Wednesday 31 August 2016
Sen. Harry Reid Says Russian Hackers Linked To Donald Trump Rigging The U.S. 2016 Election
Russian hackers have been deployed to rig the U. S. 2016 election in favor of Donald Trump, said Senate Minority Leader Harry Reid and his fellow Democrats, urging the FBI to probe even deeper into the issue than it used to.
Expressing their concern about the alleged Russian hackers’ activities, Sen. Reid said in a letter addressed to FBI Director James Comey, as published by The New York Times, that “the threat of the Russian government tampering in our presidential election is more extensive than widely known and may include the intent to falsify official election results.”
“The evidence of a direct connection between the Russian government and Donald Trump’s presidential campaign continues to mount and has led Michael Morrell, the former Acting Intelligence Director, to call Trump an ‘unwitting agent’ of Russia and Kremlin,” the Democratic senator from Nevada went on to say. For the full article click here
from hacker samurai http://ift.tt/2bRvGHc
via IFTTT
Hackers Exploit Android Phone Security Flaw to Target Activists
Suspected state-sponsored hackers have intensified their attempts to break into the online accounts of Iranian rights activists in recent weeks by exploiting security vulnerabilities in Android smartphones, the International Campaign for Human Rights in Iran has learned.
On August 11, 2016 an unknown person sent a message on Facebook to a prominent Iranian political activist living in Paris and introduced himself as a former student. The hacker said he had created political stickers with the activist’s photo on them. He then sent a file, with an APK suffix, to the activist claiming that the file contained the stickers.
Soon after the activist opened what was really a malware file, the hacker took over the victim’s Facebook page and sent similar messages to the activist’s friends, some of whom worked at Radio Farda, Deutsche Welle and the BBC. One of the victim’s friends fell for the trap and lost access to his Gmail account for several hours.
Files with the APK suffix are applications that can be installed on smartphones with Android operating systems. Users should only open these files after downloading them from reputable sources, such as Google Play. Unlike Apple’s iOS operating system, Android apps can be independently developed and installed, presenting an opportunity for hackers to prey on unsuspecting users and spy on them. For the full article click here
from hacker samurai http://ift.tt/2cbgmSa
via IFTTT
Tuesday 30 August 2016
Route 66 season to feature plays about hackers and cancer
A tale of journalists in hot pursuit of a leaker of hacked information, and the story of two men with cancer-stricken mothers: You can pick your poison in Route 66 Theatre Company’s ninth season, or enjoy a double dose.
First comes the world premiere of “The Source,” Gabe McKinley’s psychological thriller, directed by Jason Gerace. Next comes the Chicago premiere of Halley Feiffer’s dark comedy which bears a title that might not fit on a marquee – “A Funny Thing Happened on the Way to the Gynecologic Ontology Unit at Memorial Sloane-Kettering Cancer Center of New York City.” The play, recently seen at New York’s MCC Theater, will be directed by Keira Fromm. For the full article click here
from hacker samurai http://ift.tt/2c7PrXk
via IFTTT
Hackers Aimed At State Election Boards, According To FBI
In advance of the 2016 election, state election boards have been strongly warned to tighten up security. This warning came from the FBI’s Cyber Division after hackers accessed voter information. The Amber-level warning regarding security levels came after hackers were successful in stealing voter data from one state and failed in another attempt this month.
The Flash warning doesn’t explicitly cite which states’ databases were affected. However, back in July, Illinois’ voter registration database was hacked and subsequently was shut down for two weeks. The Illinois Board of Elections has blamed the incident on “foreign hackers,” but of course, this can be difficult to pin down. Theunsuccessful attempt was aimed at Arizona’s voter information.
The bulletin cited IP addresses that traced back to server hosting companies in England, the Netherlands, Scotland and the United States. That said, hackers could have rented severs from other companies in order to disguise their work. For the full article click here
from hacker samurai http://ift.tt/2byZRgV
via IFTTT
Monday 29 August 2016
ICIT Analysis: Hacking Elections is Easy! Part One: Tactics, Techniques, and Procedures
True democracy relies on the reliability of the democratic process. The “Help America Vote Act”, passed in 2002, ushered in an era of uncertainty by proliferating the use of electronic voting systems vulnerable to cyber, technical and physical attack. More often than not, electronic voting systems are nothing but bare-bone, decade old computer systems that lack even rudimentary endpoint security. Despite the recurring discussion on electronic voting vulnerabilities that occurs every four years, only limited attention is given to the systemic problem undermining American democracy. It’s time for a complete overhaul in the electoral process’ cyber, technical and physical security.
In this analysis, entitled, “Hacking Elections is Easy! Part One: Tactics, Techniques, and Procedures”, the Institute for Critical Infrastructure Technology provides a detailed analysis of the risks that voting machines and the digital age have introduced into our democratic process which have the potential to impact the integrity of election results. The report discusses:
- The shocking ease of hacking all aspects of virtually any voting machine’s “black box” technology
- The cyber, technical and physical attack methods that could be enlisted by Nation States, Hacktivists and black hat hackers
- Social Engineering attack vectors and methods that are so easy, even a novice script kiddie can do it
- A few simple tactics that can “fix” any local, state or national campaign in just days or even hours
- And much more
This paper was authored by:
- James Scott (Senior Fellow – Institute for Critical Infrastructure Technology)
- Drew Spaniel (Researcher – Institute for Critical Infrastructure Technology)
The following experts contributing to this report:
- Rob Roy (Fellow – Institute for Critical Infrastructure Technology & Federal CTO, HPE)
Part Two of this paper will be published shortly and provide a deeper technical analysis of this threat.
Download the paper here: http://ift.tt/2c4hYNx
This paper was underwritten by:
from hacker samurai http://ift.tt/2byOohH
via IFTTT
Attempted Hack Noticed Against NYT
According to a report from the New York Times on August 22, its office in Moscow recently encountered a potential cyber-assault during the early days of August 2016. When requested to give its comments, NYT didn’t instantly respond, but stated that there wasn’t any clue to show that hackers were able to get through the newspaper’s security systems. Cnet.com posted this, August 23, 2016.
US authorities, who intimated the news to CNN, stated that according to investigators, state-sponsored Russian hackers were responsible for the assault. The authorities comment that the attempted attack maybe those same hackers’ job which infiltrated the DCCC and DNC of America’s Democratic Party when the country’s presidential election canvassing was going on.
It was during past few months when specialists noticed the intrusions while were clueless as to what reason played behind the hackers’ work of attacking news outlets. It maybe mentioned that journalists regularly exchange discussions and conduct interviews with any number of officials within the Government-of-United States. For the full article click here
from hacker samurai http://ift.tt/2bL9Kfg
via IFTTT
Opera reveals its sync service is hacked, resets passwords as precautionary measure
Earlier last week, Opera reported that hackers had gained access to the Opera sync service which is used to sync browsing data between devices.
According to a post on its official blog, Opera said that the attack was ‘quickly blocked.’ It added that investigation is ongoing. However, some data may have been compromised.
Opera went on to say that despite using encrypted, hashed and salted passwords in its systems, it still went ahead and reset all Opera sync passwords as a precautionary measure.
In an email sent out to Opera sync users, it informed them about the breach and advised them to change their passwords. As a precautionary measure, Opera also advised users of the Opera sync service to reset passwords for any third party applications that are connected to their Opera sync account. For the full article click here
from hacker samurai http://ift.tt/2bL8FUu
via IFTTT
Saturday 27 August 2016
Protecting your smartphone and personal info from hackers
FORT MYERS –
Leslie Jones is known for her humorous roles on Saturday Night Live, but this week, she’s not laughing.
Hackers accessed her personal accounts, gaining access to sensitive information, including explicit photos.
Homeland Security is now involved in the investigation.
What happened to Jones could happen to anyone who uses a smartphone and stores private info on their phones.
One cyber security expert said that without proper defense, your information could be exposed.
“I never do banking or anything that would require to put my personal information on my phone because if you lose it, now your information is out there,” said Lorraine Masud of Fort Myers.
If someone gets ahold of your phone, they could hack it. The cyber security expert said your information in the cloud isn’t untouchable and if a hacker accesses it, they could find out a lot about you.
