Forgot your password?
typodupeerror

+ - The World's Most Hackable Cars->

Submitted by ancientribe
ancientribe (1057834) writes "If you're wondering whether the most tech-loaded vehicles are also the most vulnerable to hackers, there is now research that shows it. Charlie Miller, a security engineer with Twitter, and Chris Valasek, director of security intelligence at IOActive, studied modern auto models and concluded that the 2014 Jeep Cherokee, the 2014 Infiniti Q50, and the 2015 Escalade are the most likely to get hacked. The key is whether their networked features that can communicate outside the vehicle are on the same network as the car's automated physical functions. They also name the least-hackable cars, and will share the details of their new findings next week at Black Hat USA in Las Vegas."
Link to Original Source

+ - Website Hacks Dropped During World Cup Final->

Submitted by PLAR
PLAR (2765185) writes "In case you were wondering: cyber criminals apparently care about who wins the World Cup. Researchers at Imperva studied attack data during the World Cup quarterfinal, semifinal and final matches, and found some interesting stats. Attackers upped their attacks during the quarters and semis — especially during that horrendous match when Germany routed Brazil — and hardly did any hacking during the final."
Link to Original Source

+ - Red Team, Blue Team: The Only Woman On The Team->

Submitted by ancientribe
ancientribe (1057834) writes "Cyber security pro Kerstyn Clover in this Dark Reading post shares some rare insight into what it's like to be a woman in the field. She ultimately found her way to her current post as a member of the incident response and forensics team at SecureState, despite the common societal hurdles women face today in the STEM field: "I taught myself some coding and computer repair in probably the most painstaking ways possible, but my experiences growing up put me at a disadvantage that I am still working to overcome," she writes."
Link to Original Source

+ - How Snowden Did It->

Submitted by ancientribe
ancientribe (1057834) writes "Key clues are emerging that provide a clearer picture of how Edward Snowden may have pulled off the most epic insider leak in history. Security firm Venafi says it has figured out how it all went down: Snowden fabricated SSH keys and self-signed digital certificates to access and ultimately steal the NSA documents, Venafi has concluded based on public information on the breach and their analysis. Venafi is also publicly challenging the NSA and Snowden to prove its conclusion wrong."
Link to Original Source

+ - DDoS Attack Used 'Headless' Browsers In 150-Hour Siege ->

Submitted by ancientribe
ancientribe (1057834) writes "It sounds like a Halloween horror flick, but it's actually a real case of a rare form of a distributed denial-of-service attack (DDoS). The attackers pummeled a trading platform's website this past week in an attack what went on for a whopping 150 hours using a malicious version of a stripped-down browser simulation tool (aka Phantom JS, a headless browser), a tool for website developers to test apps and website loads. Marc Gaffan, co-founder of Incapsula, which fought the attack for the victim (its customer) says: "No one has 180,000 IPs at their disposal unless it's an amalgamation of separate botnets they are using interchangeably. This was a sophisticated and thought-out process.""
Link to Original Source

+ - Stuxnet Expert Dismisses NIST Cyber Security Framework, Proposes Alternative ->

Submitted by Anonymous Coward
An anonymous reader writes "Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran's Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government's Cyber Security Framework. Langner's Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government's framework."
Link to Original Source

+ - Consumer Device Hacking Getting Lost In Translation->

Submitted by ancientribe
ancientribe (1057834) writes "Hackers who hack insulin pumps, heart monitors, HVAC systems, home automation systems, and cars are finding some life-threatening security flaws in these newly networked consumer devices, but their work is often dismissed or demonized by those industries and the policymakers who govern their safety. A grass-roots movement is now under way to help bridge this dangerous gap between the researcher community and consumer product policymakers and manufacturers. The security experts driving this effort appealed to the DEF CON 21 hacking conference audience to help them recruit intermediaries who can speak both hacker and consumer product and policy."
Link to Original Source

