L33tdawg: Similar idea to this presented at #HITB2016AMS: http://conference.hitb.org/hitbsecconf2016ams/sessions/cansee-an-automobile-intrusion-detection-system/
Software targeting smart car hacking threats was showcased at Microsoft's IoT Expo in Taipei this week.
A backdoor in Android firmware provided by manufacturer Foxconn allows attackers to root devices to which they have physical access, according to a security researcher and barbecue enthusiast who dubbed the vulnerability Pork Explosion.
Jon Sawyer (who also goes by jcase online) discovered the vulnerability at the end of August, and publicized it on his blog on Wednesday, a day after smartphone vendor Nextbit, which was one of the most heavily affected OEMs, released a fix for the problem.
Following the $81 million cyberattack in February, a second hacking group has emerged with the intention of exploiting the SWIFT money transfer system to rob banks.
A report from the security firm Symantec has revealed that these cyberattacks have occurred since January and have targeted companies located in the US, Hong Kong, Australian and other countries. The firm has detected 74 different computer infections that suggest that around 100 organizations have been affected by these attacks so far.
From the perspective of newsworthiness, Wikileak’s Podesta emails have been totally weird. Amidst revelations about an ex-Blink-182 member’s belief in extraterrestrial life, and Podesta’s own advice on cooking risotto, Trump supporters on a variety of imageboards have been sifting through the emails for anything compromising. Last night it seems they hit paydirt.
Content delivery network service provider Akamai Technologies released a new report on Wednesday (PDF) stating that hackers are taking advantage of a 12-year-old vulnerability in OpenSSH to gain control of internet-connected devices for mass-scale attack campaigns. The company dubs these attacks as “SSHowDowN Proxy,” which for now seem focused on using video surveillance devices, satellite antenna equipment, network devices, and internet-connected network-attached storage units.
Multiple stories published here over the past few weeks have examined the disruptive power of hacked “Internet of Things” (IoT) devices such as routers, IP cameras and digital video recorders. This post looks at how crooks are using hacked IoT devices as proxies to hide their true location online as they engage in a variety of other types of cybercriminal activity — from frequenting underground forums to credit card and tax refund fraud.
The hacks keep on coming. Even as reporters were still poring through a Wikileaks dump of emails stolen from the accounts of the Democratic National Committee and Hillary Clinton’s campaign staff earlier this year, someone compromised the Twitter account of her campaign chair, John Podesta, and tweeted a pro-Trump message. Since the team clearly continues to be targeted, now seems like a good time to run down some basic security hygiene.
One of the main reasons why hackers and other malicious actors are so hard to locate is not the fact they're really good at hiding their location -- it is because they're exceptional when it comes to faking things. They fake their locations, their working hours, language, infrastructure, toolkits -- even their own groups.
The director of the International Atomic Energy Agency has said he's aware of a successful hack of a nuclear power plant. And as if that isn't bad enough, he also knows of an attempt to steal enriched uranium.
Yukiya Amano is the agency's director and on Monday visited Germany for meetings, where a Reuters correspondent heard him say an attack on a power plant three or four years ago “caused some problems” and saw the facility “take some precautionary measures.”
The plant did not need to shut down.
This weekend Amazon.com reset the passwords for a number of their users to protect their accounts.
It appears from a post on Venturebeat that Amazon saw a list of compromised passwords for other websites on the black web. They realise that users often use the same email address and password combination for multiple websites, checked the list against the Amazon user database and if they spotted a match changed the password.
