There are millions upon millions of systems on the internet which offer services that should not be exposed to the public network and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted that “while there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here
There are millions upon millions of systems on the internet which offer services that should not be exposed to the public network and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted that “while there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here
There are millions upon millions of systems on the internet that offer services that should not be exposed to the public network, and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted: “While there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here
There are millions upon millions of systems on the internet that offer services that should not be exposed to the public network, and Rapid7 has determined which countries are the most exposed and therefore the most hackable.Using Project Sonar, Rapid7 set out to understand the overall internet threat exposure in general and at a country level. In the new research paper, exposure is defined “as offering services that either expose potentially sensitive data over cleartext channels or are widely recognized to be unwise to make available on the internet.”The report noted: “While there are 65,535 possible listening ports for every IP-addressable endpoint on the internet, we are concerned primarily with a sampling of the ‘most popular’ TCP ports on the internet.”To read this article in full or to leave a comment, please click here
Security researcher Ken Munro of Pen Test Partners hacked the Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV). He discovered several vulnerabilities, including being able to disable the anti-theft alarm from a laptop.U.S. drivers may be unfamiliar with the vehicle. Had Mitsubishi Outlander Plug-In Hybrid sales started in 2013 as originally proposed, it would have been the first plug-in hybrid SUV available in the U.S. But it didn't. The 2017 model is expected to hit showrooms late this fall, with an estimated $42,000 as a base price. In the UK, it is the “bestselling hybrid.”To read this article in full or to leave a comment, please click here
Security researcher Ken Munro of Pen Test Partners hacked the Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV). He discovered several vulnerabilities, including being able to disable the anti-theft alarm from a laptop.U.S. drivers may be unfamiliar with the vehicle. Had Mitsubishi Outlander Plug-In Hybrid sales started in 2013 as originally proposed, it would have been the first plug-in hybrid SUV available in the U.S. But it didn't. The 2017 model is expected to hit showrooms late this fall, with an estimated $42,000 as a base price. In the U.K., it is the “bestselling hybrid.”To read this article in full or to leave a comment, please click here
A plethora of people with the remote desktop tool TeamViewer have been in an uproar after their machines were remotely hijacked; in some cases over the past month or so, users had their bank or PayPal accounts sucked dry. TeamViewer denied it has been hacked and launched two new security measures.After experiencing a TeamViewer takeover, IBM security researcher Nick Bradley thinks password reuse may be the problem. Bradley said he was gaming on his PC when he lost control of his mouse and TeamViewer popped up. He killed the app and dashed downstairs to another PC which had TeamViewer.To read this article in full or to leave a comment, please click here
On the Russian underground forum exploit.in, seller “BuggiCorp” has a zero-day for sale that purportedly works against all versions of Windows. The price tag is $90,000.In the words of the email alerting me to this zero-day, this vulnerability “could affect almost all Windows machines on the planet.” If the local privilege escalation (LPE) vulnerability truly does exit in all versions of Microsoft Windows, from Windows 2000 up to Windows 10, then it could potentially impact “over 1.5 billion Windows users.”According to SpiderLabs security researchers at Trustwave, who found the post on a cybercriminal underground forum, “It seems the seller has put in the effort to present himself/herself as a trustworthy seller with a valid offering. One of the main indicators for this is the fact that the seller insists on conducting the deal using the forum's admin as the escrow.”To read this article in full or to leave a comment, please click here
On the Russian underground forum exploit.in, seller “BuggiCorp” has a zero-day for sale that purportedly works against all versions of Windows. The price tag is $90,000.In the words of the email alerting me to this zero-day, this vulnerability “could affect almost all Windows machines on the planet.” If the local privilege escalation (LPE) vulnerability truly does exit in all versions of Microsoft Windows, from Windows 2000 up to Windows 10, then it could potentially impact “over 1.5 billion Windows users.”According to SpiderLabs security researchers at Trustwave, who found the post on a cybercriminal underground forum, “It seems the seller has put in the effort to present himself/herself as a trustworthy seller with a valid offering. One of the main indicators for this is the fact that the seller insists on conducting the deal using the forum's admin as the escrow.”To read this article in full or to leave a comment, please click here
Tor Browser 6.0 is out. If you have been using Tor, you can upgrade it via its built-in updater. The Tor Project said the “updater is not relying on the signature alone, but is checking the hash of the downloaded update file as well before applying it.” Additionally, the Tor Browser Windows installer is no longer vulnerable to DLL hijacking.DuckDuckGo for default search resultsThe Tor Browser Team is still using Disconnect as its search provider, but it switched to DuckDuckGo to provide the default search results. In short, the reason is that Bing search results were simply not cutting it. The team explained:To read this article in full or to leave a comment, please click here
Tor Browser 6.0 is out. If you have been using Tor, you can upgrade it via its built-in updater. The Tor Project said the “updater is not relying on the signature alone, but is checking the hash of the downloaded update file as well before applying it.” Additionally, the Tor Browser Windows installer is no longer vulnerable to DLL hijacking.DuckDuckGo for default search resultsThe Tor Browser Team is still using Disconnect as its search provider, but it switched to DuckDuckGo to provide the default search results. In short, the reason is that Bing search results were simply not cutting it. The team explained:To read this article in full or to leave a comment, please click here
