A Military Contractor Is Flying Spy Balloons High Over the Midwest August 4, 2019 | sento | Leave a comment The United States military is now testing high-altitude surveillance balloons across the Midwest, according to documents a military contractor filed with the Federal Communications Commission. The news was first reported by The Guardian. The filing states the intent of military contractor Sierra Nevada Corporation is to ‘provide a persistent surveillance system to locate and deter… Read More
New Dragonblood vulnerabilities found in WiFi WPA3 standard August 4, 2019 | sento | Leave a comment Earlier this year in April, two security researchers disclosed details about five vulnerabilities (collectively known as Dragonblood) in the WiFi Alliance’s recently launched WPA3 WiFi security and authentication standard. Yesterday, the same security researchers disclosed two new additional bugs impacting the same standard. The two researchers — Mathy Vanhoef and Eyal Ronen — found these… Read More
GitHub sued for aiding hacking in Capital One breach August 4, 2019 | sento | Leave a comment Capital One and GitHub have been sued this week as part of a class-action lawsuit filed in California on allegations of failing to secure or prevent a security breach during which the personal details of more than 106 million users were stolen by a hacker. While Capital One is named in the lawsuit because it… Read More
Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords August 4, 2019 | sento | Leave a comment The same team of cybersecurity researchers who discovered several severe vulnerabilities, collectively dubbed as Dragonblood, in the newly launched WPA3 WiFi security standard few months ago has now uncovered two more flaws that could allow attackers to hack WiFi passwords. Source: thehackernews… Read More
5G Is Here—and Still Vulnerable to Stingray Surveillance August 4, 2019 | sento | Leave a comment At the Black Hat security conference in Las Vegas next week, a group of network communication security researchers will present findings on flaws in the 5G protections meant to thwart the surveillance devices known as stingrays. Also called ‘IMSI catchers’ after the international mobile subscriber identity number attached to every cell phone, stingrays masquerade as… Read More
Unplugging From Digital Controls to Safeguard Power Grids August 4, 2019 | sento | Leave a comment Late last week, the U.S. House of Representatives passed legislation to mandate federal research on a radically ‘retro’approach to protect power grids from cyber attack: unplugging or otherwise isolating the most criticalequipment from grid operators’ digital control systems. Angus King, an independent senator from Maine whose identical bill passedthe Senate last month, says such a… Read More
Cybersecurity in the Automotive Industry August 3, 2019 | sento | Leave a comment Forescout estimates that ‘software in modern cars exceeds 100 million lines of code’ — 15 times greater than in avionics software. That means that hackers have numerous points of entry, whether it’s through mobile apps, cell phone networks, internet access, the vehicle’s Controller Area Network (CAN) bus, or even the onboard diagnostics port. A 2019… Read More
Zoncolan: How Facebook uses static analysis to detect and prevent security issues August 3, 2019 | sento | Leave a comment Facebook’s web codebase currently contains millions of lines of Hack code. To handle the sheer volume of code, we build sophisticated systems and tools to augment the comprehensive reviews our security engineers conduct. Today, we are sharing the details of one of those tools, called Zoncolan, for the first time. Zoncolan helps security engineers scale… Read More
Amazon allegedly scammed out of $370K by 22-year-old’s return shipments of dirt August 3, 2019 | sento | Leave a comment James Gilbert Kwarteng, of Palma de Mallorca, Spain, allegedly swindled Amazon by filling up the ordered items’ boxes with dirt and registering with the exact weight of the product. He would then receive a refund from Amazon and sell the original item, according toEl EspañolandEl Diario de Mallorca. The return packages would end up sitting… Read More
A Technical Analysis of the Capital One Hack August 3, 2019 | sento | Leave a comment The recent disclosure of yet another cloud security misconfiguration leading to the loss of sensitive personal information made the headlines this past week. This particular incident came with a bit more information from the indictment of the accused party, allowing us to piece together the revealed data and take an educated guess as to what… Read More