The Shadow Brokers hacker group is back, releasing message 5 - trick or treat. This time, instead of releasing Equation Group exploit tools, the group dumped a list of servers allegedly compromised by the NSA-linked Equation Group.As usual, the Shadow Brokers included a slaughtered-English rambling message that primarily focused on the upcoming elections. One portion reads:
TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016.To read this article in full or to leave a comment, please click here
The Shadow Brokers hacker group is back, releasing message 5 - trick or treat. This time, instead of releasing Equation Group exploit tools, the group dumped a list of servers allegedly compromised by the NSA-linked Equation Group.As usual, the Shadow Brokers included a slaughtered-English rambling message that primarily focused on the upcoming elections. One portion reads:
TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016.To read this article in full or to leave a comment, please click here
After seeing reports that the Justice Department is “furious” at FBI Director Comey for telling Congress about new emails potentially related to Hillary Clinton’s private email server and if she disclosed classified information, the Clinton campaign “made it personal” and accused Comey of a smear campaign. Comey, ironically the same FBI guy who recommended no criminal charges for Clinton, is now being treated like her enemy.“It is pretty strange to put something like that out with such little information right before an election,” Clinton said during a rally at Daytona Beach on Saturday. “In fact, it’s not just strange; it’s unprecedented and deeply troubling.” She added, “So we’ve called on Directory Comey to explain everything right away, put it all out on the table.”To read this article in full or to leave a comment, please click here
After seeing reports that the Justice Department is “furious” at FBI Director Comey for telling Congress about new emails potentially related to Hillary Clinton’s private email server and if she disclosed classified information, the Clinton campaign “made it personal” and accused Comey of a smear campaign. Comey, ironically the same FBI guy who recommended no criminal charges for Clinton, is now being treated like her enemy.“It is pretty strange to put something like that out with such little information right before an election,” Clinton said during a rally at Daytona Beach on Saturday. “In fact, it’s not just strange; it’s unprecedented and deeply troubling.” She added, “So we’ve called on Directory Comey to explain everything right away, put it all out on the table.”To read this article in full or to leave a comment, please click here
ForeScout Technologies released an “IoT Enterprise Risk Report” (pdf) which identified seven IoT devices that can be hacked in as little as three minutes: IP-connected security systems, smart HVACs and energy meters, VoIP phones, connected printers, video conferencing systems, smart light bulbs and smart refrigerators. Although the hack might only take a few minutes to pull off, it might take weeks to find and fix.Other “key findings” of the report include:
Should any of these devices become infected, hackers can plant backdoors to create and launch an automated IoT botnet DDoS attack.
Cybercriminals can leverage jamming or spoofing techniques to hack smart enterprise security systems, enabling them to control motion sensors, locks and surveillance equipment.
With VoIP phones, exploiting configuration settings to evade authentication can open opportunities for snooping and recording of calls.
Via connected HVAC systems and energy meters, hackers can force critical rooms (e.g. server rooms) to overheat critical infrastructure and ultimately cause physical damage.
Potential scenarios for after an IoT device is hacked include using compromised smart video conferencing systems for spying via camera and microphone, disabling security cameras to allow physical break-ins, snooping on calls via VoIP phones and snagging private company Continue reading
ForeScout Technologies released an “IoT Enterprise Risk Report” (pdf) which identified seven IoT devices that can be hacked in as little as three minutes: IP-connected security systems, smart HVACs and energy meters, VoIP phones, connected printers, video conferencing systems, smart light bulbs and smart refrigerators. Although the hack might only take a few minutes to pull off, it might take weeks to find and fix.Other “key findings” of the report include:
Should any of these devices become infected, hackers can plant backdoors to create and launch an automated IoT botnet DDoS attack.
Cybercriminals can leverage jamming or spoofing techniques to hack smart enterprise security systems, enabling them to control motion sensors, locks and surveillance equipment.
With VoIP phones, exploiting configuration settings to evade authentication can open opportunities for snooping and recording of calls.
Via connected HVAC systems and energy meters, hackers can force critical rooms (e.g. server rooms) to overheat critical infrastructure and ultimately cause physical damage.
