MouseJack is a collection of security vulnerabilities affecting non-Bluetooth wireless mice and keyboards. Spanning seven vendors, these vulnerabilities enable an attacker to type arbitrary commands into a victim’s computer from up to 100 meters away using a $15 USB dongle.
Is it a bug or is it a backdoor? is exposed to a UEFI bug that can be exploited to disable firmware write-protection. If the claims made by Dmytro Oleksiuk at Github are correct, an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, Read more about Intel based PCs with BIOS vuln[…]
An anonymous hacker managed to obtain an enormous number of user credentials in June 2013 from fallen social networking giant MySpace — some 427 million passwords, belonging to approx. 360 million users. In May 2016, a person started selling that database of passwords on the dark web. Now, the entire database is available online for Read more about You can now browse through 427 million stolen MySpace passwords[…]
The PC maker has started writing to customers [PDF] warning that their personal records were siphoned off from its online store by crooks between May 12, 2015 and April 28, 2016. Acer did not say how many customers had their details swiped. The lost data includes customer names, addresses, card numbers, and three-digit security verification Read more about Acer leaks payment cards in e-store hack[…]
Researchers have uncovered an underground marketplace selling information on over 70,000 compromised servers based around the globe. Russia-based Kaspersky Lab has revealed today that the online forum, named xDedic, seems to be operated by a Russian-speaking organisation and allows hackers to pay for undetectable access to a wide range of servers, including those owned by Read more about Buy one of 70K hacked servers from $6, get control kit with it[…]
Bitdefender vulnerability researcher Radu Caragea presented today at the Hack In The Box Amsterdam conference a novel way to extract TLS keys from virtual machines, using an out-of-guest approach. The new technique works to detect the creation of TLS session keys in memory as the virtual machine is running. The presentation covers a novel technique Read more about TeLeScope can decrypt your TLS traffic realtime if on a hypervised machine (which most people are nowadays)[…]
the database shows email addresses, passwords that were hashed and salted passwords with MD5 (an algorithm that nowadays is easy to crack), as well as a user’s IP address (which in some cases can determine location), and the site that the record was taken from. Source: Exclusive: Hundreds of forums hacked, leaking millions of users’ Read more about Hundreds of VerticalScope forums hacked, leaking 45 million user accounts[…]
Troy Hunt, a security researcher who maintains the data breach awareness portal Have I Been Pwned, recently obtained a copy of the stolen data set. Hunt told Motherboard that the data contained 65,469,298 unique emails and passwords. Source: Hackers Stole 65 Million Passwords From Tumblr, New Analysis Reveals | Motherboard
Once the magic card is inserted, the malware is ready to interact with two different types of cards, each with different functions: 1.Card type 1 – request commands through the interface 2.Card type 2 – execute the command hardcoded in the Track2 After the card is ejected, the user will be presented with a form, Read more about Skimer ATM Malware takes it to a new level[…]
TOKYO (Kyodo) — A total of 1.4 billion yen ($12.7 million) in cash has been stolen from some 1,400 automated teller machines in convenience stores across Japan in the space of two hours earlier this month, investigative sources said Sunday. Police suspect that the cash was withdrawn at ATMs using counterfeit credit cards containing account Read more about 1.4 bil. yen stolen from 1,400 convenience store ATMs across Japan[…]
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/may/gsmgprs-traffic-interception-for-penetration-testing-engagements/ An excellent howto on gsm gprs listening and setting up your own 4g / 2g base to intercept traffic
Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thousands of “ghost drivers” that can monitor the drivers around them—an exploit that could be used to track Waze users in real-time. They proved it to me by tracking my own movements around San Francisco and Las Vegas Read more about If you use Waze, hackers can stalk you, add thousands of ghost cars to divert your traffic[…]
_ _ _ ____ _ _ | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | _ | (_| | (__| < | |_) | (_| | (__|
A trove of leaked information, purported to be the entire Turkish citizenship database, has been leaked. The leaked info appears to contain names, addresses and ID numbers of more than 49 million citizens. If confirmed the leak would become one of the biggest privacy breaches, by number of records, ever. Source: Did hacktivists really just Read more about Did hacktivists really just expose half of Turkey’s entire population to ID theft?[…]
The team, led by Mohammad Al Faruque, director of UCI’s Advanced Integrated Cyber-Physical Systems Lab, showed that a device as ordinary and ubiquitous as a smartphone can be placed next to a machine and capture acoustic signals that carry information about the precise movements of the printer’s nozzle. The recording can then be used to Read more about 3D printed items can be reversed engineered using a smartphone to listen to the sound of the printing proces[…]
“These (mechanics) tool have the codes to read and write firmware and if it is compromised by a malicious car it can modify the firmware of other cars that come in afterwards,” Smith told Vulture South at the Nullcon security conference in Goa, India. Smith’s mechanic malware compromises of learning, simulation, and attack modes. Learning Read more about Pwn all cars by using the car mechanic PC as an attack vector[…]
The hackers breached Bangladesh Bank’s systems and stole its credentials for payment transfers, two senior officials at the bank said. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank’s account there to entities in the Philippines and Sri Lanka, the officials said. Read more about How a hacker’s typo helped stop a billion dollar bank heist[…]
The Vodafone network does not generate random TMSI numbers, which allows you to copy them and thereby listen in to other ongoing conversations. The network won’t throw off duplicates. If you have an IMSI catcher you can exploit this. It does, however, put the phone into conference call mode, which shows up on the screen. Read more about Vodafone network allows you to copy yourself into someone elses conversation[…]
Today at the Security Analyst Summit, researchers from Kaspersky Lab Global Research & Analysis Team unveiled details on two new criminal operations that have borrowed heavily from targeted nation-state attacks, and also shared an update on a resurgent Carbanak gang, which last year, it was reported, had allegedly stolen upwards of $1 billion from more Read more about Carbanak 2.0, Metel, GCMAN Borrow from APT Attacks[…]
As promised, hacker publishes personal information of 20,000 FBI agents, allegedly stolen from a hacked Department of Justice computer. Source: Hacker Publishes Personal Info of 20,000 FBI Agents | Motherboard
MERICAN AND BRITISH INTELLIGENCE secretly tapped into live video feeds from Israeli drones and fighter jets, monitoring military operations in Gaza, watching for a potential strike against Iran, and keeping tabs on the drone technology Israel exports around the world. Under a classified program code-named “Anarchist,” the U.K.’s Government Communications Headquarters, or GCHQ, working with Read more about Israeli Drone Feeds Hacked By British and American Intelligence[…]
“The largest attack reported by a respondent this year was 500Gbps, with other respondents reporting attacks of 450Gbps, 425Gbps, and 337Gbps,” (says the Arbor report) Source: 500Gbps DDoS attack flattens world record
Battered Ukrainian electricity utilities are being targeted with backdoors in attacks possibly linked to those fingered for recent blackouts. The phishing attacks are attempting to get backdoors installed on utility company computers using techniques similar to those seen in the BlackEnergy attacks. BlackEnergy ripped through Ukrainian utilities in what is largely considered the cause of Read more about Ukraine energy utilities attacked again with open source Trojan backdoor[…]
US spy chief James Clapper’s personal online accounts have been hacked, his office confirmed Tuesday, a few months after CIA director John Brennan suffered a similar attack. Clapper’s Office of the Director of National Intelligence confirmed the hack but refused to provide details. “We are aware of the matter and we reported it to the Read more about US spy chief’s personal accounts hacked[…]