Security

A US federal contractor was secretly arrested by the FBI in August for allegedly stealing top secret intelligence and a hacking tool developed by the National Security Agency (NSA), the Department of Justice announced on Wednesday (5 October).

Harold Thomas Martin III faces charges of theft of government property and unauthorised removal and retention of classified materials, authorities said.

Federal investigators are also looking into whether the 51-year-old Booz Allen Hamilton contractor was behind the August leak of NSA hacking tools online.

An expanded partnership between endpoint security platform Carbon Black and IBM Security could help businesses patch vulnerabilities faster, the pair announced on Tuesday.

According to a spokesperson, the new offering will be able to "prevent 85% of enterprise-level hacks." The press release announcing the expanded partnership said that the solution will be able to patch critical security vulnerabilities "in seconds."

WikiLeaks is promising to release secret documents relating to the U.S. election, at a time when there are already questions over whether Russian hackers are feeding the site information.

WikiLeaks will publish the documents "every week for the next 10 weeks" and the topics include the U.S. election, war, arms, Google, and mass surveillance, site founder Julian Assange said on Tuesday in a press conference. 

Medical device manufacturer Animas, a subsidiary of Johnson & Johnson, is warning diabetic patients who use its OneTouch Ping insulin pumps about security issues that could allow hackers to deliver unauthorized doses of insulin.

“None of the folders or files shown are from the Clinton Foundation.”

Guccifer 2.0, an online persona widely regarded as a front for Russian intelligence operatives, claimed Tuesday to have hacked the Clinton Foundation, the non-profit organization that Democratic presidential candidate Hillary Clinton founded with her family.

“I hacked the Clinton Foundation server and downloaded hundreds of thousands of docs and donors’ databases,” Guccifer said in a post on the self-proclaimed hacker’s blog. “It was just a matter of time to gain access to the Clinton Foundation server.”

Researchers are warning about a newly discovered security vulnerability in a popular open-source JPEG 2000 parser that could let corrupted image files trigger remote code execution.

Cisco-owned security firm Talos warns that by embedding a malformed image file into a web page, PDF file, or email message, an attacker could gain control over the targeted system simply by the user loading the page or message in a vulnerable application.

Pressure on Yahoo soared Tuesday after publication of a report that it had collaborated with U.S. intelligence agencies to secretly scan hundreds of millions of its clients' emails.

The report by the Reuters news agency said Yahoo complied with a classified U.S. government directive last year demanding that it scan all incoming emails of its users for certain phrases. Yahoo's engineers wrote a program to carrying out the request, the report said.

The devices in people’s homes and offices that are connected to the Internet — things like routers and cameras and rice makers and thermostats — are going to be increasingly taken over by hackers in the coming weeks and used to suppress free speech and commit crime.

Cybersecurity experts have been issuing the warning since last week when a malicious piece of secret software that was used in a major attack was publicly released for anyone to use.

A sysadmin has developed 48 characters of code that he claims can crash most popular Linux distributions.

Andrew Ayer, a Linux administrator and founder of SSLMate, explains his code works by crashing systemd, an open-source init system that is used to boot up most Linux distributions.  Users can choose to run systemd as the first processes a Linux distribution executes upon boot-up, otherwise known as Process ID 1.

On Monday morning, a number of professionals in the aerospace industry received a rather mundane email containing a PDF ostensibly about the future of Russian aerospace programs, but which actually contained a ‘Komplex’ trojan.