Sep. 14, 2019
The U.S. government concluded within the past two years that Israel was most likely behind the placement of cellphone surveillance devices that were found near the White House and other sensitive locations around Washington, according to three former senior U.S. officials with knowledge of the matter. But unlike most other occasions when flagrant incidents of foreign spying have been discovered on American soil, the Trump administration did not rebuke the Israeli government, and there were no consequences for Israel’s behavior, one of the former officials said. The miniature surveillance devices, colloquially known as “StingRays,” mimic regular cell towers to fool cellphones into giving them their locations and identity information.
Sep. 14, 2019
The Russia-linked hackers who triggered a power outage in Ukraine back in 2016 may have hoped to cause much more damage, according to a report published recently by U.S.-based industrial cybersecurity firm Dragos. The threat group, which Dragos tracks as Electrum, used a piece of malware named Crashoverride and Industroyer to target industrial control systems (ICS) at a power station in Ukraine. The cyberattack resulted in power outages in the Kiev region in mid-December 2016, but power was restored after just over an hour, making the attack less severe compared to the one launched against Ukraine’s grid one year earlier, when power outages lasted for up to 6 hours.
Sep. 14, 2019
The French finance minister, Bruno Le Maire, said plans for Libra could not move ahead until concerns over consumer risk and governments’ monetary sovereignty were addressed. Facebook unveiled plans for Libra in June, triggering immediate warnings from some experts that it could shift control over the economy from governments and their central banks to big business. The launch also raised concern about the risks such a currency could pose to consumers, particularly after the Cambridge Analytica scandal, which drew attention to Facebook’s management of its customers’ data.
Sep. 8, 2019
On August 31st, 2019, an Amazon AWS US-EAST-1 datacenter in North Virginia experienced a power failure at 4:33 AM, which led to the datacenter’s backup generators to kick on. Unfortunately, these generators started failing at approximately 6:00 AM , which led to 7.5% of the EC2 instances and EBS volumes becoming unavailable. ‘1:30 PM PDT At 4:33 AM PDT one of ten data centers in one of the six Availability Zones in the US-EAST-1 Region saw a failure of utility power.
Sep. 8, 2019
A security flaw in Exim mail servers could be exploited by local or remote attackers to execute arbitrary code with root privileges. The Exim development team has addressed a vulnerability in Exim mail server, tracked as CVE-2019-15846, that could be exploited by local and remote attackers to execute arbitrary code with root privileges. The vulnerability is a heap overflow that affects version 4.92.1 and prior of Exim mail server that accept TLS connections.
Sep. 8, 2019
Maintainers of the RubyGems package repository have yanked 18 malicious versions of 11 Ruby libraries that contained a backdoor mechanism and were caught inserting code that launched hidden cryptocurrency mining operations inside other people’s Ruby projects. The malicious code was first discovered yesterday inside four versions of rest-client, an extremely popular Ruby library. According to an analysis by Jan Dintel, a Dutch Ruby developer, the malicious code found in rest-client would collect and send the URL and environment variables of a compromised system to a remote server in Ukraine.
Sep. 8, 2019
An eagle-eyed developer has discovered a backdoor recently sneaked into a library (or ‘gem’) used by Ruby on Rails (RoR) web apps to check password strength. A close shave, then. While the Ruby scripting language and RoR aren’t as popular as they once were, they’re still embedded in numerous enterprise development environments, an unknown number of which might have used the library, strong_password, in its infected version 0.0.7.
Sep. 7, 2019
Today, Wikipedia was hit with a malicious attack that has taken it offline in several countries for intermittent periods. The attack is ongoing and our Site Reliability Engineering team is working hard to stop it and restore access to the site.
As one of the world’s most popular sites, Wikipedia sometimes attracts “bad faith” actors. Along with the rest of the web, we operate in an increasingly sophisticated and complex environment where threats are continuously evolving. Because of this, the Wikimedia communities and Wikimedia Foundation have created dedicated systems and staff to regularly monitor and address risks.
Sep. 4, 2019
The CEO of an energy firm based in the UK thought he was following his boss’s urgent orders in March when he transferred funds to a third-party. But the request actually came from the AI-assisted voice of a fraudster. The Wall Street Journal reports that the mark believed he was speaking to the CEO of his businesses’ parent company based in Germany.
