Posts Tagged ‘ cyber warfare ’

AdultFriendFinder network hack exposes 412 million accounts

November 14, 2016
posted by

ZDNet ZDNet    

"A massive data breach targeting adult dating and entertainment company Friend Finder Network has exposed more than 412 million accounts. The hack includes 339 million accounts from AdultFriendFinder.com, which the company describes as the 'world's largest sex and swinger community.' That also includes over 15 million 'deleted' accounts that wasn't [sic] purged from the databases. On top of that, 62 million accounts from Cams.com, and 7 million from Penthouse.com were stolen, as well as a few million from other smaller properties owned by the company." (11/13/16)

http://www.zdnet.com/article/adultfriendfinder-network-hack-exposes-secrets-of-412-million-users/  

No Comments »

Google enacts stricter penalties on sites that continuously spread malware

November 9, 2016
posted by

TechCrunch    

"Google has been protecting users against dangerous and harmful websites for many years by warning web surfers when they accidentally click on links that could lead them to sites that spread malware or attempt to phish for your private information. But many sites figured out how to work around Google's policies. Instead of cleaning up their act, they would instead temporarily make adjustments so their site would appear to be compliant when Google verified it, then return to harming users once Google's warnings were removed. Now, Google says it's putting a stop to this behavior by classifying these sites as 'repeat offenders' and enforcing stricter penalties." (11/09/16)

https://techcrunch.com/2016/11/09/google-enacts-stricter-penalties-on-sites-that-continuously-spread-malware/  

No Comments »

UK: Tesco Bank suspends “all transactions” as 20,000 customers lose money in hack

November 7, 2016
posted by

Independent [UK]    

"Tesco Bank has taken the drastic measure of temporarily halting all online transactions after thousands of customers have seen hundreds of pounds wiped from their savings accounts over the weekend due to an online hacking attack. Benny Higgins, chief executive of Tesco Bank, on Monday, confirmed that that about 20,000 customers have had money taken from their accounts, with 'suspicious activity' identified in another 20,000. ... The bank, which has more than 7 million customers account confirmed 'fraudulent criminal activity' was first identified late on Saturday." (11/07/16)

http://www.independent.co.uk/news/business/news/tesco-bank-accounts-suspended-transactions-access-frozen-hack-money-la-a7402006.html  

No Comments »

Researchers: Amateur hackers probably caused Internet meltdown

October 27, 2016
posted by

Los Angeles Times Los Angeles Times    

"Some have worried that the massive cyberattack that disrupted the Internet on Friday was the work of Russian government-backed hackers, politically motivated hacktivists or sophisticated cybercriminals. But researchers at cyber-intelligence firm Flashpoint say the Internet meltdown may have been carried out by amateurs who haunt a popular hacking forum. ... Other experts agree with Flashpoint's assessment. 'I think they are right. I don't believe the Friday attackers were financially or politically motivated,' said Mikko Hypponen, chief research officer at cybersecurity firm F-Secure. 'It was such an untargeted attack, it's hard to find a good motive for it. So, kids.'" (10/27/16)

http://www.latimes.com/business/autos/la-fi-tn-cyberattack-hackers-20161026-story.html  

No Comments »

Who’s responsible when your DVR launches a cyberattack?

October 25, 2016
posted by

The Atlantic The Atlantic
by Kaveh Waddell  

"There might be an alternative to government action: Perhaps an individual or a company could sue manufacturers of faulty devices directly for their negligence. Steve Rubin, a cybersecurity lawyer at Moritt Hock & Hamroff, says the legal framework for such a suit may already exist in tort and contract law. A manufacturer would be in breach of contract, for example, if it sold a product it claimed was safe but that wasn't. A civil suit against a manufacturer for leaving its products vulnerable to botnets would take a 'smart and creative lawyer,' said McAndrews. 'They would be in uncharted territory.' Without some sort of legal risk for device manufacturers that put out faulty and dangerous machines, the lawyers agreed, it could be very hard to raise the standard of internet-of-things security. (Of course, for attorneys who specialize in cybersecurity, more internet-security regulations usually means more work.)" (10/25/16)

http://www.theatlantic.com/technology/archive/2016/10/whos-responsible-when-your-dvr-launches-a-cyberattack/505322/  

