Thieves armed with laptops are hacking into electronic ignitions of late-model cars to steal the vehicles. Police and insurers sounded the warning to raise awareness about the latest car-theft trend.The Houston Police Department pointed at surveillance footage that shows two suspects, one of whom used a laptop, before stealing a 2010 Jeep Wrangler Unlimited. The first suspect opened the Jeep’s hood to reportedly cut the alarm. The footage below took place about 10 minutes later when a second suspect jimmied the door open, climbed inside and then did something with a laptop before stealing the Jeep.
“If you are going to hot-wire a car, you don’t bring along a laptop,” Houston Police Department Officer James Woods told the Wall Street Journal. “We don’t know what he is exactly doing with the laptop, but my guess is he is tapping into the car’s computer and marrying it with a key he may already have with him so he can start the car.”To read this article in full or to leave a comment, please click here
Millions of Americans willingly share passwords with family or friends to access devices or accounts, but the Ninth Circuit Court of Appeals considered using a willingly shared password to be covered under the anti-hacking Computer Fraud and Abuse Act (CFAA) law.After previously being found guilty, David Nosal appealed since he believed he should not have been found guilty of CFAA as he didn’t actually hack his former employer, Korn/Ferry. Instead, he gained access through passwords that had been voluntarily shared with him by other employees after he left the company and his credentials were revoked.But in a 2-1 decision, the federal appeals court may have set a dangerous precedent which could ultimately affect millions of Americans who use a willingly shared password. Password-sharing was not allowed by Korn/Ferry, so Circuit Judge Margaret McKeowin wrote (pdf) that Nosal had acted “without authorization” and therefore falls under the CFAA.To read this article in full or to leave a comment, please click here
Millions of Americans willingly share passwords with family or friends to access devices or accounts, but the Ninth Circuit Court of Appeals said using a willingly shared password is covered under the anti-hacking Computer Fraud and Abuse Act (CFAA).After previously being found guilty of violating the CFAA, David Nosal appealed because he doesn't believe he actually hacked his former employer, Korn/Ferry. Instead, he gained access through passwords that other employees voluntarily shared with him after he left the company and his credentials were revoked.But in a 2-1 decision, the federal appeals court may have set a dangerous precedent that could ultimately affect millions of Americans who use a willingly shared password. Password sharing was not allowed by Korn/Ferry, so Circuit Judge Margaret McKeowin wrote (pdf) that Nosal had acted “without authorization” and, therefore, falls under the CFAA.To read this article in full or to leave a comment, please click here
Plead guilty, then steal more seems to have been the motto of a former corrupt federal agent involved in the Silk Road investigation.Ex-U.S. Secret Service Special Agent Shawn Bridges, who was part of Baltimore’s Silk Road Task Force and stole $820,000 in bitcoins during the investigation that led to Ross Ulbricht’s conviction, eventually pled guilty to money laundering and obstruction of justice. Bridges, who had served as the forensics and technical expert on the task force, was sentenced to nearly five years, 71 months, in prison. Yet newly unsealed court documents show that Bridges is suspected of stealing another $700,000 in bitcoins after he pled guilty but about two months before he was sentenced.To read this article in full or to leave a comment, please click here
"Plead guilty, then steal more" seems to have been the motto of a former corrupt federal agent involved in the Silk Road investigation.Ex-U.S. Secret Service Special Agent Shawn Bridges, who was part of Baltimore’s Silk Road Task Force and stole $820,000 in bitcoins during the investigation that led to Ross Ulbricht’s conviction, eventually pled guilty to money laundering and obstruction of justice. Bridges, who had served as the forensics and technical expert on the task force, was sentenced to nearly five years, 71 months, in prison. Yet newly unsealed court documents show that Bridges is suspected of stealing another $700,000 in bitcoins after he pled guilty about two months before he was sentenced.To read this article in full or to leave a comment, please click here
If you have an Android device running 5.0 (Lollipop) or later, and powered by a Qualcomm Snapdragon processor, then you should know that a security researcher demonstrated how to crack the full-disk encryption (FDE) with brute-force attacks; the fix is not necessarily as simple as installing new firmware and might require changes to hardware.Full-disk encryption, which is supported on devices running Lollipop on up, is supposed to protect files on the storage drive. Android uses a randomly chosen 128-bit device encryption key which is further encrypted using a user’s PIN, password or swipe pattern. The master key, or Device Encryption Key (DEK), is stored on a user’s device; it is bound to the device’s hardware though Android’s KeyMaster, which runs in the TrustZone. In other words, an attacker should not be able to extract the crypto key for this walled-off and protected section.To read this article in full or to leave a comment, please click here
