Search Results for “Shaun Nichols”


May 4, 2020
Shaun Nichols / The Register

Shaun Nichols / The Register  
The UK’s NCSC Will Stop Using Terms Whitelisting and Blacklisting Due to Racist Connotations, Small Gesture in Larger Effort to Drive Prejudice From Cybersecurity

To “stamp out” racism in the cybersecurity industry, the National Cyber Security Centre (NCSC), part of GCHQ, said it would stop using the terms whitelisting and blacklisting due to their racial connotations. NCSC said it was following a request from a customer and will eliminate the terms when describing, including and excluding specific applications, websites, weak or leaked passwords, and so on. It will instead use the terms “allow list” and “deny list” in material published on its website. NCSC said the policy change was only a small gesture in a much larger effort to drive prejudice from technology and cybersecurity industries.

May 27, 2020
Shaun Nichols / The Register

Shaun Nichols / The Register  
Microsoft Bans Trend Micro Driver After Code Appears to Cheat Its QA Tests

Microsoft blocked a Trend Micro driver from running on Windows 10, and Trend Micro has withdrawn downloads of its rootkit detector called Rootkit Buster that uses the driver after the code appeared to cheat Redmond’s QA tests, Windows internals guru Alex Ionescu discovered. Ionescu discovered the blockade while investigating research by 18-year-old computer security undergrad Bill Demirkapi that revealed not only shortcomings in the driver’s code but also an effort to detect Microsoft’s QA test suite. The kernel at the heart of Rootkit Buster, tmcomm.sys, alters the way it allocates memory to pass Microsoft’s Windows Hardware Quality Labs (WHQL) certification tests, Demirkapi found. The Register verified Demirkapi’s findings, but Trend Micro has ignored repeated requests for an explanation, although it denied trying to cheat quality assurance tests. Trend Micro did say it has removed Rootkit Buster for another unknown vulnerability.

Related: IT Pro, Bill Demirkapi’s Blog

Tweets:@GossiTheDog @aionescu


April 7, 2020
Shaun Nichols / The Register

Shaun Nichols / The Register  
Chinese State Hacking Crews That Target Mostly Linux Servers Stayed Undetected for More Than a Decade

A collection of five small crews of hackers thought to be state-sponsored operating as an offshoot of China’s Winnti group managed to stay undetected for more than a decade by going open source, according to a report by Blackberry Cylance. The group assembled in the wake of Winnti and exploited Linux servers, plus the occasional Windows Server box and mobile device, for years. The researchers believe the hackers use three different backdoors, two rootkits, and two other build tools that can be used to construct additional rootkits on a per-target basis for open-source servers.

Related: LinuxSecurity – Security Articles, Verdict, BetaNews, Forbes, Cylance, MobileSyrup.com, ZDNet


March 11, 2020
Shaun Nichols / The Register

Shaun Nichols / The Register  
Trio of Errors in Avast’s AntiTrack Privacy Tool Can Allow Snoopers to Intercept and Tamper With Web Connections

A trio of errors in Avast’s AntiTrack privacy tool can be exploited, when combined, by a snooper to silently intercept and tamper with an AntiTrack user’s connections to even the most heavily secured websites, security researcher David Eade discovered. The errors, tracked as CVE-2020-8987, can enable a man in the middle attack between AntiTrack and the sites users visit. The flaws affect both the Avast and AVG versions of AntiTrack. Users are advised to update their software as a fix for both tools has been released.

March 10, 2020
Shaun Nichols / The Register

Shaun Nichols / The Register  
Spyware Purveyor NSO Group Accuses Facebook of Lying to U.S. Court and Causing It to Miss Court Hearing

Lawyers for controversial spyware maker NSO Group have accused Facebook of lying to a US court in its ongoing legal battle against the government malware maker. NSO Group failed to show up for a court hearing on March 2 but accused Facebook of never properly served its lawyers with legal papers, despite telling the court that it had. NSO has asked the court to vacate the earlier default judgment entered at the start of last week after the security shop’s lawyers failed to turn up at the California US District Court. NSO is also asking the court to give it additional time (another 120 days) to respond to the suit. Facebook is suing NSO Group over accusations the Israeli-based company had helped governments hack several accounts and devices on Facebook’s WhatsApp messaging platform.