“They think of this mystical thing up there. They don’t know what it is. You’re just using someone else’s computer; that’s all the cloud is. The cloud is you using CPU and storage on someone else’s computer,” said Greg Scasny with Cybersecurity Defense Solutions. For the full article click here
from hacker samurai http://ift.tt/2bYpDwz
via IFTTT
Fish and Game confirms hackers possibly accessed license buyer’s personal information
The Idaho Department of Fish and Game has suspended online sales of hunting and fishing licenses and tags after a computer breach that potentially included personal information being accessed, according to a Friday press release.
According to the Associated Press, Fish and Game spokesman Mike Keckler said the agency is working with a third-party online sales vendor, Active Network, a Texas-based company, to determine if hackers acquired personal information.
“At this point, we still do not know what Idaho data was breached,” Keckler told the Associated Press. “All we know is that somebody was able to hack into our vendor’s system, and this vendor services more than just Idaho.”
Idaho Fish and Game has not stated how many people could have had their personal information compromised because of the breach. Apparently, the data breach occurred sometime this summer, according to the Fish and Game release. Those who purchased hunting and fishing licenses and tags online prior to 2008 are potentially at risk. For the full article click here
from hacker samurai http://ift.tt/2bYppp8
via IFTTT
Friday 26 August 2016
iPhone issues update after discovery of bug that could give hackers access with just one tap
Apple has released an update after the discovery of a bug that allows hackers to break into any iPhone with a single tap.
The bug took advantage of three different weaknesses in the operating system to allow hackers complete access of iOS devices, according to the smartphone security company Lookout and internet watchdog Citizen Lab.
Both reports suggested it was an Israeli firm called NSO Group which was the source of the spyware.
Apple has urged all of those who own an iPhone to upgrade to the latest version of iOS, which contains the necessary patch.
‘The threat actor has never been caught before,’ said Mike Murray, a Lookout researcher. For the full article click here
from hacker samurai http://ift.tt/2bFHFYb
via IFTTT
Hackers Linger Three Times Longer Inside APAC Networks
The average dwell time before cyber-criminals are discovered inside victim networks in APAC is more than three times the global median of 146 days, according to a new report fromMandiant.
The FireEye division’s latest M-Trends study focuses on Asia Pacific for the first time, revealing a region lagging the rest of the world on cybersecurity.
Incident investigation stats for 2015 revealed the median time of compromise to discovery of an attack was 520 days, much higher than the global figure although not much bigger than EMEA (469 days).
As Mandiant says in the report, “seventeen months provides ample time for any attacker to progress through the full attack life cycle and achieve multiple goals within their mission objectives.”
Not just that, but most breaches are never made public thanks to a lack of notification laws; a dangerous situation given the inability of many organizations to identify and respond to security incidents. For the full article click here
from hacker samurai http://ift.tt/2bFaIq9
via IFTTT
Thursday 25 August 2016
Security Education May Not Help Businesses: Hackers Already Know Employees’ Passwords
Cyber criminals are always on the hunt for more passwords to give them access to financial accounts as employees remain lax about changing them into more complicated ones.
The latest attack affected millions of email accounts such as Google, Yahoo and Microsoft. Consumers and employees continue to favor reusing their passwords and their combinations, making it easy for hackers to decipher and sell them on the black market known as the “dark web.” Even seemingly innocuous accounts such as LinkedIn and Netflix have been the target of hackers, because password security is not a priority among consumers who halfheartedly make them more complex or change them on a routine basis. The risk for companies is high because employees could be increasing the likelihood of being hacked, since “nothing stops a user from changing their social network password to the same one used at work,” said Gilad Peleg, CEO of SecBI, a Be’er Sheva, Israel-based company that provides threat detection. For the full article click here
from hacker samurai http://ift.tt/2bkvbVs
via IFTTT
The media becomes the story as hackers focus efforts on news organizations
News reports yesterday that the New York Timesand other news organizations were attacked by hackers should not only come as no surprise, but industry insiders believe news organizations should prepare to be struck again in the future.
The huge amount of confidential data the media stores makes for a tempting target for hackers interested in either learning more about the inner workings of American politics or to possibly influence the upcoming election cycle, security pros said, adding that the media has been a target in the past and will likely remain a target.
“Hackers have been going after the press the whole time… It’s only now that either a) they’ve become more focused, b) they’ve been more successful, or c) we’ve figured out how to catch them in the act. I suspect it’s a combination of all three,” Casey Ellis, CEO and founder of Bugcrowd, told SCMagazine.com in an email. For the full article click here
from hacker samurai http://ift.tt/2bi2r0G
via IFTTT
Wednesday 24 August 2016
NYT Says Moscow Bureau Targeted By Hackers But Wasn’t Compromised
The New York Times said on Tuesday that its Moscow Bureau was targeted by hackers but that the cyber attacks did not compromise the paper’s system.
“We are constantly monitoring our systems with the latest available intelligence and tools,” New York Times spokeswoman Eileen Murphy said in a statement. “We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised.”
CNN reported earlier on Tuesday that the FBI is investigating cyber attacks on New York Times journalists and reporters at other outlets, citing unnamed U.S. officials. The FBI suspects Russian hackers were behind the breach, according to CNN. The network also reported that the Times hired an outside security firm to assess the cyber attack. For the full article click here
from hacker samurai http://ift.tt/2bVre9y
via IFTTT
Climate Hackers: One man’s plan to stop global warming by shooting particles into the atmosphere
The National Park System is turning 100, and The Verge is celebrating with Wilderness Week: a look at the natural world, its freaky critters, and its future.
This year is already on pace to be the warmest on record, setting off another season of heatwaves, droughts, and wildfires around the world. But it would only be the latest record to fall, as 15 of the 16 hottest years have occurred since 2001. In turn, the ice sheets aremelting, oceans are rising, hurricanes are increasing in number and intensity, and climate refugees are pouring over borders.
CLIMATE CHANGE IS REAL, SO WHAT DO WE DO ABOUT IT?
So despite what you may have heard aboutChinese hoaxes or scientific fraud, it’s increasingly obvious that climate change is very real and well underway. Now the question is: what do we do about it?
After decades of inaction, our options are limited. To have a chance of avoiding a 2 degree Celsius rise in temperatures, a threshold scientists have long warned could trigger a cascading series of environmental For the full article click here
from hacker samurai http://ift.tt/2bzJ4et
via IFTTT
Tuesday 23 August 2016
Alleged NSA hackers probably gave away a small fortune by leaking exploits
Anonymous hackers probably gave away hundreds of thousands of dollars in potential sales in the black market when they leaked valuable cyberweapons allegedly stolen from the U.S. National Security Agency.
The hackers, known as the Shadow Brokers, posted a sample file of the cyberweapons earlier this month and at least some of them appear to be zero-day exploits, or attacks that rely on software defects that practically no one knew about.
Before they were publicly leaked, each of these zero-day exploits could have sold for a great deal of money, according to security researchers. They’re designed to affect firewall and router products from Cisco, Juniper Networks and Fortinet, in addition to those from Chinese vendors. For the full article click here
from hacker samurai http://ift.tt/2bshJ0q
via IFTTT
Kremlin Hackers Behind Anti-Doping Agency Attacks
The infamous Kremlin-sponsored APT group Sofacy (aka Sednit) was likely responsible for hacking anti-doping agency WADA in revenge for its decision to recommend the IOC ban all Russian athletes at the Rio Games, ThreatConnect has claimed.
The threat intelligence firm said the group, also known as Fancy Bear, gathered intelligence that could help Russia intimidate future whistleblowers following the testimony of Yulia Stepanova, who has since fled the country.
The campaign might also have been launched to try and intimidate senior decision makers, to find confidential info which could embarrass WADA, or even to obtain information which would help Moscow evade anti-doping measures in the future. For the full article click here
from hacker samurai http://ift.tt/2bsikPR
via IFTTT
Monday 22 August 2016
WIKIPEDIA FOUNDER JIMMY WALES HACKED
A notorious hacking group has targeted Wikipedia founder Jimmy Wales, taking over his Twitter account to falsely announce his death.
