Post

Visualizzazione dei post da settembre, 2017

Dildon'ts of Bluetooth: Pen test boffins sniff out Berlin's smart butt plugs • The Register

https://www.theregister.co.uk/2017/09/29/ble_exploits_screwdriving/

Mac High Sierra hijinks continue: Nasty apps can pull your passwords • The Register

https://www.theregister.co.uk/2017/09/28/high_sierra_hijinks_continue_nasty_apps_can_pull_your_passwords/

Oracle corrals and patches Struts 2 vulnerabilities • The Register

https://www.theregister.co.uk/2017/09/27/oracle_emergency_apache_struts_2_patches/

Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk' • The Register

https://www.theregister.co.uk/2017/09/28/linux_kernel_vuln/

Project Zero: Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices

http://googleprojectzero.blogspot.com/2017/09/over-air-vol-2-pt-1-exploiting-wi-fi.html

S.E.C. Says It Was a Victim of Computer Hacking Last Year

https://www.nytimes.com/2017/09/20/business/sec-hacking-attack.html

Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cards

https://krebsonsecurity.com/2017/09/breach-at-sonic-drive-in-may-have-impacted-millions-of-credit-debit-cards/

CCleaner backdoor infecting millions delivered mystery payload to 40 PCs

https://arstechnica.com/information-technology/2017/09/ccleaner-backdoor-infecting-millions-delivered-mystery-payload-to-40-pcs/

Have MAC, will hack: iThings have trivial-to-exploit Wi-Fi bug • The Register

https://www.theregister.co.uk/2017/09/27/ios_11_plugs_wifi_vulnerability/

The Petya Plague Exposes the Threat of Evil Software Updates

https://www.wired.com/story/petya-plague-automatic-software-updates/

Inside the New York hospital hackers took down for 6 weeks

https://www.cbsnews.com/news/cbsn-on-assignment-hackers-targeting-medical-industry-hospitals/

NotPetya cyber-attack cost TNT at least $300m

http://www.bbc.com/news/technology-41336086

Dial S for SQLi: Mobe app lets skiddies order web attacks via texts

https://www.theregister.co.uk/2017/07/12/katyusha_scanner/

I Bought a Russian Bot Army for Under $100

http://www.thedailybeast.com/i-bought-a-russian-bot-army-for-under-dollar100

Malicious apps with >1 million downloads slip past Google defenses twice

https://arstechnica.com/information-technology/2017/09/malicious-apps-with-1-million-downloads-slip-past-google-defenses-twice/

Red Alert 2.0: New Android banking trojan can block and log incoming calls from banks

https://www.tripwire.com/state-of-security/featured/red-alert-android-banking-trojan/

All That's Needed To Hack Gmail And Rob Bitcoin: A Name And A Phone Number

https://m.forbes.com/sites/thomasbrewster/2017/09/18/ss7-google-coinbase-bitcoin-hack/#28ed7d2d1362

Hackers backdoored CCleaner, likely affecting tens of millions of users

https://www.helpnetsecurity.com/2017/09/18/hackers-backdoored-ccleaner/

SEC Says Hackers Breached Its System, Might Have Used Stolen Data for Insider Trading

https://www.bleepingcomputer.com/news/security/sec-says-hackers-breached-its-system-might-have-used-stolen-data-for-insider-trading/

SEC reveals hackers might have used stolen data for insider trading

https://www.grahamcluley.com/sec-reveals-hackers-might-have-used-stolen-data-for-insider-trading/

Man held website hostage for $10, 000, failed, redirected it to porn, got busted

https://arstechnica.com/tech-policy/2017/09/worker-who-redirected-company-website-to-gay-porn-site-spared-prison-time/

CCleanup: A Vast Number of Machines at Risk

http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

How I hacked hundreds of companies through their helpdesk

https://medium.com/@intideceukelaire/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c

The CCleaner Malware Fiasco Targeted at Least 18 Specific Tech Firms

https://www.wired.com/story/ccleaner-malware-targeted-tech-firms/

Hacking Team's Spyware Targeted Porn Sites' Visitors

https://motherboard.vice.com/en_us/article/gvye9m/hacking-teams-spyware-targeted-porn-sites-visitors

CCleaner Command and Control Causes Concern

http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html

Hackers Entered Equifax Systems in March

https://www.wsj.com/articles/hackers-entered-equifax-systems-in-march-1505943617

More than three dozen schools call off classes after 'cyber terrorist' threat

https://www.grahamcluley.com/school-class-cyber-terrorist/

This Ransomware Demands Nudes Instead of Bitcoin

https://motherboard.vice.com/en_us/article/yw3w47/this-ransomware-demands-nudes-instead-of-bitcoin

