(get it in RSS or Atom)

Syrian Electronic Army attacks the Washington Post again, hijacks mobile site

Syrian Electronic Army attacks the Washington Post again, hijacks mobile site

Part of the mobile website of the Washington Post was compromised briefly on Thursday by the Syrian Electronic Army (SEA) hacker group, in an attack that redirected traffic to a site with anti-US and anti-media messages.

Google forgets one little "Yes/No" setting, leaks private WHOIS data


Even Google can make data leakage mistakes, as network security expert group Talos recently noticed.

Just one tiny little Yes/No setting that went wrong...

Malware infection suspected at ISC, providers of the BIND DNS server software

The Internet Systems Consortium, better known as ISC, thinks it might have had a malware infection.

An insecure installation of WordPress seems to be behind the problem...

SSCC 178 - Are we there yet? [PODCAST]

Here's the latest episode of our weekly security podcast.

Enjoy...and "Happy Holidays," whether you're away on vacation yourself, or a sysadmin enjoying the time when everyone else is on vacation!

Yes, ICANN keep your data safe...oops, sorry, no I can't - 60 Sec Security [VIDEO]

Time for the latest episode of our weekly 60 Second Security video!

The news, in just one minute...enjoy.

Spear-phishers grab emails from internet overseer ICANN

ICANN logo

Yes, the DNS overlord fell for spear phishing. No, the internet's spine was NOT broken, given that the intruders only gained "read", not "write", access. Thank goodness!

Craigslist back up and running after DNS hijack

'Digital Gangster' hijacks Craigslist

If you had trouble getting onto Craigslist to sell your apple green velvet armchair over the weekend, join the club: the site was hijacked on Sunday night.

Google reports new shenanigans in ongoing Turkish internet blockade


Turkey recently blocked Twitter and YouTube, as well as Google's free Public DNS servers that many people used to get around the blockade.

Now Google reports another layer of "active intervention" by Turkish ISPs...

SSCC 134 - Patching, foisting, hacking and obfuscating [PODCAST]


Here's our latest security podcast, featuring Sophos experts Chester Wisniewski and Paul Ducklin.

Join the dynamic duo as they turn the latest news into a quarter-hour podcast that is informative, entertaining and educational.

SEA attempts to hack Facebook and other MarkMonitor domain customers

Facebook Photo Sync: Nine things you should know

The group known as the Syrian Electronic Army (SEA) attempted to commandeer the DNS records of Facebook, but were thwarted by DNS provider MarkMonitor. Are the basic protocols up to the task of protecting us in 2014?

Google Palestine hijacked: hackers say rename Israel to Palestine, listen to RiRi


Google's domain serving the Palestinian territories, Google Palestine, was hijacked on Monday by hackers urging Google to rename Israel to Palestine in Google Maps (and the rest of us to listen to Rihanna).

Syrian Electronic Army brings down Twitter and The New York Times through domain name provider hack


The Syrian Electronic Army attacked an internet domain name provider today taking down for a short time the websites of The New York Times and Twitter for some users,

The LinkedIn hack that wasn't


Bryan Berg, the co-founder of microblogging site App.net, pronounced earlier today that LinkedIn had been hacked.

That turned out to be not quite correct, as Paul Ducklin explains.

Hacked Go Daddy sites infecting users with ransomware


Computer users are getting infected with ransomware because criminals have managed to hack the DNS records of Go Daddy hosted websites.

Google disappears for Irish internet users - but was it a nameserver hack or admin screwup?

Google disappears for Irish internet users - but was it a nameserver hack or admin screwup?

Thousands of Google users in Ireland found that they were unable to access the site earlier today when the nameservers for google.ie began to point to a third-party site based in Indonesia.

But was it an admin cockup or the result of a malicious hack?

Microsoft settles lawsuit against 3322 dot org, reveals scale of Nitol botnet in China


Just over two weeks ago, we wrote enthusiastically about Microsoft's legal action against 3322 dot org.

That lawsuit has now been settled, with 3322 dot org's operator agreeing to a range of security-related conditions to get his domain back.

How millions of DSL modems were hacked in Brazil, to pay for Rio prostitutes

How millions of ADSL modems were hacked in Brazil to pay for Rio prostitutes

Brazilian hackers remotely took over 4.5 million home routers, and compromised their DNS settings in their plot to make a fortune.

And what did they spend the money on? Well, in some cases, Rio prostitutes..

Microsoft gets control of zombie domain, warns about malware "in the supply chain"

Microsoft gets control of zombie domain, warns about malware "in the supply chain"

Microsoft has announced, with perfectly rightful excitement, that a court in Virginia, USA, has given it control over the domain 3322 dot org.

This is one of the most prevalent call-home locations used by the Nitol malware - a family with tens of thousands of known variants.

Go Daddy largely unavailable for over 4 hours - Hacker revenge or SNAFU?


Today Go Daddy, the worlds largest domain name registrar, was unavailable for over four hours in the middle of the North American working day. Was it a malicious hacker or simple a colossal infrastructure failure?

Phishing without a webpage - researcher reveals how a link *itself* can be malicious

Phish without a web page? Yes you can!

Can you phish without a phishing page? Research by a student at the University of Oslo in Norway finds that, with the help of a trusty URI, ‘Yes, you can.’