1 Comment »

US: NHTSA releases best practice guidelines for vehicle cybersecurity

October 24, 2016
posted by

TechCrunch    

"Following its release of guidelines for automakers regarding self-driving cars, the National Highway Traffic Safety Administration has released a similar set of guidelines or 'best practices' for cybersecurity in vehicles, designed to provide guidance for car makers. The best practices document is 22 pages and is non-binding, meaning there's no regulatory imperative requiring that car makers meet these standards. The stated purpose of the document is to help improve car security in the face of hacking attempts and to encourage auto manufacturers to proactively incorporate this kind of thinking in their efforts as a matter of course." (10/24/16)

https://techcrunch.com/2016/10/24/nhtsa-releases-best-practice-guidelines-for-vehicle-cybersecurity/  

No Comments »

Law enforcement is useless against cyber attacks

October 23, 2016
posted by

Jeffrey Tucker Foundation for Economic Education
by Jeffrey A Tucker  

"Ecuador's actions against [Julian] Assange were a message to Wikileaks: stop releasing unflattering information on the candidate who stands the best chance of improving relations with the US. The DDoS attack was the response by the hacker community. Julian had been bonked on the nose and the hackers rose up and said: back off. The attack sent the message: don't mess with the freedom of information or else we'll unplug the motor of the world. ... As much as I despise this kind of invasion of people's property and the disruption of information flows, that a distributed hacker community could cause all this chaos with the push of a button is impressive in its own right. ... Law enforcement in this case is in the position of being a spectator. The idea that any company such as Dyn should rely on government to fix its problems is preposterous. Everyone knows it. The way toward a less vulnerable Internet infrastructure is through more innovation." (10/22/16)

https://fee.org/articles/law-enforcement-is-useless-against-cyber-attacks/  

1 Comment »

A scandal that reveals more than it says: Yahoo scanned all users’ mail for the government

October 6, 2016
posted by

CounterPunch CounterPunch
by Alfredo Lopez  

"If you are one of the approximately 280 million people with Yahoo email accounts, your email was scanned for content and possibly turned over to the U.S. government. Yahoo, on Tuesday, admitted that fact. ... As shocking as this revelation is, the reaction of other Internet companies has been gallingly disengenuous." (10/06/16)

http://www.counterpunch.org/2016/10/06/87357/  

No Comments »

Yahoo email surveillance: The next front in the fight against mass surveillance

October 5, 2016
posted by

Electronic Frontier Foundation Electronic Frontier Foundation
by Andrew Crocker and Mark Rumold  

"Mass surveillance of Yahoo's emails is unconstitutional for the same reasons that it's unconstitutional for the government to copy and search through vast amounts of communications passing through AT&T's network as part of Upstream. The sweeping warrantless surveillance of millions of Yahoo users' communications described in the Reuters story flies in the face of the Fourth Amendment's prohibition against unreasonable searches. Surveillance like this is an example of 'general warrants' that the Fourth Amendment was directly intended to prevent. (Note that, as we've explained before, it is irrelevant that Yahoo itself conducted the searches since it was acting as an agent of the government.) While illegal mass surveillance is sadly familiar, the Yahoo surveillance program represents some deeply troubling new twists." (10/04/16)

https://www.eff.org/deeplinks/2016/10/yahoo-email-surveillance-next-front-fight-against-mass-surveillance  

No Comments »

Delete Yahoo (and all its surveilling ilk)

October 5, 2016
posted by

Living Freedom
by Claire Wolfe  

"There are obviously still a lot of questions here including some extremely basic ones. Did Yahoo really do this? Was the request made by the NSA or the FBI? What were the specific terms the company was 'directed' to scan for? What other companies received similar requests and how did they respond? Not to mention the larger questions like what the hell is a security directive? How does it differ from a warrant or a subpoena? Why was it used instead of a subpoena when this was apparently part of a criminal investigation? What gives some random federal agency the authority to issue one? And what law or principle requires any private company to submit to a non-warrant/non-subpoena piece of paper from the fedgov?" (10/05/16)

http://www.clairewolfe.com/blog/2016/10/05/delete-yahoo-and-all-its-surveilling-ilk/  

