Archive for the ‘Security’ Category

Cops Around the Country Can Now Unlock iPhones, Records Show

Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.   […]

Data exfiltrators send info over PCs’ power supply cables

If you want your computer to be really secure, disconnect its power cable. So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurion University of the Negev. The crew have penned a paper titled PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates […]

Under Armour Data Breach: 150 Million MyFitnessPal Accounts Hacked

Under Armour Inc., joining a growing list of corporate victims of hacker attacks, said about 150 million user accounts tied to its MyFitnessPal nutrition-tracking app were breached earlier this year. An unauthorized party stole data from the accounts in late February, Under Armour said on Thursday. It became aware of the breach earlier this week […]

Trustwave Global IT Security Report Summarised

Hackers have moved away from simple point-of-sale (POS) terminal attacks to more refined assaults on corporations’ head offices. An annual report from security firm Trustwave out today highlighted increased sophistication of web app hacking and social engineering tactics on the part of miscreants. Half of the incidents investigated involved corporate and internal networks (up from […]

T-Mobile Austria stores passwords as plain text

A customer was questioning if rumors that T-Mobile Austria was storing customer passwords in plain text, leaving the credentials like sitting ducks for hackers. Whoever was manning T-Mobile Austria’s Twitter account confirmed that this was the case, but that there was no need to worry because “our security is amazingly good.” Hello Claudia! The customer […]

NUC, NUC! Who’s there? Intel, warning you to kill a buggy keyboard app

Intel has made much of its NUC and Compute Stick mini-PCs as a way to place computers to out-of-the-way places like digital signage. Such locations aren’t the kind of spots where keyboards and pointing devices can be found, so Intel sweetened the deal by giving the world an Android and iOS app called the “Intel […]

Rise in Ransomware Attacks Actually Led to Fewer Exposed Records, IBM Discovers

It seems as if last year’s data breaches were characterized by increased regularity, yet somehow, according to the latest research from IBM Security, fewer records were actually exposed. The year saw a 25 percent dip in exposed records—2.5 billion down from 4 billion the previous year—according to IBM’s latest X-Force report. The cause: Cybercriminals have […]

1.5 BEEELLION sensitive files found exposed online dwarf Panama Papers leak

Security researchers have uncovered 1.5 billion business and consumer files exposed online – just a month before Europe’s General Data Protection Regulation comes into force. During the first three months of 2018, threat intel firm Digital Shadows detected 1,550,447,111 publicly available files across open Amazon Simple Storage Service (S3) buckets, rsync, Server Message Block (SMB), […]

Hacker Uses Exploit to Generate Verge Cryptocurrency out of Thin Abir

An unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid pace and generate funds almost out of thin air. The Verge development team is preparing a hard-fork of the entire cryptocurrency code to fix the issue and revert the blockchain to a previous state […]

Secret Service Warns of Chip Card Scheme: replacing the chip and then draining after activation

The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When the unsuspecting business receives and activates […]

DronesForLess leaks customer purchasing data

The DronesForLess.co.uk site was left wide open by its operators, who failed to protect critical parts of its web infrastructure from curious people, as spotted by Alan at secret-bases.co.uk, who told The Register. We discovered more than 10,000 online purchase receipts had been saved to its web servers without any encryption or even password protection […]

IOS QR ‘bug’ isn’t a bug: trend in pointing out things working as intended as a security advisory continues

So: Oddly enough, if you make a QR code that tells you to go somewhere, the camera will take you to where the QR code tells you to go, even if you tell someone that the QR code goes someplace else. This trend of ‘reporting’ security problems that are not security problems at all is […]

Cisco NFV elastic services controller accepts empty admin password

Cisco’s Elastic Services Controller’s release 3.0.0 software has a critical vulnerability: it accepts an empty admin password. The Controller (ESC) is Cisco’s automation environment for network function virtualisation (NFV), providing VM and service monitors, automated recovery and dynamic scaling. Cisco’s advisory about the flaw explains the bug is in ESC’s Web service portal: “An attacker […]

