Few, if any, companies or government agencies store more sensitive personal information than the IRS, and consumers have virtually no insight into how that data is used and secured. But, as the results of a recent Justice Department investigation show, when you start poking around in those dark corners, you sometimes find very ugly things. Read more about How an IRS Employee Allegedly Stole $1 Million from Taxpayers[…]
The HTTPS Bicycle attack can result in the length of personal and secret data being exposed from a packet capture of a user’s HTTPS traffic. For example, the length of passwords and other data (such as GPS co-ordinates) can be determined simply by analysing the lengths of the encrypted traffic.Some of the key observations of Read more about HTTPS Bicycle Attack – Obtaining Password lengths From TLS Encrypted Browser Requests[…]
SentinelOne director of mobile research Tim Strazzere said he found an open socket—shell@blackphone:/dev/socket $ ls l at_pal srwrwrw radio system 20150731 17:51 at_pal—accessible on the phone that the agps_daemon, a system-level shell is able to communicate with. The vulnerability, CVE-2015-6841, is specific to the modem used by the Blackphone, the Icera modem developed by nVidia. Read more about Silent Circle Blackphone Icera Modem Security Patch[…]
Time Warner Cable Inc said on Wednesday up to 320,000 customers may have had their email passwords stolen. The company said email and password details were likely gathered either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored Time Warner Cable’s customer information, including email addresses. Source: Time Read more about Time Warner Cable says up to 320,000 customers’ data may have been stolen[…]
The Israel-based duo pried apart and compromised KVMs (keyboard video mouse) units such that they could download malware and compromise attached computers. The attack, demonstrated at the Chaos Communications Congress in Hamburg last month is notable because KVMs are used to control multiple machines. A compromised unit would not be immediately suspicious to most admins Read more about Checkpoint chap’s hack whacks air-gaps flat[…]
Microsoft Corp (MSFT.O) experts concluded several years ago that Chinese authorities had hacked into more than a thousand Hotmail email accounts, targeting international leaders of China’s Tibetan and Uighur minorities in particular – but it decided not to tell the victims, allowing the hackers to continue their campaign, according to former employees of the company. Read more about Microsoft failed to warn victims of Chinese email hack[…]
37 US states could have been scammed by rogue security guy In July, Eddie Tipton, 52, was found guilty of installing a rootkit in the MSLA’s random-number generating computer that allowed him to predict the digits for future winning tickets. He also tampered with security cameras to cover up his time at the keyboard, the Read more about Feds widen probe into lottery IT boss who rooted game for profit[…]
InterApp can allow its operators to break into nearby smartphones that have their WiFi connection open, and then, employing a diverse arsenal of security vulnerabilities, gain root permission on devices and exfiltrate information to a tactical server. According to Rayzone, InterApp can steal a user’s email address password and content, passwords for social networking apps, Read more about RayZone InterApp: The Gadget That Can Spy on Any Smartphone[…]
Cracking Wi-Fi passwords, spoofing accounts, and testing networks for exploits is all fun enough, but if you want to take the show on the road, you’ll want an easily portable rig. Enter Kali Linux and the Raspberry Pi. Source: How to Build a Portable Hacking Station with a Raspberry Pi and Kali Linux
Kiwi hacker Lachlan Temple has found holes in a popular cheap car tracking and immobilisation gadget that can allow remote attackers to locate, eavesdrop, and in some cases cut the fuel intake to hundreds of thousands of vehicles, some while in motion. the flaws allow attackers who log into any account — including a universal Read more about Hundreds of thousands of engine immobilisers hackable over the net[…]
WordPress hosting outfit WP Engine has confessed to a security breach, prompting it to reset 30,000 customers’ passwords. Security firm Trend Micro has also warned that The Independent newspaper’s WordPress-based blog section has been compromised Source: WordPress hosting biz confesses to breach, urgently contacts 30,000 users
The security bug relates to the fact that the AVG antivirus creates a memory space with full RWX (read-write-execute) privileges where it normally runs. For that particular version of the AVG antivirus, this memory space was not randomized and was often shared with other applications, like, for example, Acrobat Reader or the enSilo product that Read more about AVG, McAfee, Kaspersky Fix Common Vulnerability in Their Antivirus Products[…]