No Comments »

Kaspersky releases decryption tool for Polyglot ransomware

October 4, 2016
posted by

ZDNet ZDNet    

"Kaspersky has released a decryption tool for the Polyglot ransomware to assist victims in recovering their files without giving in and paying a fee. On Monday, the cybersecurity firm launched the free tool, which is suitable for the Polyglot Trojan which is also known as MarsJoke, a strain which has been linked to attacks on government targets. Ransomware is a particularly nasty kind of malware which has hit the headlines over the past year after targeting victims including businesses, hospitals and universities." (10/04/16)

http://www.zdnet.com/article/one-more-bites-the-dust-kaspersky-releases-decryption-tool-for-polyglot-ransomware/  

No Comments »

Brace yourselves — source code powering potent IoT DDoSes just went public

October 3, 2016
posted by

Ars Technica Ars Technica    

"KrebsOnSecurity's Brian Krebs reported on Saturday that the source code for 'Mirai,' a network of Internet-connected cameras and other 'Internet of things' devices, was published on Friday. Dale Drew, the chief security officer at Internet backbone provider Level 3 Communications, told Ars that Mirai is one of two competing IoT botnet families that have recently menaced the Internet with record-breaking distributed denial-of-service (DDoS) attacks -- including the one that targeted Krebs with 620 gigabits per second of network traffic, and another that hit French webhost OVH and reportedly peaked at more than 1 terabit per second." (10/02/16)

http://arstechnica.com/security/2016/10/brace-yourselves-source-code-powering-potent-iot-ddoses-just-went-public/  

No Comments »

Hacker who leaked US military “kill list” for Islamic State sent behind bars

September 27, 2016
posted by

ZDNet ZDNet    

"An ISIS supporter who hit the headlines after breaking into computer systems in order to steal and leak the details of military personnel has been awarded a sentence of 20 years in prison for his crimes. Ardit Ferizi, also known as 'Th3Dir3ctorY,' was charged at the Eastern District of Virginia court by US District Judge Leonie Brinkema last week, according to the US Department of Justice (DoJ). ... Ferizi, who once lived in Malaysia, was arrested by local police on a provision arrest warrant on behalf of US law enforcement and later pleaded guilty to all charges." (09/26/16)

http://www.zdnet.com/article/hacker-who-leaked-us-military-kill-list-for-isis-sent-behind-bars/  

No Comments »

Yahoo reveals biggest hack in history

September 23, 2016
posted by

CNet News CNet News    

"Yahoo revealed that hackers accessed data on at least half a billion of its users in a 2014 leak. The breach exposed at least 500 million accounts' names, email addresses, phone numbers, dates of birth and, in some cases, security questions and answers, the company said Thursday. Encrypted passwords, jumbled up so only someone with the right computer code can read them, were also taken. It's one of the largest-scale attacks at a time when massive hacks have become commonplace. The internet pioneer said it's 'working closely with law enforcement' on the breach, and believe that it was from a 'state-sponsored actor,' though it did not specify what country. Yahoo is urging its users who haven't changed their passwords since 2014 to do so." (09/22/16)

https://www.cnet.com/news/yahoo-500-million-accounts-hacked-data-breach/  

1 Comment »

White House contractor’s leaked email reveals Secret Service plans, Michelle Obama passport

September 23, 2016
posted by

NBC News NBC News    

"A White House contractor's email appears to have been hacked, leaking material ranging from Michelle Obama's passport to the number of stairs the Secret Service anticipated Joe Biden would be climbing during a trip to Cleveland. The emails were sent from the Gmail account of Ian Mellul, who is a contractor employed as an advance associate at the White House .... A senior U.S. intelligence official called the hack 'the most damaging compromise of the security of the President of the United States that I've seen in decades, all caused by a careless staffer who compromised information outside government systems merely for convenience.' ... The White House contractor's emails were made public by DC Leaks, the group that last week also printed emails from former Secretary of State Colin Powell." (09/22/16)

http://www.nbcnews.com/politics/politics-news/white-house-contractors-leaked-email-reveals-secret-service-plans-michelle-n652621  