Potential scenarios for after an IoT device is hacked include using compromised smart video conferencing systems for spying via camera and microphone, disabling security cameras to allow physical break-ins, snooping on calls via VoIP phones and snagging private company Continue reading
People who tend to lose or misplace things may turn to “smart” trackers, tiny devices which can be attached to keys, TV remotes, just about anything, and then the Bluetooth-enabled tracker helps you find the “lost” item via a smartphone. Many have a crowdsourcing feature so other people on that tracker’s network can also help locate a missing item. But how secure are these IoT trackers? Two researchers at Rapid7 decided to find out.Deral Heiland, principal security consultant at Rapid7, aka @Percent_X, and Adam Compton, senior security consultant at Rapid7, aka @tatanus, took aim at four different trackers: iTrack Easy, Nut Smart Tracker, TrackR Bravo and Tile. They looked at the devices as well as the companion iOS apps and found issues with each.To read this article in full or to leave a comment, please click here
People who tend to lose or misplace things may turn to “smart” trackers, tiny devices which can be attached to keys, TV remotes, just about anything, and then the Bluetooth-enabled tracker helps you find the “lost” item via a smartphone. Many have a crowdsourcing feature so other people on that tracker’s network can also help locate a missing item. But how secure are these IoT trackers? Two researchers at Rapid7 decided to find out.Deral Heiland, principal security consultant at Rapid7, aka @Percent_X, and Adam Compton, senior security consultant at Rapid7, aka @tatanus, took aim at four different trackers: iTrack Easy, Nut Smart Tracker, TrackR Bravo and Tile. They looked at the devices as well as the companion iOS apps and found issues with each.To read this article in full or to leave a comment, please click here
Amnesty International set out to determine which technology companies met “their human rights responsibilities in the way they use encryption to protect users’ online security.” The research resulted in ranking messaging apps of 11 tech companies based on the use of encryption to protect users’ privacy.According to the detailed list of Message Privacy Rankings (pdf), Facebook did the best, scoring 73 out of 100 for WhatsApp and Facebook Messenger. Both Apple for iMessage and FaceTime and Telegram for the Telegram Messenger scored 67. Google came in with a score of 53 for Allo, Duo and Hangouts.To read this article in full or to leave a comment, please click here
Amnesty International set out to determine which technology companies met “their human rights responsibilities in the way they use encryption to protect users’ online security.” The research resulted in ranking messaging apps of 11 tech companies based on the use of encryption to protect users’ privacy.According to the detailed list of Message Privacy Rankings (pdf), Facebook did the best, scoring 73 out of 100 for WhatsApp and Facebook Messenger. Both Apple for iMessage and FaceTime and Telegram for the Telegram Messenger scored 67. Google came in with a score of 53 for Allo, Duo and Hangouts.To read this article in full or to leave a comment, please click here
Infected IoT devices turned into botnets, at least some controlled by Mirai, were used in multiple DDoS attacks against New Hampshire-based internet infrastructure company Dyn. The attacks against Dyn DNS were similar to some thugs shredding an internet address book, since addresses of thousands of websites couldn’t be looked up and users couldn’t be connected to the right servers; by the third wave of attacks, users across the globe had been affected by the massive disruptions.The FBI and the Department of Homeland Security are investigating the attack on Dyn, one provider of DNS services. A spokeswoman told The New York Times that the FBI and DHS “were looking into the incident and all potential causes, including criminal activity and a nation-state attack.”To read this article in full or to leave a comment, please click here
Infected IoT devices turned into botnets, at least some controlled by Mirai, were used in multiple DDoS attacks against New Hampshire-based internet infrastructure company Dyn. The attacks against Dyn DNS were similar to some thugs shredding an internet address book, since addresses of thousands of websites couldn’t be looked up and users couldn’t be connected to the right servers; by the third wave of attacks, users across the globe had been affected by the massive disruptions.The FBI and the Department of Homeland Security are investigating the attack on Dyn, one provider of DNS services. A spokeswoman told The New York Times that the FBI and DHS “were looking into the incident and all potential causes, including criminal activity and a nation-state attack.”To read this article in full or to leave a comment, please click here
