54869371
submission
hypnosec writes:
Just days after Australia-based Gibson Security disclosed two hacks in Snapchat that could allow hackers to gain access to personal data of its users, hackers have managed to get their hands onto basic information of 4.6 million Snapchat users and have leaked it online partially censored. The database dump is available on SnapchatDB and allows anyone to grab it as a SQL dump or CSV text file. The hackers have claimed that they managed to siphon off the data through a recently patched exploit and that they have leaked the details to raise awareness on the issue. “This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue”, reads a statement on SnapchatDB.
54825041
submission
hypnosec writes:
Financial regulators of multiple countries have handed out warnings against the use of virtual currencies like Bitcoins and the latest the join the list is Taiwan. The country’s Financial Supervisory Commission (FSC) and Central Bank have warned citizens against the use of Bitcoin stating that the virtual currency is volatile and it doesn’t have any legal protection. In a joint statement [Google Translated] the FSC and Central Bank warned that Bitcoin hasn’t been issued by any monetary authority of any country and is not a legal tender. The FSC dubbed Bitcoin as highly speculative “virtual goods” and warned that users of the virtual currency should keep in mind risks such as large price fluctuations; theft; hacking of trading platforms; government shutdown; and lack of protection of proprietary risk while using Bitcoin.
54791695
submission
hypnosec writes:
Financial Crimes Enforcement Network (FinCEN), US has cleared up one issue that pertains to Bitcoin mining by siding Bitcoin miners ruling that those who mine it for their own purpose and not for the benefit of another are not an MSB (Money Services Business) under FinCEN’s regulations. The issue came up after miners raised concerns if they can mine Bitcoin for themselves and then trade them for cash at an exchange or spend them directly without being classified as an MSB. The concerns were further aggravated after Jerry Brito, FinCEN stated in a personal letter that Bitcoin miners will be required to register with FinCEN. The issue was taken up on a larger scale by Atlantic City Bitcoin, which operates multiple ASIC miners at its facility in New Jersey. Atlantic City asked FinCEN to clarify the rules and whether miners will be required to register as MSB. FinCen ruled, "To the extent that a user mines Bitcoin and uses the Bitcoin solely for the user’s own purposes and not for the benefit of another, the user is not an MSB under FinCEN’s regulations, because these activities involve neither “acceptance” nor “transmission” of the convertible virtual currency and are not the transmission of funds within the meaning of the Rule."
54741379
submission
hypnosec writes:
The Chinese government has officially banned Battlefield 4 stating that Electronic Arts has developed a game that not only threatens national security of the country, but is also a form of cultural invasion. The country’s Ministry of Culture has issued a notice banning all material retailed to the game in any form including the game itself, related downloads, demos, patches and even news reports. According to reports on PCGames.com.cn [Chinese language], Battlefield 4 has been characterized as illegal game on the grounds that the game endangers national security and cultural aggression.
54701627
submission
hypnosec writes:
Reserve Bank of India (RBI) has cautioned users of virtual currencies like Bitcoin, Litecoin, and Dogecoin on the risks associated with them and that it is looking at the use and trading of these currencies. India's central bank noted because of lack of any approval and authorization from a central authority or bank there are quite a few risks including theft of digital wallets that are used to store the digital currency; absence of any frameworks to tackle customer problems, disputes and charge backs; exposure to potential losses because of high volatility in value of the virtual currencies; legal and financial risks; and breach of anti-money laundering laws because of lack of complete information on counterparts in a peer-to-peer anonymous / pseudonymous systems.
54604383
submission
hypnosec writes:
Evad3rs, the famous iOS jailbreak team, has announced iOS 7 jailbreak that will work in all iDevices including iPhone 5S, iPhone 5C and iPad Air running iOS 7.0 through to iOS 7.0.4. The iOS 7 jailbreak was announced without much of a hype unlike iOS 6. “Merry Christmas! The iOS 7 jailbreak has been released at http://evasi0n.com/ ! All donations will go to @publicknowledge, @eff and @ffii” tweeted evad3rs.
54403455
submission
hypnosec writes:
Google has increased security of Chrome OS by changing the way how third party extensions are installed on the OS. Users were able to download third party extensions (.crx files) and trigger their installation by clicking on them. However, through an update, which was applied to all Chromium projects including the Chrome OS and Chrome browser, Google has blocked this behaviour in a bid to strengthen the security of its offerings and now users who click on these files will be served with an error message and a URL-redirect to Google Explanations page.
