Posts


Mar. 3, 2018

New LTE attacks can snoop on messages, track locations and spoof emergency alerts

New LTE attacks can snoop on messages, track locations and spoof emergency alerts

A slew of newly discovered vulnerabilities can wreak havoc on 4G LTE network users by eavesdropping on phone calls and text messages, knocking devices offline, and even spoofing emergency alerts.

Source: zdnet.com

Mar. 3, 2018

Here’s the Letter Israel Sent to Solicit Zero-Days From American Hackers

Here’s the Letter Israel Sent to Solicit Zero-Days From American Hackers

Often, the best way to get something is to simply ask for it. That’s probably what the Israeli government thought when it sent an email to several American researchers and firms who make so-called zero-days, tools that take advantage of vulnerabilities in software that are unknown to the company that makes the software.

Source: vice.com

Mar. 3, 2018

Bitcoin faces regulatory crackdown, Bank of England warns

Bitcoin faces regulatory crackdown, Bank of England warns

The Bank of England has warned that bitcoin faces a regulatory crackdown, warning that “inherently risky” cryptocurrencies are failing to fulfil their most basic function as money.

Source: theguardian.com

Mar. 3, 2018

Fact-checking the Tor Project’s government ties

Fact-checking the Tor Project’s government ties

The Tor Project, a private non-profit that underpins the dark web and enjoys cult status among privacy activists, is almost 100% funded by the US government.

Source: surveillancevalley.com

Mar. 3, 2018

Vladimir Putin’s Nuclear-Powered Cruise Missile Is ‘Batshit Crazy’

Vladimir Putin’s Nuclear-Powered Cruise Missile Is ‘Batshit Crazy’

The animation, which Putin presented as part of the Russian president’s annual state-of-the-union-style address, features five weapons. The Samrat intercontinental ballistic missile, the Project 4202 hypersonic glide vehicle, a long-range torpedo and the Kinzhal air-to-surface missile have all been in development for years. And the United States is developing, or already possesses, rough analogues to each.

Source: vice.com

Mar. 3, 2018

Chrome lets hackers phish even ‘Unphishable’ Yubikey users

Chrome lets hackers phish even ‘Unphishable’ Yubikey users

Two weeks ago, in a little-noticed presentation at the Offensive Con security conference in Berlin, security researchers Markus Vervier and Michele Orrù detailed a method that exploits a new and obscure feature of Google’s Chrome browser to potentially bypass the account protections of any victim using the Yubikey Neo, one of the most popular of the so-called Universal Two-Factor, or U2F, tokens that security experts recommend as the strongest form of protection against phishing attacks.

Mar. 3, 2018

SEC pursues dozens of companies in cryptocurrency ICO crackdown

SEC pursues dozens of companies in cryptocurrency ICO crackdown

The US Securities and Exchange Commission (SEC) has issued ‘dozens’ of subpoenas and information requests from companies seeking to jump on the cryptocurrency craze through Initial Coin Offerings (ICOs).

Source: zdnet.com

Mar. 3, 2018

Ad network circumvents blockers to hijack browsers for cryptocurrency mining

Ad network circumvents blockers to hijack browsers for cryptocurrency mining

Researchers have discovered an advertising network which has figured out a way to bypass ad blocking software in order to serve website visitors with cryptojacking scripts.

Source: zdnet.com

Mar. 3, 2018

The Return of Software Vulnerabilities in the Brazilian Voting Machine

The Return of Software Vulnerabilities in the Brazilian Voting Machine

This paper presents a detailed and up-to-date security analysis of the voting software used in Brazilian elections. It is based on results obtained by the authors in a recent hacking challenge organized by the Superior Electoral Court (SEC), the national electoral authority. Duri…

Source: researchgate.net

Mar. 2, 2018

Uber Creator Invents New Cryptocurrency—And Wants Your Help Making It Reality

Uber Creator Invents New Cryptocurrency—And Wants Your Help Making It Reality

Over the past five months, Camp has been sketching out plans for a brand new cryptocurrency that aims to fix technical and other challenges plaguing existing projects, such as Bitcoin and Ethereum. His hope, he told Fortune, is to resuscitate virtual currency’s original promise: an instant, affordable, and borderless means of payment for the masses.