No Comments »

Leaked emails: Colin Powell on the Clintons and Trump

September 15, 2016
posted by

The Daily Beast    

"You've never heard Colin Powell talk like this. The former secretary of state and four-star Army general who has been in the national spotlight since he was Ronald Reagan's national security advisor let loose on Hillary Clinton ('greedy, not transformational'), her husband Bill (still 'dicking bimbos'), and Donald Trump (a 'national disgrace'). The frank, biting version of Powell made public is thanks to private emails that appeared on dcleaks.com, a mysterious repository for hacked information suspected to be of Russian origin. Powell's office confirmed to The New York Times that the emails were genuine."

http://www.thedailybeast.com/articles/2016/09/14/colin-powell-bombs-bill-hillary-and-trump.html  

No Comments »

Guccifer 2.0 leaks more DNC documents

September 14, 2016
posted by

New York Daily News    

"Hacker Guccifer 2.0 released more Democratic National Committee documents in the latest leak Tuesday. The 600-megabyte data dump revealed at a London cybersecurity conference included spreadsheets that appeared to show DNC donors' personal information, Politico reported. Officials at the DNC, the party's electoral strategy organization, said they were aware of more documents 'stolen [sic] by Russian agents.'" [editor's note: I guess they don't think the "pay no attention to the content, THEM RUSSIANS ARE OUT TO GETTTTTT YOUUUUUU!" approach is worn out yet - TLK] (09/13/16)

http://www.nydailynews.com/news/politics/dnc-anticipates-leak-hacked-documents-article-1.2791055  

No Comments »

Democratic Party tactics for “dealing” with Black Lives Matter leaked by hacker

September 1, 2016
posted by

International Business Times    

"An internal memo reportedly hacked from the personal computer of Nancy Pelosi, the top Democrat in the US House of Representatives, shows how officials were briefed on how to respond to the Black Lives Matter (BLM) movement -- including 'tactics' on how to answer questions by activists. The document, reportedly authored in November last year by a staffer called Troy Perry .... instructs Democratic Party officials to 'meet with local activists.' He wrote: 'If approached by BLM activists, campaign staff should offer to meet with local activists. Invited BLM attendees should be limited. Please aim for personal or small group meetings.' He advised to 'listen to their concerns' but 'don't offer support for concrete policy positions.'" [hat tip -- Angela Keaton] (08/31/16)

http://www.ibtimes.co.uk/democratic-party-tactics-dealing-black-lives-matter-leaked-by-hacker-1578918  

No Comments »

Dropbox employee’s password reuse led to theft of 60 million+ user credentials

August 31, 2016
posted by

TechCrunch    

"Dropbox disclosed earlier this week that a large chunk of its users’ credentials obtained in 2012 was floating around on the dark web. But that number may have been much higher than we originally thought. Credentials for more than 60 million accounts were taken, as first reported by Motherboard and confirmed by TechCrunch sources. The revelation of a password breach at Dropbox is an evolution of the company’s stance on the 2012 incident -- the company initially said that user emails were the only data stolen." (08/30/16)

https://techcrunch.com/2016/08/30/dropbox-employees-password-reuse-led-to-theft-of-60m-user-credentials/?ncid=mobilenavtrend  

No Comments »

FBI says hackers penetrated state election systems

August 30, 2016
posted by

New York Daily News    

"Foreign hackers penetrated two separate state election databases in recent weeks, the FBI is warning state election officials. The FBI's Cyber Division sent a 'slash' alert warning election officials nationwide to enhance their security measures ahead of this November's elections. ... Illinois and Arizona were the states targeted." [editor's note: For real, or "!THEM RUSSIANS!" security theater? - TLK] (08/29/16)

http://www.nydailynews.com/news/national/fbi-hackers-penetrated-state-election-systems-article-1.2769951  

No Comments »

