Friday 30 September 2016
Yahoo whodunnit: Mystery surrounds hackers behind massive breach
A week after Yahoo said it was subjected to the worst data breach in history, details about who nabbed info on 500 million email accounts remain sketchy.
At least one firm says it wasn’t a “state-sponsored actor” as Yahoo claimed, but like many things related to hacks, cybersecurity and the dark web, even that claim is impossible to verify.
“The group responsible for the Yahoo hack are cybercriminals,” said Andrew Komarov, chief intelligence officer at InfoArmor. The companyposted a report on Wednesday detailing the involvement of “Group E,” a hacking syndicate that InfoArmor says it has been monitoring in dark corners of the internet for some time.
The FBI is currently investigating the data breach but hasn’t put forward a theory publicly about who is behind it. For the full article click here
from hacker samurai http://ift.tt/2dcwCUM
via IFTTT
FDA data open to hackers, lacks security features
The United States Government Accountability Office (GAO) reported that the public health data is at risk to potential hackers after discovering that the computer systems of the Food and Drug Administration (FDA) lack security features.
The FDA is an agency under the Department of Health and Human Services (HHS). The GAO analyzed the agency’s seven information systems and found a total of 87 weaknesses including in its access controls, configuration management, contingency planning, and media protection. The report indicated that the FDA did not have adequate protection to the boundaries of its network, did not identify and authenticate systems users consistently and did not limit users’ access to the duties that they only required to perform. The agency also failed to encrypt system, audit and monitor system activity consistently and conduct physical security reviews of its facilities. For the full article click here
from hacker samurai http://ift.tt/2dgMeWh
via IFTTT
Thursday 29 September 2016
Yahoo Claims Hackers Are State-Sponsored, But Security Experts Say Criminals Are Behind Data Breach
The massive data breach that Yahoo revealed last week is said by the company to have been carried out by a state-sponsored group. However, an information security firm has refuted the claim, stating that there is no evidence that the hackers acted on behalf of any government.
Yahoo has blamed a “state-sponsored actor” for the security breach that leaked the account information of 500 million users, including names, email addresses, phone numbers, encrypted passwords and security questions. According to Yahoo, the attack occurred in late 2014.
However, Yahoo has not stated how it arrived at the conclusion that the data breach was sponsored by a government, nor has it shown any evidence for such a claim. Yahoo has previously stated that it has systems in place to be able to detect state-sponsored attacks. For the full article click here
from hacker samurai http://ift.tt/2cY2j1L
via IFTTT
Journalists investigating MH17 hacked by Russia-backed Fancy Bear hackers – ThreatConnect
Russia may have attempted to compromise the probe into the downing of Malaysia Airlines flight MH17. Security researchers have uncovered that Russia-backed hackers Fancy Bear, hacked a group of citizen investigative journalists called Bellingcat, who are considered vital contributors to the international probe into the downing of the flight over Ukraine in 2014. Bellingcat was also found targeted by a self-styled Russian hacktivist group called CyberBerkut, which experts believe is yet another “front for Moscow”.
Security researchers at cybersecurity firm ThreatConnect uncovered that Bellingcat journalists were first targeted in 2015 by an elaborate and massive spear-phishing campaign, which had distinctive and consistent similarities with Fancy Bear “tactics, techniques, and procedures”. Bellingcat was again attacked in February 2016 by CyberBerkut, which saw the Bellingcat website defaced and personal information of Russia-based contributor Ruslan Leviev leaked online.
Alarmingly, ThreatConnect’s analysis into Fancy Bear’s activities led them to uncover suspected links between the hacker group and CyberBerkut, the online persona Guccifer 2.0, who recently rose to fame during thecontroversial DNC (Democratic National Committee) hack as well as the leak site DCLeaks.
For the full article click here
from hacker samurai http://ift.tt/2dmQyFx
via IFTTT
Wednesday 28 September 2016
Russian Hackers Might Have Gotten Into US Democratic Smartphones, Too
According to the report, elected officials may be among those targeted by the attacks. Mobile phones are full of vital information hackers could be seeking, and they also include a variety of real-time information like GPS coordinates, as well as hijackable hardware like microphones and cameras. A hacked phone is effectively a fully-featured surveillance device — which says nothing of all the sensitive data that might be on board.
And it wouldn’t be the first time. Just last month, security researchers revealed that a hacking-for-hire firm from Israel had managed to totally compromise an iPhone with just a smile text message. This despite the fact that the iPhone is considered one of the most secure devices available. Apple quickly pushed a security update to patch the vulnerability, but the fact remains that phones, even secure ones, are eminently hackable.
The actual extent of the attack on US democratic officials is still unknown.
Democratic staffers have been targets for some time now. Last week, a White House staffer who helps manage press for First lady Michelle Obama had his Gmail account hacked and leaked online. For the full article click here
from hacker samurai http://ift.tt/2cKyuEo
via IFTTT
Defending Against Hackers Took a Back Seat at Yahoo, Insiders Say
SAN FRANCISCO — Six years ago, Yahoo’s computer systems and customer email accounts were penetrated by Chinese military hackers. Google and a number of other technology companies were also hit.
The Google co-founder Sergey Brin regarded the attack on his company’s systems as a personal affront and responded by making security a top corporate priority. Google hired hundreds of security engineers with six-figure signing bonuses, invested hundreds of millions of dollars in security infrastructure and adopted a new internal motto, “Never again,” to signal that it would never again allow anyone — be they spies or criminals — to hack into Google customers’ accounts.