A tweet posted to Wales’ account on Saturday, August 20, stated: “RIP Jimmy Wales 1966—2016.” Shortly after the first tweet, another tweet was posted, stating: “I confirm that Wikipedia is all lies.” Both tweets have since been deleted.
Wales is the latest in a string of high-profile hacks by a group called OurMine. In June, the group claimed responsibility for hijacking the social media accounts of Facebook founder Mark Zuckerberg and Google CEO Sundar Pichai. For the full article click here
from hacker samurai http://ift.tt/2bJ7jsp
via IFTTT
Hackers play the fame game to boost business
Hacking by its very nature tends to be an activity that takes place in the shadows. However, analysts at security awareness specialist Digital Shadows have identified a growing trend of some hackers actively seeking the limelight to promote their businesses.
Just as in the legitimate commercial world, reputation is important and players without one are less likely to be trusted. In order to boost their profiles therefore some cyber criminals have been using publicity to add to their credibility. “While cybercriminals engaging with journalists is not a new phenomenon, a recent trend has been observed of previously unknown actors using the media to self-publicize and advertise the data they have for sale,” says Rick Holland, VP of strategy at Digital Shadows. “In June 2016 alone, Peace (aka Peace of Mind), Tessa88 and thedarkoverlord, none of whom were previously well-known outside the security community, all spoke to journalists about compromised data they were offering for sale in what we assessed as likely to be attempts to garner publicity and thereby attract buyers”. For the full article click here
from hacker samurai http://ift.tt/2bYgZmb
via IFTTT
Saturday 20 August 2016
Hackers can use airline boarding passes to steal personal information
PHOENIX – You may want to rethink tossing your airline boarding pass in the trash.
Security experts are warning people about personal information hidden in the barcodes. That, combined with the information that people put on social media, can create a lot of damage if hackers get ahold of it.
Airline barcodes contain more information than you think—including names, record locator and frequent flyer number and more. If a boarding pass gets into the hands of a clever thief, they can use that information to answer security questions on websites and hack into accounts.
Or, even worse, hackers can use that information, and combine it with other easily accessible personal information, to assume a person’s entire identity online. For the full article click here
from hacker samurai http://ift.tt/2bbomlV
via IFTTT
Friday 19 August 2016
Report: Hackers Also Targeted Trump Campaign And GOP Groups
Hackers targeted the Donald Trump campaign and Republican groups, in addition to compromising Democratic campaign groups, Reuters reported on Thursday.
At least one Trump staffer’s email was hit with malware in 2015, but it’s otherwise unclear whether the Trump campaign’s computer system was compromised, according to Reuters.
The news follows the revelations that Democratic groups, including the Democratic National Committee and the Democratic Congressional Campaign Committee, were also targeted by hackers. The FBI is investigating those attacks, which were likely carried out by Russian hackers. For the full article click here
from hacker samurai http://ift.tt/2b34pAM
via IFTTT
‘Pokemon GO’ Egg Hack news and updates: Hackers use eggs to take control of Gyms; Niantic taking steps to ban cheating players
Eggs are among the most-prized components of “Pokemon Go.” While they are designed to just hatch Pokemons, some hackers have been using eggs to make Gyms unbeatable. Will an ongoing crackdown on cheaters and hackers finally solve this dilemma?
“Pokemon GO” fans recently discovered a disturbing trend — hackers taking over Gyms. Pokemon Gyms are virtual gyms where trainers take their Pokemons to train and go up against other monsters. But one Reddit user found out that a particular individual has found a far more insidious way of using eggs in the game, by using it to take over the gym.
The hack allowed eggs to become Gym leaders and, since eggs have no HP and no moves, other players can neither fight them nor take them down. What’s worse, the hacker would keep racking up defender points and coins. And it’s not just the hacker who benefits, as any player from the same team as the hacker can occupy the gym and reap the rewards.
It soon became obvious that it’s not just one Gym that was hacked. More players started complaining of Pokemon Gyms in New York that were not working, like those located at the Josephine Shaw Lowell Memorial Fountain, the Tao Uptown Asian Fusion restaurant, the New York City Post Office, Times Square, and Madison Square Garden. It was also reported that all these Gyms were hacked by the same person and that he or she was also able to occupy two Gyms in London, one at Buckingham Palace and another one at the Big Ben. For the full article click here
from hacker samurai http://ift.tt/2b34fcw
via IFTTT
Thursday 18 August 2016
Vulnerable smart home IoT sockets let hackers access your email account
Researchers have discovered critical security flaws in connected smart plugs which can give attackers access to a full home network — as well as your email account.
Bitdefender researchers Dragos Gavrilut, Radu Basaraba and George Cabau said on Thursday that one particular device uses no encryption and weak default passwords, with no alerts issued to users to change them in the interests of security.
Internet of Things (IoT) devices are products with network capabilities. While these now range from smartphones to fridges, the use of smart plugs is also on the rise.
IoT-based smart outlets can be used to monitor energy usage, schedule devices to turn on and off at the user’s convenience, and can be used to power and control gadgets including security cameras, smart TVs and coffee makers, among others. For the full article click here
from hacker samurai http://ift.tt/2bpXbpJ
via IFTTT
Bitcoin users have been warned about a potential attack by government hackers
Another day, another crazy bitcoin story.
This time: Users are being warned that an upcoming release of digital currency could be targeted by “state-sponsored hackers.”
Popular bitcoin information site Bitcoin.org has been updated with a message urging users to take care when updating their software: “Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state sponsored attackers. As a website,Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website.” For the full article click here
from hacker samurai http://ift.tt/2bpWFYN
via IFTTT
Wednesday 17 August 2016
Hackers only need 5 minutes to forge a phishing scam and 25 minutes to break into systems – Report
How long do you think it may take cybercriminals to hack into your computer? According to a new report by cloud-based cybersecurity firm Duo Security, it may take less than half an hour for hackers using phishing email campaigns to access systems and steal sensitive information.
Duo Security collected data from 400 organisations using its free web-based tool Duo Insight, which allows internal IT teams to test employee response by sending out phishing campaign simulations. The firm said that of the 11,542 users who received such phishing emails, 31% clicked on links that could have potentially compromised systems via malware or virus attacks. The security firm said: “In a real-world scenario, attackers can run a phishing campaign that takes only 5 minutes to put together, and within 25 minutes they’ve got access to corporate data resulting in a data breach. Those users who clicked the link in the phishing For the full article click here
from hacker samurai http://ift.tt/2b0OJt0
via IFTTT
Tuesday 16 August 2016
Hackers auction files ‘stolen from NSA’
A group of hackers calling itself Shadow Brokers claims to have stolen a collection of malware files from a group linked to the US National Security Agency (NSA).
The hackers are holding a bitcoin auction and say they will give the code to the highest bidder.
Experts said that a sample they have released for verification could be genuine.
Whistle-blowing website Wikileaks tweeted that it also had the data.
In a message on file-sharing site Pastebin, Shadow Brokers describes its haul as “cyber weapons” and says it is offering programs “made by creators of Stuxnet, Duqu, Flame” – high profile forms of computer malware said to be government-sponsored. For the full article click here
from hacker samurai http://ift.tt/2bvlUqc
via IFTTT
Cerber ransomware rakes in cash by recruiting unskilled hackers
A ransomware strain has been making a pretty penny by opening its doors to unskilled hackers.
Security firm Check Point gained a rare look at the inner workings of the Cerber ransomware and found that its developers are building a network of partners to attack more targets — and rake in more cash.
Check Point also warned that because of Cerber, more unskilled cybercriminals might choose to participate in ransomware schemes.
“Even the most novice hacker can easily reach out in closed forums to obtain an undetected ransomware variant,” it said in a new report.
As a result, the Cerber strain could generate close to US$1 million a year for its creators, Check Point said in its report released Tuesday. For the full article click here
from hacker samurai http://ift.tt/2bkDfWu
via IFTTT
Monday 15 August 2016
Hacking a risk to all businesses, no matter the size
Cyber security is an issue facing all businesses regardless of size, type or location.
That’s the stern word according to Aura Information Security, who says the recent hacking of several New Zealand schools is a timely reminder about the importance of security.
