To everyone else, get patching Source: Dear hackers, Ubuntu’s app crash reporter will happily execute your evil code on a victim’s box

macOS FileVault2 let attackers with physical access retrieve the password in clear text by plugging in a $300 Thunderbolt device into a locked or sleeping mac. The password may be used to unlock the mac to access everything on it. To secure your mac just update it with the December 2016 patches.Anyone including, but not Read more about Hacking: macOS FileVault2 Password Retrieval[…]

Fraudsters can guess credit card numbers in as little as six seconds per attempt thanks to security gaps in Visa’s network, academics say. The brute force attacks allow criminals to bombard Visa with card payment requests across multiple sites with each attempt narrowing the possible combinations until a valid card number and expiry date are Read more about Guessing valid credit card numbers in six seconds? Priceless[…]

Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, and R6400, firmware version 1.0.1.12_1.0.11 and possibly earlier, contain an arbitrary command injection vulnerability. By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers. A LAN-based attacker may do the same by Read more about Vulnerability Note VU#582384 – Multiple Netgear routers are vulnerable to arbitrary command injection[…]

An attacker can misuse PwC ACE security vulnerability in order to: – make changes to the production systems and their settings including manipulating or corrupting ABAP programs shipped by SAP and making the system and data inoperable; – plant an SAP backdoor for accessing the system and sensitive data later; and – shut down the Read more about Full Disclosure: [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security[…]

Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras, mainly used by companies and government agencies given their high price. One set of hard-coded credentials is in the Web interface and allows a remote attacker to send requests that would enable the Telnet service on Read more about Hardcoded root accounts found in 80 Sony IP security camera models[…]

In March 2016, security experts warned that PowerShell had been fully weaponised. In the following month, a report confirmed that PowerShell was used to launch 38% of cyber attacks seen by security firm Carbon Black and its partners in 2015. Now more than 95% of PowerShell scripts analysed by Symantec researchers have been found to Read more about PowerShell security threats greater than ever, researchers warn[…]

This CLI debugging interface grants the attacker full access to the computer’s hard drive, despite the presence of BitLocker. The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system. Source: Holding Shift + F10 Read more about Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker – Slashdot[…]

Acquired administrator level access to all of the [Microsoft Azure](https://azure.microsoft.com) managed [Red Hat Update Infrastructure](https://access.redhat.com/documentation/en/red-hat-update-infrastructure/3.0.beta.1/paged/system-administrator-guide/chapter-1-about-red-hat-update-infrastructure) that supplies all the packages for all [Red Hat Enterprise Linux](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) instances booted from the Azure marketplace. Basically it’s easy to find all servers, then bump up a package version number, upload it to the update host and get all Read more about Acquired administrator level access to all of the Microsoft Azure managed Red Hat Update Infrastructure that supplies all the packages for all Red Hat Enterprise Linux instances booted from the Azure marketplace.[…]

The US Secret Service is tasked with keeping the President and members of his family safe. But newly released documents show that the agency has had trouble keeping tabs on its own equipment. Since 2001, the agency has lost at least 1,024 computers, 736 mobile phones, and 121 guns. Judicial Watch obtained the numbers through Read more about The Secret Service Has Lost 1,024 Computers Since 2001[…]

CCTV cameras? You’ve been looking in the wrong place Source: Origin of the beasties: Mirai botnet missing link revealed as DVR player Looks like digital video recorders offer more functionalities than IP cams and were used in 4/5 attack vectors.

At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries. The attack began Tuesday afternoon, and continued for two days straight, according to a source close to Russia’s Central Bank Read more about 5 major Russian banks repel massive DDoS attack[…]

By using the interference patterns with wifi, you can collect information and detect with 68.9% accuracy what people are typing. The accuracy goes up as you collect more data. Source: Your body reveals your password by interfering with Wi-Fi

In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified Read more about IoT Goes Nuclear – Creating a ZigBee Chain Reaction / How they hacked your Philips Hue and made a worm[…]

As explained in a paper titled A Formal Security Analysis of the Signal Messaging Protocol (PDF) from the International Association for Cryptologic Research, Signal has no discernible flaws and offers a well-designed and compromise-resistant architecture. Signal uses a double rachet algorithm that employs ephemeral key exchanges continually during each session, minimising the amount of text Read more about ‘Trust it’: Results of Signal’s first formal crypto analysis are in[…]

Cisco has fixed a vulnerability in its Professional Careers portal that may have exposed truckloads of personal information. The networking giant has sent an email to affected users in which it says a “limited set of job application related information” was leaked from the mobile version of the website, blaming an “incorrect security setting” placed Read more about Cisco’s job applications site leaked personal data[…]

Linux/IRCTelnet, as the underlying malware has been named, borrows code from several existing malicious IoT applications. Most notably, it lifts entire sections of source code from Aidra, one of the earliest known IoT bot packages. Aidra was discovered infecting more than 30,000 embedded Linux devices in an audacious and ethically questionable research project that infected Read more about New, more-powerful IoT botnet infects 3,500 devices in 5 days[…]

The nation state has a single point of failure fiber, recently installed in 2011, and it could spell disaster for dozens of other countries The attack was said to be upwards of 1.1Tbps — more than double the attack a few weeks earlier on security reporter Brian Krebs’ website, which was about 620Gbps in size, Read more about Mirai botnet attackers are trying to knock an entire country (Liberia) offline[…]

Long-overdue rules protecting security research and vehicle repair have finally taken effect, as they should have done last year. Though the Copyright Office and the Librarian of Congress unlawfully and pointlessly delayed their implementation, for the next two years the public can take advantage of the freedom they offer. Source: Why Did We Have to Read more about US Copyright Office stalls a year, but finally allows pentesting[…]

The researchers found that when connected to a target user on a Skype call, they could record the audio of the user’s keystrokes. With a small amount of knowledge about the victim’s typing style and the keyboard he’s using, the researchers could accurately get 91.7 percent of keystrokes. The attack does not require any malware Read more about Recording Keystroke Sounds Over Skype to Steal User Data[…]

Redmond’s digital crimes unit senior attorney Courtney Gregoire says half of respondents between the age of 18 and 34 had followed tech support scammer instructions, handing over remote access to their machines or downloading software after encountering a scam page. Only 17 per cent of respondents 55 years and older took the bait. Meanwhile, one Read more about Kids today are so stupid they fall for security scams more often than greybeards[…]

A total of 32 lakh debit cards across 19 banks could have been compromised on account of a purported fraud, the National Payment Corporation of India said in a statement. The issue was brought to light when State Bank of India blocked the debit cards of 6 lakh customers on October 14. This was done Read more about 32 million Indian debit cards possibly compromised[…]