CCTV cameras? You’ve been looking in the wrong place Source: Origin of the beasties: Mirai botnet missing link revealed as DVR player Looks like digital video recorders offer more functionalities than IP cams and were used in 4/5 attack vectors.
Once installed, Shazam automatically begins listening for music, Most (security-conscious) users probably don’t want Shazam listening all the time. Shazam appears to oblige, seemingly providing an option to disable this listening: However, sliding the selector to ‘OFF’ did not generate the expected, “Mic was deactivated” OverSight alert. My first thought was perhaps OverSight had ‘missed’ Read more about Shazam listens to you on macs, even when you turn the mic off[…]
At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries. The attack began Tuesday afternoon, and continued for two days straight, according to a source close to Russia’s Central Bank Read more about 5 major Russian banks repel massive DDoS attack[…]
By using the interference patterns with wifi, you can collect information and detect with 68.9% accuracy what people are typing. The accuracy goes up as you collect more data. Source: Your body reveals your password by interfering with Wi-Fi
In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified Read more about IoT Goes Nuclear – Creating a ZigBee Chain Reaction / How they hacked your Philips Hue and made a worm[…]
As explained in a paper titled A Formal Security Analysis of the Signal Messaging Protocol (PDF) from the International Association for Cryptologic Research, Signal has no discernible flaws and offers a well-designed and compromise-resistant architecture. Signal uses a double rachet algorithm that employs ephemeral key exchanges continually during each session, minimising the amount of text Read more about ‘Trust it’: Results of Signal’s first formal crypto analysis are in[…]
Cisco has fixed a vulnerability in its Professional Careers portal that may have exposed truckloads of personal information. The networking giant has sent an email to affected users in which it says a “limited set of job application related information” was leaked from the mobile version of the website, blaming an “incorrect security setting” placed Read more about Cisco’s job applications site leaked personal data[…]
Linux/IRCTelnet, as the underlying malware has been named, borrows code from several existing malicious IoT applications. Most notably, it lifts entire sections of source code from Aidra, one of the earliest known IoT bot packages. Aidra was discovered infecting more than 30,000 embedded Linux devices in an audacious and ethically questionable research project that infected Read more about New, more-powerful IoT botnet infects 3,500 devices in 5 days[…]
The nation state has a single point of failure fiber, recently installed in 2011, and it could spell disaster for dozens of other countries The attack was said to be upwards of 1.1Tbps — more than double the attack a few weeks earlier on security reporter Brian Krebs’ website, which was about 620Gbps in size, Read more about Mirai botnet attackers are trying to knock an entire country (Liberia) offline[…]
The underlying technology in question is known as ultrasonic cross-device tracking, or uXDT. Cross-device tracking has been called a ‘holy grail’ for marketers, allowing them to, for instance, tell your phone when you’re watching a particular TV show, or share data about laptop web browsing to your tablet. […] The UCL team says the lack Read more about Inaudible Soundwaves Expose a Spooky New Pathway for Hackers[…]
Long-overdue rules protecting security research and vehicle repair have finally taken effect, as they should have done last year. Though the Copyright Office and the Librarian of Congress unlawfully and pointlessly delayed their implementation, for the next two years the public can take advantage of the freedom they offer. Source: Why Did We Have to Read more about US Copyright Office stalls a year, but finally allows pentesting[…]
The researchers found that when connected to a target user on a Skype call, they could record the audio of the user’s keystrokes. With a small amount of knowledge about the victim’s typing style and the keyboard he’s using, the researchers could accurately get 91.7 percent of keystrokes. The attack does not require any malware Read more about Recording Keystroke Sounds Over Skype to Steal User Data[…]
Redmond’s digital crimes unit senior attorney Courtney Gregoire says half of respondents between the age of 18 and 34 had followed tech support scammer instructions, handing over remote access to their machines or downloading software after encountering a scam page. Only 17 per cent of respondents 55 years and older took the bait. Meanwhile, one Read more about Kids today are so stupid they fall for security scams more often than greybeards[…]