If you have an Android device running 5.0 (Lollipop) or later, and powered by a Qualcomm Snapdragon processor, then you should know that a security researcher demonstrated how to crack the full-disk encryption (FDE) with brute-force attacks; the fix is not necessarily as simple as installing new firmware and might require changes to hardware.Full-disk encryption, which is supported on devices running Lollipop on up, is supposed to protect files on the storage drive. Android uses a randomly chosen 128-bit device encryption key which is further encrypted using a user’s PIN, password or swipe pattern. The master key, or Device Encryption Key (DEK), is stored on a user’s device; it is bound to the device’s hardware though Android’s KeyMaster, which runs in the TrustZone. In other words, an attacker should not be able to extract the crypto key for this walled-off and protected section.To read this article in full or to leave a comment, please click here
Security researcher Chris Vickery has a knack for finding unprotected databases, but this time it’s an especially explosive discovery as he came across a “terrorism blacklist” which contains the names of 2.2 million “heightened-risk individuals and organizations.”Vickery asked Reddit if he should share a copy of the Thomson Reuters World-Check database from mid-2014. He wrote, “This copy has over 2.2 million heightened-risk individuals and organizations in it. The terrorism category is only a small part of the database. Other categories consist of individuals suspected of being related to money laundering, organized crime, bribery, corruption, and other unsavory activities.”To read this article in full or to leave a comment, please click here
Security researcher Chris Vickery has a knack for finding unprotected databases, but this time it’s an especially explosive discovery as he came across a “terrorism blacklist” which contains the names of 2.2 million “heightened-risk individuals and organizations.”Vickery asked Reddit if he should share a copy of the Thomson Reuters World-Check database from mid-2014. He wrote, “This copy has over 2.2 million heightened-risk individuals and organizations in it. The terrorism category is only a small part of the database. Other categories consist of individuals suspected of being related to money laundering, organized crime, bribery, corruption, and other unsavory activities.”To read this article in full or to leave a comment, please click here
Security researcher Chris Vickery has a knack for finding unprotected databases, but this time it’s an especially explosive discovery, as he came across a “terrorism blacklist” that contains the names of 2.2 million “heightened-risk individuals and organizations.”Vickery asked Reddit if he should share a copy of the Thomson Reuters World-Check database from mid-2014. He wrote, “This copy has over 2.2 million heightened-risk individuals and organizations in it. The terrorism category is only a small part of the database. Other categories consist of individuals suspected of being related to money laundering, organized crime, bribery, corruption, and other unsavory activities.”To read this article in full or to leave a comment, please click here
Security researcher Chris Vickery has a knack for finding unprotected databases, but this time it’s an especially explosive discovery, as he came across a “terrorism blacklist” that contains the names of 2.2 million “heightened-risk individuals and organizations.”Vickery asked Reddit if he should share a copy of the Thomson Reuters World-Check database from mid-2014. He wrote, “This copy has over 2.2 million heightened-risk individuals and organizations in it. The terrorism category is only a small part of the database. Other categories consist of individuals suspected of being related to money laundering, organized crime, bribery, corruption, and other unsavory activities.”To read this article in full or to leave a comment, please click here
Security researcher Chris Vickery has a knack for finding unprotected databases, but this time it’s an especially explosive discovery, as he came across a “terrorism blacklist” that contains the names of 2.2 million “heightened-risk individuals and organizations.”Vickery asked Reddit if he should share a copy of the Thomson Reuters World-Check database from mid-2014. He wrote, “This copy has over 2.2 million heightened-risk individuals and organizations in it. The terrorism category is only a small part of the database. Other categories consist of individuals suspected of being related to money laundering, organized crime, bribery, corruption, and other unsavory activities.”To read this article in full or to leave a comment, please click here
Over 25,000 hacked internet-connected CCTV cameras are being used for a denial-of-service botnet, according the researchers from the security firm Sucuri.The discovery came after Sucuri mitigated a DDoS attack against a jewelry store site; it had been generating 35,000 HTTP requests per second. But after bringing the website back up, researchers said the attacks increased to nearly 50,000 HTTP requests per second. When the attack continued for days, the researchers discovered the attack botnet was leveraging only IoT CCTV devices which were located across the globe.Although this is not the first CCTV-based DDoS botnet discovered, since 900 had been used in attacks last year, it is the largest yet to be discovered. “It is not new that attackers have been using IoT devices to start their DDoS campaigns,” Sucuri wrote, “however, we have not analyzed one that leveraged only CCTV devices and was still able to generate this quantity of requests for so long.”To read this article in full or to leave a comment, please click here
