Mar. 3, 2018
A slew of newly discovered vulnerabilities can wreak havoc on 4G LTE network users by eavesdropping on phone calls and text messages, knocking devices offline, and even spoofing emergency alerts.
Source: zdnet.com
Mar. 3, 2018
Often, the best way to get something is to simply ask for it. That’s probably what the Israeli government thought when it sent an email to several American researchers and firms who make so-called zero-days, tools that take advantage of vulnerabilities in software that are unknown to the company that makes the software.
Source: vice.com
Mar. 3, 2018
The Bank of England has warned that bitcoin faces a regulatory crackdown, warning that “inherently risky” cryptocurrencies are failing to fulfil their most basic function as money.
Source: theguardian.com
Mar. 3, 2018
The Tor Project, a private non-profit that underpins the dark web and enjoys cult status among privacy activists, is almost 100% funded by the US government.
Source: surveillancevalley.com
Mar. 3, 2018
The animation, which Putin presented as part of the Russian president’s annual state-of-the-union-style address, features five weapons. The Samrat intercontinental ballistic missile, the Project 4202 hypersonic glide vehicle, a long-range torpedo and the Kinzhal air-to-surface missile have all been in development for years. And the United States is developing, or already possesses, rough analogues to each.
Source: vice.com
Mar. 3, 2018
Two weeks ago, in a little-noticed presentation at the Offensive Con security conference in Berlin, security researchers Markus Vervier and Michele Orrù detailed a method that exploits a new and obscure feature of Google’s Chrome browser to potentially bypass the account protections of any victim using the Yubikey Neo, one of the most popular of the so-called Universal Two-Factor, or U2F, tokens that security experts recommend as the strongest form of protection against phishing attacks.
Mar. 3, 2018
The US Securities and Exchange Commission (SEC) has issued ‘dozens’ of subpoenas and information requests from companies seeking to jump on the cryptocurrency craze through Initial Coin Offerings (ICOs).
Source: zdnet.com
Mar. 3, 2018
Researchers have discovered an advertising network which has figured out a way to bypass ad blocking software in order to serve website visitors with cryptojacking scripts.
Source: zdnet.com
Mar. 3, 2018
This paper presents a detailed and up-to-date security analysis of the voting software used in Brazilian elections. It is based on results obtained by the authors in a recent hacking challenge organized by the Superior Electoral Court (SEC), the national electoral authority. Duri…
Source: researchgate.net
Mar. 2, 2018
Over the past five months, Camp has been sketching out plans for a brand new cryptocurrency that aims to fix technical and other challenges plaguing existing projects, such as Bitcoin and Ethereum. His hope, he told Fortune, is to resuscitate virtual currency’s original promise: an instant, affordable, and borderless means of payment for the masses.
Source: fortune.com
Mar. 2, 2018
I’ve had a Tobii Eye Tracker sitting among a pile of PC peripherals that I want to cover or give away for a year now. I hate when this happens, but time and sanity is limited. But something came over me this week, and I finally did the work to plug in the eye-tracking device and set it up … and now I’m scared.
Mar. 2, 2018
Attackers have generated $3,900 so far in an ongoing campaign that’s exploiting the popular rTorrent application to install currency-mining software on computers running Unix-like operating systems, researchers said Thursday.
Source: arstechnica.com
Mar. 2, 2018
FinFisher is such a complex piece of malware that, like other researchers, we had to devise special methods to crack it. We needed to do this to understand the techniques FinFisher uses to compromise and persist on a machine, and to validate the effectiveness of Office 365 ATP detonation sandbox, Windows Defender Advanced Threat Protection (Windows Defender ATP) generic detections, and other Microsoft security solutions.
Mar. 2, 2018
In this demo, we will dump user data without reading it. If you translate the code into Javascript, you could dump IE browser data.
Source: github.com
Mar. 2, 2018
When someone goes to the lengths of making counterfeits of your products, it’s at least a sign you’re doing something right. And it deserves a minute of flatter
Source: elevationlab.com
Mar. 2, 2018
In his State of the Nation speech today, Russian president Vladimir Putin showed computer animations and videos demonstrating three new classes of strategic weapons under development that are specifically intended to defeat the United States’ ballistic missile defenses. Among them were two weapons powered by miniaturized nuclear reactors: a drone submarine ‘torpedo’ previously revealed in a Russian news leak and a cruise ‘missile’ drone with what Putin described as a virtually unlimited range. The third was a new non-ballistic, hypersonic ICBM capable of evading US missile interceptors.
Mar. 2, 2018
Over last couple of days we’ve seen a big increase in an obscure amplification attack vector – using the memcached protocol, coming from UDP port 11211. In the past, we have talked a lot about amplification attacks happening on the internet.
Source: cloudflare.com
Mar. 2, 2018
At 17:28 GMT, February 28th, Akamai experienced a 1.3 Tbps DDoS attack against one of our customers, a software development company, driven by memcached reflection. This attack was the largest attack seen to date by Akamai, more than twice the size of the September, 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed. Because of memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long.
Mar. 2, 2018
Just when you thought the Equifax clustermuck couldn’t get any muckier, the credit broker found another 2.4 million Americans affected by its 2017 breach.
Source: sophos.com
Mar. 2, 2018
The “SIGINT Seniors” is a spy agency coalition that meets annually to collaborate on global security issues. It has two divisions, each focusing on different parts of the world: SIGINT Seniors Europe and SIGINT Seniors Pacific. Both are led by the U.S. National Security Agency, and together they include representatives from at least 17 other countries.
Members of the group are from spy agencies that eavesdrop on communications – a practice known as “signals intelligence,” or SIGINT.