Cybersecurity & Espionage Articles
Original Post at Softpedia.com
Nearly 820,000 forum accounts leaked following an attack taking advantage of a critical vulnerability in the older versions of vBulletin, one of the widely used Internet forum software. A hacker going by CrimeAgency on Twitter claims to have hacked 126 forums running on vBulletin, stealing personal data belonging to forum admins and registered users, before leaking everything to an underground hacking forum.
0 Comments
Original Post at Softpedia.com
Everyone who has kids loves getting them the latest cool toys available, but some of them are downright dangerous, especially those that are able to connect to the Internet, such as CloudPets. In fact, these adorable little plush toys just managed to leak 800,000 user account credentials and 2 million message recordings for anyone to listen to. Original Post at Fox News
Based just four miles from the Pentagon in northern Virginia is an innocuous-sounding online school for "management and technology" – which a Fox News investigation reveals has been at the center of multiple federal probes about its leadership's alleged ties to the Chinese military and whether thousands of records from U.S. service members were compromised. The University of Management and Technology in Rosslyn, Va., which opened in 1998, touts a campus in Beijing and “partnerships” with universities around the world. The U.S. taxpayer-funded school claims to have had 5,000 graduates in the last five years and to be "especially proud of our students stationed in US military bases around the globe." However, there is another side to the school's leadership that drew the attention of the FBI, the Justice Department, the Pentagon, Immigration and Customs Enforcement, and the Naval Criminal Investigative Service (NCIS) since at least 2012 -- and perhaps as early as 2009. In December 2012, the FBI made two very public raids of UMT and the northern Virginia home of university president Yanping Chen Frame and its academic dean, her husband J. Davidson Frame. Documents reviewed by Fox News show it was a counter-intelligence case, known as a "200d," one of the most highly sensitive categories for a federal probe. Photos, exclusively obtained by Fox News, appear to show Chen as a young officer in the People's Liberation Army, the military wing of China's communist party. Another photo shows Frame saluting his wife, Chen, who is holding a uniform. Three independent experts said it was a Chinese military colonel’s uniform. Original Post at HelpNetSecurity
If you want to know about which cyber defenses are most effective and which are a waste of money and resources, ask a hacker. And that’s just what Nuix researchers did. Original Post at TheRegister.com
Back in December 2011, Michael Thomas did what many sysadmins secretly dream of doing: he trashed his employer's network and left a note saying he quit. As well as deleting ClickMotive's backups and notification systems for network problems, he cut off people's VPN access and "tinkered" with the Texas company's email servers. He deleted internal wiki pages, and removed contact details for the organization's outside tech support, leaving the automotive software developer scrambling. The real-life BOFH then left his keys, laptop, and entry badge behind with a letter of resignation and an offer to stay on as a consultant. What Thomas didn't consider while leaving his elaborate "screw you" was that he might be breaking the law. Just under two years later, he was charged with a single felony count of "intentionally causing damage without authorization, to a protected computer." He was found guilty by a jury in June last year, and in August was sentenced to time served plus three years of supervised release. He was also ordered to pay $130,000. Now, however, Thomas is appealing [PDF] that conviction in the Fifth Circuit Court of Appeals in New Orleans using a legal defense that may have enormous implications for sysadmins across the entire United States. In essence, Thomas is arguing that, yes, while he did intentionally cause damage it wasn't "without authorization." In fact, he was expressly authorized to access all the systems he accessed, and he was expressly authorized to carry out the deletions he did – every sysadmin in the world deletes backups, edits notification systems and adjusts email systems. In fact, it's fair to say that is a big part of the job they are paid to carry out. Original Post at DarkReading
If the methods used by penetration testers to break into a network are any indication, a majority of malicious attackers require less than 12 hours to compromise a target. Four in ten can do it in barely six hours. Original Post at Softpedia.com
Google researchers, alongside academics, have demonstrated that nothing is impossible by producing two different documents that have the same SHA-1 hash signatures. And that's a big deal. Original Post at Softpedia.com
Every parent's nightmare seems to be coming true after it was revealed hackers could easily turn a doll called "My Friend Cayla" into a spying device. It seems that German regulators have banned the Internet-connected doll, urging parents to disable the interactive toy. "Items that conceal cameras or microphones and that are capable of transmitting a signal, and therefore can transmit data without detection, compromise people's privacy," said Jochen Homann, the chief of the Federal Network Agency. The Agency stressed that this applies in particular to children's toys, including this Cayla doll which kids can ask questions, waiting for it to look it up online and provide an answer, which is voiced by the doll. There's also the fact that companies could use the toys to advertise directly to children, which makes the situation even creepier given how vulnerable kids are to such influences. The warning states that anything a child says can be recorded, alongside with everything else people around the doll say, including private conversations. "If the manufacturer has not adequately protected the wireless connection, the toy can be used by anyone in the vicinity to listen in on conversations undetected," they add. Original Post at Softpedia.com
Israeli security researchers at Ben Gurion University have found a way to convert typical headphones into microphones and then use them to record audio in the room just like a fully-featured spying device. Internal Ticketmaster emails show the company hacked into one of its rivals, lawsuit claims2/15/2017 Original Post at Business Insider
Ticketing company Ticketmaster is being accused in a lawsuit of using information provided by a former employee of a rival company to hack into that rival's databases. Back in 2015, Songkick — another ticket-selling service — brought an antitrust case against Ticketmaster in the US, a case that is ongoing. In documents from a California federal court published on Wednesday, Ticketmaster is accused of hiring away an executive from CrowdSurge (a company which merged with Songkick). That executive allegedly kept tens of thousands of internal company documents from his former employer, and gained unauthorised access to CrowdSurge's internal systems, the suit claims. Original Post at HelpNetSecurity.com
The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University released the fifth edition of the Common Sense Guide to Mitigating Insider Threats. The guide describes 20 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so. “The new edition of the guide comes at critical time for organizations developing insider threat programs,” said Randy Trzeciak, technical manager of the CERT Insider Threat Center. “The insider threat landscape has changed considerably since the previous edition, especially with new directives that government and government-contractor organizations must follow.” Original Post at ABC News.com
There is an increasing concern that America’s airports are vulnerable to "insider threats" by would-be “lone wolf” attackers with access to secure areas, according to a new report by the House Homeland Security Committee. “America’s airports and aircraft remain vulnerable to attack and exploitation by nefarious individuals,” the report says. “Current security standards would likely fail to prevent a determined adversary with insider access from causing harm to an airport or aircraft.” Most of the 900,000 people who work at airports across the country can bypass normal security screening on a regular basis, according to the committee. Only three airports -- Miami, Orlando, and Atlanta International -– screen 100 percent of employees (and their baggage) before allowing them to enter the airport’s secure areas. Many of the rest rely on scattered random screening and credentialing, exposing worrisome “security flaws” that could be exploited in "'lone wolf' attacks being inspired by terrorist groups like ISIS," says the report. |
Cyber-CyI find interesting articles on the web that are simple, down-to-earth, easy to understand, and (hopefully) informative for non-technical readers. Archives
November 2022
Categories |