Yahoo, on the other hand, was slower to invest in the kinds of defenses necessary to thwart sophisticated hackers that are now considered standard in Silicon Valley, according to half a dozen current and former company employees who participated in security discussions but agreed to describe them only on the condition of anonymity. For the full article click here
from hacker samurai http://ift.tt/2dk3rfU
via IFTTT
Tuesday 27 September 2016
Hackers created a $30 DIY version of the EpiPen
The EpiPen is a potentially life-saving device for those with severe allergies or asthma. The problem is that it costs $600 in the US.
For those with or without respiration woes, the EpiPen represents what’s wrong with drug manufacturing nationally, namely high prices and manufacturer monopolies. Mylan, maker of the EpiPen, raised the device’s price 300% in seven years from 2009 to 2016, mostly because it could.
Now, a collective of doctors called Four Thieves Vinegar is offering a free online guide on how to make an “EpiPencil” for just $30—5% of the price Mylan charges for its patented pens. That’s a bargain but it’s also potentially dangerous for patients to engage in unregulated drug-making. For the full article click here
from hacker samurai http://ift.tt/2d6Jsmt
via IFTTT
Hackers attack Royal Cornwall Hospital at Treliske and hold bosses to ransom over stolen information
Cyber criminals have made “multiple” attacks on Cornwall’s main hospital in the past year with repeated attempts to hold health bosses to ransom by stealing sensitive information. According to a Freedom of Information (FoI) request, the IT system of the Royal Cornwall Hospitals Trust (RCHT) was once infected ransom-ware, a type of malicious software designed to block access to a computer system until a sum of money is paid.
At one point between 2012 and 2016, the RCHT’s IT system was infected with ransom-ware, a malicious programme which can result in the lock down of an entire network which will not be released until a sum of money is paid.
The spokesman for the trust said the IT infection was resolved by the trust’s in-house team of software engineers and that police were not informed as the problem was solved.
The RCHT has confirmed that it has both end-point and anti-virus software installed on its computers. For the full article click here
from hacker samurai http://ift.tt/2dzuzMa
via IFTTT
Monday 26 September 2016
The U.S. Scores Its First Terror-Related Hacking Conviction In The War Against ISIS
ISIS’ global battles show no signs of slowing amid reports that the militant group planned the Paris attack to be even bloodier than the 130 deaths of the executed massacre. Recent reports suggest that 40 ISIS operatives who assisted in the Paris attack are still at large in Europe, and the group has claimed smaller-scale (though no less tragic) attacks like the recent Minnesota mall stabbing around the world. A high-ranking spokesperson was recently killed in Syria, but the U.S. government is also fighting a root cause of ISIS’ rise — the use of technology in aiding the Islamic State.
The Justice Department’s website explains the first U.S. conviction on terror-related hacking charges. Ardit Ferizi pleaded guilty to several acts, including gaining system-administrator level access to a server that held names of military and other government personnel. He used this information to help ISIS by culling 1,300 hacking victims into a hit list:
Ardit Ferizi, aka Th3Dir3ctorY, 20, a citizen of Kosovo, was sentenced today to 20 years in prison for providing material support to the Islamic State of Iraq and the Levant (ISIL), a designated foreign terrorist organization, and accessing a protected computer without authorization and obtaining information in order to provide material support to ISIL. For the full article click here
from hacker samurai http://ift.tt/2dcYNUE
via IFTTT
Sberbank Proposes Shielding Skeptical Russia Rivals From Hackers
A wall of screens blinks with dozens of data incidents at Sberbank PJSC’s cybersecurity war room that monitors 16,000 branches across Russia. An ex-employee’s ID used to enter the system — a level 3 threat. An ATM catches a virus after it’s serviced — level 9. A level 10 threat, the equivalent of a Code Red, would be if the bank’s ATM network became infected.
Now the country’s biggest lender wants to bring other Russian banks under its digital umbrella, a move some analysts say may give it an unfair competitive advantage. State-owned Sberbank is cooperating with the Federal Security Service while the lender crafts a nationwide cybershield for use by other financial bodies that it says are woefully unprepared to fight off hackers.
“As a rule, what usually happens is this: they beg us to come, help, and clean it up,” Stanislav Kuznetsov, Sberbank’s deputy chief executive in charge of cybersecurity, said of other financial institutions in an interview. “We come and clean it up, but there are times when the very next day they’re infected again.” For the full article click here
from hacker samurai http://ift.tt/2cOU4VP
via IFTTT
Saturday 24 September 2016
Smart meter hackers could turn off lights
New questions have emerged over an £11 billion project to install smart energy meters in every British home, after experts warned that hackers could use the devices to shut down the nation’s electricity supplies.
Just a day after business leaders branded the project a waste of money, a report on the meters from MPs on the Commons science and technology committee pointed to serious cybersecurity concerns. About 3.6 million of the meters, which measure household electricity and gas consumption in real time, have already been installed. A further 50 million are due to be in place before the end For the full article click here
from hacker samurai http://ift.tt/2cL1ERu
via IFTTT
Hackers swipe 3,000 private pics from Pippa Middleton
Hackers have stolen around 3,000 of Pippa Middleton’s private photographs from her iCloud account, according to the London Sun.
Representatives for Middleton told the paper that pictures of her and fiancé James Matthews — as well as private shots of her sister and brother-in-law, the Duke and Duchess of Cambridge, and their children, George and Charlotte — have been offered to publications for sale.
Another British publication said the pictures — which are being hawked by a man calling himself “Mas” — include snaps of parties, wedding dresses and “pretty much everything in between.” For the full article click here
from hacker samurai http://ift.tt/2cQ5nzh
via IFTTT
Friday 23 September 2016
iPhone Hackers Say Apple Weakened Backup Security With iOS 10
Professional iPhone hackers say that Apple AAPL -0.10% has dropped the ball on password security with its latest iPhone operating system, making the task of cracking the logins for backups stored on a Mac or PC considerably easier.