54401963
submission
hypnosec writes:
International Telecommunication Union (ITU) has awarded first stage approval to the 500Mbps DSL successor and fiber alternative dubbed G.fast paving way for hardware companies to finalized equipment specifications that will support the new standard. G.fast has been dubbed as a new broadband standard using which access speeds of up to 1 Gbps can be achieved using existing telephone wires. The standard is also looked at as being a potential tool that will enable service providers bring fibre to the home (FTTH) connectivity while allowing for self-installation as in ADSL2. ITU revealed that through the G.fast standard “service providers will benefit from ‘zero touch’ operations, administration and management” that will allow for faster rollout of new services while also easing up migration to G.fast.
54298821
submission
hypnosec writes:
The European Banking Authority (EBA) has issued a warning on the risks involved with virtual currencies like Bitcoin stating that consumers are not protected through any regulation and they may be at risk of losing their money. The EBA warned about the stability of such virtual currencies and said that consumers should be weary of the risks involved with them. Specifically pointing out at the exchanges that act as platforms for trade of such virtual currencies, EBA said that they tend to be unregulated and they are not banks where users can hold their virtual money as a deposit. EBA has warned that users should be aware that they are not protected by any refund rights under EU law when they transact using virtual currencies.
54124803
submission
hypnosec writes:
Researchers have developed and opensourced a low-cost 3D metal printer capable of printing metal tools and objects with cost under £1,000. A team of researchers led by Associate Professor Joshua Pearce at the Michigan Technological University developed the firmware and the plans for the printer and have made it available freely to anyone interested in taking this further. Built with cost of just £913, the open source 3D printer is definitely a huge leap forward as the starting price of commercial counterparts is £300,000. Pearce claimed that their technology will not only allow smaller companies and start-ups to build inexpensive prototypes, but it will allow other scientists and researchers to build tools and objects required for their research without requiring to shell out thousands. The associate professor also claimed that using the technology, countries can use it to print components and parts for machines such as windmills.
53979209
submission
hypnosec writes:
The Free Software Foundation (FSF) has criticized Microsoft’s recent announcement that Redmond was going to reinforce encryption and increase legal transparency to tackle government snooping. Microsoft likened Government snooping to ‘advanced persistent threats’ and put forward a three-fold approach to tackle such issues. Brad Smith, General Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft said that Redmond will be taking actions in three areas which will involve encryption for all its services, enhanced transparency of its software code and reinforced legal protection for customer data. FSF Executive Director John Sullivan said that Microsoft’s promises were meaningless. Sullivan said that Microsoft’s software is fundamentally insecure because of the code is hidden away from users. “Proprietary software like Windows is fundamentally insecure not because of Microsoft's privacy policies but because its code is hidden from the very users whose interests it is supposed to secure”, said Sullivan.
53786669
submission
hypnosec writes:
Fight against Cryptolocker is on as folks over at MalwareMustDie have decided to go all-in against the crypto malware by identifying its C&C domains and getting them suspended. MalwareMustDie has revealed that they have managed to identify a total of 138 Cryptolocker C&C and have been successful in getting them suspended as well. The complete list of blocked domains can be found here.
53689175
submission
hypnosec writes:
Bitcoin miners are being integrated with third party potentially unwanted programs (PUPs) that come bundled with legitimate applications. These miners surreptitiously carry out Bitcoin mining operations on the user’s system consuming valuable CPU time without explicitly asking for user’s consent. Malwarebytes, the company which found evidence of these miners, first came across such an instance of a Bitcoin miner when one of the users of its software requested for assistance on November 22 through a forum post. The user revealed that “jh1d.exe” was taking up over 50 percent of the CPU resource and even after manual deletion the executable was re-appearing. Malwarebytes dug deeper into this and found traces of a miner “jhProtominer”, a popular mining software that runs via the command line”. However, it seems that the company behind the application has a specific clause 3 in EULA that talks about mathematical calculations similar to Bitcoin mining operation. This means that the company behind the software can and will install Bitcoin miners and use system resources to perform operations as required to mine Bitcoins and keep the rewards for themselves.
53606185
submission
hypnosec writes:
A white hat hacker managed to break into multiple email accounts thereby forcing the European Parliament to cutoff its public Wi-Fi access. The French security researcher apparently performed man-in-the-middle attacks on multiple email accounts in a bid to expose the poor security at the Parliament. Through an internal mailer, members of the Parliament were informed that a “hacker has captured the communication between private smartphones and the public Wi-Fi of the Parliament (EP-EXT Network).” The public Wi-Fi has been cut-off indefinitely and users at located at Brussels, Strasbourg and Luxembourg have been advised to apply for certificates and switch to more secure networks.
