Industrial facilities should be on guard against drones. Even off-the-shelf versions of the unmanned aircraft could be used to disrupt sensitive systems.
On Wednesday, Jeff Melrose, a presenter at Black Hat 2016, showed how consumer drones could do more than just conduct aerial spying. The flying machines can also carry a transmitter to hack into a wireless keyboard or interfere with industrial controls, he said.
It’s not enough to place a fence around a building to keep intruders out, according to Melrose, who is a principal tech specialist at Yokogawa, an industrial controls provider. These days, some consumer drones can travel up to 3 miles (4.8 kilometers) or more.To read this article in full or to leave a comment, please click here
Banner Health, a provider of hospital services, has notified by mail 3.7 million people -- including patients, health plan members, healthcare providers and customers at its food and beverage outlets -- that their payment card and health plan data, among other information, may have been compromised.The provider said Wednesday that it discovered on July 7 that cyberattackers may have gained access to computers that process payment card data at the food and beverage outlets at some of its locations. Payment cards that were used at these outlets at certain Banner Health locations from June 23 to July 7 this year may have been affected, the provider said. Card payments for medical services were not affected, according to the investigation.To read this article in full or to leave a comment, please click here
At the BSides Las Vegas event (a precursor to Black Hat), CSO's Steve Ragan sat down with a hacker named Munin to chat about a tool that could help administrators defend their networks from phishing attacks and other threats.
Donald Trump is a troll looking to say whatever will stir up the most people, according to security expert Dan Kaminsky who delivered the keynote at Black Hat today.“Don figures out what people don’t want to hear,” and then he says it, Kaminsky said in an interview after his speech.+More on Network World: Black Hat: Be wary of HTTP/2 on Web servers | Follow all the stories from Black Hat +“It’s not that Donald Trump is the worst troll ever, it’s just that the American public has never been trolled so effectively. The reaction is the point.”To read this article in full or to leave a comment, please click here
At the BSides Las Vegas event (a precursor to Black Hat), CSO's Steve Ragan chats with Yvette Johnson, the Governance, Risk & Compliance Lead at Pindrop, about how security compliance needs to be more than just another box to check.
Many of the large payment card breaches that hit retail and hospitality businesses in recent years were the result of attackers infecting point-of-sale systems with memory-scraping malware. But there are easier ways to steal this sort of data, due to a lack of authentication and encryption between card readers and the POS payment applications.POS systems are specialized computers. They typically run Windows and have peripherals like keyboards, touch screens, barcode scanners and card readers with PIN pads. They also have specialized payment applications installed to handle transactions.One of the common methods used by attackers to steal payment card data from PoS systems is to infect them with malware, via stolen remote support credentials or other techniques. These malware programs are known as memory or RAM scrapers because they scan the system's memory for credit card data when it's processed by the payment application on the POS system.To read this article in full or to leave a comment, please click here
Researchers at Black Hat describe finding four flaws – now fixed - in the way the major server vendors implemented HTTP/2, but warn that the year-old Web protocol remains fertile ground for hackers seeking weaknesses in the way it’s rolled out.+More on Network World: IRS warns on super summer scam scourge | Follow all the coverage from Black Hat +A team at security vendor Imperva says they found nothing vulnerable about the protocol itself, but that they created distributed denial-of-service attacks that took advantage of openings left by how servers support the protocol.To read this article in full or to leave a comment, please click here
The Federal Aviation Administration this week granted permission to a privately-held space firm to launch a robotic spacecraft to the moon.
Moon Express expects to launch its MX-1 spacecraft on a two-week mission to the lunar surface in 2017. The MX-1, which is about as large as a suitcase will include instruments and a camera to explore the moon’s surface.