The claim comes from Elcomsoft, a well-known Russian forensics company, whose kit was thought to have been used by hackers who exposed celebrities’ nude pictures in 2014. Like market leaderCellebrite, it makes its money selling kit that can break into iPhones for the purpose of rooting around a target’s device. As soon as iOS 10 was out, the company started probing its security, and found Apple was using a weaker password protection mechanism for manual backups via iTunes than it had done previously.
Thanks to Apple’s mistake, Elcomsoft said it could potentially guess backup passwords 40 times faster using CPU acceleration when compared to the speedier GPU-powered cracking in iOS 9. When using the same Intel INTC -0.63% i5 CPU for cracking efforts, it was an astonishing 2500 times faster, with 6 million password guesses per second compared to just 2,400. The company thinks it has an 80 to 90 per cent chance of successfully getting the right password with its tools, which can be bought by anyone, not just the cops. For the full article click here
from hacker samurai http://ift.tt/2d67znl
via IFTTT
Hackers publish apparent scan of Michelle Obama’s passport
The White House says it is investigating a “cyber breach” after what appeared to be a scan of Michelle Obama’s passport was published online.
The scan appeared to have been taken from a Gmail account belonging to a White House employee, a spokesman said.
Other confidential information was published online, including travel details, names, social security numbers and birth dates of members of staff.
The White House said it had not yet verified the documents.
DCLeaks.com, a hacker group which last week published personal emails from an account belonging to former US Secretary of State Colin Powell’s emails, claimed responsibility for the hack.
The US attorney general, Loretta Lynch, said the incident was “something that we are looking into”. White House press secretary Josh Earnest said the breach “should be a wake-up call for all of us”. For the full article click here
from hacker samurai http://ift.tt/2d66FYb
via IFTTT
Thursday 22 September 2016
Hackers Able To Control Tesla S Systems From Twelve Miles Away
Over the last few years, we’ve well documented the abysmal security in the internet of things space. And while refrigerators that leak your Gmail credentials are certainly problematic, the rise in exploitable vehicle network security is exponentially more worrying. Reports emerge almost monthly detailing how easy it is for hackers to bypass vehicle security, allowing them to at bestfiddle with in-car systems like air conditioning, and at worst take total control of a compromised vehicle. It’s particularly problematic given these exploits may take years to identify and patch.
Enter Tesla, which, while indisputably more flexible in terms of technology, finds itself no less vulnerable to being embarrassed. Reports this week emerged that Chinese white hat hackers discovered a vulnerability in the Tesla S series that allowed an intruder to interfere with the car’s brakes, door locks, dashboard computer screen and other electronically controlled systems in the vehicle. In a video, the hackers demonstrated how they were able to target the vehicle’s controller area network, or CAN bus, from up to twelve miles away:
Fortunately in this instance, the attack required a fairly strict set of circumstances, including fooling the car’s owner into first connecting the vehicle to a malicious hotspot — while the car’s internet browser was in use. Also, unlike some vulnerabilities, which have taken traditional automakers up to five years to patch in the past, the researchers said in a blog post that Tesla was quick to update the car’s firmware and fix the vulnerability:
“Keen Security Lab appreciates the proactive attitude and efforts of Tesla Security Team, leading by Chris Evans, on responding our vulnerability report and taking actions to fix the issues efficiently. Keen Security Lab is coordinating with Tesla on issue fixing to ensure the driving safety of Tesla users.” For the full article click here
from hacker samurai http://ift.tt/2cTl7SN
via IFTTT
$100 Spent By Hackers While $1.3M For FBI In Unlocking An iPhone
Surprising as it may seem, but it is true. A researcher demonstrated how to unlock an iPhone password by spending just around $100. This is contradictory to the amount that the FBI spent in unlocking one, used by a shooter in San Diego – which is approximately $1.3 million. In comparison, the amount spent by the hacker is only a little percentage of the amount FBI used in their investigation.
As cited in The Guardian, a computer scientist from Cambridge University stated that an iPhone could be hacked by buying items that are low in price and could be seen easily.
The process of hacking was made through NAND Mirroring. Sergei Skorogobatov countered the statement of James Comey, an FBI Director, saying that the process is feasible and it is possible to crack information of any iPhone item up to Apple’s iPhone 6.
He released a video and a paper regarding the entire process. Skorogobatov’s video implied that there are 10,000 possible combinations that can be examined in just an estimated time of 41 hours or less than two days. For the full article click here
from hacker samurai http://ift.tt/2d3CiQj
via IFTTT
Wednesday 21 September 2016
As Elections Loom, Officials Debate How to Protect Voting From Hackers
AS THE UNITED States barrels toward November elections, officials are still looking for last-minute fixes to ensure that the patchwork of voting technology used around the country can fend off the increasingly troubling prospect of hacker attacks. And in the latest of those efforts, Georgia representative Hank Johnson is set to introduce two bills today designed to shore up that fragile system’s security.
The Election Infrastructure and Security Promotion Act of 2016 would mandate that the Department of Homeland Security classify voting systems as critical infrastructure, and the Election Integrity Act would limit which voting machines states can buy and also create a plan for handling system failures. The bills reflect a growing debate about whether designating voting tech as critical infrastructure(like the public water supply, energy systems, transportation, communication grid, and the financial sector) would help to secure the U.S.’s highly decentralized voting setup. In the wake of the Democratic National Committee breach and increasingly brazen Russian cyberespionage attacks, concern is mounting about the potential for election hacking in the 2016 presidential race and beyond. Voting registries and election board websiteshave been compromised, security researchers have shown that electronic voting machines are vulnerable, and agencieslike the FBI are on alert. For the full article click here
from hacker samurai http://ift.tt/2d8pNSv
via IFTTT
Serious Vulnerability Could Have Allowed Hackers to Hijack Any Facebook Page
A security researcher earned $16,000 from Facebook after discovering a serious vulnerability. If known, hackers could have exploited this flaw to hijack any Facebook page.
