Cisco has fixed a vulnerability in its Professional Careers portal that may have exposed truckloads of personal information. The networking giant has sent an email to affected users in which it says a “limited set of job application related information” was leaked from the mobile version of the website, blaming an “incorrect security setting” placed Read more about Cisco’s job applications site leaked personal data[…]

Linux/IRCTelnet, as the underlying malware has been named, borrows code from several existing malicious IoT applications. Most notably, it lifts entire sections of source code from Aidra, one of the earliest known IoT bot packages. Aidra was discovered infecting more than 30,000 embedded Linux devices in an audacious and ethically questionable research project that infected Read more about New, more-powerful IoT botnet infects 3,500 devices in 5 days[…]

The nation state has a single point of failure fiber, recently installed in 2011, and it could spell disaster for dozens of other countries The attack was said to be upwards of 1.1Tbps — more than double the attack a few weeks earlier on security reporter Brian Krebs’ website, which was about 620Gbps in size, Read more about Mirai botnet attackers are trying to knock an entire country (Liberia) offline[…]

Long-overdue rules protecting security research and vehicle repair have finally taken effect, as they should have done last year. Though the Copyright Office and the Librarian of Congress unlawfully and pointlessly delayed their implementation, for the next two years the public can take advantage of the freedom they offer. Source: Why Did We Have to Read more about US Copyright Office stalls a year, but finally allows pentesting[…]

The researchers found that when connected to a target user on a Skype call, they could record the audio of the user’s keystrokes. With a small amount of knowledge about the victim’s typing style and the keyboard he’s using, the researchers could accurately get 91.7 percent of keystrokes. The attack does not require any malware Read more about Recording Keystroke Sounds Over Skype to Steal User Data[…]

Redmond’s digital crimes unit senior attorney Courtney Gregoire says half of respondents between the age of 18 and 34 had followed tech support scammer instructions, handing over remote access to their machines or downloading software after encountering a scam page. Only 17 per cent of respondents 55 years and older took the bait. Meanwhile, one Read more about Kids today are so stupid they fall for security scams more often than greybeards[…]

A total of 32 lakh debit cards across 19 banks could have been compromised on account of a purported fraud, the National Payment Corporation of India said in a statement. The issue was brought to light when State Bank of India blocked the debit cards of 6 lakh customers on October 14. This was done Read more about 32 million Indian debit cards possibly compromised[…]

The BTB provides a history of branches taken by the processor as it runs through its code: after the CPU is told to make a decision, it usually jumps to another part of the program based on the outcome of that decision. For example, if something fetched from memory has a value greater than zero, Read more about Intel CPU memory location randomisation weakness broken by flooding branch buffer[…]

For the past two years, since researchers discovered the attack, the term Rowhammer has been used to describe a procedure through which attackers launch read & write operations at a row of memory bits inside a RAM memory card. The repeated read and write operations cause an electromagnetic field to appear, which changes local memory Read more about Rowhammer Attack Can Now Root Android Devices[…]

iTrack Easy, Nut Smart Tracker, TrackR Bravo en Tile were looked at: both the data the device itself sends and the apps they use. They don’t come out well. Source: Stalkers volgen je dankzij je eigen GPS-trackers

On Oct 1, after a 2h absence from his phone, Bob attempted to check his email and discovered he’d been logged out of his gmail account. Upon trying to log back in, Google notified him that his email password had been changed less than an hour ago. He then tried to make a call and Read more about Adding a phone number to your Google account can make it LESS secure (because telco insecurity).[…]

What is the CVE-2016-5195? CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE. Why is it called the Dirty COW bug? “A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of Read more about Dirty COW (CVE-2016-5195) Linux privilege escalation[…]

Now we have yet another massive database leak has been uncovered related to an insecure MongoDB installation, exposing at least 58 million subscriber records. Twitter user @0x2Taylor posted exfiltrated data on the file sharing site MEGA twice over the weekend, each time resulting in the data being taken down very quickly. The data was then Read more about Modern Business Solutions Stumbles Over A Modern Business Problem – 58M Records Dumped From An Unsecured Database[…]