We see around 77,000 accounts hijacked and pillaged each month. These are not new or naïve users; these are professional CS:GO players, reddit contributors, item traders, etc. Users can be targeted randomly as part of a larger group or even individually. Hackers can wait months for a payoff, all the while relentlessly attempting to gain Read more about 77000 Valve accounts get hacked per month[…]
A database containing personally identifiable information was accessed, potentially compromising the names, email addresses, dates of birth, and phone numbers of 656,723 customers. Source: JD Wetherspoon: A ‘hacker’ nicks 650,000 pub-goers’ data
The hacktivist group Anonymous breached into the website of United Nations Framework Convention on Climate Change (UNFCCC) and leaked a trove of personal information of 1415 officials. Source: Anonymous Hacks UN Climate Change Site Against Police Attack on Cop21 March
US hotel chain Hilton revealed Tuesday that hackers infected some of its point-of-sale computer systems with malware crafted to steal credit card information. Hilton would not disclose whether data was taken, but advised anyone who used payment cards at Hilton Worldwide hotels between November 18 and December 5 of last year or April 21 and Read more about Hilton hotels hit by cyber attack[…]
Allows you to store all of your credit cards and magstripes in one device Works on traditional magstripe readers wirelessly (no NFC/RFID required) Can disable Chip-and-PIN (code not included) Correctly predicts Amex credit card numbers + expirations from previous card number (code not included) Supports all three magnetic stripe tracks, and even supports Track 1+2 Read more about samyk/magspoof · GitHub[…]
Researchers find ways to p0wn industrial control systems Source: SAP pumps 70m barrels of oil a day … and might also blow them up
U.S. prosecutors on Tuesday unveiled criminal charges against three men accused of running a sprawling computer hacking and fraud scheme that included a huge attack against JPMorgan Chase & Co and generated hundreds of millions of dollars of illegal profit. Source: U.S. charges three in huge cyberfraud targeting JPMorgan, others
Mimic implements a devilishly sick idea floated on Twitter by Peter Ritchie: “Replace a semicolon (;) with a Greek question mark (;) in your friend’s C# code and watch them pull their hair out over the syntax error.” There are quite a few characters in the Unicode character set that look, to some extent or Read more about Mimic, the Evil Script That Will Drive Programmers To Insanity[…]
British broadband provider TalkTalk has admitted that all of its 4 million customers’ names, addresses, dates of birth, email addresses, phone numbers and bank details may have stolen by hackers. Source: Huge Hack Hits 4 Million British Broadband Customers
Security researchers at Pen Test Partners have found a security vulnerability in the iKettle Wi-Fi Electric Kettle that allows attackers to crack the password of the WiFi network to which the kettle is connected. Researchers say that using this simple trick and information about iKettles, they drove around London, cracked home WiFi networks, and created Read more about Tattling Kettles Help Researchers Crack WiFi Networks In London[…]
This rig is able to send radio waves at an iPhone or Android with its headphones still plugged in, using the headphone cable as a receiver that picks up the radio signals and relays them to the operating system’s voice recognition software. Source: Hackers Can Use Radio Waves to Hijack Androids and iPhones via Siri Read more about Hackers Can Use Radio Waves to Hijack Androids and iPhones via Siri and Google Now[…]
Flat, firewall-free network was a walk in the park, boffins say.[…]They say the casino lacked even basic firewalls around its payment platforms and did not have logging. “It was a very flat network, single domain, with very limited access controls for access to payment systems,” Emmanuel Jean-Georges told the Cyber Defence Summit (formerly Mircon) in Read more about Jackpot: New hacking group steals 150,000 credit cards from casino[…]
“It appears that the focus was to obtain contact information such as names, addresses, email addresses and phone numbers of current and former subscribers in order to send fraudulent solicitations.”[…]“As part of the investigation to date, we also determined that payment card and contact information for fewer than 3,500 individuals could have been accessed, although Read more about Dow Jones hacked for 3 years, 3500 of 1%ers data taken[…]