Facebook Pages are now used by every small and big organization, celebrities and even publications. Facebook’s free tool known as Facebook Business Manager allows page owners to manage advert accounts, apps, pages, and people who work on these pages. Business Manager allows people to access their organization’s Pages and ads without sharing login information.
Identified by Arun Sureshkumar, the flaw affected Facebook Business Manager. If exploited, anyone could have added any Facebook Page to their Facebook Business Manager account with Manager rights. They could have deleted the page, changed it, or shared whatever they wanted using the forum. For the full article click here
from hacker samurai http://ift.tt/2cJYDWJ
via IFTTT
Tuesday 20 September 2016
Car hackers found a way to trigger a Tesla’s brakes from miles away
A group of security researchers have found a way to remotely hack into Tesla cars and play havoc with their settings — unlocking doors, adjusting chairs, triggering indicator lights, and even activating the brakes from miles away.
The Chinese research team, from the Keen Security Lab at Tencent, first privately disclosed their findings to Tesla, and are only publishing the details now it has been patched.
There’s no evidence that anyone ever maliciously used this vulnerability to target Tesla cars — but it’s still a terrifying reminder of the risks that face internet-connected vehicles.
How did it work? According to a statement Tesla provided to The Verge, the targeted vehicle needed to be connected to a malicious Wi-Fi network, and using the web browser. If it is, then the hacker can take control — no physical access to the vehicle required. It affected vehicles including the Model S, that used (then-)up-to-date firmware. For the full article click here
from hacker samurai http://ift.tt/2cAnoPO
via IFTTT
Hackers claim they breached Aussie point-of-sale tech firm, try to sell ‘customer DB’
Exclusive Hackers are claiming to have hacked Australian point-of-sale technology (PoS) company H&L Australia, and have been claiming to potential buyers that they had lifted its customer database. They were already offering it for sale for AU$22,000 ($16,580, £12,723) more than two months ago.
If indeed they have hacked into H&L, credit card data and personal information would potentially be at risk: the firm’s clients include several major retailers.
The Register received information about an alleged breach at H&L Australia two weeks ago, plus the credentials required to access what was alleged to be an active backdoor on the company’s network and an open public link to a large SQL database dump.
We immediately reported this to CERT Australia, which offers assistance to compromised businesses. For the full article click here
from hacker samurai http://ift.tt/2d8d8n9
via IFTTT
Monday 19 September 2016
Local school website hacked, filled with ‘racist and hate-filled speech’
COLUMBUS (WCMH) — In a letter sent to students and parents Sunday evening, Principal Mike Winters reported that the school website for Bishop Hartley High School was affected by a nationwide hack to school calendar vendor,OneSchoolStreet.com.
The vendor, out of Missouri, was hacked and ‘racist and hate-filled’ rhetoric was sent through email and on pages of online calendars that contract the vendor.
Bishop Hartley Administration contacted OneSchoolStreet.com CEO, Mike Mansker with the information and the feed from that website to Bishop Hartley’s school website has been disabled. It will remain that way until an investigation into the national hack is complete.
Other schools throughout the country were affected by the hack as well, according to the letter. For the full article click here
from hacker samurai http://ift.tt/2d5g7MT
via IFTTT
Hackers is launching today, a multiplayer darknet cyberwarfare simulator by Trickster Arts
Hackers is a multiplayer cyberwarfare strategy game where users have to build a network and carry out various kinds of hacks around the world. Hackers is developed by Indie game studio Trickster Arts made up of AAA veterans who have previously worked on games such as Mafia II and Hero of Many. Hackers has been in Closed Beta since April this year, and the game has seen a steady stream of improvements and new feature additions since then.
The futuristic interface is called Ergo
The interface is like a mashup of Plague Inc and Uplink. There are joke news in the top bar that celebrates technology in general and information security in particular. Just reading through these jokes in the world screen can occupy all your time. Users can come across different kind of missions here, including security, activism and terrorist missions. For the full article click here
from hacker samurai http://ift.tt/2cxxYqN
via IFTTT
Friday 16 September 2016
How hackers could prey on election vulnerabilities
JUDY WOODRUFF: This year’s political campaign has a new and different wrinkle. Cyber-hacking has led to regular public releases of documents and private e-mails involving the political parties and key players.
The Democrats are the most frequent targets. But it’s not only them.
The list of election season cyber-attacks is growing. The latest target, former Secretary of State Colin Powell. A trove of his e-mails appeared online this week after his personal account was hacked. In one referring to GOP nominee Donald Trump and black voters, Powell wrote, “He takes us for idiots.”
Another referred to Democrat Hillary Clinton as greedy, not transformational. The messages were posted on a site that’s reportedly an outlet for hackers tied to Russia.
Clinton today did blame the Russians. The White House wasn’t saying For the full article click here
from hacker samurai http://ift.tt/2cDym6F
via IFTTT
FBI trying to build legal cases against Russian hackers: sources
The Federal Bureau of Investigation is intensifying efforts to find enough evidence to enable the Justice Department to indict some of the Russians that U.S. intelligence agencies have concluded are hacking into American political parties and figures, U.S. law enforcement and intelligence officials said on Thursday.
Building legal cases is difficult, largely because the best evidence against foreign hackers is often highly classified, they said. Still, some White House and State Department officials think legal action is the best way to respond to what they said are growing Russian attempts to disrupt and discredit the November elections, without sparking an open confrontation with Russian President Vladimir Putin.
