A study from Cambridge University documents an immense drop in complaints against police officers when their departments began using body cameras. But even more surprising is that the data suggests everyone is on their best behavior whether the cameras are present or not. The data was collected in seven police departments in the UK and Read more about Police complaints drop 93 percent after deploying body cameras[…]
Android/iOS: “Free Airport Wi-Fi” is almost always slow, a security nightmare, or expensive—but it’s likely not all that’s available in the airport. Luckily, WiFox is packed with tons of network names and passwords for airports around the globe, so you can surf happily—and safely. Source: WiFox Puts Thousands of Airport Wi-Fi Networks and Their Passwords Read more about WiFox Puts Thousands of Airport Wi-Fi Networks and Their Passwords On Your Phone[…]
The new system, developed by Oberthur Technologies, is called Motion Code, and it changes the security code on the back of the credit card every hour. That way even if a thief does steal the info, it will be useless in less than an hour, preventing nearly all fraudulent transactions.Other than a small screen on Read more about This Credit Card Has a Screen So Its Security Code Can Change Every Hour[…]
Australian researchers have laid waste to the Federal Government’s plan to criminalise the decryption of anonymised state data sets, just a day after it was announced, by ‘easily’ cracking government-held medical data. Source: Researchers crack Oz Govt medical data in ‘easy’ attack with PCs Again it is surprising how governments try to criminalise that which Read more about Researchers crack Oz Govt medical data in ‘easy’ attack with PCs[…]
The documented D-Link DWR-932 vulnerabilities affect the latest available firmware. Kim first responsibly disclosed them to the D-Link Security Incident Response Team in June, but after the company said early this month that they don’t have a schedule for a firmware release, he decided to go public with the details about some of the flaws. Read more about D-Link DWR-932 router is chock-full of security holes[…]
Assistant Professor Matthew Green has asked US courts for protection so that he can write a textbook explaining cryptography without getting sued under the Digital Millennium Copyright Act. Green, who teaches at Johns Hopkins University in Maryland, is penning a tome called Practical Cryptographic Engineering that examines the cryptographic mechanisms behind the devices we use Read more about Crypto guru Matt Green asks courts for DMCA force field so he can safely write a textbook[…]
Microsoft Azure is wobbling all around the world at the moment, especially Azure DNS. According to a status update on Microsoft’s site, the issues began around lunchtime, although there is no mention of when they are likely to be fixed. Customers using Azure DNS in multiple regions are experiencing difficulties connecting to their goodies at Read more about Azure is on fire, your DNS is terrified[…]
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who Read more about Someone Is Learning How to Take Down the Internet – Lawfare[…]
To accomplish the mammoth task of informing about 50 different vendors and various ISPs we teamed up with CERT/CC (VU#566724). We would really like to report that our efforts were successful, but as it turns out the number of devices on the web using known private keys for HTTPS server certificates has gone up by Read more about Using known private keys on internet connected devices has gone up 40% since 2015[…]
Several Inteno routers do not validate the Auto Configuration Server (ACS) certificate (CWE-295). An attacker in a privileged network position can Man-in-the-Middle the connection between the device and the Auto Configuration Server (ACS). If ACS has been preconfigured by the ISP (this is usually the case) no user actions are required for exploitation. Impact —— Read more about Interno Routers given out by ISPs allow full administrative access[…]
Microsoft and a team of concerned engineers from across the security sector have joined forces to suggest a major re-write of the arms control pact the Wassenaar Arrangement, as they fear the document’s terms are a threat tot he information security industry. The pitch is the result of brainstorming by the group to redefine the Read more about Microsoft and pals attempt to re-write Wassenaar cyber arms control pact written by people who have no idea about IT and will make IT security business almost impossible[…]
Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target’s mobile phone, was responsible for the intrusions. The NSO Group’s software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the Read more about IPhones completely compromised by NSO Group. Update now![…]
When a team of hackers discovered that St. Jude Medical Inc.’s pacemakers and defibrillators had security vulnerabilities that could put lives at risk, they didn’t warn St. Jude. Instead, the hackers, who work for cybersecurity startup MedSec, e-mailed Carson Block, who runs the Muddy Waters Capital LLC investment firm, in May. They had a money-making Read more about Hackers discover flaws in hospital security capitalise on it by shorting shares in the hospital[…]