A total of 32 lakh debit cards across 19 banks could have been compromised on account of a purported fraud, the National Payment Corporation of India said in a statement. The issue was brought to light when State Bank of India blocked the debit cards of 6 lakh customers on October 14. This was done Read more about 32 million Indian debit cards possibly compromised[…]
The BTB provides a history of branches taken by the processor as it runs through its code: after the CPU is told to make a decision, it usually jumps to another part of the program based on the outcome of that decision. For example, if something fetched from memory has a value greater than zero, Read more about Intel CPU memory location randomisation weakness broken by flooding branch buffer[…]
For the past two years, since researchers discovered the attack, the term Rowhammer has been used to describe a procedure through which attackers launch read & write operations at a row of memory bits inside a RAM memory card. The repeated read and write operations cause an electromagnetic field to appear, which changes local memory Read more about Rowhammer Attack Can Now Root Android Devices[…]
iTrack Easy, Nut Smart Tracker, TrackR Bravo en Tile were looked at: both the data the device itself sends and the apps they use. They don’t come out well. Source: Stalkers volgen je dankzij je eigen GPS-trackers
On Oct 1, after a 2h absence from his phone, Bob attempted to check his email and discovered he’d been logged out of his gmail account. Upon trying to log back in, Google notified him that his email password had been changed less than an hour ago. He then tried to make a call and Read more about Adding a phone number to your Google account can make it LESS secure (because telco insecurity).[…]
What is the CVE-2016-5195? CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE. Why is it called the Dirty COW bug? “A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of Read more about Dirty COW (CVE-2016-5195) Linux privilege escalation[…]
Now we have yet another massive database leak has been uncovered related to an insecure MongoDB installation, exposing at least 58 million subscriber records. Twitter user @0x2Taylor posted exfiltrated data on the file sharing site MEGA twice over the weekend, each time resulting in the data being taken down very quickly. The data was then Read more about Modern Business Solutions Stumbles Over A Modern Business Problem – 58M Records Dumped From An Unsecured Database[…]
A new strain of malware has been discovered by Kaspersky Labs, named ‘StrongPity,’ which targets users looking for two legitimate computer programs, WinRAR and TrueCrypt. WinRAR is a file archiver utility for Windows, which compresses and extracts files, while the latter is a discontinued encryption tool. The malware contains components that not only has the Read more about ‘StrongPity’ malware infects users through illegitimate WinRAR and TrueCrypt installers[…]
inisters have been barred from wearing Apple Watches during Cabinet meetings amid concerns that they could be hacked by Russian spies, The Telegraph has learned. Under David Cameron, several cabinet ministers wore the smart watches, including Michael Gove, the former Justice Secretary. However, under Theresa May ministers have been barred from wearing them amid concerns Read more about Apple Watches banned from Cabinet after ministers warned devices could be vulnerable to hacking […]
In the latest exchange between Mobileye and Tesla, however, the chip company has accused Tesla of lying. “The allegations recently attributed to a spokesperson for Tesla … are incorrect and can be refuted by the facts,” Mobileye said in a statement. […] Tesla was “pushing the envelope in terms of safety,” the company’s chairman and Read more about Is Tesla telling us the truth over autopilot spat?[…]
Qubes is a security-oriented, open-source operating system for personal computers. Qubes takes an approach called security by compartmentalization, which allows you to compartmentalize the various parts of your digital life into securely isolated compartments called qubes. This approach allows you to keep the different things you do on your computer securely separated from each other Read more about Securify your PC using Qubes and Whonix[…]
An in-depth security guidance report aimed at Internet of Things developers has been released by the Cloud Security Alliance. Titled Future-proofing the Connected World: 13 steps to developing secure IoT products, the report offers practical and technical guidance to devs trying to secure networks of IoT devices. “An IoT system is only as secure as Read more about CSA releases IoT security guide[…]