Shortly after Carnegie Mellon University professor Lorrie Cranor became chief technologist at the Federal Trade Commission in January, she was surprised by an official agency tweet that echoed some oft-repeated security advice. It read: "Encourage your loved ones to change passwords often, making them long, strong, and unique." Cranor wasted no time challenging it.
When cybersecurity researchers showed in recent years that they could hack a Chevy Impala or a Jeep Cherokee to disable the vehicles’ brakes or hijack their steering, the results were a disturbing wakeup call to the consumer automotive industry. But industrial automakers are still due for a reminder that they, too, are selling vulnerable computer networks on wheels—ones with direct control of 33,000 pounds of high velocity metal and glass.
Over the past few months, cybercriminals have set up thousands of malicious domains and servers in Brazil in anticipation of the 2016 Olympics in Rio.
Threat data collected by Fortinet from over 2 million sensors worldwide shows that between April and June, the number of malicious URLs detected in Brazil grew by 83 percent. That's an unusually large spike compared to the 16 percent growth in malicious URLs for the rest of the world.
Typically, a hacking tournament is made up of humans attempting to exploit code and applications, but that's not the case for the Defense Advanced Research Projects Agency (DARPA) Cyber Grand Challenge (CGC). The CGC occurs on Aug. 4 at the DefCon security conference in Las Vegas and will see seven different autonomous computing systems compete in what is being billed as the world's first all-machine hacking tournament.
Almost exactly a year ago, Chrysler announced a recall for 1.4 million vehicles after a pair of hackers demonstrated to WIRED that they could remotely hijack a Jeep’s digital systems over the Internet. For Chrysler, the fix was embarrassing and costly. But now those two researchers have returned with work that asks Chrysler and the automotive industry to imagine an alternate reality, one where instead of reporting their research to the automaker so it could be fixed, they had kept working on it in secret—the way malicious hackers would have.
An e-mail message within the Wikileaks dump of Democratic National Committee data suggests that the Yahoo account of one DNC staffer may have been specifically targeted by Russian hackers. The leaked message from DNC staffer Alexandra Chalupa includes a photo of a screen displaying a pop-up alert in Yahoo Mail warning, "We strongly suspect that your account has been the target of state-sponsored actors."
Long the bane of the security industry, browser exploits just keep getting more dangerous as techniques grow more refined to get the most leverage from browser and browser extension flaws. According to speakers lined up for a lively panel session at Black Hat USA this week, achieving the highest levels of system privileges from a simple browser vulnerability has pretty much become de rigueur for attacks these days.
This may come as a surprise to some, but the US has special submarines that it uses to hack into strategic targets, may it be underwater communications cables or the infrastructure of other nations.
This piece of information is not necessarily new since the media had reported on it in 2015 when it was revealed that USS Annapolis is one of the Navy's special submarines that has cyber-offensive capabilities.
The Russian Federal Security Service (FSB) has announced yesterday it detected malware on the computer networks of 20 Russian government organizations.
FSB's announcement came when the US is in turmoil following two separate cyber-incidents at the Democratic Party, the party of US presidential candidate Hillary Clinton.
First there came news that the Democratic National Committee (DNC) was hacked, then news about a similar incident at the Democratic Congressional Campaign Committee (DCCC), the group managing Clinton's campaign donations site.
Egyptian security researcher Mohamed Baset has published details about a new type of attack that successfully bypasses SQRLs (Secure QR Logins, aka Secure, Quick, Reliable Logins).
Dubbed QRLJacking, this is a social engineering attack that relies on phishing and other similar techniques to trick a victim into scanning the wrong QR code.