Microsoft’s update for version 1607 doesn’t fix two widespread problems with Windows 10 Anniversary Update, and it causes problems with PowerShell DSC operations Source: Windows 10 cumulative update KB 3176934 breaks PowerShell This update contained a fix for the borked update below: The Windows 10 Anniversary Update has reportedly broken millions of webcams. If your Read more about Windows 10 shows why automatic updates are bad, breaking powershell, webcams and rebooting randomly during activities.[…]
Exactly a year ago, attackers used an advertisement on Yahoo to redirect users to a site infected by the Angler exploit kit. Just weeks before, users were exposed to more malicious software through compromised advertisements that showed up across the web. In total, at least 910 million users were potentially exposed to malware through these Read more about With TLS encryption, attackers can use this as a tunnel to hide attacks from legacy packet inspection tools.[…]
Report: Penetration testers’ five most reliable methods of compromising targets include four different ways to use stolen credentials, but zero ways to exploit software. Playing whack-a-mole with software vulnerabilities should not be top of security pros’ priority list because exploiting software doesn’t even rank among the top five plays in the attacker’s playbook, according to Read more about Attacker’s Playbook Top 5 Is High On Passwords, Low On Malware[…]
Popular online cosmetics site Strawberrynet has asked customers if a function that allows anyone to retrieve its customers names, billing addresses, and phone numbers with nothing more than an email address is a bug or a feature […] The feature means customers are able to checkout quickly by just putting their email address into a Read more about Strawberrynet Beauty site lets anyone read customers’ personal information[…]
Two hackers were able to steal email addresses and easily crackable passwords from three separate forums in this latest hack. Two hackers carried out attacks on three separate game-related forums in July and August. One forum alone accounted for almost half of the breached data — a little under 13 million records; the other two Read more about >25m accounts stolen after Russian mail.ru forums hacked[…]
secureboot is a part of the uefi firmware, when enabled, it only lets stuff run that’s signed by a cert in db, and whose hash is not in dbx (revoked). As you probably also know, there are devices where secure boot can NOT be disabled by the user (Windows RT, HoloLens, Windows Phone, maybe Surface Read more about MS Secureboot has a golden key – which has been hacked.[…]
“We believe that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results,” Neil Jenkins, an official in the Office of Cybersecurity and Communications at the Read more about More than 30 states offer online voting, but experts warn it isn’t secure[…]
Shapeways. In a statement, it said that some email addresses, usernames, and shipping addresses were exposed, but that the hackers didn’t get a full run of their servers and no 3D printing plans were stolen. “The intruders did not access credit card information because Shapeways does not store such information on their systems,” said a Read more about 3D print biz Shapeways hacked, home and email addresses swiped[…]
These nodes — ordinary nodes, not exit nodes — sorted through all the traffic that passed through them, looking for anything bound for a hidden service, which allowed them to discover hidden services that had not been advertised. These nodes then attacked the hidden services by making connections to them and trying common exploits against Read more about Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites[…]
These nodes — ordinary nodes, not exit nodes — sorted through all the traffic that passed through them, looking for anything bound for a hidden service, which allowed them to discover hidden services that had not been advertised. These nodes then attacked the hidden services by making connections to them and trying common exploits against Read more about Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites[…]
Polish security consultancy Exatel warns [PDF] that Maxthon is phoning home information such as the computer’s operating system and version number, the screen resolution, the CPU type and speed, the amount of memory installed, the location of the browser’s executable, whether ad-block is running, and the start page URL. Source: Maxthon web browser blabs about Read more about Maxthon web browser blabs about your PC all the way back to Beijing[…]
For several years, Eddie Tipton, the former security director of the US Multi-State Lottery Association, installed software code that allowed him to predict winning numbers on specific days of the year, investigators allege. The random-number generators had been erased, but new forensic evidence has revealed how the hack was apparently done. […] The number generator Read more about Former Lottery Security Director hacked random-number generator to rig lotteries, investigators say[…]