AI models leak secret data too easily

A paper released on arXiv last week by a team of researchers from the University of California, Berkeley, National University of Singapore, and Google Brain reveals just how vulnerable deep learning is to information leakage. The researchers labelled the problem “unintended memorization” and explained it happens if miscreants can access to the model’s code and […]

Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users

Researchers from German security firm Kromtech Security allege that until recently, MBM Company was improperly handling customer details. On February 6, they identified an unsecured Amazon S3 storage bucket, containing a MSSQL database backup file. According to Kromtech Security’s head of communications, Bob Diachenko, further analysis of the file revealed it held the personal information […]

Can AMD Vulnerabilities Be Used to Game the Stock Market?

On Tuesday, a little known security company claimed to have found vulnerabilities and backdoors in some AMD processors. Within some parts of the security community, the story behind the researchers’ discovery quickly became more interesting than the discovery itself. The researchers, who work for CTS Labs, only reported the flaws to AMD shortly before publishing […]

Major Survey of IT Pros Reveals Why Everything Gets Hacked All the Damn Time, paying for ransomware is like flipping a coin

More than 1,000 security employees in as many as 17 countries participated in the survey. Most said the biggest hurdle to mounting an adequate defense against cyber threats today is the lack of skilled personnel. (Poor security awareness and an inability to sift through enormous piles of data tied for second place.) The survey, which […]

Samba allows anyone to change everyone’s password

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users’ passwords, including administrative users and privileged service accounts (eg Domain Controllers). The LDAP server incorrectly validates certain LDAP password modifications against the […]

Hardcoded Password Found in Cisco Software

The hardcoded password issue affects Cisco’s Prime Collaboration Provisioning (PCP), a software application that can be used for the remote installation and maintenance of other Cisco voice and video products. Cisco PCP is often installed on Linux servers. Cisco says that an attacker could exploit this vulnerability (CVE-2018-0141) by connecting to the affected system via […]

Researchers Bypassed Windows Password Locks With Cortana Voice Commands

Tal Be’ery and Amichai Shulman found that the always-listening Cortana agent responds to some voice commands even when computers are asleep and locked, allowing someone with physical access to plug a USB with a network adapter into the computer, then verbally instruct Cortana to launch the computer’s browser and go to a web address that […]

Leaked Files Show How the NSA Tracks Other Countries’ Hackers

When the mysterious entity known as the “Shadow Brokers” released a tranche of stolen NSA hacking tools to the internet a year ago, most experts who studied the material homed in on the most potent tools, so-called zero-day exploits that could be used to install malware and take over machines. But a group of Hungarian […]

Internet of Babies – 52000 baby monitors open for public viewing

Earlier this month, we published our first article of our Internet of Things series, “IoD – Internet of Dildos“. As promised, we expanded our research and would like to present you with the first results of our “IoB – Internet of Babies” research. Baby monitors serve an important purpose in securing and monitoring our loved […]

IBM Finds Fortune 500 Companies will lose $9 billion to phishing scams in 2018 – this is what these attacks look like

IBM X-Force Incident Response and Intelligence Services (IRIS) assesses that threat groups of likely Nigerian origin are engaged in a widespread credential harvesting, phishing and social engineering campaign designed to steal financial assets. Beginning in the fall of 2017, X-Force IRIS experienced a significant increase in clients reporting instances of fraud or attempted fraud via […]

uTorrent file-swappers urged to upgrade after PC hijack flaws sort of fixed

Users of uTorrent should grab the latest versions of the popular torrenting tools: serious security bugs, which malicious websites can exploit to commandeer PCs, were squashed this week in the software. If you’re running a vulnerable Windows build of the pira, er, file-sharing applications while browsing the web, devious JavaScript code on an evil site […]

Hey, you. App dev. You like secure software? Let’s learn from Tinder, Facebook’s blunders

When a horny netizen logs into their Tinder profile using their phone number as a username, the hookup app relies on the Facebook-built AccountKit.com to check the person is legit owner of that account. Facebook’s system texts a confirmation code to the punter, they receive it on their phone, and type the code into Account […]

 
Skip to toolbar