On December 23, 2015, hackers took down the power grid in a region of Western Ukraine, triggering the first blackout ever caused by a cyber attack. This attack was part of a broader trend, as hackers are increasingly exploring ways to target critical infrastructure like power grids, transportation systems, hydroelectric dams, and chemical plants.
A newly released exploit can disable the write protection of critical firmware areas in Lenovo ThinkPads and possibly laptops from other vendors as well. Many new Windows security features, like Secure Boot, Virtual Secure Mode and Credential Guard, depend on the low-level firmware being locked down.
The exploit, dubbed ThinkPwn, was published earlier this week by a researcher named Dmytro Oleksiuk, who did not share it with Lenovo in advance. This makes it a zero-day exploit -- an exploit for which there is no patch available at the time of its disclosure.
L33tdawg: Might also be worth keeping an eye on this talk at #HITBGSEC in Singapore next month about privelage escalation via Qualcomm processors - Stumping the Mobile Chipset: Taxonomy of New Zero Day Exploits for Android
An Illinois man accused of breaking into the Apple iCloud and Gmail accounts of celebrities to obtain their private photos and videos has agreed to plead guilty to a felony computer hacking charge, prosecutors said on Friday.
Edward Majerczyk, 28, facing up to five years in prison, is the second man charged in a federal investigation into the leaks of nude photos of several Hollywood actresses, including Oscar winner Jennifer Lawrence, in September 2014.
L33tdawg: If you're interested in automotive hacking, you should check out this presentation from #HITB2016AMS - CANsee: An Automobile Intrusion Detection System
Newly unsealed court documents have revealed that one of the corrupt federal agents investigating Silk Road, the online drug marketplace, is suspected of stealing hundreds of thousands of dollars worth of bitcoin—after he pleaded guilty last year.
The Department of Homeland Security (DHS) wants to be able to predict what form malware will morph to so it can plan how to block it when it becomes reality.
DHS has granted Charles River Analytics in Cambridge, Mass., $500,000 to develop the technology, known as Predictive Malware Defense (PMD).
Charles River will use machine learning and statistical models to predict attacks based on new malware as well as create defenses ahead of time. The models will look at features of families of malware and predict how they might evolve.
Biometrics in security can be anything from a simple fingerprint system enabling access to phones and laptops, through to complex systems such as retinal scanning and facial recognition.
Convergence means that biometrics can be used for physical or logical access to networks and systems; the same biometrics being potentially used for both systems. They can be combined with other technologies to create combinations, such as a smart card and fingerprint system.
Generating a string of random numbers is easy. The hard part is proving that they’re random. As Dilbert creator Scott Adams once pointed out, “that’s the problem with randomness: you can never be sure.”
While this might sound like the kind of brain-teasers algorithm geeks play around with over a beer on a Friday night, however, it’s not purely an academic problem. When it comes to security, our faith in encryption services relies on people knowing for certain that the long strings of seemingly random numbers generated can’t be decoded by potential adversaries.
So you have an air-gapped computer, or unconnected to the Internet, and you think your data is secured just because it’s not accessible online? In most cases that might be true, but that’s not 100% accurate. There are ways to steal information from computers that are not connected to the web, and smart hackers will not stop looking for such tricks. The newest such malware would let attackers steal information from supposedly secure computers with the help of the sound made by its fans and processor.