Over 25,000 hacked internet-connected CCTV cameras are being used for a denial-of-service botnet, according to researchers from the security firm Sucuri.The discovery came after Sucuri mitigated a DDoS attack against a jewelry store site; it had been generating 35,000 HTTP requests per second. But after bringing the website back up, researchers said the attacks increased to nearly 50,000 HTTP requests per second. When the attack continued for days, the researchers discovered the attack botnet was leveraging only IoT CCTV devices, which were located across the globe.Although this is not the first CCTV-based DDoS botnet discovered (900 had been used in attacks last year), it is the largest yet to be discovered.To read this article in full or to leave a comment, please click here
Attackers are packaging the newest and most sophisticated attack tools in long out-of-date malware wrappers, targeting medical devices running legacy operating systems, to breach hospital networks for advanced persistent attacks.Last year, TrapX Security revealed how attackers were infecting medical devices with malware, then moving laterally through hospital networks to steal confidential data. They called it MEDJACK for medical device hijack. Attackers have evolved, so today the firm released a MEDJACK 2 report, “Anatomy of an Attack - Medical Device Hijack 2."To read this article in full or to leave a comment, please click here
Attackers are packaging the newest and most sophisticated attack tools in long out-of-date malware wrappers, targeting medical devices running legacy operating systems, to breach hospital networks for advanced persistent attacks.Last year, TrapX Security revealed how attackers were infecting medical devices with malware, then moving laterally through hospital networks to steal confidential data. They called it MEDJACK for medical device hijack. Attackers have evolved, so today the firm released a MEDJACK 2 report, “Anatomy of an Attack - Medical Device Hijack 2."To read this article in full or to leave a comment, please click here
Former Secretary of State Hillary Clinton’s emails, those sent from her private home server – using Clintonemail.com – were being caught in the spam filter, so the State Department turned the filters off.Bob Gourley, former CTO for the Defense Intelligence Agency (DIA) told Fox News, “You're putting not just the Clinton server at risk but the entire Department of State emails at risk. When you turn off your defensive mechanisms and you're connected to the Internet, you're almost laying out the welcome mat for anyone to intrude and attack and steal your secrets.”To read this article in full or to leave a comment, please click here
Former Secretary of State Hillary Clinton’s emails, those sent from her private home server – using Clintonemail.com – were being caught in the spam filter, so the State Department turned the filters off.Bob Gourley, former CTO for the Defense Intelligence Agency (DIA) told Fox News, “You're putting not just the Clinton server at risk but the entire Department of State emails at risk. When you turn off your defensive mechanisms and you're connected to the Internet, you're almost laying out the welcome mat for anyone to intrude and attack and steal your secrets.”To read this article in full or to leave a comment, please click here
154 million U.S. voters’ records were exposed due to a misconfigured CouchDB instance, according to MacKeeper security researcher Chris Vickery. “It was configured for public access with no username, password, or other authentication required.”Vickery determined the leaky database was on Google’s Cloud services and traced it back to a client of L2, a company which claims to be the country’s “most trusted source for enhanced voter” data.The database included fields for addresses, age, congressional as well as state senate districts, education, estimated income, ethnic, name, gender, languages, marital status, phone, voting frequency, presence of children, and if the voter was a gun owner.To read this article in full or to leave a comment, please click here
154 million U.S. voters’ records were exposed due to a misconfigured CouchDB instance, according to MacKeeper security researcher Chris Vickery. “It was configured for public access with no username, password, or other authentication required.”Vickery determined the leaky database was on Google’s Cloud services and traced it back to a client of L2, a company which claims to be the country’s “most trusted source for enhanced voter” data.The database included fields for addresses, age, congressional as well as state senate districts, education, estimated income, ethnic, name, gender, languages, marital status, phone, voting frequency, presence of children, and if the voter was a gun owner.To read this article in full or to leave a comment, please click here
Ms. Smith