“Doing nothing is not an option, because that would telegraph weakness and just encourage the Russians to do more meddling, but retaliating in kind carries substantial risks,” said one U.S. official involved in the administration’s deliberations. For the full article click here
from hacker samurai http://ift.tt/2cO8qYl
via IFTTT
Thursday 15 September 2016
Inside look at the race to outsmart hackers
Russian hackers released Wednesday night another batch of Olympians’ medical records stolen from the World Anti-Doping Agency, including information on 10 American athletes.
That and other breaches at the DNC, state election systems and an alleged NSA hack raise concerns about vulnerabilities in U.S. computer networks.
Servers often contain account numbers, medical records and other sensitive information collected by businesses and government agencies, making them targets for hackers. According to one security expert, cybercrime is now more lucrative than the illicit drug trade, reports CBS News correspondent Michelle Miller. For the full article click here
from hacker samurai http://ift.tt/2caEa6W
via IFTTT
Cozy Bear Explained: What You Need to Know About the Russian Hacks
From Colin Powell to Venus Williams, from the White House to the Democratic National Committee, Americans have been under attack from hackers who U.S. officials believe are tied to the Russian government. The Internet intrusions and data dumps have sowed embarrassment and alarm and raised questions about the safety of our national secrets and even our presidential election.
Here’s a look at what we know about the hacks, who is behind them and what might be coming next.
How worried is the NSA about the hacking?
A wide range of intelligence and law enforcement officials have told NBC News that the recent attacks and the threat of escalation are what keep them up at night, especially the question of what other systems might be penetrated.
Lisa Monaco, the top White House adviser on homeland security, said at a conference on Wednesday that the U.S. is responding to the Russian cyberattacks with the same framework it uses to combat terrorism. For the full article click here
from hacker samurai http://ift.tt/2caEnY1
via IFTTT
Wednesday 14 September 2016
Colin Powell Calls Trump a ‘National Disgrace’ in Hacked Emails
Former Secretary of State Colin Powell blasted Donald Trump as a “national disgrace” and “international pariah” in a personal email exchange that was leaked online by hackers.
Powell, a retired 4-star general and a Republican, confirmed the authenticity of the emails to NBC News.
“The hackers have a lot more,” he added.
The contents of the emails were first reported by Buzzfeed News. It said the messages had been obtained by the website DCLeaks.com which MSNBC reported is rumored to have ties to Russian intelligence services.
Powell called Trump a “national disgrace” and “international pariah” in a June 17 email to a former aide, saying the Republican presidential contender was “in the process of destroying himself, no need for Dems to attack him.” For the full article click here
from hacker samurai http://ift.tt/2cat6M9
via IFTTT
Russian hackers leak Venus Williams’ and other Olympians’ medical data
GENEVA — Confidential medical data of gold medal-winning gymnast Simone Biles, seven-time Grand Slam champion Venus Williams and other female U.S. Olympians was hacked from a World Anti-Doping Agency database and posted online Tuesday.
WADA said the hackers were a “Russian cyber espionage group” called Fancy Bears.
They revealed records of “Therapeutic Use Exemptions” (TUEs), which allow athletes to use otherwise-banned substances because of a verified medical need.
Williams, who won a silver medal in mixed doubles at the Rio Olympics last month, issued a statement via her agent in which she said she was granted TUEs “when serious medical conditions have occurred,” and those exemptions were “reviewed by an anonymous, independent group of doctors, and approved for legitimate medical reasons.” For the full article click here
from hacker samurai http://ift.tt/2c8zKgR
via IFTTT
Tuesday 13 September 2016
Critical zero-day vulnerabilities in MySQL allow hackers to takeover your servers
After Apple, cybersecurity researchers have now uncovered two zero-day vulnerabilities in the biggest open-source database management application, MySQL. These vulnerabilities can allow hackers to inject malicious code and take over your databases. This vulnerability could prove fatal for most businesses whose data is connected and stored in one or the other databases.
The zero-day vulnerabilities, CVE-2016-6662 and CVE-2016-6663, uncovered by independent Polish security researcher Dawid Golunski affects all of the currently supported versions of the software. It not only affects the default configuarations of MySQL, but other database vendors, MariaDB and PerconaDB, who’ve used MySQL engine in the past as well.
The vulnerabilties can be exploited by both local and remote attackers, but they do require authentication access to the MySQL database via a direct network connection or web interfaces such as phpMyAdmin. For the full article click here
from hacker samurai http://ift.tt/2coxCVw
via IFTTT
Centrify’s Survey Finds Consumers More Concerned with Financial Data Getting Hacked than Private Information about Their Families Being Exposed
SANTA CLARA, Calif.–(BUSINESS WIRE)–Centrify, the leader in securing enterprise identities against cyberthreats, today released findings from its 2016 Consumer Trust research study that examined consumer attitudes toward hacking, including what information people most fear being hacked, how often consumers change their passwords and how aware they are when a hack does occur.
The online study, commissioned by Centrify, found that people are most fearful of their credit cards or bank statements being hacked, with 78 percent of Americans and Germans ranking it a top concern. That number is even higher in the U.K., where 85 percent of residents rank credit card and bank data as their biggest hack concern.
The study, which surveyed 2,400 people across the U.S., U.K. and Germany, also found that consumers are very concerned about their financial investment information falling prey to hackers, with 58 percent in the U.S., 56 percent in the U.K. and 43 percent in Germany citing it as a top concern. This is followed by health and medical records, with 46 percent in the U.S., 45 percent in the U.K. and 48 percent in Germany saying they are most fearful of this information being hacked. By contrast, consumers are less worried about their family information falling into the hands of hackers, with just 44 percent in the U.S., 41 percent in the U.K. and 43 percent in Germany citing this as a top concern. For the full article click here
from hacker samurai http://ift.tt/2coyedu
via IFTTT
Monday 12 September 2016
GoldieBlox launches YouTube series to teach girl how to customise their toys
Called Toy Hackers, the show will be hosted by video blogger Simone Giertz who has risen to online fame by building and testing various robots.
