All CPUs emit electromagnetic signals when they are performing tasks, and the first thing these researchers discovered was that binary ones and zeroes emit different levels. The second thing they discovered is that electromagnetic radiation is also emitted by the voltage fluctuations and that it can be read from up to six meters away. These Read more about Airgap attack from 6 metres by reading your CPU electromagnetic signals[…]

Rahul Sasi will present a way to hijack a Parrot drone without using any authentication. nullcon – Rahul Sasi.

KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back all keystrokes from any Microsoft wireless keyboards (which use a proprietary 2.4GHz RF protocol) in the area. Keystrokes are sent back to the KeySweeper operator over the Internet via an optional GSM Read more about KeySweeper – a DIY usb wall charger that logs keystrokes from MS wireless keyboards[…]

C3TV – 31C3: a new dawn.

Gefahren von Kameras für (biometrische) Authentifizierungsverfahren [31c3] von starbug/Jan Krissler – YouTube.

World's Biggest Data Breaches – Static | Information Is Beautiful.

Staples believes that point-of-sale systems at 115 Staples locations were infected with malware that thieves may have used to steal customers’ names, payment card numbers, expiration dates and card verification codes, Staples said on Friday. At all but two of those stores, the malware would have had access to customer data for purchases made between Read more about Staples: Breach may have affected 1.16 million customers’ cards[…]

The data dump, which was reviewed extensively by BuzzFeed News, includes employee criminal background checks, salary negotiations, and doctors’ letters explaining the medical rationale for leaves of absence. There are spreadsheets containing the salaries of 6,800 global employees, along with Social Security numbers for 3,500 U.S. staff. And there is extensive documentation of the company’s Read more about Sony Data Breach gets worse and worse[…]

Excel and Word documents plainly expose thousands of computer log-in, financial, and web services passwords, including the Facebook, Twitter, YouTube, and MySpace passwords for hundreds of major motion picture accounts. via It Gets Worse: The Newest Sony Data Breach Exposes Thousands Of Passwords – BuzzFeed News. Oh dear, Sony is really hammering themselves on this Read more about The Newest Sony Data Breach Exposes Thousands Of Passwords[…]

The South Korean government is considering a complete overhaul of its national identity number computer system – after hackers comprehensively ransacked it and now hold the ID codes for as much as 80 per cent of the population. Each South Korean citizen is issued with a lifetime unique ID number. This number is used in Read more about Hackers own 80% of all South Korean ID data[…]

Authy provides you Strong Authentication for your daily apps like Facebook, Dropbox, Evernote, AWS, Outlook and many others. You can use Authy to keep safe of hacking & phishing attacks easy & quickly. It runs on Apple, Android, Blackberry, OS X, Windows and Linux. It also works when you’re offline. via Two-Factor Authentication App | Read more about Two-Factor Authentication App | Authy[…]

Viator.com | Viator News & Press Releases.

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, Read more about Bash broken – ShellShock[…]

Wonderful and funny story Why this tiny Italian restaurant gives a discount for bad Yelp reviews | Ars Technica.

Security is een ambacht, hackers zijn vaak hun hele leven al bezig om systemen en applicaties te testen, maar evenals bij een goede ICT beheerder is een kenmerk van een hacker dat men liever routineuze taken zal automatiseren (scripten). In de begindagen van het web hadden hackers veelal hun eigen collecties van scripts en werden Read more about De gereedschapskist van de hacker | Workshop Security en Privacy[…]

The software first brute forces an icloud username / password, then tricks icloud into thinking your device is the target device and finally performs a full restore to your device. This software is supposed to be for law enforcement, but can be bought and downloaded by anyone. There are also illegal copies to be found. Read more about The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud[…]

In laboratory tests, the team was able to successfully conceal firearms and plastic explosive simulants from the Rapiscan Secure 1000 scanner. The team was also able to modify the scanner operating software so it presents an “all-clear” image to the operator even when contraband was detected via Researchers find security flaws in backscatter X-ray scanners Read more about Researchers find security flaws in backscatter X-ray scanners[…]

The United Parcel Service announced Wednesday that customers’ credit and debit card information at 51 franchises in 24 states may have been compromised. There are 4,470 franchised center locations throughout the U.S., according to UPS. via UPS: We’ve Been Hacked – TIME. So you don’t know when UPS found out about the hack, but if Read more about UPS: We’ve Been Hacked – Credit Card data compromised since January[…]

Turns out that huge amounts of them are apt to input validation and SSL hacks. This is caused by poor programming practices, which the government does better at avoiding than private companies. Banking apps: Handy, can grab all your money… and RIDDLED with coding flaws • The Register.

The lights use a wireless radio at 900MHz or 5.8GHz to transmit data to each other. They are all on the same subnet. Entering the network doesn’t require a password and the data is unencrypted. The controller for a network has a debug port opened by default. It’s thus easy to get into the controller Read more about It’s very easy to hack traffic lights[…]

Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass. via Extracting audio Read more about Use a video of a crisps bag to hear what is said in the room[…]

Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic. via Cisco Security Advisory: OSPF LSA Manipulation Vulnerability Read more about Cisco’s need upgrading – routing tables are up for grabs![…]

A Russian group has hacked 1.2 billion usernames and passwords belonging to more than 500 million email addresses, according to Hold Security – a US firm specialising in discovering breaches. Hold Security described the hack as the "largest data breach known to date". It claimed the stolen information came from more than 420,000 websites, including Read more about Russia gang hacks 1.2 billion usernames and passwords[…]

As the entry point, they exploit a vulnerability in Microsoft Word with the help of a crafted Word document they spread via email. The same approach would work with any other exploit. After that, they make sure that the malicious activities survive system re-boot by creating an encoded autostart registry key. To remain undetected, this Read more about Malware without files on the PC, encoded in the registry[…]

Once reprogrammed, benign devices can turn malicious in many ways, including: A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer. The device can also Read more about BadUSB – Turning USB peripherals into hacking vectors[…]