Source: fortune.com

Mar. 2, 2018

Tobii Eye Tracker’s accuracy frightens me

Tobii Eye Tracker’s accuracy frightens me

I’ve had a Tobii Eye Tracker sitting among a pile of PC peripherals that I want to cover or give away for a year now. I hate when this happens, but time and sanity is limited. But something came over me this week, and I finally did the work to plug in the eye-tracking device and set it up … and now I’m scared.

Mar. 2, 2018

Hackers exploiting rTorrent to install Unix coin miner have netted $4k so far

Hackers exploiting rTorrent to install Unix coin miner have netted $4k so far

Attackers have generated $3,900 so far in an ongoing campaign that’s exploiting the popular rTorrent application to install currency-mining software on computers running Unix-like operating systems, researchers said Thursday.

Source: arstechnica.com

Mar. 2, 2018

FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines

FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines

FinFisher is such a complex piece of malware that, like other researchers, we had to devise special methods to crack it. We needed to do this to understand the techniques FinFisher uses to compromise and persist on a machine, and to validate the effectiveness of Office 365 ATP detonation sandbox, Windows Defender Advanced Threat Protection (Windows Defender ATP) generic detections, and other Microsoft security solutions.

Mar. 2, 2018

Spectre exploit demo

Spectre exploit demo

In this demo, we will dump user data without reading it. If you translate the code into Javascript, you could dump IE browser data.

Source: github.com

Mar. 2, 2018

Amazon’s policies promote counterfeiting

Amazon’s policies promote counterfeiting

When someone goes to the lengths of making counterfeits of your products, it’s at least a sign you’re doing something right. And it deserves a minute of flatter

Source: elevationlab.com

Mar. 2, 2018

Putin boasts new strategic weapons will make US missile defense “useless”

Putin boasts new strategic weapons will make US missile defense “useless”

In his State of the Nation speech today, Russian president Vladimir Putin showed computer animations and videos demonstrating three new classes of strategic weapons under development that are specifically intended to defeat the United States’ ballistic missile defenses. Among them were two weapons powered by miniaturized nuclear reactors: a drone submarine ‘torpedo’ previously revealed in a Russian news leak and a cruise ‘missile’ drone with what Putin described as a virtually unlimited range. The third was a new non-ballistic, hypersonic ICBM capable of evading US missile interceptors.

Mar. 2, 2018

Memcrashed – Major amplification attacks from UDP port 11211

Memcrashed – Major amplification attacks from UDP port 11211

Over last couple of days we’ve seen a big increase in an obscure amplification attack vector – using the memcached protocol, coming from UDP port 11211. In the past, we have talked a lot about amplification attacks happening on the internet.

Source: cloudflare.com

Mar. 2, 2018

Memcached-fueled 1.3 Tbps attacks

Memcached-fueled 1.3 Tbps attacks

At 17:28 GMT, February 28th, Akamai experienced a 1.3 Tbps DDoS attack against one of our customers, a software development company, driven by memcached reflection. This attack was the largest attack seen to date by Akamai, more than twice the size of the September, 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed. Because of memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long.

Mar. 2, 2018

Equifax finds ANOTHER 2.4 million Americans hit by breach

Equifax finds ANOTHER 2.4 million Americans hit by breach

Just when you thought the Equifax clustermuck couldn’t get any muckier, the credit broker found another 2.4 million Americans affected by its 2017 breach.

Source: sophos.com

Mar. 2, 2018

The Powerful Global Spy Alliance You Never Knew Existed

The Powerful Global Spy Alliance You Never Knew Existed

The “SIGINT Seniors” is a spy agency coalition that meets annually to collaborate on global security issues. It has two divisions, each focusing on different parts of the world: SIGINT Seniors Europe and SIGINT Seniors Pacific. Both are led by the U.S. National Security Agency, and together they include representatives from at least 17 other countries.

Members of the group are from spy agencies that eavesdrop on communications – a practice known as “signals intelligence,” or SIGINT.