For August 2016, Patch Tuesday isn’t too painful. Microsoft released nine security bulletins, five of which were rated critical due to remote code execution (RCE) vulnerabilities.Why so few this month? Michael Gray, VP of Technology at Thrive Networks, suggested, “It stands to reason that Microsoft may have kept things simple so as not to over-shadow the release of their Windows 10 Anniversary update.”CriticalMS16-095 is the cumulative monthly fix for Internet Explorer. It resolves five memory corruption vulnerabilities and four information disclosure flaws.To read this article in full or to leave a comment, please click here
For August 2016, Patch Tuesday isn’t too painful. Microsoft released nine security bulletins, five of which were rated critical due to remote code execution (RCE) vulnerabilities.Why so few this month? Michael Gray, VP of Technology at Thrive Networks, suggested, “It stands to reason that Microsoft may have kept things simple so as not to over-shadow the release of their Windows 10 Anniversary update.”CriticalMS16-095 is the cumulative monthly fix for Internet Explorer. It resolves five memory corruption vulnerabilities and four information disclosure flaws.To read this article in full or to leave a comment, please click here
While the big security news was happening in Las Vegas at conferences, security researcher Ivan Kwiatkowski’s story was too funny to pass up – at least if you loathe scareware scams.After only 30 minutes on a new computer, his parents surfed to an online tech support scam which claimed their PC was infected with Zeus. Ivan Kwiatkowski
Fairly atrocious attempt at scareware by tech support scammers.To read this article in full or to leave a comment, please click here
While the big security news was happening in Las Vegas at conferences, security researcher Ivan Kwiatkowski’s story was too funny to pass up – at least if you loathe scareware scams.After only 30 minutes on a new computer, his parents surfed to an online tech support scam which claimed their PC was infected with Zeus. Ivan Kwiatkowski
Fairly atrocious attempt at scareware by tech support scammers.To read this article in full or to leave a comment, please click here
The list of ways we can be spied upon seems nearly endless, but you can add one more to that list: active screen snooping via your vulnerable monitor. And that’s just one flavor of attack that can be pulled off by exploiting monitors.You might not agree with everything you read online, but you can usually trust that what you are reading was actually published somewhere by someone. Whether or not you like what the balance is in your banking account, most folks would not expect that number to be faked. The same would be true for a person monitoring critical infrastructure, but the information being displayed on a computer monitor can be manipulated and may not be the truth.To read this article in full or to leave a comment, please click here
The list of ways we can be spied upon seems nearly endless, but you can add one more to that list: active screen snooping via your vulnerable monitor. And that’s just one flavor of attack that can be pulled off by exploiting monitors.You might not agree with everything you read online, but you can usually trust that what you are reading was actually published somewhere by someone. Whether or not you like what the balance is in your banking account, most folks would not expect that number to be faked. The same would be true for a person monitoring critical infrastructure, but the information being displayed on a computer monitor can be manipulated and may not be the truth.To read this article in full or to leave a comment, please click here
The list of ways we can be spied upon seems nearly endless, but you can add one more to that list: active screen snooping via your vulnerable monitor. And that’s just one flavor of attack that can be pulled off by exploiting monitors.You might not agree with everything you read online, but you can usually trust that what you are reading was actually published somewhere by someone. Whether or not you like what the balance is in your banking account, most folks would not expect that number to be faked. The same would be true for a person monitoring critical infrastructure, but the information being displayed on a computer monitor can be manipulated and may not be the truth.To read this article in full or to leave a comment, please click here
We’ve been told that EMV (Europay, MasterCard and Visa) chip-equipped cards have an added layer of security, making them more secure and harder to clone that cards with only a magnetic stripe. But Rapid7 security research manager Tod Beardsley said, “The state of chip and pin security is that it’s a little oversold.”Black Hat USA attendees who watched an ATM spit out hundreds of dollars might tend to agree. The demonstration was part of Hacking Next-Gen ATMs: From Capture to Cashout which was presented by Rapid7’s Weston Hecker. The abstract of his talk said the system he devised could “cash out around $20,000/$50,000 in 15 minutes.”To read this article in full or to leave a comment, please click here
