Hackers exploited connected “smart” devices for massive cyberattack

U.S. investigators are still trying to figure out who was behind the cyber attack Friday that crippled some of the biggest sites on the internet, from Amazon to Twitter.

Adam Myers, who works for internet security company Crowdstrike, says someone is sending a message.

Continue reading “Hackers exploited connected “smart” devices for massive cyberattack”

Yahoo confirms state-sponsored attacker stole personal data of “at least” 500 million users

As indicated by an earlier report, Yahoo today confirmed it’s working with law enforcement to investigate a data breach which affected the account information of “at least” 500 million users. The company says that the user account information was stolen from its network in late 2014 by what it now believes to be a state-sponsored actor. The stolen information includes people’s names, email addresses, telephone numbers, birth dates, passwords (most hashed with bcrypt), and, in some cases, encrypted or unencrypted responses to security questions and answers.

Continue reading “Yahoo confirms state-sponsored attacker stole personal data of “at least” 500 million users”

Nancy Pelosi warns fellow Democrats of “electronic Watergate break-in”

EDGARTOWN, Massachusetts — House Minority Leader Nancy Pelosi warned fellow Democrats on Saturday to change their cellphone numbers and not let family members read their text messages after personal and official information of Democratic House members and congressional staff was posted online.

Continue reading “Nancy Pelosi warns fellow Democrats of “electronic Watergate break-in””

A New Wireless Hack Can Unlock 100 Million Volkswagens

JAPAN-GERMANY-AUTO-TOYOTA-VOLKSWAGEN

In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years. But that experience doesn’t seem to have deterred Garcia and his colleagues from probing more of VW’s flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995.

Continue reading “A New Wireless Hack Can Unlock 100 Million Volkswagens”

Exploit broker steals Apple thunder, offers $500,000 for iOS zero days

Now $200,000 seems like small change.

macsymantec.jpg

It was only last week that Apple finally launched a bug bounty program, but it did not take long for exploit peddlers to outbid the tech giant.

Continue reading “Exploit broker steals Apple thunder, offers $500,000 for iOS zero days”

Oracle data breach opened credit card payment systems to attack

Intruders might have had a gateway to stealing your payment details.

Data thieves don’t always have to go straight to the source to swipe payment details… sometimes, they can take a roundabout route. Oracle has confirmed to security guru Brian Krebs that hackers breached a support portal for Micros, the point-of-sale credit card payment system it acquired in 2014. It’s not certain just how many systems were breached (Krebs’ sources say over 700), but the intruders had slipped malware on to the portal that would let them grab logins for the companies using Micros. They wouldn’t have had direct access to payment data, but there’s a chance those account details could be used to slip malware into the credit card systems and then grab sensitive info.

Continue reading “Oracle data breach opened credit card payment systems to attack”

DNC CEO resigns in wake of email controversy

CEO of the Democratic National Convention (DNC), Amy Dacey, speaks at a  press conference pitching the borough of Brooklyn to host the 2016 Democratic National Convention (DNC) outside the Barclay Center on August 11, 2014 in the Brooklyn borough of New York City. Brooklyn will have to compete for the DNC alongside other cities including Philadelphia, PA and Columbus, OH.

(CNN)The CEO of the Democratic National Committee and two other high-level staffers left the organization on Tuesday in the wake of the committee’s hacked email controversy.

Amy Dacey is the highest-ranking official at the DNC to step aside due to the matter, a senior Democratic official said. The DNC also announced the departure of CFO Brad Marshall and and Communications Director Luis Miranda in a press release Tuesday afternoon.

Continue reading “DNC CEO resigns in wake of email controversy”

Microsoft won’t fix Windows flaw that lets hackers steal your username and password

The flaw, which allows a malicious website to extract user passwords, is made worse if a user is logged in with a Microsoft account.

windows-jpeg.jpg

Continue reading “Microsoft won’t fix Windows flaw that lets hackers steal your username and password”

SMS two-factor authentication isn’t being banned

Another week gone by, and the place is in cybersecurity shambles again. A years’ old hacking issue, unencrypted wireless keyboards, being featured in an upcoming Defcon talk mystifyingly became a hot new Internet of Things threat. Obama gave us a colorful “threat level” cyber-thermometer that no one’s really sure what to do with. Ransomware is hitting hospitals like there’s a fire sale on money. And the DNC-Wikileaks email debacle exploded, splattering blame all over Russia.

Just when I thought I’d picked the wrong week to stop sniffing glue, a U.S. National Institute for Standards and Technology (NIST) report came out that included recommendations about the inherent risks in two-factor authentication, upon which the tech press basically lost their minds and told everyone to assume crash positions because the password sky was falling. Again.

Continue reading “SMS two-factor authentication isn’t being banned”