Aura Information Security general manager Peter Bailey says that while schools may seem an unlikely target, they have resources and information that hackers find valuable. The same applies to most businesses in New Zealand.
“In the case of the schools hacking, it is possible that servers and storage may have been taken over by attackers. In addition, the personal information schools often hold may also have been used for ‘downstream’ crimes,” Bailey explains. For the full article click here
from hacker samurai http://ift.tt/2bssiym
via IFTTT
Hyatt, Starwood and other HEI-operated hotels hit by malware attack, customer data feared stolen
Hackers have attacked 20 hotels run by HEI Hotels and Resorts, including Hyatt, Marriott, Starwood and Intercontinental with a targeted malware. The cyberattack may likely have resulted in personal and financial information of thousands of customers being stolen and leaked.
Privately-owned HEI, which is headquartered in Norwalk, Connecticut, confirmed that the data breach was first discovered in June this year and was found to be targeting PoS (point-of-sale) systems. The firm also said that the malware was specifically designed to steal card data used by customers to make payments. HEI said that the malware was active from 1 March 2015 to 21 June 2016 and affected 12 Starwood hotels, six Marriott International Inc hotels, one Hyatt hotel and one other Intercontinental hotel, Reuters reported. The firm also said that hackers may have accessed customer names, account numbers, payment card expiration dates and verification codes. However the hackers appear to have been unsuccessful in stealing PIN codes as they are not stored on the systems. For the full article click here
from hacker samurai http://ift.tt/2bstcLp
via IFTTT
Saturday 13 August 2016
Hackers release phone numbers of House Democrats
The Democrats have been hacked again.
Guccifer 2.0 has swiped a trove of private cellphone numbers and personal e-mail addresses of Democrats in the House of Representatives, posting them online Friday night to the fury of some of the victims.
“What? What happened?” a vacationing Rep. Jerrold Nadler (D-Manhattan) said when told of the theft by The Post — in a phone call to his personal cellphone.
“Well, I think whoever did it is terrible, it’s a crime, and I hope they’re prosecuted.”
Nadler called the attack “cyberterrorism,” adding: “Any hacking of data could be used potentially for terrorism.” For the full article click here
from hacker samurai http://ift.tt/2bp7tE1
via IFTTT
VW car owners warned hackers can unlock their vehicles
Hackers could unlock hundreds of millions of Volkswagen cars using a £30 device, scientists have warned.
Keyless entry systems for most VW vehicles, manufactured between 2002 and 2015, relied on a handful of global master keys which could be cloned, it has been revealed.
The glitch means thieves could unlock 100 million vehicles remotely and steal belongings from inside but would not be able to start the vehicle.
Researchers investigating the security flaw recovered the code for the master keys from an electronic control unit inside a vehicle and used a £30 radio snooping device to intercept a second code from a driver’s key fob. For the full article click here
from hacker samurai http://ift.tt/2aJlwY2
via IFTTT
Friday 12 August 2016
Hackers steal 1.9 million Dota 2 gamers’ data from chat forum
LeakedSource said the information wasn’t sufficiently secured
Nearly 2 million fans of online multi-player game Dota 2 have become the latest victims of a large-scale online hack, with email and IP addresses, usernames and passwords all being exposed.
News of the attack, which affects only the Dota 2 message board, rather than the game itself, comes via breach notification site LeakedSource. According to a post on LeakedSource’s blog, 1,923,972 records were stolen from the official Dota 2 forum, which is run by gaming firm and Dota 2 creator, Valve.
The attack occurred at the beginning of July, although it has only just been communicated to the world this week. According to LeakedSource, the forum passowrds were stored in Valve’s servers using MD5 hashing and salt to encrypt them. However, while use of MD5 is still quite common, it is also considered to be severely compromised and vulnerable to myriad attacks. This has allowed LeakedSource to decrypt roughly 80% of the information stored in the leaked database. For the full article click here
from hacker samurai http://ift.tt/2bb2qtn
via IFTTT
White Hat Hackers Caught Red-handed During Attempted ETC Sell-off
There is still a significant debate going on regarding the Ethereum Classic funds obtained by self-professed white hat hackers. While they secured 7 million coins, several transactions were sent to exchange wallets in an attempt to cash out the money. An explanation was posted on Reddit, which seems to indicate funds will be returned to The DAO token holders after all.
THE WHITE HAT HACKER PLOT THICKENS
Albeit no one should trust self-professed white hat hackers by default, many people were confident in the team “tasked” with recovering funds stolen during The DAO attacks. With 7 million ETC at stake, funds have to be secure to prevent it being dumped on the market and crash the Ethereum Classic price.
After the funds were recovered by the white hat hackers, some transactions were sent to exchange wallets This caused a lot of speculation among Ethereum Classic enthusiasts, as there was no official explanation for doing so. Moreover, the ETC price saw a significant decline, which seemed to indicate the funds was being sold-off by these “trustworthy” individuals. For the full article click here
from hacker samurai http://ift.tt/2b3kwvY
via IFTTT
Thursday 11 August 2016
Russian hackers who targeted the Democratic Party may be after something bigger than Hillary Clinton
The leak that exposed private email accounts from within the Democratic Party in July appears to be bigger than originally thought.
The emails of more than 100 Democratic lawmakers and groups were reportedly compromised in the breach that US officials say was carried out by Russian hackers, according to a report by The New York Times on Wednesday.
The Times says the FBI is expanding its investigation as a result, noting that the hacking primarily targeted Democratic Party insiders and Hillary Clinton’s campaign officials.
The Democratic Governors Association is among the groups that were reportedly targeted.
It’s unclear how the FBI’s investigation will evolve amid the new findings. For the full article click here
from hacker samurai http://ift.tt/2bjc7X2
via IFTTT
Hackers hit strategic targets in Russia, Iran, and Europe
At least 30 important organizations around the globe were targeted over the course of five years in cyber-espionage attacks, reported (in Russian) Kaspersky Lab, a Russian anti-virus software company. These targets were located in Russia, Iran, and Rwanda.
Symantec, a U.S. cyber security company, also reported that the malware was found in computers of its customers in China, Sweden, and Belgium. These attacks have been occurring since at least 2011. The hackers were after information from governmental organizations. Kaspersky Lab said the high cost of the attacks, as well as their complexity and duration, is reason to believe that the hackers have high-level support. Symantec concurred with this analysis.
“Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation-state level attacker,” Symantec said on its website. For the full article click here
from hacker samurai http://ift.tt/2bjbgFX
via IFTTT
Wednesday 10 August 2016
Samsung: Hackers can’t pwn our NFC payment kit. No way, nuh-uh, not true (Well, OK, maybe)
A war of words has broken out after a security researcher claimed last week that Samsung’s contactless mobile payment system is vulnerable to skimming and spoofing attacks.
In talks at both the Black Hat and DEF CON security conferences, held last week in Las Vegas, Salvador Mendoza claimed that he was able to intercept a Samsung Pay token transmitted over the air using a gizmo hidden under his shirt cuff.
Wait, what’s a Samsung Pay token? Well, the token comes in three parts.
One is generated by the payment networks, it is associated with a credit or debit card, and it is stored on the Samsung smartphone. The second part is a counter that increments on every transaction in an attempt to thwart replay attacks. The final part is a message authentication code generated from the payment network-provided token, the counter and a secret key embedded in the phone’s ARM-compatible processor; this authentication code is used to prove the token was sent from a Samsung device and wasn’t tampered with over the air. For the full article click here
from hacker samurai http://ift.tt/2aV92ZD
via IFTTT
Census attack ‘could be Chinese hackers unhappy about Mack Horton v Sun Yang drugs saga’
Melbourne University cyber security expert Suelette Dreyfus says the attacks on yesterday’s census could be the work of Chinese citizens unhappy about Australian swimmer Mack Horton calling his Chinese rival Sun Yang a drug cheat.
“It’s not way out of left field [as a motivation],” she said.
She believes the “noisy” attack looks more likely to have been the work of civilians rather than a foreign government.
Despite the Australian Government saying the attack was from overseas, Dr Dreyfus still believes it could have come from within Australia.