+More on Network World: NASA: Top 10 space junk missions+
“The MX-1E is a spacecraft/lander capable of transfer from Earth orbit to the Moon, making a soft landing on the lunar surface, and performing post-landing relocations through propulsive ‘hops,’” the FAA stated. The FAA Office of Commercial Space Transportation holds controlling powers over space launches and their payloads.To read this article in full or to leave a comment, please click here
Kaspersky Lab is using Black Hat’s hacker-rich environment as the launch pad for its first bug-bounty program that seeks talent to hack the company’s anti-malware software.It’s dipping its toe into the program by staking an initial $50,000 kitty for a six-month effort to find flaws in its two most popular products, Kaspersky Internet Security and Kaspersky Endpoint Security.+More on Network World: Hot products at Black Hat 2016 | Follow all the stories from Black Hat +To read this article in full or to leave a comment, please click here
The Hong Kong-based bitcoin exchange Bitfinex suspended trading on Tuesday after discovering a security breach. A hacker or hackers pulled off a massive heist of nearly 120,000 bitcoins. At the time of the theft, 119,756 bitcoins would have been worth about $72 million. After the breach announcement, the price of bitcoin crashed; current exchange rates place the value at around $65 million.“Some of our users have had their bitcoins stolen,” Zane Tackett, Bitfinex’s director of community and product development, said on Reddit. “The bitcoin was stolen from users’ segregated wallets,” he told Reuters.To read this article in full or to leave a comment, please click here
Hackers obtained the mobile phone numbers of 15 million Iranian users of the Telegram encrypted messaging app, and hacked the accounts of more than a dozen of them, security researchers say.The accounts were hacked through interception of SMS confirmation codes sent to the associated phone numbers, security researchers Claudio Guarnieri and Collin Anderson told Reuters.The revelations show once again how use of encryption can pit technology companies against governments. Telegram founder Pavel Durov has in the past sided with Apple CEO Tim Cook against the FBI on the question of whether governments should have access to the contents of smartphones.To read this article in full or to leave a comment, please click here
The great DNC email caperImage by REUTERS/Mark KauzlarichThe tech news cycle dovetailed with the political news cycle last week when first emails and then voice mails from the Democratic National Committee were released via WikiLeaks. And with the possibility of Russian involvement, the incident went from a domestic squabble to a potentially international incident.To read this article in full or to leave a comment, please click here
Almost half of all companies have been the victims of a ransomware attack during the past 12 months, according to a new report. And while globally, 40 percent of them have paid the ransom, 97 percent of U.S. companies did not.Specifically, 75 percent of enterprise victims paid up in Canada, 58 percent in the U.K., and 22 percent in Germany, according to an Osterman Research survey of hundreds of senior executives in the U.S., Canada, German and the U.K.ALSO ON CSO: How to respond to ransomware threats
This is partly due to the fact that, in the United States, the attacks were much more likely to hit lower-level employees. In the U.S., enterprises reported that 71 percent of lower-level staff were affected, compared to 29 percent in the U.K., 23 percent in Canada, and 14 percent in Germany.To read this article in full or to leave a comment, please click here
The threat of ransomware is becoming widespread among corporations, with almost half of U.S. businesses suffering an attack from the nasty form of malware recently, according to a new survey.Security firm Malwarebytes sponsored the study, which found in June that 41 percent of U.S. businesses had at least encountered between one to five ransomware attacks in the previous 12 months.Another 6 percent saw six or more attacks.The study surveyed corporations in the U.S., Canada, U.K. and Germany to gauge how ransomware affected their operations.
The malware, which can infect a computer and take the data hostage, can be bad for business. 34 percent of the victim corporations in the countries surveyed reported losing revenue because the ransomware had prevented access to important files.To read this article in full or to leave a comment, please click here
A digital currency exchange in Hong Kong has suspended trading after a security breach in which thieves made off with an apparent $63 million worth of bitcoin.The exchange, Bitfinex, reported the intrusion on Tuesday and said it was working with law enforcement.“We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen,” the exchange said.Its statement doesn't say how many bitcoins are missing, but Zane Tackett, the site's director of community and product development, said on Reddit that the losses stand at 119,756 bitcoins. Bitfinex didn't immediately respond to a request to confirm that figure.To read this article in full or to leave a comment, please click here
In the ideal world the infamous Internal Revenue Service call scam should have faded away replaced by some other stupid ploy but alas…The IRS said today that the scammers have ramped up their efforts to grab even more money -- over $26 million -- and rip-off even more people -- -- 5,000 or so since last count.+More on Network World: IRS: Top 10 2015 identity theft busts+To read this article in full or to leave a comment, please click here
Demisto Free EditionKey features: The free edition of Demisto’s ChatOps platform automates and streamlines security operations and incident management processes. It includes the ability to create playbooks that can be shared to collaborate among organizations to combat cybercrime and imported to other products. orchestration and automation, advanced investigations, improved collaboration and much more. More info.To read this article in full or to leave a comment, please click here
The National Science Foundation will devote $35 million in research funding over the next five years to accelerate the safe, intelligent, design and control of unmanned aircraft applications.+More on Network World: Hot stuff: The coolest drones+The announcement was part of a wide-ranging White House Office of Science and Technology Policy proclamation to, as it said, promote the safe integration and innovative adoption of unmanned aircraft systems across the United States.The White House Office of Science and Technology Policy is today hosting a workshop on “Drones and the Future of Aviation.”To read this article in full or to leave a comment, please click here
Remembering passwords can be a headache; instead, why not log into your computer with a scan of your eye?The hardware and software to make iris scanning a key feature is now reaching smartphones and PCs. The process is simple: An infrared scanner on a device will scan your iris, and verify its authenticity against encrypted information stored on the device.It's a notable feature in Samsung's Galaxy Note7 smartphone, which was announced on Tuesday. The smartphone has an iris scanner -- used to log in -- on top of its screen.There's an uneasy feeling about the flash of light projected into your eye, but experts believe iris scanning is a more secure form of biometric authentication than fingerprints.To read this article in full or to leave a comment, please click here
Millions of point-of-sale systems and hotel room locks can be hacked by temporarily placing a small, inexpensive device several inches away from their card readers.The device, due to be presented Sunday at the DEF CON conference in Las Vegas, is the creation of Weston Hecker, a senior security engineer at Rapid7. It was inspired by MagSpoof, another device created last year by security researcher Samy Kamkar.MagSpoof can trick most standard card readers to believe a certain card was swiped by generating a strong electromagnetic field that simulates the data stored on the card's magnetic stripe. Kamkar presented it as a way to replace all your cards with a single device, but Hecker took the idea and investigated what else could be done with it.To read this article in full or to leave a comment, please click here