Meet Stealth Falcon, a sophisticated and likely state-sponsored cyberespionage group, which is hell bent on conducting targeted spyware attacks “against Emriati journalists, activists and dissidents.” The digital attacks started in 2012 and are still being carried out against United Arab Emirates (UAE) dissidents. It’s not “just” spying with custom spyware that leads to dissidents being “arbitrarily detained;” once identified as criticizing the authorities, UAE dissidents can be forcibly disappeared.“The UAE has gotten much more sophisticated since we first caught them using Hacking Team software in 2012,” Bill Marczak, a senior researcher at Citizen Lab told the New York Times. “They've clearly upped their game. They're not on the level of the United States or the Russians, but they're clearly moving up the chain.”To read this article in full or to leave a comment, please click here
Meet Stealth Falcon, a sophisticated and likely state-sponsored cyberespionage group, which is hell bent on conducting targeted spyware attacks “against Emriati journalists, activists and dissidents.” The digital attacks started in 2012 and are still being carried out against United Arab Emirates (UAE) dissidents. It’s not “just” spying with custom spyware that leads to dissidents being “arbitrarily detained;” once identified as criticizing the authorities, UAE dissidents can be forcibly disappeared.“The UAE has gotten much more sophisticated since we first caught them using Hacking Team software in 2012,” Bill Marczak, a senior researcher at Citizen Lab told the New York Times. “They've clearly upped their game. They're not on the level of the United States or the Russians, but they're clearly moving up the chain.”To read this article in full or to leave a comment, please click here
What does a security researcher get for responsibly disclosing a dental database vulnerability exposing the sensitive information of tens of thousands of patients? Not a bug bounty monetary reward. Not even a “thank you” from the company. He gets raided by a least a dozen armed FBI agents and may be charged under CFAA (Computer Fraud and Abuse Act).Justin Shafer, who is described as a 36-year-old security researcher and dental computer technician, reported a vulnerability in Eaglesoft practice management software to the manufacturer Patterson Dental back in February.To read this article in full or to leave a comment, please click here
What does a security researcher get for responsibly disclosing a dental database vulnerability exposing the sensitive information of tens of thousands of patients? Not a bug bounty monetary reward. Not even a “thank you” from the company. He gets raided by a least a dozen armed FBI agents and may be charged under CFAA (Computer Fraud and Abuse Act).Justin Shafer, who is described as a 36-year-old security researcher and dental computer technician, reported a vulnerability in Eaglesoft practice management software to the manufacturer Patterson Dental back in February.To read this article in full or to leave a comment, please click here
What does a security researcher get for responsibly disclosing a dental database vulnerability that is exposing the sensitive information of tens of thousands of patients? Not a bug bounty monetary reward. Not even a “thank you” from the company. He gets raided by a least a dozen armed FBI agents and may be charged under Computer Fraud and Abuse Act (CFAA).Justin Shafer, who is described as a 36-year-old security researcher and dental computer technician, reported a vulnerability in Eaglesoft practice management software to the manufacturer Patterson Dental back in February.To read this article in full or to leave a comment, please click here
What does a security researcher get for responsibly disclosing a dental database vulnerability that is exposing the sensitive information of tens of thousands of patients? Not a bug bounty monetary reward. Not even a “thank you” from the company. He gets raided by a least a dozen armed FBI agents and may be charged under Computer Fraud and Abuse Act (CFAA).Justin Shafer, who is described as a 36-year-old security researcher and dental computer technician, reported a vulnerability in Eaglesoft practice management software to the manufacturer Patterson Dental back in February.To read this article in full or to leave a comment, please click here
Bye-bye passwords; we’ve heard that a lot over the years, but Google has a plan to kill off passwords by the end of this year by replacing passwords with biometrics.“We have a phone, and these phones have all these sensors in them,” Daniel Kaufman, said at Google I/O on Friday. “Why couldn’t it just know who I was, so I don’t need a password? It should just be able to work.” Kaufman heads up Google’s Advanced Technology and Projects (ATAP) research unit.You may recall Project Abacus (video) being mentioned at Google I/O last year; it was tested across 28 states in 33 universities, so now Google intends to “get rid of the awkwardness” of two-factor authentication as well as passwords. Instead, you will be authenticated by how you use your Android.To read this article in full or to leave a comment, please click here
Bye-bye passwords. We’ve heard that a lot over the years, but Google has a plan to kill off passwords by the end of this year by replacing passwords with biometrics.“We have a phone, and these phones have all these sensors in them,” Daniel Kaufman, said at Google I/O 2016 last week. “Why couldn’t it just know who I was, so I don’t need a password? It should just be able to work.” Kaufman heads up Google’s Advanced Technology and Projects (ATAP) research unit.You may recall Project Abacus (video) being mentioned at Google I/O last year. It was tested across 28 states in 33 universities, so now Google intends to “get rid of the awkwardness” of two-factor authentication, as well as passwords. Instead, you will be authenticated by how you use your Android.To read this article in full or to leave a comment, please click here
You go through TSA security checkpoints and leave without the carry-on items you sent through the conveyor belt to be scanned.That happens a lot; things go missing in ways other than TSA confiscating items. Just ask Eric Cheng, a photographer, technologist, drone expert and author, who said the TSA handed his $2,800 MacBook Pro to some random stranger.“After following TSA security protocols, TSA gave my $2,800 computer away to another passenger whom they were unable or unwilling to identify and track down,” he wrote.To read this article in full or to leave a comment, please click here
Ms. Smith