Half of all American adults are in a face recognition database, and not one law enforcement agency requires a warrant before tapping into that tech to identify someone.While you might be binge-watching Netflix, cooking, working or sleeping—in other words, minding your own business and doing nothing illegal—law enforcement may be running your photo through a face recognition network, using your face in a virtual line-up to find a person suspected of committing a crime.How did you end up in this digital manhunt? It could be because you have a driver’s license or state-issued ID, since 26 states “enroll their residents in a virtual-line up.” That covers more than 117 million American adults, an investigation found, but since not all drivers are adults, then the total number of drivers in face recognition networks is more than 131 million.To read this article in full or to leave a comment, please click here
Half of all American adults are in a face recognition database, and not one law enforcement agency requires a warrant before tapping into that tech to identify someone.While you might be binge-watching Netflix, cooking, working or sleeping—in other words, minding your own business and doing nothing illegal—law enforcement may be running your photo through a face recognition network, using your face in a virtual line-up to find a person suspected of committing a crime.How did you end up in this digital manhunt? It could be because you have a driver’s license or state-issued ID, since 26 states “enroll their residents in a virtual-line up.” That covers more than 117 million American adults, an investigation found, but since not all drivers are adults, then the total number of drivers in face recognition networks is more than 131 million.To read this article in full or to leave a comment, please click here
The FDA wants the medical device industry to quickly fix cybersecurity issues, reminding healthcare executives that they may soon be hearing about vulnerabilities more frequently from security researchers thanks to a DMCA exemption which will soon go into effect.Although the Librarian of Congress issued the new exemptions (pdf) last year, there was a one year hold supposedly so various agencies could update their policies. It’s silly, since the exemptions are not permanent; they must be argued and renewed every three years, which basically means security researchers can take advantage of it for two years. They can hope that if their research will take longer than two years, that the exemption is renewed.To read this article in full or to leave a comment, please click here
The FDA wants the medical device industry to quickly fix cybersecurity issues, reminding healthcare executives that they may soon be hearing about vulnerabilities more frequently from security researchers thanks to a DMCA exemption which will soon go into effect.Although the Librarian of Congress issued the new exemptions (pdf) last year, there was a one year hold supposedly so various agencies could update their policies. It’s silly, since the exemptions are not permanent; they must be argued and renewed every three years, which basically means security researchers can take advantage of it for two years. They can hope that if their research will take longer than two years, that the exemption is renewed.To read this article in full or to leave a comment, please click here
WikiLeaks has continued to dump Clinton-related emails, such as three Goldman Sachs speeches that Clinton was paid about $225,000 to give, but a series of unusual tweets sent parts of the internet into a tizzy, claiming Assange had been killed and the tweets were triggered by a dead man’s switch.Yesterday, WikiLeaks’ regular tweets were interrupted by three tweets that contained hashes.To read this article in full or to leave a comment, please click here
WikiLeaks has continued to dump Clinton-related emails, such as three Goldman Sachs speeches that Clinton was paid about $225,000 to give, but a series of unusual tweets sent parts of the internet into a tizzy, claiming Assange had been killed and the tweets were triggered by a dead man’s switch.Yesterday, WikiLeaks’ regular tweets were interrupted by three tweets that contained hashes.To read this article in full or to leave a comment, please click here
For at least six months, the online store at the National Republican Senatorial Committee site had “hidden skimming software” in the form of malicious JavaScript code; it was far from the only store which hackers had compromised via exploiting vulnerabilities in unpatched versions of ecommerce platforms, such as Magento. In fact, at least 5,925 stores were unwittingly participating in online skimming attacks run by multiple cybercriminal groups. Dutch researcher Willem de Groot estimated that 85 stores are compromised daily.To read this article in full or to leave a comment, please click here
For at least six months, the online store at the National Republican Senatorial Committee site had “hidden skimming software” in the form of malicious JavaScript code; it was far from the only store which hackers had compromised via exploiting vulnerabilities in unpatched versions of ecommerce platforms, such as Magento. In fact, at least 5,925 stores were unwittingly participating in online skimming attacks run by multiple cybercriminal groups. Dutch researcher Willem de Groot estimated that 85 stores are compromised daily.To read this article in full or to leave a comment, please click here
Ms. Smith