GoldieBlox has launched a new YouTube series designed to teach kids how to customise their own toys.
Called Toy Hackers, the show will be hosted by video blogger Simone Giertz who has risen to online fame by building and testing various robots.
The show will follow a group of female engineers known as Toy Hackers Secret Society as they assign action figures tasks that involve solving everyday problems with new inventions.
Each episode will include a step-by-step guide to building the creations featured on the show. For the full article click here
from hacker samurai http://ift.tt/2cyyQjk
via IFTTT
Million Dollar DDoS Tool Hacked
A ‘booter’ service designed to simplify DDoS attacks has been hacked and the details of its paying customers revealed, it has emerged.
Researcher Brian Krebs revealed the news in a blog post, claiming the vDOS tool had made its Israeli owners around $600,000 in two years.
During that time, the service has been prolific – accounting for the majority of DDoS attacks on the internet, he claimed.
“And in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years’ worth of attack traffic,” Krebs continued.
“Let the enormity of that number sink in for a moment: That’s nearly nine of what I call “DDoS years” crammed into just four months. That kind of time compression is possible because vDOS handles hundreds — if not thousands — of concurrent attacks on any given day.” For the full article click here
from hacker samurai http://ift.tt/2cD9H47
via IFTTT
Saturday 10 September 2016
Two Hackers Arrested Yesterday for Hacking U.S. Officials, and Government Systems
Two hackers were placed under arrest for hacking several senior U.S. government officials as well as U.S. government computer systems. Andrew Otto Boggs, or INCURSIO, and Justin Gray Liverman, aka D3F4ULT, were arrested yesterday on hacking charges. Both suspects are from North Carolina.
According to the charges documents, Boggs and Liverman conspired with other members of a hacking group called Crackas with Attitude. The group used social engineering to gain unlawful access to the online accounts of U.S. government officials, families, as well as computer systems. The group also defaced victim’s social media accounts, made threatening phone calls to victims as well as family, and posted private information on public websites. Police are saying that over three other members of the hacking group live in the U.K, and the Crown Prosecution Service is investigating.
Initial appearances in Alexandria Federal Court House are scheduled for next week. U.S. Magistrate Judge Theresa Carroll Buchanan will be residing over the case. Dana J. Boente, U.S. Attorney for the Eastern District of Virginia, Paul M. Abbate, Assistant Director in Charge of the FBI’s Washington Field Office, and Brian J. Ebert, Special Agent in Charge of the U.S. Secret Service’s Washington Field Office, made the announcements after Boggs and Liverman were apprehended. For the full article click here
from hacker samurai http://ift.tt/2cNLWZs
via IFTTT
Oliver Stone ‘stayed off the grid’ to avoid hackers targeting his Edward Snowden film
Film director Oliver Stone has said he “stayed off grid” during the making of his new biopic on Edward Snowden over concerns that hackers could target the film.
The double Oscar winner used encrypted messages to communicate with colleagues during the filming of Snowden, which tells the story of how the NSA whistleblower leaked details of mass government surveillance in 2013.
At the movie’s premiere in Toronto, Oliver said: “The NSA is worldwide, the ability to intercept, to harm. Anything could happen. We’ve still not opened the film. It could get hacked tomorrow. For the full article click here
from hacker samurai http://ift.tt/2cBWEPe
via IFTTT
Friday 9 September 2016
FBI arrests alleged members of Crackas With Attitude for hacking US gov’t officials
The FBI has arrested two men believed to be part of the “Crackas With Attitude” group which hit the headlines last year after leaking information on thousands of government officials to the public.
On Thursday, the US Department of Justice (DoJ) revealed the arrest of two alleged members of a hacking group which took responsibility for targeting the communications and online accounts of thousands of US government figures.
The first alleged member of the Crackas With Attitude group is Andrew Otto Boggs, also known as “Incursio,” a 22-year-old from North Carolina. The second alleged member of the group to be collared by law enforcement is 24-year-old Justin Gray Liverman, also known as “D3f4ult,” who was arrested in Morehead City, North Carolina. For the full article click here
from hacker samurai http://ift.tt/2bXLZNe
via IFTTT
ALMELO MUNICIPALITY HACKED: 20 GIGS OF DATA STOLEN
Hackers managed to break into the municipality of Almelo’s servers and steal some 20 gigabytes of data. The exact data stolen is unclear, though it is “almost certain” that personal information was among it, according to NU.nl.
According to Tubantia, the leak was reported to privacy watch dog Personal Data Authority. It is unclear who was behind the hack. The hackers seemed to gain access to the servers through systems of Werkplek Twente – a partnership between benefits agency UWV and the municipality of Twente aimed at finding work for people on disability.
How long the hackers had access to the system is unclear. The hack was discovered accidentally – the Almelo municipality does not monitor data traffic on a structural basis. For the full article click here
from hacker samurai http://ift.tt/2bZfpiO
via IFTTT
Thursday 8 September 2016
The best defense against Russian hackers may be our low-tech elections
Just because you’re paranoid doesn’t mean that they aren’t out to get you. But by the same token, just because they’re out to get you doesn’t mean you need to be paranoid.
Donald Trump had already set us on a dark conspiracy pathway this election season, when he announced in August that the only way he could lose Pennsylvania was “if, in certain sections of the state, they cheat.”
The system, the Republican presidential candidate has testified repeatedly, is rigged.
Now comes the news that U.S. intelligence and law enforcement agencies have launched an inquiry into what they think is a covert Russian operation to sow public distrust in the November presidential election. For the full article click here
from hacker samurai http://ift.tt/2bUPunQ
via IFTTT
Hacked Dropbox Data of 68 Million Users Is Now for Sale on the Dark Web
Email and password data for more than 68 million Dropbox users is for sale in the darknet marketplace.