“It could have just been literally bedroom hackers in Australia routing their traffic … through overseas in order to make it appear as though they were coming from there,” she said. For the full article click here
from hacker samurai http://ift.tt/2bfoowP
via IFTTT
Tuesday 9 August 2016
Android Hackers Diversifying How They Attack Devices
Google’s Android platform has a reputation for being vulnerable to hacking and malware, but the reality is that developers and hackers are continuing to play the a coding cat and mouse game. There are many scary statistics used in headlines detailing the number of devices that are potentially vulnerable to a security flaw. Stagefright was seen as being a potential hazard to around a billion devices, and the latest big name issue,Quadrooter, which is seen as being a potential threat to around 900 million Qualcomm-powered Android devices. We are seeing hackers and security investigators uncovering deeper and deeper issues in the Android platform code, but this points towards something often overlooked: the deeper we must investigate to find a critical glitch, the more hardened the outer layers of the operating system are. This is a simplistic perspective, but read on.
Mobile device security developers like to release scary statistics almost as though they are trying to frighten potential customers into downloading and using their safer-device products. For example, mobile security solution provider, 360 Security, explained earlier in the year that the damage attributed to mobile ransomware for all of 2015 amounted to 95.6 billion won (approximately £65 million or $86 million). Their statistics show that 900,000 devices were infected between June 2013 and the first quarter 2016. Another security business, AhnLab, collected almost 50,000 malicious app samples in the first half of 2016 designed to root a device. Once a device is rooted – that is, once third party applications can gain access to the whole of the storage and not just the ordinarily permitted space – the device is effectively compromised and can be made to do pretty much anything the developers want it to. AhnLab explain that the number of rooting applications is around four times that of the second half of 2015 – this is a relatively new trend in mobile device malware. For the full article click here
from hacker samurai http://ift.tt/2aPnBQZ
via IFTTT
5 Reasons Why Hackers Can’t Rig the U.S. Election
Relax, your vote is safe.
Here’s a scary thought: Hackers hijack U.S. voting machines on Election Day, rigging the results to install their preferred candidates. The Russians have alreadyhacked their way deep into the computers of the Democratic Party, and an encore act involving the Presidential election could permanently destabilize the country.
This scenario is already the subject of serious discussionamong academics, and this month, the Department of Homeland Security said it may designate ballot machines as “critical infrastructure.”
Fortunately, though, hacking the U.S. election is extremely unlikely or downright impossible. Here are five reasons why. For the full article click here
from hacker samurai http://ift.tt/2aDfe7U
via IFTTT
Monday 8 August 2016
Hackers take Rio Olympics through the back-door
Mobile security outfit Skycure claims that visitors to the former capital of Brazil are being targeted by hackers who have set up fake Wi-Fi hotspots designed to steal information from connected devices.
These phony wireless networks were spotted by Skycure around the city, but they were most prominent in locations where travelers were most likely to look for a place to connect, like shopping malls, well-known coffee shops, and hotels.
Anyone taking the Rio Metro may also be at risk when connecting to the complimentary Wi-Fi offered by the city in partnership with IT giant Cisco.
Rio Galeão Airport, the international hub for the Olympics, was found to host many networks that are capable of decrypting Secure Sockets Layer (SSL) traffic—undoing a protocol put in place to keep data protected. For the full article click here
from hacker samurai http://ift.tt/2aFarCA
via IFTTT
‘Pokemon Go’ News: Hackers Taking Over Gyms; Players Angry Over Missing Pokestops
“Pokemon Go” players around the world are once again up in arms over a new set of issues. It seems hackers have taken control over a number of battle gyms and the number of Pokestops around the world have been reduced.
Cheaters are once again reigning supreme over the honest trainers of the “Pokemon Go” mobile game. Hackers have reportedly found a way to take over battle gyms and hold them indefinitely, according toForbes. Their XP levels are so high that most players in the game have no hope of dislodging them.
The problem is mostly pronounced in Japan. But most of the hackers are from China who also used GPS spoofing. The cheaters have found a way to increase their XP level ranging from 33 up to 40. Experts believed that such XP level is quite impossible to achieve right now if the trainers are playing normally.
This kind of cheating method is also known to be occurring in the United States although proving it is quite a different matter. Niantic will have to tweak its system to flush out these kinds of cheaters in the game. For the full article click here
from hacker samurai http://ift.tt/2aGmcvQ
via IFTTT
White Hat Hackers Secure The DAO’s ETC Funds
According to various reports, the group of self-proclaimed “white-hat hackers” has secured the ETC funds belonging to The DAO holders. When funds was drained from this doomed Ethereum project, the hacker obtained a significant amount of ETC funds as well. Now that 7 million coins have been “secured”, the question becomes what will happen to this balance.
ETC FUNDS FROM DAO HACK IS SECURED, SORT OF
Ethereum Classic community members were a bit on edge yesterday, as there was a chance The DAO attacker would obtain 7 million coins. While some people feel this would not have such a big impact on the market, a significant price decline was noted across exchanges yesterday as the deadline drew closer.
As it turns out, the self-proclaimed group of white hat hackers has secured this funds. There are a lot of questions as to how “white hat” this group is, as all they do is hack the hacker. That does not make their actions legitimate by any means, nor should the people behind this initiative be trusted by default. For the full article click here
from hacker samurai http://ift.tt/2aFbC4H
via IFTTT
Russia, China and Europe targeted by cyberespionage group Strider with stealth malware
A newly uncovered cyberespionage group called Strider has been found to be targeting specific organisations and individuals in Russia, China, Belgium and Sweden, using a stealth malware called Remsec. Interestingly enough, the malware’s code actually contains a reference to Sauron, the infamous and most feared, all-seeing super-villain in the Lord of the Rings.
According to Symantec security researchers, the Remsec malware has been specifically designed to aid Strider’s spying activities. The group, which has been active since 2011, but maintained a low-profile, primarily targeted specific organisations and individuals that would be of interest to any country’s intelligence agencies. The Remsec malware has been specifically designed to open up a backdoor on infected systems, steal files and log keystrokes. “Strider has been highly selective in its choice of targets and, to date, Symantec has found evidence of infections in 36 computers across seven separate organisations. The group’s targets include a number of organizations and individuals located in Russia, an airline in China, an organization in Sweden, and an embassy in Belgium,” said Symantec. For the full article click here
from hacker samurai http://ift.tt/2azoyK0
via IFTTT
Is your phone at risk? Security flaw in 900 MILLION Android devices could give hackers complete access to your data
Owners of Android phones have been warned of a serious security flaw that could give attackers complete access to a phone’s data.
The problem has been identified in software used in about 900 million Android phones, including the HTC One, and Sony Xperia Z Ultra.
While there is currently no evidence of the flaws being used by hackers, experts say it is a race as to who finds the bug first.
The glitch was found by researchers from Checkpoint, who posted about it in a blog.
The problem appears to affect phones which run on Qualcomm processors, which the blog estimates to be around 900 million devices. For the full article click here
from hacker samurai http://ift.tt/2aLx8IK
via IFTTT
Saturday 6 August 2016
Regional consortium takes aim at hackers, cyber crime
What do cyber attacks and the heroin epidemic have in common?
Yes, both are nameless, faceless enemies, whose origins often extend well beyond Northeast Ohio and even our national borders. But, there’s a lesser known local connection.
A private-public program to combat heroin addiction laid the foundation for its Cleveland-based partners to consider other threats best addressed through similarly structured collaborations. Cybersecurity was the obvious choice, according to Elizabeth Keefer, senior vice president for administration and general counsel for Case Western Reserve University.
“It was the first thing to come to mind really,” Keefer said, “because it’s on everybody’s mind.”
Last year, founding partners Case, Cleveland Clinic, the Federal Reserve Bank of Cleveland and the U.S. Attorney for the Northern District of Ohio launched the Northeast Ohio CyberConsortium to fight back against the growing danger of hacking and other types of cyber attacks. For the full article click here
from hacker samurai http://ift.tt/2aBen77
via IFTTT
Flawed credit card chip system attracting hackers
REDDING, Calif. – Hackers are figuring out new ways to steal identities. How do you protect yourself from cyber criminals and credit card fraud?
