Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Thousands Lose Money in Tesco Bank Hack

wiredmikey writes: Tesco Bank, wholly owned by the UK's largest supermarket chain Tesco, said that some of its customers' had money withdrawn fraudulently as a result of "online criminal activity."

Benny Higgins, the bank's chief executive, said 40,000 of current accounts had experienced suspicious transactions and about half had money taken from their account. Customers are reporting on social media individual thefts of £600 and £700. One report quotes a customer complaint: "Spoke to Tesco after 1 hour 20 minutes on hold, like others, just waiting for a call back and no sign of my £2,400 today. I'm taking the day off work, I can't go in feeling as low as this."

Submission + - U.S. Officially Accuses Russia of Election Hacks

wiredmikey writes: The U.S. government has officially accused Russia of being behind cyberattacks against American political organizations with the intent of interfering with the upcoming Presidential election in November.

“The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations,” a joint statement from the Department of Homeland Security (DHS) and Office of the Director of National Intelligence said.

"We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities," the statement adds.

In August, researchers from two security firms uncovered evidence that they say linked a Russian threat actor to the cyberattack targeting the U.S. Democratic Congressional Campaign Committee (DCCC).

Submission + - Microsoft Teams with Bank of America on Blockchain

wiredmikey writes: Microsoft and Bank of America Merrill Lynch said they are working together to make financial transactions more efficient with blockchain technology — the foundation of bitcoin digital currency.

Blockchains are considered tamper-proof registers in which entries are time-stamped and linked to previous "blocks" in a data chain. As expected, the technology that drives the shadowy bitcoin cryptocurrency is drawing interest from the established banking industry, which sees a potential to revolutionize the sector.

The companies said they will build and test frameworks for blockchain-powered exchanges between businesses and their customers and banks. Microsoft plans to use its Azure cloud service platform to enable blockchain transactions between a major corporate treasury and a financial institution.

Submission + - Security Researchers Remotely Hack Tesla Model S

wiredmikey writes: Security researchers from China-based Tencent have identified a series of vulnerabilities that can be exploited to remotely hack an unmodified Tesla Model S while it’s parked or on the move. While the vehicle was parked, the experts could control the sunroof, turn signals, the position of the seats, all displays, and the door locking system. While the car was on the move, the hackers could activate the windshield wipers, fold the side view mirrors, and open the trunk. They also demonstrated that a remote hacker can activate the brakes from a long distance.

“As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars,” the researchers said. “We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.”

According to Keen Lab, Tesla has confirmed the flaws and is working on addressing them.

Submission + - Researcher Proves FBI Wrong With iPhone Passcode Hack (securityweek.com)

wiredmikey writes: A researcher has demonstrated that a known hardware hacking technique known as NAND mirroring could have been used to bypass the passcode retry limitations on the San Bernardino shooter’s iPhone, despite the FBI’s claims that the technique would not work.

NAND mirroring involves removing the NAND flash memory chip from the device by desoldering it and creating backup copies or clones of the chip. By cloning the chip, the original memory is fully preserved while the copies can be used as many times as necessary to figure out the 4-digit passcode. Skorobogatov conducted a successful attack using off-the-shelf components bought from an electronics distributor for less than $100.

Submission + - White House Names First Federal CISO

wiredmikey writes: The White House today announced that Brigadier General (retired) Gregory J. Touhill has been named the first Federal Chief Information Security Officer (CISO). Back in February, President Barack Obama unveiled a cybersecurity "national action plan" (CNAP) which called for an overhaul of aging government networks and a high-level commission to boost security awareness. As part of the plan, the White House said it would hire a federal CISO to direct cybersecurity across the federal government. General Touhill is currently the Deputy Assistant Secretary for Cybersecurity and Communications in the Office of Cybersecurity and Communications (CS&C) at the Department of Homeland Security (DHS).

The key hire comes at a time when the government needs cybersecurity talent more than ever. Earlier this week a report published a U.S. House of Representatives Committee said the data breaches disclosed by the Office of Personnel Management (OPM) last year were a result of culture and leadership failures, and should not be blamed on technology.

Submission + - Intel to Spin Off McAfee as Independent Security Firm (securityweek.com)

wiredmikey writes: Six years after announcing that it would acquire security firm McAfee, Intel said it would spin off its security division as an independent company under the name McAfee, valuing the company at $4.4 billion--far less than the $7.68 billion the company paid to acquire the company in 2011. Intel will receive $3.1 billion in cash and retain the 49 percent stake after completion of the transaction

The McAfee brand, created by anti-virus software pioneer John McAfee, suffered some damage after the founder was wanted in Belize for questioning over the murder of his neighbor in late 2012, sparking months of dramatic events and a wild goose chase across Central America.

While Intel and its investment partner TPG could have used the spinoff as a chance to ditch the McAfee name altogether, it has chosen to stand by its brand, despite the negative association and PR issues with its former founder.