Critical VMware vulnerability, patch and update now

https://nakedsecurity.sophos.com/2017/09/21/critical-vmware-vulnerability-patch-and-update-now/

EternalBlue Exploit Used in Retefe Banking Trojan Campaign

https://threatpost.com/eternalblue-exploit-used-in-retefe-banking-trojan-campaign/128103/

Imprese tedesche sotto attacco dagli hacker cinesi (Wsj)

http://www.ilsole24ore.com/art/finanza-e-mercati/2017-09-23/imprese-tedesche-sotto-attacco-hacker-cinesi-wsj-171015.shtml

Want to get around app whitelists by pretending to be Microsoft? Of course you can...

https://www.theregister.co.uk/2017/09/22/bypassing_app_whitelists_microsoft_windows/

Deloitte hit by cyber-attack revealing clients’ secret emails

https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails

Ex-NSA hacker drops macOS High Sierra zero-day hours before launch

http://www.zdnet.com/article/apple-macos-high-sierra-password-vulnerable-to-password-stealing-hack/

Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked'

https://www.theregister.co.uk/2017/09/26/deloitte_leak_github_and_google/

Retefe banking malware now using leaked NSA EternalBlue exploit that helped spread WannaCry

http://www.ibtimes.co.uk/retefe-banking-malware-now-using-leaked-nsa-eternalblue-exploit-that-helped-spread-wannacry-1640820

Internet Explorer Bug Leaks What Users Type in the URL Address Bar

https://www.bleepingcomputer.com/news/security/internet-explorer-bug-leaks-what-users-type-in-the-url-address-bar/

Source: Deloitte Breach Affected All Company Email, Admin Accounts — Krebs on Security

https://krebsonsecurity.com/2017/09/source-deloitte-breach-affected-all-company-email-admin-accounts/

Docs ran a simulation of what would happen if really nasty malware hit a city's hospitals. RIP :(

https://www.theregister.co.uk/2017/09/26/malware_hospital_simulation/

CBS's Showtime caught mining crypto-coins in viewers' web browsers • The Register

https://www.theregister.co.uk/2017/09/25/showtime_hit_with_coinmining_script/

Spesometro 2017, è caos digitale: i professionisti chiedono una proroga

http://www.corrierecomunicazioni.it/pa-digitale/48987_spesometro-2017-e-caos-digitale-i-professionisti-chiedono-una-proroga.htm

Sensitive client emails, usernames, passwords exposed in Deloitte hack • The Register

https://www.theregister.co.uk/2017/09/25/deloitte_email_breach/

Insteon and Wink home hubs appear to have a problem with encryption • The Register

https://www.theregister.co.uk/2017/09/25/home_hub_insecurity/

Guess – go on, guess – where a vehicle tracking company left half a million records • The Register

https://www.theregister.co.uk/2017/09/25/svr_tracking_records_leak_from_insecure_s3_bucket/

IoT botnet Linux.ProxyM turns its grubby claws to spam rather than DDoS • The Register

https://www.theregister.co.uk/2017/09/22/iot_botnet_slinging_spam/

Someone checked and, yup, you can still hijack Gmail, Bitcoin wallets etc via dirty SS7 tricks • The Register

https://www.theregister.co.uk/2017/09/18/ss7_vuln_bitcoin_wallet_hack_risk/

Apache “Optionsbleed” vulnerability – what you need to know

https://nakedsecurity.sophos.com/2017/09/19/apache-optionsbleed-vulnerability-what-you-need-to-know/

Downloaded CCleaner lately? Oo, awks... it was stuffed with malware • The Register

https://www.theregister.co.uk/2017/09/18/tainted_ccleaner_downloads/

Security Flaw in Estonian National ID Card - Schneier on Security

https://www.schneier.com/blog/archives/2017/09/security_flaw_i.html

SPUZ : Equifax Breached

http://spuz.me/blog/zine/3Qu1F4x.html

Another month, another malware outbreak in Google's Play Store • The Register

https://www.theregister.co.uk/2017/09/15/malware_outbreak_googles_play_store/

Everybody without Android Oreo vulnerable to overlay attack • The Register

https://www.theregister.co.uk/2017/09/11/everybody_without_android_oreo_vulnerable_to_overlay_attack/

It's September 2017, and .NET lets PDFs hijack your Windows PC • The Register

https://www.theregister.co.uk/2017/09/12/september_2017_patch_tuesday/

Missed patch caused Equifax data breach • The Register

https://www.theregister.co.uk/2017/09/14/missed_patch_caused_equifax_data_breach/