A new strain of malware has been discovered by Kaspersky Labs, named ‘StrongPity,’ which targets users looking for two legitimate computer programs, WinRAR and TrueCrypt. WinRAR is a file archiver utility for Windows, which compresses and extracts files, while the latter is a discontinued encryption tool. The malware contains components that not only has the Read more about ‘StrongPity’ malware infects users through illegitimate WinRAR and TrueCrypt installers[…]

inisters have been barred from wearing Apple Watches during Cabinet meetings amid concerns that they could be hacked by Russian spies, The Telegraph has learned. Under David Cameron, several cabinet ministers wore the smart watches, including Michael Gove, the former Justice Secretary. However, under Theresa May ministers have been barred from wearing them amid concerns Read more about Apple Watches banned from Cabinet after ministers warned devices could be vulnerable to hacking […]

In the latest exchange between Mobileye and Tesla, however, the chip company has accused Tesla of lying. “The allegations recently attributed to a spokesperson for Tesla … are incorrect and can be refuted by the facts,” Mobileye said in a statement. […] Tesla was “pushing the envelope in terms of safety,” the company’s chairman and Read more about Is Tesla telling us the truth over autopilot spat?[…]

Qubes is a security-oriented, open-source operating system for personal computers. Qubes takes an approach called security by compartmentalization, which allows you to compartmentalize the various parts of your digital life into securely isolated compartments called qubes. This approach allows you to keep the different things you do on your computer securely separated from each other Read more about Securify your PC using Qubes and Whonix[…]

An in-depth security guidance report aimed at Internet of Things developers has been released by the Cloud Security Alliance. Titled Future-proofing the Connected World: 13 steps to developing secure IoT products, the report offers practical and technical guidance to devs trying to secure networks of IoT devices. “An IoT system is only as secure as Read more about CSA releases IoT security guide[…]

Avi Freedman has worked in networking for 30+ years and seen over 100 startups scale their infrastructure. Here are the most vital pieces of advice he has to share. They land themselves in Cloud Jail. They get sucked in by “hipster tools.” They don’t design for monitorability. Source: The Three Infrastructure Mistakes Your Company Must Read more about The Three Infrastructure Mistakes Your Company Must Not Make[…]

A tweak to Microsoft’s Outlook.com cloud service has blocked a good number of people from accessing their messages. Specifically, the baffling and unannounced change affects Outlook.com users with connected accounts: these are email accounts hosted on third-party servers (such as a company’s private server or an ISP’s mail server) that are accessed via the Outlook.com Read more about Never explain, never apologize: Microsoft silent on Outlook.com email server grief[…]

A typical test environment consists of a fresh Windows computer image loaded into a VM environment. The OS image usually lacks documents and other telltale signs of real world use, Fenton said. The malware sample that Fenton found inside of a Word document looks for existing documents on targeted PCs. If no Microsoft Word documents Read more about Malware Evades Detection by counting amount of documents in recent files[…]

MaterCard’s “selfie pay” will be coming to Europe next year after trials in the US, Canada and the Netherlands. The financial services firm is rolling out technologies that will allow European consumers to authenticate their identity without a password, but with a selfie, in order to provide customers with a more convenient method to sign Read more about Mastercard rolls out pay-by-selfie across Europe[…]

We show how an attacker can use DNS requests to mount highly precise website fingerprinting attacks: Mapping DNS traffic to websites is highly accurate even with simple techniques, and correlating the observed websites with a website fingerprinting attack greatly improves the precision when monitoring relatively unpopular websites. Our results show that DNS requests from Tor Read more about DNS requests destroy Tor’s Anonymity[…]

One of the key applications for this system is for authenticating to medical devices worn on patients’ bodies. Devices such as wearable glucose monitors typically use wireless protocols such as Bluetooth to communicate, and those signals can be intercepted by attackers without much effort. The on-body transmission system can send credentials or encryption keys through Read more about Sending passwords using your body[…]