Submission + - Maxthon Web Browser Sends Sensitive Data to China

wiredmikey writes: Security experts have discovered that the Maxthon web browser collects sensitive information and sends it to a server in China. Researchers warn that the harvested data could be highly valuable for malicious actors.

Researchers at Fidelis Cybersecurity and Poland-based Exatel recently found that Maxthon regularly sends a file named ueipdata.zip to a server in Beijing, China, via HTTP. Further analysis (PDF) revealed that ueipdata.zip contains an encrypted file named dat.txt. This file stores information on the operating system, CPU, ad blocker status, homepage URL, websites visited by the user (including online searches), and installed applications and their version number.

Interestingly, In 2013, after the NSA surveillance scandal broke, the company boasted about its focus on privacy and security, and the use of strong encryption.

Submission + - Facebook Messenger to Add Strong Encryption

wiredmikey writes: Facebook announced Friday it would roll out optional "end to end encryption" for its Messenger application, following a trend aimed at stronger security and protection against snooping. The new feature will be known as "secret conversations" which can be read only by the sender and recipient. Facebook shared technical details about its implementation of the security in a technical white paper (PDF).

Facebook earlier this year began implementing this end-to-end encryption on its WhatsApp messaging service.

Submission + - Malware Steals Data From Air-Gapped Devices via Fans (securityweek.com)

wiredmikey writes: Researchers have demonstrated that data can be stolen using fans and a mobile phone placed in the vicinity of the targeted machine. The method, dubbed Fansmitter, leverages the noise emitted by a computer’s fans to transmit data.

Researchers from Ben-Gurion University of the Negev explained (PDF) that a piece of malware installed on the targeted air-gapped computer can use the device’s fans to send bits of data to a nearby mobile phone or a different computer equipped with a microphone.

Submission + - Singapore Blocking Internet Access on Government Computers (securityweek.com)

wiredmikey writes: Singapore will be cutting off Internet access for government work stations within a year for security reasons.

A surprise move in one of the world's most wired countries, the measure was aimed at preventing cyber attacks and the spread of malware.

Public servants will reportedly still have access to the Internet on their personal devices, and dedicated Internet-linked terminals will be issued to civil servants who need them for work.

Submission + - "SandJacking" Attack Allows Install of Evil iOS Apps (securityweek.com)

wiredmikey writes: An unpatched iOS vulnerability can be exploited to replace legitimate applications with a rogue version that allows attackers to access sensitive information without raising any suspicion.

While Apple's iOS 8.3 prevents the installation of an app that has an ID similar to an existing one, security researcher Chilik Tamir discovered a new method, which he dubbed “SandJacking."

Tamir demonstrated the SandJacking attack at the Hack In The Box (HITB) conference in Amsterdam on Thursday using Skype as the targeted application. However, the researcher told SecurityWeek that SandJacking attacks have been successfully tested against numerous popular applications.

The vulnerability was discovered in December 2015 and reported to Apple in January. The tech giant has confirmed the issue, but a patch has yet to be developed. Once Apple addresses the flaw, Tamir says he will release a SandJacker tool that automates the entire process of pushing malicious apps to iOS devices via the SandJacking vulnerability.

Submission + - Microsoft May Ban Your Favorite Password

wiredmikey writes: Microsoft is taking a step to better protect users by banning the use of weak and commonly-used passwordsacross its services.

Microsoft has announced that it is dynamically banning common passwords from Microsoft Account and Azure Active Directory (AD) system. In addition to banning commonly used passwords to improve user account safety, Microsoft has implemented a feature called smart password lockout, meant to add an extra level of protection when an account is attacked.

Microsoft is seeing more than 10 million accounts being attacked each day, and that this data is used to dynamically update the list of banned passwords. This list is then used to prevent people from choosing a common or similar password.

Submission + - Millions Stolen in Coordinated ATM Heist (securityweek.com)

wiredmikey writes: A manhunt is underway for criminals who looted millions from Japan's cash machines nationwide in an hours-long heist, officials and reports said Monday.

Armed with fake credit card details from South Africa's Standard Bank, the thieves hit 1,400 convenience store ATMs in a coordinated attack earlier this month. The international gang members, reportedly numbering around 100 people, each made a series of withdrawals in less than three hours, Japanese media said. Japanese police declined to confirm the robbery, but Standard Bank acknowledged the heist and put its losses at around $19 million.

Submission + - SWIFT Bank Hacks Show Links to Sony Attack

wiredmikey writes: The malware used in the $81 million Bangladesh Central Bank heist could be be linked to the massive attack against Sony Pictures in 2014, according to a new report. Malware used on SWIFT based systems against a commercial bank in Vietnam, in addition to the attack in Bangladesh, appears to be based off a similar common code-base, according to BAE Systems.

While experts from BAE Systems believe the same attacker was behind the attacks in Bangladesh and Vietnam, they did not attribute the attack to any specific group or nation.

Slashdot Top Deals

When all else fails, read the instructions.

Working...