“We believe that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results,” Neil Jenkins, an official in the Office of Cybersecurity and Communications at the Read more about More than 30 states offer online voting, but experts warn it isn’t secure[…]

Shapeways. In a statement, it said that some email addresses, usernames, and shipping addresses were exposed, but that the hackers didn’t get a full run of their servers and no 3D printing plans were stolen. “The intruders did not access credit card information because Shapeways does not store such information on their systems,” said a Read more about 3D print biz Shapeways hacked, home and email addresses swiped[…]

These nodes — ordinary nodes, not exit nodes — sorted through all the traffic that passed through them, looking for anything bound for a hidden service, which allowed them to discover hidden services that had not been advertised. These nodes then attacked the hidden services by making connections to them and trying common exploits against Read more about Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites[…]

These nodes — ordinary nodes, not exit nodes — sorted through all the traffic that passed through them, looking for anything bound for a hidden service, which allowed them to discover hidden services that had not been advertised. These nodes then attacked the hidden services by making connections to them and trying common exploits against Read more about Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites[…]

Polish security consultancy Exatel warns [PDF] that Maxthon is phoning home information such as the computer’s operating system and version number, the screen resolution, the CPU type and speed, the amount of memory installed, the location of the browser’s executable, whether ad-block is running, and the start page URL. Source: Maxthon web browser blabs about Read more about Maxthon web browser blabs about your PC all the way back to Beijing[…]

For several years, Eddie Tipton, the former security director of the US Multi-State Lottery Association, installed software code that allowed him to predict winning numbers on specific days of the year, investigators allege. The random-number generators had been erased, but new forensic evidence has revealed how the hack was apparently done. […] The number generator Read more about Former Lottery Security Director hacked random-number generator to rig lotteries, investigators say[…]

Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without Read more about Foscam, QNAP, Swann send data to iotcplatform.com and others without knowledge or consent[…]

The research of Yang Yu, founder of Tencent’s Xuanwu Lab, has helped Microsoft patch a severe security issue in its implementation of the NetBIOS protocol that affected all Windows versions ever released. Yu says an attacker could leverage this vulnerability to pass as a WPAD or ISATAP server and redirect all the victim’s network traffic Read more about BadTunnel Bug Hijacks All Network Traffic, for All Windows Versions[…]

because nobody regards the vibration sensor as sensitive, smartphones typically leave it with wide-open permissions. What Nirupam Roy and Romit Roy Choudhury did was to hack an Android phone so its vibration sensor acted as a microphone. Well: a vibration sensor is half-way to being a microphone anyhow, in terms of its basic function. As Read more about Boffins shake up smartphone with motion-sensor as microphone[…]

Apple’s U.S. web page showed all applications had resumed as of 11:55 p.m. “There are no reported issues at this time,” the company said a few minutes later on its web page. The iPhone maker said services related to iCloud and the Photos application have also resumed. The issues appear to have started just before Read more about Apple services down for 8 hours, no explanation given[…]

A court or police officer could legally compel you to press your finger onto your smartphone to unlock it, but if your phone is locked with a passcode, no one can legally compel you to open it, says William J. Cook, an attorney and partner at law firm Reed Smith in Chicago, who specializes in Read more about Lawyers Suggest You Stop Using Your Finger to Unlock Your Phone: You are protected against revealing passwords under the Fifth Amendment’s right against self-incrimination, but your biometrics are not.[…]

ERPScan, the ERP security specialist firm which originally discovered the misconfiguration flaw (research pdf here), said that Onapsis’s figures on exposure to the vulnerability are optimistic by more than an order of magnitude. Alexander Polyakov, CTO at ERPScan, told El Reg that its research suggests as many as 533 organisations are at risk. “Onapsis said Read more about 36 firms at risk from that unpatched 2010 SAP vuln? Try 500+[…]

Millions of people around the world now use ATMs every day to withdraw cash, pay in to their account or make a variety of payments. Unfortunately, ATM manufacturers and their primary customers – banks – don’t pay much attention to the security of cash machines. Source: Malware and non-malware ways for ATM jackpotting. Extended cut Read more about Malware and non-malware ways for ATM jackpotting. Extended cut – Securelist[…]

Cisco’s Talos security intelligence and research group has come across a piece of software that installed backdoors on 12 million computers around the world.The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC. The firm, previously known as Eorezo Group and apparently linked to another company called Read more about Cisco Finds Backdoor Installed on 12 Million PCs by French Advertiser Tuto4PC[…]

A severe vulnerability in the way Microsoft Office 365 handles federated identities via SAML put an attacker in a position to have access to any account and data, including emails and files stored in the cloud-based service. Microsoft pushed through a mitigation to the service on Jan. 5, seven hours after being notified by researchers Read more about Microsoft Office 365 Flaw Allowed Anyone To Log In To Almost Any Business Account[…]

The issue lies in the wireless USB dongles that the keyboards and mice use to communicate over radio frequencies with the host computer. Bastille says that while communication from most keyboards to the dongle is encrypted, none of the mice it tested encrypt their wireless communication. The dongle, therefore, will accept commands from an attacker Read more about Mousejack Attacks Abuse Vulnerable Wireless Keyboard, Mouse Dongles[…]

The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. Google has found some mitigations that may help prevent exploitation if you are not able to Read more about glibc getaddrinfo stack-based buffer overflow – patch now[…]

More than two months after release, it’s still not possible to pirate Just Cause 3. The same is true for Rise of the Tomb Raider, released for PC in late January. Cracking computer games used to be measured in hours or days, but now, it’s turning into weeks and months. The nature of piracy is Read more about Denuvo Anti-Piracy Tech stays good during the sales window of games, which is long enough[…]

Fraudsters, armed with stolen social security numbers and other personal information on nearly half a million people, used malware to systematically request PINs corresponding to those taxpayers, allowing the crooks to potentially file paperwork on their behalf. The swindlers could put their own bank account details on the tax returns, thus channelling people’s rebates into Read more about Crims unleashed IRS-stabbing malware in bid to rob 464,000 people[…]

Enterprise tech distributor Arrow Inc will take a $13m charge on the chin after a fraudster posing as a company exec transferred money from the corporate bank account to an external one. […] Deloitte has previously highlighted what it reckoned is the growing threat from ‘fake president frauds, “affecting many companies at the moment”. It Read more about Arrow: Fraudsters impersonated one of our execs to steal money • $13m[…]

Rare public appearance from Tailored Access Operations leader NSA tiger teams follow a six-stage process when attempting to crack a target, he explained. These are reconnaissance, initial exploitation, establish persistence, install tools, move laterally, and then collect, exfiltrate and exploit the data. Source: NSA’s top hacking boss explains how to protect your network from his Read more about NSA’s top hacking boss explains how his guys work[…]

there are plenty of open source utilities available to offer a look inside the ESE Database on a standalone mode, i.e. without external support required. However, this entirely depends on the state in which the database is present. Being ESE database, in case of a dirty shutdown of the machine, there is high possibility of Read more about Microsoft Edge Browser private mode leaks data through cache[…]