March 5, 2020
Shaun Nichols / The Register

Shaun Nichols / The Register  
New Wave of Impersonating Homoglyph or Look-Alike Domains Were Enabled by Flaw in Verisign Domain Registrations

A fresh wave of homoglyph or non-Latin characters that look like Latin letters are being used to lure victims to malicious fake websites, researchers at Soluble report. The Soluble researchers worked with Verisign to thwart the registration of domain names that use homoglyphs to masquerade as legit domains. Between 2017 and today, more than a dozen homograph domains have had active HTTPS certificates, according to Soluble researcher Matt Hamilton. Although Verisign put into place protections against this kind of impersonation, they did not extend to Unicode Latin IPA, although Verisign has updated its filters to fix this flaw.

April 3, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
Network Intruders Are Covering Tracks More, Staying on Victims’ Networks Longer, and Using ‘Island Hopping’ Supply Chain Attacks to Move Across Multiple Networks, Carbon Black

Network intruders are doing more to cover their tracks in hopes of staying on the victim’s network for longer periods of time, according to security company Carbon Black, which analyzed various incident reports from about 40 of its enterprise customers. The company said it logged a five percent jump (ten percent in the last six months) in reports of hackers using measures to hit back at security tools and administrators, such as deleting logs and disabling antivirus, from 46 percent in Q3 2018 to 56 percent in Q1 2019. Fueling this growth is the rise of attacks from China and Russia targeting intellectual property, which was cited as the motivation for 22 percent of the attacks last quarter, up from only 5% during the preceding quarter.  Another factor fueling the growth was the rise of “island hopping,” when attackers work their way from one compromised network to that of another company further up the supply chain. Half of the attacks during the last quarter were carried out as part of an “island hopping” operation that originated at a supply chain member or other partner company.

June 7, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
Democratic Senators Want Answers From Quest Diagnostics, LabCorp on Security Practices Following AMCA Breach, Two New Firms, OPKO Health and BioReference, Also Compromised

Two Democratic Senators from New Jersey, Robert Menendez and Cory Booker, sent a letter seeking some basic information on blood-testing outfit Quest Diagnostics’ security practices and how it plans to handle the massive security fail by its debt collection business partner American Medical Collections Agency (AMCA). Data records on nearly 12 million of Quest’s customers were exposed after hackers broke into AMCA’s databases. The senators want to know how the hack was not noticed by Quest nor AMCA for eight months, and whether Quest performed any tests or audits on the security both its internal records and the data it entrusted to outside partners. The letter to Quest follows a similar letter the Senators sent to rival testing firm LabCorp, which had 7.7 million patient records stored in a hacked AMCA database, 200,000 of which contained credit card or bank account info that was siphoned off by the intruders. Meanwhile, it has emerged that two other firms were implicated in the AMCA breach: OPKO Health, which had records of 422,600 people compromised, and BioReference Laboratories, which has acknowledged that the breach may have exposed data on more than 20 million patients.

June 13, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
Yubico Recalls FIPS Series of YubiKey Widgets Due to Flaw That Could Make Crypto Operations Easier to Crack

Hardware authentication company Yubico said it is recalling one of its YubiKey lines after the authentication devices were found to have a security weakness. Firmware in the FIPS Series of YubiKey widgets, aimed mainly at US government use, were prone to a reduced-randomness condition that could make their cryptographic operations easier to crack in some cases, particularly when the USB-based token is first powered up. The issue affects YubiKey FIPS Series devices, versions 4.4.2 and 4.4.4 (there is no released firmware version 4.4.3). The recall covers the YubiKey FIPS, Nano FIPS, C FIPS, and C Nano FIPS models. Yubuico said that a majority of affected YubiKey FIPS Series devices have been replaced, or are in process of replacement with updated, fixed versions of the devices.

June 19, 2019
Shaun Nichols / The Register

Shaun Nichols / The Register  
Collection Agency Behind Breach of 20 Million Medical Testing Patient Records Seeks Chapter 11 Bankruptcy

Retrieval Masters Creditors Bureau, also know as American Medical Collection Agency (AMCA), told the Southern New York US District Court this week that it is seeking Chapter 11 bankruptcy protection after AMCA’s patient databases, which stored personal and banking details of millions of people, including medical testing companies, were attacked by hackers. Breached atient data for medical testing companies Quest Diagnostics (12 million records exposed), LabCorp (8 million), BioReference Laboratories (423,000), Carecentrix (500,000), and Sunrise Laboratories, added up to more than 20 million records.