The new EMV chips seen on credit cards are supposed to give more security, but hackers have figured out how to deactivate those chips and steal information.
Redding business owner, Keitha Brook always checks every I.D. when customers pay at her consignment shop, Redeemed.
“I want to make sure it’s their card I don’t want any theft.,” said Brook. “Customers feel protected when people ask for an ID, they actually thank me.”
Consumer researchers say card thieves can simply re-write the strip’s code to make it appear like a chipless card, allowing criminals to keep counterfeiting. For the full article click here
from hacker samurai http://ift.tt/2aCg9s5
via IFTTT
Shocking! Hackers can now take control of your vehicle
Car thieves have been looking for new ways to take off with your vehicle since locks were installed on the doors. But now, breaking into your car goes far beyond picking locks. Electrical systems are becoming more high-tech, which gives car thieves more vulnerabilities to exploit.
Back in 2015, security experts from Uber’s Advanced Technology Center put the Jeep Grand Cherokee to the test, hoping to find key vulnerabilities that hackers could use to their advantage. What they found was shocking.
Not only could the team hack into the Jeep’s system, they were able to control parts such as the brakes, power steering and accelerator.
This year, the team took their experiments to the next level. A full report of their findings is expected to be released next week. However, we know that issues were found with the vehicles’ Controller Area Network (CAN), which allowed the team to control the vehicle even while it was moving at high speeds. Just imagine for a second how terrifying it would be if someone took control of your steering wheel while you were driving. For the full article click here
from hacker samurai http://ift.tt/2aBeFLc
via IFTTT
Here’s What You Missed at Black Hat and Defcon
Highlights from the world’s biggest code cracking confabs.
Greetings from Las Vegas, where Black Hat and Defcon, the world’s biggest code cracking confabs, took place this week. If you tried to contact me, our communications were probably intercepted. Oh well.
Some highlights from the desert:
Attendees witnessed the world’s impending cybernetic future Thursday evening as seven supercomputers exchanged virtual blows, each vying to win a first-of-its-kind autonomous hacking competition hosted by DARPA, the military’s futuristic research arm. The machine melee signaled a coming, if nascent age of “self-driving” cyber defense. (Congrats to Carnegie Mellon’s team Mayhem, whose AI took home the $2 million grand prize—and the glory!) For the full article click here
from hacker samurai http://ift.tt/2aCgbjw
via IFTTT
Privacy activists challenge GCHQ’s mass hacking powers in European court
Privacy activists and left-wing and progressive internet companies from across the world are taking the British government to the European Court of Human Rights (ECHR) over GCHQ’s mass spying powers. The alliance has turned to the ECHR, after a UK tribunal ruled that the GCHQ’s ability to hack and compromise people’s computers, smartphones and entire networks was legal under British laws.
The complaint has been brought forward by Privacy International, and four internet social enterprises and a hacker collective. In a statement released on 5 August, Privacy International said, “Hacking is one of the most intrusive surveillance capabilities available to the government and entails a serious interference with the right to privacy. By taking this case to the European Court of Human Rights, we aim to bring the government’s hacking under the rule of law. The government iscurrently hacking abroad based on a very vague and broad power that provides few if any safeguards on this incredibly intrusive power.” For the full article click here
from hacker samurai http://ift.tt/2aYKnYl
via IFTTT
Friday 5 August 2016
The Jeep Hackers Reveal New Exploit: They Can Take Over The Vehicle While Running At High Speeds
Remember the Jeep hackers? Continuing on their work from last year, Charlie Miller and Chris Valasek have found a new exploit for the SUV, allowing them to take over the vehicle even while it is moving at high speeds.
Last year, Miller and Valasek discovered a vulnerability in the Jeep’s Uconnect infotainment system, allowing them to tap into the IP address of the SUV and remotely access the vehicle’s controls. Through the exploit, the hackers were able to blast cold air through the Jeep’s vents, play hip-hop music through its speakers and then disable the SUV to leave it stranded on the side of a highway.
The hack unveiled last year, however, can only be carried out while the Jeep is moving slower than 5 miles per hour. The new exploit that the hackers presented at the Black Hat hacker conference, which focuses on the same 2014 Jeep Cherokee that was the subject of their hack in the previous year, can allow them to gain control of the SUV even while it is moving at speeds of as high as 30 miles per hour. For the full article click here
from hacker samurai http://ift.tt/2aNLOGH
via IFTTT
Trump’s comments provoked unprecedented attendance and support for Clinton at Black Hat USA
US Democratic presidential candidate Hillary Clinton may have no trouble securing her emails in the future, thanks to an unlikely ally among the hacker community. The Clinton campaign had organised a fundraiser event at the annual Black Hat USA conference, which saw unprecedented attendance, following Trump’s remarks on encouraging Russia to find his rival’s missing emails.
The event saw the Clinton campaign raise around $30,000. However, the central issue surrounding the event was the opportunity to attract the generally apolitical hacker community to get more involved in the ongoing political processes. Despite the Clinton campaign’s efforts to do so, it appears it was Trump’s inflammatory comments that finally provoked interest in the event.
Jake Braun, CEO of Cambridge Global Advisors, and co-organiser of the event, said “Maybe 12 people had RSVP’d until then.
“It went through the roof after that. It really helps when you have Donald Trump giving Russia a pass on hacking our democracy,” the Guardian reported. For the full article click here
from hacker samurai http://ift.tt/2aA4QTW
via IFTTT
Hackers Breach FossHub to Deliver Trojan That Rewrites MBR
How many times have you looked past the security signs that warn you that installing particular software could be dangerous for your computer? How many of us run untested programs with administrator privileges? In all likelihood, you would have done it countless times. In all honesty, we all have. Some users don’t even have an antivirus program installed or a firewall enabled. Now, a hacker group that goes by the name of Pegglecrew has shown us how this carelessness can cost us our important data.
If you visited the website FossHub on Tuesday and downloaded either Classic Shell or audio editing software Audacity, you are at risk of having downloaded a Trojan that rewrites the user’s Master Boot Record (MBR) for Windows, and although nothing seems to happen at first, on rebooting the PC, you will find the following message:
As you reboot, you find that something has overwritten your MBR! It is a sad thing your adventures have ended here! Direct all hate to Pegglecrew (@cultofrazer on Twitter)
Notably, the @CultofRazer Twitter handle actually belongs to gaming firm Razer, and was hijacked for a while by the Pegglecrew team. The tweets posted detailing exploits have since been removed. For the full article click here
from hacker samurai http://ift.tt/2aNM88c
via IFTTT
The advanced security techniques of criminal hackers
Staying secure online is an essential concern, for individual users, businesses, and cybercriminals alike. That’s right: Basic IT security applies whether you’re protecting sensitive data at an upstanding, ethical organization, or you’re in the business of stealing data from those same organizations.
After all, the business may be cybercrime, but cybercriminals are still operating a business, with all the associated worries. Criminals rely on operations security (opsec) to stay ahead of law enforcement and security researchers intent on dismantling their operations, but also to protect their criminal enterprises from competitors planning on sabotage.
I spoke with Rick Holland, former Forrester analyst and VP of strategy at Digital Shadows, at Black Hat about the security tools and techniques currently in use by cybercriminals. What Holland had to say was both illuminating and, when considering the business of cybercrime, not entirely unfamiliar. For the full article click here
from hacker samurai http://ift.tt/2ar9Pkh
via IFTTT
Apple will now pay $200000 to hackers who report flaws
Apple, who focuses heavily on security, has now stated that it would offer rewards of up to $200,000 to hackers who reveal security flaws in the company software. The program will launch in September and will initially be invitation-only to a select group of researchers.
At the Black Hat hacking conference, Ivan Krstic, head of security engineering and architecture for Apple stated that it will introduce a so-called “bug bounty” program, which will pay developers who discover vulnerabilities in their computer code. For the full article click here
from hacker samurai http://ift.tt/2aDoo7s
via IFTTT
Thursday 4 August 2016
Hackers found selling US Social Security number, Netflix and email accounts for just $3
Inside the Dark Web there exists a thriving den of criminals where thousands of illegal goods and services are for sale — from drugs, weapons and pornography to financial details and stolen email accounts. According to a recent report by account-monitoring company LogDog, access to personal social media accounts, dating websites and even email accounts are being sold for as little as a couple of dollars.