We’ve been told that EMV (Europay, MasterCard and Visa) chip-equipped cards have an added layer of security, making them more secure and harder to clone than cards with only a magnetic stripe. But Rapid7 security research manager Tod Beardsley said, “The state of chip and pin security is that it’s a little oversold.”Black Hat USA attendees who watched an ATM spit out hundreds of dollars might tend to agree. The demonstration was part of Hacking Next-Gen ATMs: From Capture to Cashout which was presented by Rapid7’s Weston Hecker. The abstract of his talk said the system he devised could “cash out around $20,000/$50,000 in 15 minutes.”To read this article in full or to leave a comment, please click here
The Hong Kong-based bitcoin exchange Bitfinex suspended trading on Tuesday after discovering a security breach. A hacker or hackers pulled off a massive heist of nearly 120,000 bitcoins. At the time of the theft, 119,756 bitcoins would have been worth about $72 million. After the breach announcement, the price of bitcoin crashed; current exchange rates place the value at around $65 million.“Some of our users have had their bitcoins stolen,” Zane Tackett, Bitfinex’s director of community and product development, said on Reddit. “The bitcoin was stolen from users’ segregated wallets,” he told Reuters.To read this article in full or to leave a comment, please click here
The Hong Kong-based bitcoin exchange Bitfinex suspended trading on Tuesday after discovering a security breach. A hacker or hackers pulled off a massive heist of nearly 120,000 bitcoins. At the time of the theft, 119,756 bitcoins would have been worth about $72 million. After the breach announcement, the price of bitcoin crashed; current exchange rates place the value at around $65 million.“Some of our users have had their bitcoins stolen,” Zane Tackett, Bitfinex’s director of community and product development, said on Reddit. “The bitcoin was stolen from users’ segregated wallets,” he told Reuters.To read this article in full or to leave a comment, please click here
It’s a good thing cars can’t experience emotions or one specific 2014 Jeep Cherokee would be terrified every time security pros Charlie Miller and Chris Valasek come near it. That’s the vehicle they remotely hacked in 2015; now they used the Jeep to show how an attacker can control the steering, accelerator and brakes while the Jeep is driving at high speeds.Granted, this time they were in the vehicle with a laptop physically connected to the CAN network via the diagnostic port. They reverse-engineered the electronic control unit (ECU) firmware, basically knocking it offline, so they could send fake CAN messages to tell the car what to do, such as slam on the brakes, jerk the steering wheel or hit the gas.To read this article in full or to leave a comment, please click here
It’s a good thing cars can’t experience emotions or one specific 2014 Jeep Cherokee would be terrified every time security pros Charlie Miller and Chris Valasek come near it. That’s the vehicle they remotely hacked in 2015; now they used the Jeep to show how an attacker can control the steering, accelerator and brakes while the Jeep is driving at high speeds.Granted, this time they were in the vehicle with a laptop physically connected to the CAN network via the diagnostic port. They reverse-engineered the electronic control unit (ECU) firmware, basically knocking it offline, so they could send fake CAN messages to tell the car what to do, such as slam on the brakes, jerk the steering wheel or hit the gas.To read this article in full or to leave a comment, please click here
Uber may not plan to reinvent the wheel, but the company will drop $500 million to re-map parts of the world. The company has been using Google Maps, but now that’s not good enough…especially if the maps need to be extremely precise for self-driving cars.“Uber wouldn’t exist if comprehensive interactive digital maps hadn’t been created first,” said Brian McClendon, vice president of advanced technologies at Uber. McClendon, who was previously the head of Google Maps, believes, “Existing maps are a good starting point, but some information isn’t that relevant to Uber, like ocean topography.”To read this article in full or to leave a comment, please click here
