Cybersecurity & Espionage Articles
Original Post at HotAir.com
The problem is the advice ended up largely incorrect, Mr. Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess, he laments. Changing Pa55word!1 to Pa55word!2 doesn’t keep the hackers at bay. Also off the mark: demanding a letter, number, uppercase letter and special character such as an exclamation point or question mark—a finger-twisting requirement. “Much of what I did I now regret,” said Mr. Burr, 72 years old, who is now retired.
0 Comments
Original Post at c|net
Last month's hack of HBO may be more extensive than originally thought. The hackers who posted several of HBO's new episodes and a "Game of Thrones" script online in late July have published a month's worth of emails from the inbox of one of the entertainment company's executives, The Hollywood Reporter reported Monday. The report didn't identify the executive or the contents of the emails. Hackers also addressed a video letter to HBO CEO Richard Plepler that demands the company demand payment of money, although the figure was redacted, according to the report. We successfully breached into your huge network. … HBO was one of our difficult targets to deal with but we succeeded (it took about 6 months)," the letter to Plepler said. The hackers said HBO marked their 17th victim, and only three have failed to pay. HBO is the latest entertainment company to suffer a hack that resulted in the loss of valuable, jealously guarded content. Hackers claim to have stolen 1.5TB of data from the company, including forthcoming episodes of "Ballers" and "Room 104," and posting them online. Hackers warned last month that more material was yet to come. HBO said its forensic review of the incident is ongoing and noted that it believed further leaks were forthcoming. "While it has been reported that a number of emails have been made public, the review to date has not given us a reason to believe that our e-mail system as a whole has been compromised," the company said in a statement. Original Post at Softpedia
Ariana Grande is the latest celebrity that gets hacked, though this time no nude photos are involved and the attack is not part of the Fappening saga that impacted so many singers and actresses in the US and worldwide. This time, hackers managed to take control of Ariana Grande’s Instagram account, and the attackers started posting racist and homophobic messages, while also threatening other American stars to breach their accounts. While no hacking group or individual claimed the attack, the Instagram account is believed to have been breached by a fan of Selena Gomez and Kylie Jenner, as reported by clevver. The main evidence pointing in this regard is some of the messages posted by the hacker, who called for Ariana Grande fans to follow two different accounts whose profile picture showing the two stars. Of course, this is just a guess, and at this point there is no confirmation that the attacker is a fan of a different celebrity or he only tried to boost the number of followers of his other accounts. Original Post at The Register
Hackers can exploit trivial flaws in network-connected Siemens' medical scanners to run arbitrary malicious code on the equipment. These remotely accessible vulnerabilities lurk in all of Siemens' positron emission tomography and computed tomography (PET-CT) scanners running Microsoft Windows 7. These are the molecular imaging gizmos used to detect tumors, look for signs of brain disease, and so on, in people. They pick up gamma rays from radioactive tracers injected into patients, and perform X-ray scans of bodies. US Homeland Security warned on Thursday that exploits for bugs in the equipment's software are in the wild, and "an attacker with a low skill would be able to exploit these vulnerabilities." That's because the flaws lie within Microsoft and Persistent Systems' code, which runs on the Siemens hardware, and were patched years ago. The patches just didn't make their way to the scanners. That means an attacker on, say, a hospital network could access the machines and hijack them, or from afar over the internet if the device isn't properly secured and left facing the public web. "Siemens has identified four vulnerabilities in Siemens’ Molecular Imaging products running on Windows 7," said Homeland Sec's ICS-CERT wing. "Siemens is preparing updates for the affected products. These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are known to be publicly available." Original Post at Fox News Tech
A security expert claims hackers could turn the Amazon Echo into a covert microphone. MWR Info Security researcher Mark Barnes was able to hack the smart speaker, letting him hear an audio stream of everything the device hears, in addition to letting him take control of it. "The Amazon Echo is vulnerable to a physical attack that allows an attacker to gain a root shell on the underlying Linux operating system and install malware without leaving physical evidence of tampering," Barnes wrote in a blog post, announcing his findings. "Such malware could grant an attacker persistent remote access to the device, steal customer authentication tokens, and the ability to stream live microphone audio to remote services without altering the functionality of the device." Barnes was able to initiate the hack by peeling off the rubber base of the Echo and exposing a grid of electrical contacts. From there, Barnes was able to watch the Echo turn on, figure out its configuration and insert software that took control of the device. Though Barnes describes hacking the device is "trivial," a potential hacker would need physical access to the device, which the researcher describes as "a major limitation." Original Post at GOV Info Security
More than 1 billion compromised usernames and passwords are floating around on lists on the internet. That's bad news for anyone running an online service. Sooner or later, a hacker will use details on the lists to attempt to take over accounts. Unfortunately, a lack of user-friendly alternatives to usernames and passwords for authentication means nothing is going to change much soon. Although two-factor authentication can block the recycling of known credentials, its use is still far from widespread. But Troy Hunt, a security expert who runs the Have I Been Pwned data breach notification service, has an idea to help organizations prevent people continuing to use their own compromised passwords or selecting ones that have been leaked. His effort is aimed at companies battling what's known as "credential stuffing. That's when hackers cycle through the lists trying to find combinations of credentials that unlock someone's account. Credential stuffing has been fueled over the last few years by large breaches at LinkedIn, MySpace, Dropbox and many more (see 'Historical Mega Breaches' Continue: Tumblr Hacked). Companies contact him nearly every other day saying they are getting "hammered" by use of the password lists, Hunt says. While there are defensive actions services can take, there's ultimately no good defense against a hacker who has valid user credentials. "Credential stuffing is just becoming enormously destructive at the moment," Hunt says. "It is a very, very hard problem." Original Post at Miami Herald
An internet realm known as the dark web was once promoted as a safe haven for political dissidents and libertarians worldwide, and financed partly by the State Department. But it has turned into a criminal cesspool. Rogue hackers sell stolen credit card information there, and gun runners peddle every variety of weapon. Pedophiles and malware merchants lurk in its confines alongside opioid dealers and human traffickers. What happens on the dark web is so ugly that cybersecurity firms that comb its data routinely share the information with the FBI and other law enforcement agencies. “All us work in partnership with law enforcement, when possible and necessary, to combat this,” said Danny Rogers, chief executive of Terbium Labs, a Baltimore, Maryland, company that specializes in automated combing of the dark web. |
Cyber-CyI find interesting articles on the web that are simple, down-to-earth, easy to understand, and (hopefully) informative for non-technical readers. Archives
November 2022
Categories |