L33tdawg: I'm surprised that 3 years after Hugo Teso demo'ed 'hacking planes' at HITB in Amsterdam, this still makes the news.
A flaw in an in-flight entertainment system used by major airlines including Emirates, Virgin and Qatar could let hackers access a planes' controls.
Lynda.com, the training arm of LinkedIn, on Saturday issued email notices to about 55,000 members whose data it says has been persued by “unauthorized third party.”
The letter sent to members, two of whom thoughtfully forwarded it to El Reg, reads as follows:
We recently became aware that an unauthorized third party breached a database that included some of your Lynda.com learning data, such as contact information and courses viewed. We are informing you of this issue out of an abundance of caution.
As you read these words, malicious ads on legitimate websites are targeting visitors with malware. But that malware doesn't infect their computers, researchers said. Instead, it causes unsecured routers to connect to fraudulent domains.
Ash Carter, the current Secretary of Defense, does not mind stepping outside the box when it comes to innovation.
Last year, Secretary Carter created the Defense Digital Service (DDS), which recruits talent from the public sector. Secretary Carter explains that those interested will embark on a tour of duty at the Department of Defense (DoD) to help solve some of the DoD's most complex problems. One project completed by DDS personnel improved data sharing between the DoD and the Veterans Administration, allowing veterans to be served faster and more efficiently.
If you run a mainstream distribution of Linux on a desktop computer, there's a good chance security researcher Chris Evans can hijack it when you do nothing more than open or even browse a specially crafted music file. And in the event you're running Chrome on the just-released Fedora 25, his code-execution attack works as a classic drive-by.
The last email service we’ll cover in the 12 Days of 2FA is Outlook.com. If we haven’t covered your email service here, check twofactorauth.org’s more extensive list of email platforms that offer two-factor authentication. If you only enable 2FA for one account, email is a good choice for most users. Email is often a golden key to all of your other online accounts. When you forget or lose your password, services will often email you to confirm your identity and reset it.
A vulnerability in some popular Netgear routers has gone unpatched for months. Left unchecked, it leaves thousands of home networking devices exposed to full control by hackers, who can then ensnare them in havoc-wreaking botnets. While Netgear has finally released a tentative fix for some models, the delays and challenges in patching all of them help illustrate just how at risk the Internet of Things is—and how hard it is to patch up when things go wrong.
Cyber attacks targeting banks using the global transfer service SWIFT have successfully stolen funds in the months following February's Bangladesh central bank heist, according to a recently discovered letter sent to banks in November.
In the letter, sent on the 2 November to banks worldwide and uncovered today by Reuters, SWIFT warned that due to increasingly sophisticated attacks, there was an escalating threat against banks' systems. It read: "The threat is very persistent, adaptive and sophisticated - and it is here to stay."
Security researcher Andrew Fasano from MIT Lincoln Laboratory said this week that a total of 10 security flaws, if chained together, allows the execution of code remotely as a root user.
"At a first glance, Intel's McAfee VirusScan Enterprise for Linux has all the best characteristics that vulnerability researchers love: it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time," the security advisory reads. "When I noticed all these, I decided to take a look."
Microsoft has patched a backdoor in Skype for Mac OSX that would allow an attacker to log and record Skype call audio, retrieve user contact information, read the content of incoming messages, create chat sessions, modify messages, and carry out other malicious activity.
The backdoor provided nearly complete access without authentication to Skype on OS X, and appears to have been around since at least 2010, security vendor Trustwave said in an advisory this week.
