On Monday, a report surfaced claiming that a teen hacker using the alias “Fear” managed to gain access to hundreds of FTP servers owned by the U.S. government. The hacker initially gained access to one server, but then discovered that it listed the access credentials to all FTP servers residing on the .us and .gov domains. The .us servers include public data, private data, program source code, and more sensitive data, while the hacker wouldn’t say what’s loaded on the .gov sites.
Cisco’s Product Security Incident Response Team recently uncovered that the vulnerabilities revealed by the “Shadow Brokers” group as part of NSA’s set of hacking tools, were now being used against at least some of its customers:
“On August 15, 2016, Cisco was alerted to information posted online by the Shadow Brokers group, which claimed to possess disclosures from the Equation Group,” said Cisco in a recent security advisory.
Criminals have started to aggressively erase EXIF metadata from their photos to make it harder for authorities to locate them, Harvard University students Paul Lisker and Michael Rose find.
Unbeknownst to most, digital cameras and smartphones that shoot in JPG or TIFF formats write information on where a photograph was taken, when, and the camera used, every time the virtual shutter opens. That data is written in the "exchangeable image file format" (EXIF) standard.
Security researcher Bruce Schneier spotted a series of DDoS attacks which may be part of a larger effort to learn how to take down the internet on a national or even global scale.
The attacks targeted major companies that provide the basic infrastructure for the internet and the incidents seem to appear to have probed the companies' defences to determine how well they can protect themselves, according to a 13 Sept blog post.
At Blackhat 2016 Jean-Philippe Aumasson and Markus Vervier were a bit bored and decided to take a peek at the Signal source code. This actually evolved into a longer hunt for bugs in the high profile messenger recommended by Snowden. Since two of the bugs for the Java reference implementation of Signal have been publicly fixed after our disclosure, we think we should give a little description about what we found.