victimisation claim thrown out by an employment tribunal.…

Oz opposition caves, offers encryption backdoor compromise

Mark Dreyfus offers to rubber-stamp legislation if only counter-terror agencies get decryption

Mark Dreyfus, the Labor opposition's shadow Attorney General, has offered a compromise on Australia's controversial encryption backdooring bill that could see it passed, but with its operation restricted to counter-terrorism agencies.…

Fancy Bear hacker crew Putin dirty RATs in Word documents emailed to govt orgs – report

Disguised as files about recent Lion Air crash, no less

Russian state-backed hacking crew Fancy Bear (aka APT28) is distributing malware-riddled files with a suggested link to the recent Lion Air crash in order to dupe government workers into downloading software nasties – and has developed a new remote-access trojan called Cannon, according to Palo Alto Networks.…

Talk about a cache flow problem: This JavaScript can snoop on other browser tabs to work out what you’re visiting

Yes, even the Tor browser can be spied on by this nasty code

Special report  Computer science boffins have demonstrated a side-channel attack technique that bypasses recently-introduced privacy defenses, and makes even the Tor browser subject to tracking. The result: it is possible for malicious JavaScript in one web browser tab to spy on other open tabs, and work out which websites you're visiting.…

Prepare for the battle against cybercrime at SANS London 2019

Discover the latest attacks, learn the best defence tactics

Promo  No matter how sophisticated your security precautions are, you can never assume your computer systems are impenetrable. Only the most alert and highly skilled defenders can fight off determined cybercriminals who know how to circumvent today’s advanced security and monitoring tools.…

Super Micro chief bean counter: Bloomberg’s ‘unwarranted hardware hacking article’ has slowed our server sales

CEO insists Chinese spy chip bombshell 'impossible'

Super Micro Computer on Thursday reported net sales in the range of $952m to $962m for the first quarter of its fiscal 2019, which ended September 30, 2018. That's higher than company guidance of $810m to $870m, and up roughly 40 per cent on the year-ago period.…

Another Meltdown, Spectre security scare: Data-leaking holes riddle Intel, AMD, Arm chips

CPU slingers insist existing defenses will stop attacks – but eggheads disagree

Computer security researchers have uncovered yet another set of transient execution attacks on modern CPUs that allow a local attacker to gain access to privileged data, fulfilling predictions made when the Spectre and Meltdown flaws were reported at the beginning of the year.…

Did you by chance hack OPM back in 2015? Good news, your password probably still works!

Government audit finds office still hasn't cleaned up from Obama-era megabreach

More than three years after suffering one of the largest cyber-attacks in US government history, the Office of Personnel Management has yet to adopt dozens of the security measures investigators ordered – including basic stuff like changing passwords.…

I know what you’re thinking: Outsource or in-source IT security? I’ve worked both sides, so here’s my advice…

The pros and cons of using internal and external talent, or a mix of both

Comment  You’re a small or mid-sized business and have a growing sense of unease that you aren’t doing enough on cyber security. Must be all those headlines about ransomware infections and databases ransacked. Or – perhaps – you’re experiencing an upsurge in phishing attempts.…

IT Wi-Fi kit bit by TI chip slip: Wireless gateways open to hijacking via BleedingBit chipset vuln

Firmware security patches hit to fix critical holes in enterprise network access points

Updated  On Thursday, network equipment makers Aruba, Cisco, and Cisco-owned Meraki plan to patch two flaws in Bluetooth Low Energy (BLE) chips made by Texas Instruments (TI) that power their respective enterprise Wi-Fi access points.…