Sep. 4, 2019
If you are thinking about tweeting about clouds, pork, exercise or even Mexico, think again. Doing so may result in a closer look by the U.S. Department of Homeland Security. The list was posted by the Electronic Privacy Information Center who filed a request under the Freedom of Information Act, before suing to obtain the release of the documents.
Aug. 18, 2019
An Israeli company licenses software around the world that can crack just about any smartphone, but is its use always on the side of good? CEO of Israeli spyware-maker NSO on fighting terror, Khashoggi murder, and Saudi Arabia An Israeli company licenses software around the world that can crack just about any smartphone, but is its use always on the side of good?
Aug. 18, 2019
Tulsi Gabbard’s email account went down right after the Democratic Debate and I believe I can provide assistance on where to focus your discovery efforts because I saw how other accounts, such as Jordan B. Peterson, was taken down. I’m going to recount how this happened to him so as to assist you in your legal discovery process.
Source: minds.com
Aug. 17, 2019
Speakers are everywhere, whether it’s expensive, standalone sound systems, laptops, smart home devices, or cheap portables. And while you rely on them for music or conversation, researchers have long known that commercial speakers are also physically able to emit frequencies outside of audible range for humans. At the Defcon security conference in Las Vegas on Sunday, one researcher is warning that this capability has the potential to be weaponized.
Aug. 17, 2019
The threat of ransomware is becoming more prevalent and severe as attackers’ focus has now moved beyond computers to smartphones and other Internet-connected smart devices. In its latest research, security researchers at cybersecurity firm CheckPoint demonstrated how easy it is for hackers to remotely infect a digital DSLR camera with ransomware and hold private photos and videos hostage until victims pay a ransom.
Aug. 17, 2019
Hackers could crack open high-security electronic locks by monitoring their power, allowing thieves to steal cash in automated teller machines, narcotics in pharmacies and government secrets, according to research to be presented Friday at the annual Def Con hacking conference in Las Vegas. Mike Davis, a researcher with security firm IOActive, discovered the vulnerability last year and alerted government officials and Swiss company DormaKaba Holding (DOKA.S), the distributor of multiple brands of locks at issue. In an interview with Reuters, Davis said he used an oscilloscope worth about $5,000 to detect small changes in the power consumption, through what is known as a side-channel attack.
Aug. 17, 2019
Zoncolan helps security engineers scale their work by using static analysis to examine code and detect security or privacy issues. Facebook’s web codebase currently contains more than 100 million lines of Hack code, and changes thousands of times per day. To handle the sheer volume of code, we build sophisticated systems that help our security engineers review code.
Aug. 17, 2019
Finite State located significant security issues in Huawei firmware images, including memory corruption, hardcoded encryption keys, and unsafe functions used in place of the secure alternatives.
Source: infoq.com
Aug. 11, 2019
It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.
I plugged the Apple lightning cable into my iPod and connected it to my Mac, just as I normally would. My iPod started charging, iTunes detected the device, and my iPod produced the pop-up asking if I wanted to trust this computer. All expected behaviour.
Aug. 4, 2019
A new piece of advanced espionage malware, possibly developed by a nation-supported attacker, targeted three US companies in the utilities industry last month, researchers from security firm Proofpoint reported on Thursday. Employees of the three unnamed companies, Proofpoint reported, received emails purporting to come from the National Council of Examiners for Engineering and Surveying. This non-profit group develops, administers, and scores examinations used in granting licenses for US engineers.
Aug. 4, 2019
The Ring doorbell surveillance camera sits squarely in the center of a Tiffany-blue online flyer, which provides details about a “Security Product Subsidy Event” in Arcadia, California. This isn’t an ad from Best Buy or an electronics store. It’s an ad from the Arcadia city government.
The local city government is selling discounted surveillance cameras directly to its residents, and the ‘discount’ is subsidized by the city. In other words, taxpayer money is being paid to Ring, Amazon’s home surveillance company, in exchange for hundreds of surveillance cameras. Cities and towns around the country are paying Ring up to $100,000 to subsidize the purchase of the company’s surveillance cameras for private residents.