“Misusing the internet”. . . precisely what might that mean? Unfortunately, people in Pakistan may be about to find out as the vague “misusing the internet” would be punishable by up to three years in prison and a fine of one million Pakistani rupees (currently equal to about $9,550); that's according to an overview of the cybercrime bill written by the newspaper Dawn.That was just one example of what is in the controversial Prevention of Electronic Crimes Bill (PECB) [pdf] which was approved by the Senate Standing Committee on Information Technology and Telecommunications. The country’s National Assembly previously approved the bill and it will move on to the Pakistan senate for approval before it is signed into law by President Mamnoon Hussian.To read this article in full or to leave a comment, please click here
“Misusing the internet”. . . precisely what might that mean? Unfortunately, people in Pakistan may be about to find out as the vague “misusing the internet” would be punishable by up to three years in prison and a fine of one million Pakistani rupees (currently equal to about $9,550); that's according to an overview of the cybercrime bill written by the newspaper Dawn.That was just one example of what is in the controversial Prevention of Electronic Crimes Bill (PECB) [pdf] which was approved by the Senate Standing Committee on Information Technology and Telecommunications. The country’s National Assembly previously approved the bill and it will move on to the Pakistan senate for approval before it is signed into law by President Mamnoon Hussian.To read this article in full or to leave a comment, please click here
“Misusing the internet”—precisely what might that mean? Unfortunately, people in Pakistan may be about to find out, as the vague “misusing the internet” would be punishable by up to three years in prison and a fine of one million Pakistani rupees (currently equal to about $9,550). That's according to an overview of the cybercrime bill written by the newspaper Dawn.That was just one example of what is in the controversial Prevention of Electronic Crimes Bill (PECB) [pdf] that was approved by the Senate Standing Committee on Information Technology and Telecommunications. The country’s National Assembly previously approved the bill, and it will move on to the Pakistan senate for approval before it is signed into law by President Mamnoon Hussian.To read this article in full or to leave a comment, please click here
I’ve lived in some really great places as well as some that were not; at one point when I lived in a city that had been crowned most dangerous and had the most number of violent crimes, then I might have welcomed the community-based social networking app Nextdoor.Dubbed a “private social network,” Nextdoor is a gated local community-based social network to share information about what is happening in your neighborhood. Users must prove they are a member of their neighborhood by entering a code received via snail-mail. Then they can access only the information pertaining to their neighborhood. Nextdoor via Google Play
Although it launched in 2011, within the last month, Nextdoor has been in the news after even more police departments have joined; a few examples include the Delaware State Police, Louisville Metro Police, St. Joseph Police Department in Missouri, Boynton Beach Police and Leon County Sheriff's Office in Florida.To read this article in full or to leave a comment, please click here
Moore’s Law, which says the number of transistors within an integrated circuit will double every two years, had a good long run but its end may be near – very near – potentially a mere five years away. By 2021, even if chip makers could further shrink and add more transistors, the high cost of manufacturing would make it financially impractical.That’s not the only problem, according to the last installment of the International Technology Roadmap for Semiconductors 2.0 (pdf).By 2020 to 2025, it will be “practically impossible” to reduce device dimensions. While one solution is to stack the transistors, it can’t get so hot that it burns up either.To read this article in full or to leave a comment, please click here
The media is delving into the digital life of the teenage shooter who opened fire at McDonald’s in Munich Germany’s Olympia Mall. Nine people were killed and 27 others were injured in the tragic rampage. In the end, he killed himself. So far, it’s been reported that he hacked Facebook to lure victims, bought a gun on the ‘dark net’ and played the ‘violent’ video game Counter-Strike.Shooter hacked a girl’s Facebook account to target and social engineer victims18-year-old mass shooting gunman Ali David Sonboly purportedly used Facebook to social engineer, aka “lure,” victims to McDonald’s. The Telegraph reported that the shooter, who had dual German-Iranian citizenship, had hacked into a “pretty teenage” girl’s Facebook account.To read this article in full or to leave a comment, please click here
Ms. Smith