The firm’s “Hot Commodity: How the Dark Web is selling our online accounts” report found that underground stores selling compromised accounts of various websites and online services have become increasingly popular in recent years, suggesting a “shift in the focus of cybercrime”. “Several years back, when stores on online black market stores first became popular, the FBI called the phenomena ‘The Industrialisation of the Underground Economy,'” the report reads. “While some…accounts, such as eBay and Amazon, have always been available on the cyber black market, they were normally sold directly by members of the underground economy, not through automated websites.” For the full article click here
from hacker samurai http://ift.tt/2axZiXt
via IFTTT
Hackers detail the blood and guts of the 2016 Pwn2Own exploit expo
Black Hat Zero Day Initiative researchers have detailed the winning hacks of this year’s Pwn2Own competition, painting a picture of broken browsers and owned systems.
The quartet of Matt Molinyawe, Abdul-aziz Hariri, Jasiel Spelman, and Jason Smith of Trend Micro’s Zero Day Initiative vulnerability clearing house detailed and demonstrated the devastating white hat hacks during their presentations at the Black Hat conference in Las Vegas.
They walked delegates through the exploitation steps of the eight successful Pwn2Own hacks pulled off at the Pwn2Own competition in March, recapping the steps and the 21 vulnerabilities which lead to digital goring of Chrome, Safari, Microsoft Edge, Apple OS X, and Adobe Flash.
“The winning submissions to Pwn2Own 2016 provided unprecedented insight into the state-of-the-art techniques in software exploitation” the quartet says in a 65-page technical paper [PDF] published after the talk. For the full article click here
from hacker samurai http://ift.tt/2aLfrbu
via IFTTT
How Drones Could Help Hackers Shut Down Power Plants
When hackers took down the power grid in parts of Ukraine last year, local authorities sent operators to manually switch on power, coordinating the recovery efforts via cellphone. But what if the attackers could jam the cellphone network—perhaps using drones?
That’s the hypothetical, though realistic, scenario that a security researcher posited on Wednesday during a presentation at the Black Hat security conference in Las Vegas. In the future, warned researcher Jeff Melrose, drones will be used to support and amplify cyberattacks against critical infrastructure.
Using drones, “all kinds of attacks on field telemetry and sensors not only become affordable but doable,” Melrose, who is the senior principal tech strategist for the security arm of Yokogawa, told me in an interview ahead of his talk. “I can have several of these [drones] basically blanket an area and you wouldn’t receive anything from that particular section of your plant or pipeline.” For the full article click here
from hacker samurai http://ift.tt/2axu19X
via IFTTT
Cybersecurity Conference Includes ‘Hackers For Hillary’ Fundraiser
A Hillary Clinton fundraiser will take place at BlackHat in Las Vegas. Cybersecurity experts there say they support her over Donald Trump despite all the controversy over her email server. For the full article click here
from hacker samurai http://ift.tt/2aLf2Wu
via IFTTT
Hackers reveal their cybersecurity secrets at Black Hat summit
Heavy metal and hackers – it’s a pair only Sin City could bring together.
At the 19th annual Black Hat conference, an expected 11,000 hackers from 108 countries are trying to solve the cybersecurity problems of the future, reports CBS News correspondent Mireya Villarreal.
“Hackers come here to show off some of their craziest hacks, but they’re doing it to really raise awareness of how vulnerable these systems could be,” said CNET reporter Laura Hautala.
In this world, hackers Charlie Miller and Chris Valasek are rock stars.
“We are the good guys,” Valasek said. “I mean the bad guys don’t tell you what they’re doing.” For the full article click here
from hacker samurai http://ift.tt/2axtZid
via IFTTT
Wednesday 3 August 2016
2016 State of Cybersecurity Report from the Federal Cyber Executive Perspective – An (ISC)² Report
In March 2016, (ISC)² and KPMG LLP surveyed a targeted pool of executive-level government officials and contractors from civilian, military and intelligence agencies to determine the state of cybersecurity and to provide recommendations for advancing the federal government’s cybersecurity progress.
The survey covered a range of topical areas that are key to understanding the state of cybersecurity today: professional development, governance and standards, resource and program management and risk management and resiliency.
Not surprisingly, nearly half of federal executive respondents reported that “people,” through actions both intentional and neglectful, remain the greatest security vulnerability to federal agencies. Half of respondents identified training/recruiting as one of their top three areas for applying proposed Cybersecurity National Action Plan (CNAP) resources. For the full article click here
from hacker samurai http://ift.tt/2ay9Oyn
via IFTTT
How Hackers Could Destroy Election Day
Donald Trump is already warning that the election’s going to be ‘rigged.’ Maybe, maybe not. But hacking the vote—and throwing the country into chaos—is terrifyingly simple.
Stealing and leaking emails from the Democratic National Committee could be just the start. Hacking the presidential election itself could be next, a bipartisan group of former intelligence and security officials recently warned. Whoever was behind the DNC hack also could target voting machines and the systems for tabulating votes, which are dangerously insecure.
“Election officials at every level of government should take this lesson to heart: our electoral process could be a target for reckless foreign governments and terrorist groups,” wrote 31 members of the Aspen Institute Homeland Security Group, which includes a former director of the Central Intelligence Agency and a former secretary of Homeland Security. For the full article click here
from hacker samurai http://ift.tt/2aRyHar
via IFTTT
FBI took months to tell Democrats of hacking and suspected Russian role
WASHINGTON/SAN FRANCISCO – The FBI did not tell the Democratic National Committee last fall that officials suspected it had been the target of a cyberattack, three people with knowledge of the discussions told Reuters.
And in months of follow-up conversations about the DNC’s network security, the FBI did not warn party officials that the attack was being investigated as Russian government-backed espionage, the sources said.
The lack of full disclosure by the FBI prevented DNC staffers from taking steps that could have reduced the number of confidential emails and documents that were stolen, one of the sources said.
Instead, Russian hackers continued to have access to Democratic Party computers for months during a crucial phase in the presidential campaign, the source said. For the full article click here
from hacker samurai http://ift.tt/2ahSeQ1
via IFTTT
Hackers leak over 150 GB of sensitive patient data from Ohio urology clinics
The US healthcare hacking spree continues as a group of hackers reportedly leaked a massive amount of sensitive patient data and internal documents. The data dump, which reportedly consists of over 100,000 stolen files, includes names, addresses, phone numbers and date of birth.
Over 150 GB of data from the Central Ohio Urology Group was leaked on Twitter by suspected Ukrainian-linked hackers using the pseudonym Pravvy Sector, according to reports. The leaked data also allegedly includes information on the kind of treatments patients received, such as renal ultrasound and sperm count. Several files also revealed the names of the insurance companies that patients were registered with. Israeli data mining firm Hacked-DB, which is reportedly investigating the breach, told HackRead: “This is the Hacking Team sort of data breach, so it is huge and it will take a while to come up with complete results.” For the full article click here
from hacker samurai http://ift.tt/2b2rKiv
via IFTTT
Hackers steal bitcoins worth millions
Hackers have stolen bitcoins worth about $65 million after attacking a major digital currency exchange.
The exchange, Bitfinex, responded by halting trading, deposits and withdrawals, prompting a plunge in the Bitcoin price.
“We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen,” the company said in a blog post on Wednesday.
The hackers made off with 119,756 bitcoins, said Zane Tackett, Bitfinex’s director of community and product development, in an email to CNNMoney. That’s the equivalent of more than $65 million at current prices. For the full article click here
from hacker samurai http://ift.tt/2ahSiiC
via IFTTT
Hackers uncover 15m Iranian Telegram users’ phone numbers and IDs
A security research duo told Reuters that they’ve found evidence of encrypted messaging service Telegram’s users being hacked by a group known as Rocket Kitten.