Defrosted starter for 10: Iceland home delivery site spills customer details • The Register

https://www.theregister.co.uk/2017/09/14/iceland_breach/

Shoddily-set-up Elastisearch hosting point-of-sale malware • The Register

https://www.theregister.co.uk/2017/09/14/elastisearch_pos_botnet/

D-Link router riddled with 0-day flaws • The Register

https://www.theregister.co.uk/2017/09/12/dlink_router_security_fail/

When strangers can control our lights › FAU.EU

https://www.fau.eu/2017/08/30/news/research/when-strangers-can-control-our-lights/

Hackers Could Silently Hack Your Cellphone And Computers Over Bluetooth

https://motherboard.vice.com/en_us/article/nee8gz/hackers-could-silently-hack-your-cellphone-and-computers-over-bluetooth

Siemens patches one security vuln, leaves folks to block second

https://www.theregister.co.uk/2017/08/31/siemens_patches_one_vuln_leaves_customers_to_block_second/

Hacking Coinbase: The Great Bitcoin Bank Robbery

http://fortune.com/2017/08/22/bitcoin-coinbase-hack/

ARM’s embedded TLS library fixes man-in-the-middle fiddle

https://www.theregister.co.uk/2017/08/31/arms_embedded_tls_library_patched_to_fix_mitm_bug/

List Of High Profile Cryptocurrency Hacks So Far (August 24th 2017)

https://storeofvalue.github.io/posts/cryptocurrency-hacks-so-far-august-24th/

Siemens patches one security vuln, leaves folks to block second

https://www.theregister.co.uk/2017/08/31/siemens_patches_one_vuln_leaves_customers_to_block_second/

Hacker Claims To Push Malicious Firmware Update to 3.2 Million Home Routers

https://motherboard.vice.com/en_us/article/jpgkvg/hacker-claims-to-push-malicious-firmware-update-to-32-million-home-routers

465, 000 Patients Need Software Updates for Their Hackable Pacemakers, FDA Says

https://motherboard.vice.com/en_us/article/nee5bw/465000-patients-need-software-updates-for-their-hackable-pacemakers-fda-says

Inside an Epic Hotel Room Hacking Spree

https://www.wired.com/2017/08/the-hotel-hacker/

Apache Struts you're stuffed: Vuln allows hackers to inject evil code into biz servers

https://www.theregister.co.uk/2017/09/05/apache_struts_vuln/

Inside an Epic Hotel Room Hacking Spree

https://www.wired.com/2017/08/the-hotel-hacker/

Inside an Epic Hotel Room Hacking Spree

https://www.wired.com/2017/08/the-hotel-hacker/

School's contest website hacked; police report made

http://www.straitstimes.com/singapore/education/schools-contest-website-hacked-police-report-made

Firm Hired to Monitor Data Breaches Is Hacked, 143 Million Social Security Numbers Stolen

https://motherboard.vice.com/en_us/article/a33xgk/firm-hired-to-monitor-data-breaches-is-hacked-143-million-social-security-numbers-stolen

Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone • The Register

https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/

Equifax Announces Cybersecurity Incident Involving Consumer Information

https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628

Yet another AWS config fumble: Time Warner Cable exposes 4 million subscriber records • The Register

https://www.theregister.co.uk/2017/09/05/twc_loses_4m_customer_records/

Apache Struts you're stuffed: Vuln allows hackers to inject evil code into biz servers • The Register

https://www.theregister.co.uk/2017/09/05/apache_struts_vuln/

Kurat võtku! Estonia identifies security risk in almost 750,000 ID cards • The Register

https://www.theregister.co.uk/2017/09/05/estonia_identifies_security_risk_in_750000_id_cards/

Despite appearances, WikiLeaks wasn't hacked

https://www.grahamcluley.com/despite-appearances-wikileaks-wasnt-hacked/

Data breach hits four million Time Warner app users - BBC News

https://www.bbc.co.uk/news/amp/technology-41147513

Thousands of sensitive mercenary resumes exposed after security lapse | ZDNet

http://www.zdnet.com/google-amp/article/thousands-of-sensitive-mercenary-resumes-exposed-after-server-security-lapse/

MacEwan University loses $11.8 million to scammers in phishing attack | National Post

http://nationalpost.com/news/local-news/11-8-million-transferred-from-macewan-university-accounts-in-phishing-attack/wcm/4dbbc693-2ce1-4a9f-a305-66b5479c9667