+ - Dropbox, WordPress Used As Cloud Cover In New APT Attacks ->

Submitted by ancientribe
ancientribe (1057834) writes "The cyberespionage gang out of China that recently hacked into The New York Times and other media outlet networks is now using Dropbox and WordPress in its attacks rather than traditional email phishing and server compromise, researchers say. Dropbox is being used to distribute malware, and WordPress, for the initial stage of command-and-control to the infected machine--all as a way to remain under the radar. "They are hiding in the noise of cloud computing," said researcher Adam Vincent, CEO of Cybersquared."
Link to Original Source
Security

+ - How Lockheed Martin's 'Kill Chain' Stopped An Attacker Already Inside->

Submitted by ancientribe
ancientribe (1057834) writes "Lockheed Martin's director of cybersecurity provided a rare inside look at how the Defense contractor was able to stop sophisticated attackers who had gotten inside its network from actually stealing anything. Lockheed's multi-million dollar Cyber Kill Chain framework, a combination of security intelligence tools and manpower was built to prevent determined attackers who inevitably gain a foothold in the network from taking anything with them. This Dark Reading article highlights an incident where an attacker posed as one of Lockheed's business partners, using legitimate credentials and a stolen RSA SecurID token."
Link to Original Source
Security

+ - Researcher Proves Repurposed Flame, Duqu Attacks Possible->

Submitted by ancientribe
ancientribe (1057834) writes "The burning question dogging security experts since the discovery of Stuxnet, Flame and Duqu was whether those sophisticated cyberespionage weapons could be retooled and turned on other targets. A researcher has now tested that theory and found that they are recyclable--with some limitations--and that the Flame authors may have purposely limited the scope of their malware to avoid its being abused by other attackers. Boldizsar Bencsath, a member of the CrySys Lab that was instrumental in studying Duqu, shared his findings at the invitation-only Kaspersky Security Analyst Summit last week."
Link to Original Source
Security

+ - Customers Pressuring Software Vendors To Clean Up Their Apps->

Submitted by ancientribe
ancientribe (1057834) writes "Many large companies under regulatory pressures have been working on writing more secure code for their internal applications, but not all software vendors are doing the same. New data from Veracode and BSIMM shows that buyers are putting the squeeze on their software vendors to produce more secure applications. And guess what: the vendors are going along with it and having their apps vetted."
Link to Original Source
Security

+ - RATs Are Found Riddled With Bugs And Weak Encryption->

Submitted by ancientribe
ancientribe (1057834) writes "A couple of college interns have discovered that remote administration tools (RATs) often used for cyberspying and targeted cyberattacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers. RATs conduct keylogging, screen and camera capture, file management, code execution, and password-sniffing,and give the attacker a foothold in the infected machine as well as the targeted organization. This new research opens the door for incident responders to detect these attacker tools in their network and fight back."
Link to Original Source
Security

+ - AT&T Sponsors Zero-Day Hacking Contest For Kids->

Submitted by yahoi
yahoi (1239028) writes "AT&T has teamed up with an 11-year-old hacker and DefCon Kids to host a hacking contest during the second annual conference that runs in conjunction with the adult Def Con hacker show later this month in Las Vegas. The kid who finds the most zero-day bugs in mobile apps wins $1,000 and an IPad, courtesy of DefCon Kids. The contest was inspired by the mini-hacker's discovery last year of a whole new class of mobile app vulnerabilities."
Link to Original Source
Security

+ - Apple Hacker To Demo Dangers Of Near-Field Communications->

Submitted by Anonymous Coward
An anonymous reader writes "Apple's hacker nemesis Charlie Miller, who the company banned from its app store developer program, apparently hasn't been waiting around for his suspension to be lifted. His latest pet project is hacking near-field communications (NFC), and at Black Hat USA in Vegas this month, he will demonstrate the dangers of using your smartphone to pay your cabfare. (But when his Apple "sentence" is up, look out)."
Link to Original Source

If you're not careful, you're going to catch something.

Working...