According to Collin Anderson and Claudio Guarnieri, the attackers compromised more than a dozen accounts held by political activists involved in reformist movements and opposition organizations in Iran earlier this year. They’ve also been able to find the phone numbers and user IDs associated with 15 million accounts in Iran, where roughly 20 million people use Telegram
The hack is worrying because it allows attackers to read the messages received by the accounts they’ve hacked, as well as their chat histories.
Anderson and Guarnieri note that Rocket Kitten may have breached those accounts by intercepting SMS codes used to authorize new devices and activating them on their own hardware. For the full article click here
from hacker samurai http://ift.tt/2b2r6l7
via IFTTT
Tuesday 2 August 2016
IoT Security Takes Center Stage At Black Hat
At this year’s Black Hat USA conference, the focus on the growing security risks that come with the proliferation of connected devices was a hot topic.The Wall Street Journal reported on Monday (Aug. 1) that the Internet of Things and the looming security vulnerabilities that may come with it were top of mind during the week-long gathering of the global information security community.
Conference organizers told WSJ that, for this year’s event, they received 50 proposals for seminars related to hacking IoT devices. Of those 50, 13 were accepted.As hackers continue to set their sights on IoT, attendees are looking to presentations to learn more about the growing security risks.
WSJ reported that some of the presentations on IoT security include how a computer worm can infest a network of smart lightbulbs, how medical systems can be hacked and how advanced ATM skimming devices may be able to steal funds in a matter of minutes.Earlier this year, the Institute for Critical Infrastructure Technology (ICIT) think tank found that ransomware being pointed at IoT is inevitable because connected devices present a significant opportunity to launch further attacks, ZDNet reported.
For the full article click here
from hacker samurai http://ift.tt/2b0k2Wt
via IFTTT
Hackers have taken down the hackers trying to take down Pokemon Go
Not all heroes wear capes. Sometimes they don’t wear anything at all.
Maybe we’re projecting a little based on our experience of working late nights on a computer by ourselves (enjoy that image, readers) but the point remains, sometimes we find saviours in the unlikeliest of places.
When the Pokemon Go servers went down on July 16, hacker group PoodleCorp took responsibility for the outage and then threatened something on a larger scale to take place on August 1.
But if you played Pokemon Go yesterday you might have realised that (besides the updates to the app causing some pretty big issues) the game was working pretty much as usual.
That’s because something wonderful happened to ensure that we all got our fill of fictional personal monsters.
In a move so meta it would make Dan Harmon’s head spin, the hackers were hacked themselves by another group of hackers, who appear to view the first set of hackers as the hacks of the hacking world. For the full article click here
from hacker samurai http://ift.tt/2aPJQoM
via IFTTT
Hunting for hackers who make political donations
DELIVERING CYBER CAMPAIGN CASH — Hillary Clinton’s presidential campaign is holding a fundraiser at the Black Hat hacker conference this week in Las Vegas, amid an intense focus on how hackers are affecting the 2016 campaign. For anywhere from $100 to $2,700, donors can mingle on Wednesday with Michael Sulmeyer, a former top Defense Department cyber official who now heads the Harvard Kennedy School’s Belfer Center Cyber Security project (identified as the Clinton Campaign’s cybersecurity working group coordinator); former Homeland Security Department official
Jake Braun (now CEO of Cambridge Global); and Black Hat founder Jeff Moss. Clinton’s cyber/tech platform has been greeted with a mix of praise and condemnation. — SOME READER-SELECTED CON HIGHLIGHTS: Readers shared with us some of their picks for best sessions at Black Hat and DEF CON this week, per MC’s request Monday. One of them: a session with FTC Commissioner Terrell McSweeny and FTC Chief Technologist Lorrie Cranor, where they’ll announce more specific guidance on research about making cyberspace safer for consumers. Another session asks the question, “Does the thought of nuclear war wiping out your data keep you up at night?” (Hat tip to Greg Norcie, staff technologist for the Center for Democracy and Technology, who is giving his own presentation For the full article click here
from hacker samurai http://ift.tt/2aNEnlP
via IFTTT
How Jeep Hackers Took Over Steering And Forced Emergency Stop At High Speed
When Charlie Miller and Chris Valasek hacked a Jeep remotely with a journalist behind the wheel last year, it led to the recall of 1.4 million Fiat Chrysler vehicles. Though their latest attacks on the same 2014 Jeep Cherokee – to be detailed at the Black Hat conference in Las Vegas this week – can’t yet be executed remotely, they’re scary enough. One can control the steering. Another can stop a car mid-drive by tricking the vehicle into turning on the parking brake. Both can be carried out at speed.
Plugged into the Jeep this month, they showed just what was possible, going beyond last year’s hacks that could only take control of such functions at slow speed. Indeed, they managed to hack themselves off the road entirely, requiring road-side assistance from a local. For the full article click here
from hacker samurai http://ift.tt/2aiSwBF
via IFTTT
Syrian dissidents targeted by hackers: U of T’s Citizen Lab
“The operation has many features indicating that the operators may be Iranian,” John Scott-Railton says
The Citizen Lab at the Munk School of Global Affairs at the University of Toronto has revealed a new cyber-espionage operation targeting the Syrian opposition.
Its report, which details how targets were tricked into opening malicious files and links containing malware capable of monitoring computers and Android phones, is making headlines around the world.The operation, which the researchers name Group5, was first uncovered when Syrian opposition politician Noura Al-Ameer received e-mails from “Assad Crimes,” a fictitious group. For the full article click here
from hacker samurai http://ift.tt/2aveG77
via IFTTT
Encryption’s quantum leap: The race to stop the hackers of tomorrow
Quantum computers could — theoretically — solve problems that traditional digital computers find impossible to handle.
That means they could create an enormous security headache if they are used to crack the encryption that currently secures everything from emails and medical records to bank transactions.
As research into quantum computers has progressed in recent years, governments and tech companies have realised that if someone does build a large-scale quantum computer, then a new quantum-resistant form of encryption will need to be ready and waiting.
The National Institute of Standards and Technology (NIST), the US federal agency that oversees technology standards, is now taking the first steps towards developing quantum-resistant crypto. For the full article click here
from hacker samurai http://ift.tt/2aiSgmp
via IFTTT
Monday 1 August 2016
Why threat hunting as-a-service is worth considering, but ‘not a silver bullet’
Accenture and Endgame Inc. seek to detect and remove cyber threats from organizations’ systems, but their solution may be only part of a strong security plan.
Accenture and Endgame Inc. announced Monday a new threat hunting as-a-service program created to identify and remove known and never-before-seen adversaries lurking in an organization’s system.
Accenture offers senior cybersecurity hunters who set out to find latent attackers targeting a company’s intellectual property, business systems, or other assets. Clients do not experience any interruption in day-to-day operations, unlike traditional security approaches, according to a release.
“Today, cyber attackers can circumvent even the most fortified of traditional enterprise defense systems,” said Vikram Desai, managing director of Accenture Analytics. “Rather than building a taller defensive wall, we’re giving our clients the ability to strike first—to stop adversaries before they attack.” For the full article click here
from hacker samurai http://ift.tt/2amAEI0
via IFTTT
Pokémon GO: Hacking Group PoodleCorp Threatens To Take Game Offline Monday
Even while hacking group OurMine took the credit for a DDoS attack on “Pokémon GO” on July 17, bringing down the game’s servers for several hours, another lesser-known hackers’ collective called PoodleCorp claimed it had also launched a DDoS attack on the game’s servers on July 16. While the claim could not be verified, many users had reported problems in reaching the servers that day.
They also put a reminder on their Facebook page that said: “Get ready! A couple of hours till August 1st. #PoodleCorp #PokemonGO.”
The hacking group has come into the limelight recently after it took down some prominent YouTubers, and users on Reddit, participating in a discussion titled “Who is poodlecorp??” did not seem to reach any conclusion behind the group’s motivations.
After the July 16 DDoS attack, Mic spoke with XO who told the website: “We take the servers offline because it is popular right now and nobody can stop us. … We do it because we can, nobody can stop us and we just like to cause chaos. We chose August 1 so we have time to relax and not care about doing anything.” For the full article click here
from hacker samurai http://ift.tt/2aGpW1A
via IFTTT
Subscribe to:
Posts (Atom)