By creating config files you can escalate through the mysqld_safe script using malloc_lib Source: Bad news: MySQL can dish out root access to cunning miscreants

ClixSense, a site which pays users to view ads and take surveys, was the victim of a massive data breach compromising around 6.6 million user accounts. Usually when there’s a data breach of this size, the information stolen contains usernames, passwords, and some other personal information, but due to the nature of ClixSense and the Read more about Over 6 million ClixSense users compromised by data breach[…]

Perhaps feeling a little bent out of shape about how much shit their country caught for running a massive, Cold War-style doping program for Olympic athletes, a group of Russian hackers have obtained confidential documents that they claim prove American Olympians are also big fat cheaters. The only problem is that the leaked documents don’t Read more about Russian Hackers Get Into World Anti-Doping Agency Data, Find Nothing Incriminating[…]

How hackers broke into millions of US govt personnel files Source: Read the damning dossier on the security stupidity that let China ransack OPM’s systems

It’s hard to detect because once it infects it deletes the files and lays dormant in memory. It executes now and again to find and infect other hosts and can be used as part of a botnet. Malwaremustdie

HITB Florian Lukavsky hacks criminals profiting from out-of-control multi-billion dollar CEO wire transfer scams… and they hate him for it. The director of SEC Consult’s Singapore office has made a name striking back at so-called “whaling” scammers by sending malicious Word documents that breach their Windows 10 boxes and pass on identity information to police. Read more about Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops[…]

If I plug in a device that masquerades as a USB Ethernet adapter and has a computer on the other end, can I capture credentials from a system, even when locked out (yes, logged in, just locked). (..or do even more, but we’ll save that for another time, this post is already too long) Source: Read more about Use a USB dongle to emulate a nic and get credentials from locked windows machines[…]

One in five firms that pay ransom fail to get their data back, according to new research from Trend Micro. A poll of IT managers at 300 UK businesses sponsored by Trend Micro found that 44 per cent of UK businesses have been infected by ransomware in the last two years. The study also found Read more about When you’ve paid the ransom but you don’t get your data back[…]

Music service Last.fm was hacked on March 22nd, 2012 for a total of 43,570,999 users. This data set was provided to us by daykalif@xmpp.jp and Last.fm already knows about the breach but the data is just becoming public now like all the others. Each record contains a username, email address, password, join date, and some Read more about Last.fm lost 43.5 million poorly encrypted accounts in 2012. They are out now, and the top 50 are…[…]

Dubbed USBee, the technique turns a computer’s USB ports into mini RF transmitters by modulating the data fed at high speed to plugged-in devices. By banging out a string of ‘0’ bits to a USB port, the voltage changes in the interface generate detectable emissions between 240MHz and 480MHz, according to Guri. Next, by writing Read more about USBee stings air-gapped PCs: Wirelessly leak secrets with a file write on a USB stick, measuring the voltage changes[…]

A data dump purported to contain 60 million Dropbox user IDs [and passwords] is the real thing, with the company confirming it to The Register, and independent verification from security researcher Troy Hunt. Source: Dropbox: 2012 credentials file is real

At its then peak, Angler was behind a whopping 40 percent of all exploit kit infections having compromised nearly 100,000 websites and tens of millions of users, generating some US$34 million annually for its authors. Source: Angler’s obituary: Super exploit kit was the work of Russia’s Lurk group

The explanation is first rate and will allow anyone to perform a non-technical man in the middle attack, going from eavesdropping to exploitation. Source: Tinder Social Engineering Attack – HERT

Infowars, created by famed radio host and conspiracy theorist Alex Jones, produces radio, documentaries and written pieces. The dumped data relates to Prison Planet TV, which gives paying subscribers access to a variety of Infowars content. The data includes email addresses, usernames, and poorly hashed passwords. The administrator of breach notification site Databases.Land provided a Read more about Tens of Thousands of Infowars Accounts Hacked: thats the sound of thousands of conspiracy loons crinkling up their tin foil hats as the pull them on tighter[…]

The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials. The FBI warning, contained in a “flash” alert from Read more about FBI says foreign hackers penetrated two seperate state election systems[…]

On Monday, a hacking group calling itself the “ShadowBrokers” announced an auction for what it claimed were “cyber weapons” made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect Read more about NSA cyberweapons being sold by hackers are real, Snowden Documents Confirm[…]

Protecting GPS From Spoofers Is Critical to the Future of Navigation – IEEE Spectrum http://spectrum.ieee.org/telecom/security/protecting-gps-from-spoofers-is-critical-to-the-future-of-navigation

‘DiskFiltration,’ a covert channel which facilitates the leakage of data from an air-gapped compute via acoustic signals emitted from its hard disk drive (HDD). Our method is unique in that, unlike other acoustic covert channels, it doesn’t require the presence of speakers or audio hardware in the air-gapped computer. A malware installed on a compromised Read more about DiskFiltration: sending data using Covert Hard Drive Noise[…]

The hack can be used by thieves to wirelessly unlock as many as 100 million VW cars, each at the press of a button. Almost every vehicle the Volkswagen group has sold for the past 20 years – including cars badged under the Audi and Skoda brands – is potentially vulnerable, say the researchers. The Read more about Thieves can wirelessly unlock up to 100 million Volkswagens (and other brands by VW), each at the press of a button[…]

The web interface contains a number of critical vulnerabilities that can be abused by unauthenticated attackers. These consist of monitoring backdoors left in the PHP files that are supposed to be used by NUUO’s engineers, hardcoded credentials, poorly sanitised input and a buffer overflow which can be abused to achieve code execution on NUUO’s devices Read more about 7(!) remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance products[…]

A new ransomlock variant, which mainly affects the US, tricks users into calling a toll-free number to reactivate their Windows computer. […] Victims of this threat can unlock their computer using the code: 8716098676542789 Source: New ransomware mimics Microsoft activation window | Symantec Connect Community It also turns out that calling the support number on Read more about New ransomware mimics Microsoft activation window[…]

The thermostat in question has a large LCD display, runs the operating system Linux, and has an SD card that allows users to load custom settings or wallpapers. The researchers found that the thermostat didn’t really check what kind of files it was running and executing. In theory, this would allow a malicious hacker to Read more about White hat Hackers Make the First-Ever Ransomware for Smart Thermostats[…]

In a proof-of-concept video the boffins place a phone in an empty conference room three metres (10 feet) from a speaker. Commands are issued that sound to like a drowning dalek to Vulture South’s ears. That garbling makes the commands difficult for humans to understand but passable for Siri and her ilk. The attackers activate Read more about Drowning Dalek commands Siri in voice-rec hack attack[…]

Wendy’s said hackers were able to steal customers’ credit and debit card information at 1,025 of its U.S. restaurants, far more than it originally thought. The hamburger chain said Thursday hackers were able to obtain card numbers, names, expiration dates and codes on the card, beginning in late fall. Some customers’ cards were used to Read more about Wendy’s Says More Than 1,000 Restaurants Affected by Hack[…]