The data set, which is from a 2012 breach, includes users’ email addresses as well as obscured passwords. The nearly 5 gigabytes of data represents one of the larger user credential leaks in recent years. Its price is reportedly being set at two bitcoins, the equivalent of about $1,141 US dollars, by a data trafficker on the darknet website TheRealDeal. There are no reports that the dataset has been successfully sold yet.
Dropbox quietly announced the 4-year-old breach last week when it sent out a note to affected users informing them that they would be proactively resetting their passwords. They informed users that their accounts were being reset because the company had been notified about a possible threat. But the full extent of the massive breach was reported by Motherboard and confirmed by an unnamed senior Dropbox employee several days later. For the full article click here
from hacker samurai http://ift.tt/2bUOkbK
via IFTTT
Wednesday 7 September 2016
Google helps your favorite websites fight hackers
Google’s Safe Browsing initiative already prevents you from accessingshady websites, among other things. Now, the initiative is also making it easier for your favorite online destinations to combat various security issues as soon as they hit. The Safe Browsing console has expanded its Security Issues report to provide website owners with more context and detailed explanations about a particular security problem it finds. That could be any of the six types it can detect, including malware, deceptive pages, and harmful or uncommon downloads.
Besides the detailed reports, the Safe Browsing console now also recommends different courses of action website owners can take, along with sample URLs they can use to unearth the source of the problem. These new features could help website developers fight off hackers and address potential security breaches as soon as possible, which can keep you and your information safe in turn. For the full article click here
from hacker samurai http://ift.tt/2c76He0
via IFTTT
Surefire ways of Defense against Hackers on Social Media
In one of my previous articles I have mentioned the ways of finding out if you’ve been hacked or not; but after reading this, you will find out what appropriate measures to take for defending against hackers on social media.
Too many users of the internet are falling victim to hacking these days, for which this content is all about letting you know the most imminent measures one must consider to regain control over her private information from hackers.
DO NOT PANIC!
This is easy to say, however, extremely difficult to follow when a situation turns crimson. Once you find out your personal account has been hacked, try finding out all the double verification systems you have enabled for stronger security guarding the social media accounts. For the full article click here
from hacker samurai http://ift.tt/2bXCIYS
via IFTTT
Tuesday 6 September 2016
Porn site Brazzers hacked, 800,000 accounts compromised
Another day, and yet another site has fallen prey to hackers putting nearly 800,000 user accounts on porn site Brazzers at risk. While the cyber attack reportedly took place in 2012, the compromised account information have now made it to the dark web. The attack may was aimed at Brazzersforum, but since both sites shared user accounts even those who have not signed up for the forum are potentially at risk. The company has said that it has taken corrective measures, and Brazzersforum has been taken down for maintenance.
The hacked information from Brazzers was first spotted by data breach-monitoring site vigilante.pw, which then passed on the information to Motherboard for verification. According to the site, the hackers were able to get their hands on 790,724 unique email addresses, as well as usernames and passwords stored in plain text.
The total breach contained over 900,000 entries, but the publication says many were duplicates. Brazzers’ forums are used as a platform for users to discuss about videos, porn stars, and also request what scenarios should make it to the next video. While the two sites are different, a Brazzers spokesperson has confirmed that the user account details were shared between the platforms for “user convenience.” For the full article click here
from hacker samurai http://ift.tt/2ccVqOj
via IFTTT
Hackers waiting to prey on mobile banking apps
Banking malware is on the rise, and financial institutions need to be wary of the consequences as they rush out more and more mobile features.
That’s according to Quick Heal Technologies, which released its Q2 Threat Report for 2016, analysing the top malware and virus types affecting Windows and Android users. According to the report, ransomware detection has fallen slightly from the last quarter, but is on a rise compared to last year’s figures.
Predictions made in the report outline that ransomware variants will continue to rise in the coming years as more and more susceptible targets are made available. Ransomware-as-a-Service is also booming, according to the report, with malware authors selling viruses alongside a customisable kit.
Hackers will see the rise in mobile banking apps as a golden opportunity, says the report, with more and more potential victims joining up to services that, if the security isn’t water-tight, could be exploited. For the full article click here
from hacker samurai http://ift.tt/2c0JoEt
via IFTTT
Monday 5 September 2016
Counter voting hacking threat
News that foreign hackers, probably from Russia, accessed computerized voter rolls in Illinois and tried to break into the Arizona state electoral system earlier this year should grab the attention of election officials across the nation.
And that obviously includes South Carolina.
The clear task is to assess and correct vulnerabilities to similar attacks voting begins this fall. The Washington Post reports that two other unnamed states, in addition to Illinois and Arizona, are exploring the possibility that their electoral systems have been hacked. For the full article click here
from hacker samurai http://ift.tt/2bYUIiy
via IFTTT
OurMine hacker group briefly takes over Variety website, spams subscribers with dozens of emails
Entertainment news site Variety was briefly taken over by the infamous hacker group OurMine, the same group responsible for infiltrating several high-profile figures’ social media accounts and media outlets in recent months. On Saturday (3 September) the hacking collective managed to break into Variety’s content management system at approximately 9 am PT and deface the LA-based publication’s site with a post of their own claiming responsibility for the attack.
The group also flooded the site’s email subscribers’ inboxes with dozens of identical emails with the subject “Hacked By #OurMine – Read The post!! [IMPORTANT]” In its latest attack, OurMine gained access to subscribers’ email list and announced their success with their now standard message that they were “just testing your security”. For the full article click here
from hacker samurai http://ift.tt/2cm75WV
via IFTTT
Saturday 3 September 2016
Mission Impossible? FBI wants to be cool enough to recruit hackers
After a series of high-profile cyberattacks against individuals and organisations in the US, the FBI is increasing its efforts to combat cybercrime, including adopting a new approach to recruiting hackers.