Apple patches iOS security flaws found in spyware targeting activist

August 25, 2016
posted by

ComputerWorld    

"To spy on a human rights activist, hackers allegedly connected to a Middle Eastern government used three previously unknown vulnerabilities in Apple's iOS. The claims -- from research at Toronto-based Citizen Lab and mobile security firm Lookout -- focus on spyware that targeted Ahmed Mansoor, an activist in the United Arab Emirates. The exploits work by remotely jailbreaking the device to secretly download the spyware -- which can then access the iPhone's camera, microphone, and messages. Lookout called the attack the most sophisticated it's ever seen on a device. The researchers have already informed Apple about the exploits, and iOS version 9.3.5 -- which was released on Thursday -- fixes the issues." (08/25/16)

http://www.computerworld.com/article/3112844/security/apple-patches-ios-security-flaws-found-in-spyware-targeting-activist.html  

No Comments »

FBI investigating possible cyberbreach of New York Times reporters’ email accounts

August 24, 2016
posted by

Fox News Fox News    

"The FBI is probing a possible cyberbreach of numerous company email accounts belonging to New York Times reporters by Russian government-linked hackers, a law enforcement source close to the investigation told Fox News on Tuesday. The investigation, which is ongoing, is looking into how and how far the perpetrators infiltrated the Times email accounts in question. It was not exactly known how many New York Times email accounts may have been compromised, according to law enforcement sources. The latest apparent hacking adds to the laundry list of recently disclosed Russia-involved hacks of high profile U.S. organizations." [editor's note: Loooooooooooooook! It's !THEM RUSSIANS! Pay no attention to what the DNC or Hillary Clinton actually did, just blame !THEM RUSSIANS! for all your problems. Here, we have another story to tell you about !THEM RUSSIANS! - TLK] (08/23/16)

http://www.foxnews.com/tech/2016/08/23/fbi-investigating-possible-cyber-breach-new-york-times-reporter-email-accounts.html  

No Comments »

Kaspersky outs Android malware riding on Google Adsense network

August 17, 2016
posted by

SlashGear    

"More often than not, malware attacks start with conning unsuspecting users into visiting seemingly innocent, even helpful, websites or downloading software. Far more frightening, however, is malware that escapes early detection because it piggybacks on legitimate channels or apps. Such is the case with an Android Trojan reported by security company Kaspersky Lab Solutions called 'Trojan-Banker.AndroidOS.Svpeng.q,' or Svpeng, for short. This particular malware, which attempts to intercept and steal banking information, is spreading on perfectly legit websites through Google's own AdSense advertising network. ... The Svpeng Trojan downloads itself immediately as soon as an infected ad is loaded, regardless of whether the user tapped on it or not." (08/16/16)

http://www.slashgear.com/kaspersky-outs-android-malware-riding-on-google-adsense-network-16451932/  

No Comments »

We shouldn’t wait another fifteen years for a conversation about government hacking

August 15, 2016
posted by

Electronic Frontier Foundation Electronic Frontier Foundation
by Nate Cardozo and Andrew Crocker  

"With high-profile hacks in the headlines and government officials trying to reopen a long-settled debate about encryption, information security has become a mainstream issue. But we feel that one element of digital security hasn’t received enough critical attention: the role of government in acquiring and exploiting vulnerabilities and hacking for law enforcement and intelligence purposes. That's why EFF recently published some thoughts on a positive agenda for reforming how the government, obtains, creates, and uses vulnerabilities in our systems for a variety of purposes, from overseas espionage and cyberwarfare to domestic law enforcement investigations." (08/12/16)

https://www.eff.org/deeplinks/2016/08/we-shouldnt-wait-another-fifteen-years-conversation-about-government-hacking  

1 Comment »

Hacker reveals personal information for almost 200 congressional Democrats

August 14, 2016
posted by

Wall Street Journal    

"A hacker posted cellphone numbers and other personal information of nearly 200 current and former congressional Democrats on Friday, the latest public disclosure of sensitive records this election season. The hacker, or group of hackers, going by the name 'Guccifer 2.0' said the records were stolen as part of a breach of the Democratic Congressional Campaign Committee. A number of files were posted onto Guccifer 2.0’s website, including a spreadsheet that has information, such as phone numbers and email addresses, for 193 people." (08/13/16)

http://www.wsj.com/articles/hacker-reveals-personal-information-for-almost-200-democrats-1471048195  

No Comments »

Our Sponsors