The agency has had long-standing issues attracting people from the hacking community to work for them, over staying independent or working in the private sector. But, in a recent speech, FBI director James Comey said the agency is now “working very hard” to “be a whole lot cooler than you may think we are”, in efforts to get people with cyberattack and cyberdefence skills to work for them. Comey said that the FBI is looking to staff its cyberattack response teams, specifically the Cyber Threat Team and the Cyber Act Team (CAT) – which he called the “fly team” – who are deployed “at a moment’s notice” to provide on-location support during investigations. For the full article click here
from hacker samurai http://ift.tt/2bXJ0oQ
via IFTTT
Newly discovered router flaw could let remote hackers hijack and monitor your home internet connection
Security experts have discovered a critical new router vulnerability in some models of Inteno home routers that could allow remote malicious hackers to hijack the device and monitor all the internet traffic passing through it. According to F-Secure researchers, the flaw allows an attacker to install their own firmware to the device with back doors and other features to take complete control over the device.
If exploited, the remote hacker would potentially be “able to listen in on unencrypted traffic going through the router, not just device-to-internet, but device-to-device inside the home; as well as manipulate the victim’s browsing sessions by redirecting to malicious sites,” the researchers said While a router device usually receives firmware updates from the server associated with the user’s internet service provider (ISP), the vulnerable Inteno router models in this case do not validate the Auto Configuration Server (ACS) certificate (CWE-295). For the full article click here
from hacker samurai http://ift.tt/2bXJb3H
via IFTTT
Friday 2 September 2016
Hackers Can Control Your Home Internet Connections
F-Secure researchers have uncovered a critical vulnerability in some models of Inteno home routers that, if exploited, is severe enough to allow an attacker complete control over the victim device and the Internet traffic traveling through it. The finding highlights the security challenges plaguing consumer routers.
The vulnerability allows an attacker to install their own firmware to the device, which would still work as before, but with back doors and other unwanted features. An attacker exploiting the flaw would be able to listen in on unencrypted traffic going through the router, not just device-to-internet, but device-to-device inside the home; as well as manipulate the victim’s browsing sessions by redirecting to malicious sites.
“By changing the firmware, the attacker can change any and all rules of the router,” says Janne Kauhanen, cyber security expert at F-Secure. “Watching video content you’re storing on another computer? So is the attacker. Updating another device through the router? Hopefully it’s not vulnerable like this, or they’ll own that too. Of course, HTTPS traffic is encrypted, so the attacker won’t see that as easily. But they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine.” For the full article click here
from hacker samurai http://ift.tt/2c06GLw
via IFTTT
Putin: I don’t know US Democrats hackers
Russian President Vladimir Putin said he did not know who was behind the hacking of US Democratic Party organisations but the information uncovered was important, Bloomberg news agency reports.
In an interview two days before a G20 meeting in China with US President Barack Obama and other world leaders, Putin said it might be impossible to establish who engineered the release of sensitive Democratic Party emails but it was not done by the Russian government.
“Does it even matter who hacked this data?” Putin said. “The important thing is the content that was given to the public.”
“There’s no need to distract the public’s attention from the essence of the problem by raising some minor issues connected with the search for who did it,” he added.
“But I want to tell you again, I don’t know anything about it, and on a state level Russia has never done this.” For the full article click here
from hacker samurai http://ift.tt/2cvEmDz
via IFTTT
Thursday 1 September 2016
Russian hackers may have just done American voters a favor
How’s this for irony: The same Obama administration that has steadfastly opposed “racist” voter ID laws may declare the electoral system a “critical infrastructure” in an effort to prevent unauthorized tampering — proving once again that even liberals can recognize the difference between rhetoric and reality when the stakes are high enough.A cynic might suggest the Department of Homeland Security
wouldn’t be investigating if election databases in Illinois and Arizona had been hacked by LaRaza instead of, possibly, Russians. But Homeland Security Secretary Jeh Johnson’s suggestion that the integrity of elections is a national interest as critical as the power grid or financial sector is welcome nevertheless because it will undermine all future self-serving impulses to claim just the opposite.”People have asked, ‘Why not Internet voting?’ This is why,” said Allen County director of elections Beth Dlug,
who is confident local results can be trusted because voting machines operate independently, are not connected to the Internet and contain their own internal auditing system. “If you ought to have 20 votes and you have 120, you know something’s happening,” she said. The use of a variety of machines among the 9,000 American jurisdictions holding elections also makes it difficult to influence results on a wide basis, she added. For the full article click here
from hacker samurai http://ift.tt/2cbL11g
via IFTTT
Hackers Had Access to OneLogIn Data for More Than a Month
Just as password managers were having a good moment in the wake of the Dropbox breach revelations, OneLogIn, the single sign-on company, threw cold water on it all with an admission of a compromise of its own.
The company announced that an incursion gave hackers access to cleartext notepads for a segment of its 12 million users (it didn’t specify an exact number) for at least a month. The perpetrators had access to the files from “at least” July 25 to Aug. 25, and possibly had access as early as July 2.
Secure Notes is used by end users who can use it to store information. These notes are stored in the system using multiple levels of AES-256 encryption. However, a bug (now patched) caused these notes to be visible in OneLogIn’s logging system prior to being encrypted and stored in its database.
James Romer, chief security architect for Europe at SecureAuth, told us via email that the breach has, potentially, far-ranging consequences. For the full article click here
from hacker samurai http://ift.tt/2cbKJrn
via IFTTT
Subscribe to:
Posts (Atom)