Describing him as a loyal “government soldier,” the Chinese government’s Global Times newspaper has praised the actions of accused hacker Su Bin for his part in allegedly hacking secrets from several U.S. defense contractors. Although the government line is to continue denying having anything to do with the attack, the paper stated that Bin’s actions should be praised, whether he is found guilty or innocent.
A newly discovered zero-day vulnerability for OS X allows hackers to execute code previously thought to be protected by Apples new kernel defense, known as System Identity Protection (SIP).
“Our researchers recently uncovered a major flaw which allows for local privilege escalation and bypass of System Integrity Protection, Apple’s newest protection feature,” said SentinelOne in a blog post announcing the discovery.
If keeping our private data out of our government’s hands wasn’t trouble enough, we also have to be ever-vigilant against the online renegades who would seek to compromise our privacy for the sake of monetary gain. In a breaking security report by Brian Krebs, it appears that Verizon’s enterprise service have been hacked, and over 1.5 million accounts are affected. The cybercriminals are currently selling the data online in a “closely guarded underground cybercrime forum” for the asking price of $100,000.
Six people have been charged with exploiting a bug in lottery terminals to print off winning tickets on demand.
Connecticut prosecutors say the group conspired to manipulate automated ticket dispensers to run off "5 Card Cash" tickets that granted on-the-spot payouts in the US state.
While many Silicon Valley tech companies famously employ ‘bug bounty’ programs whereby individuals or third-party groups can receive substantial monetary rewards for finding critical software bugs, Apple is curiously the odd man out. Whether it’s Google handing out $12,000 to a former employee who managed to purchase the Google.com domain name or Facebook paying $15,000 to a security researcher who happened upon a way to unlock any user’s account, paying cold hard cash to learn about previously undetected security vulnerabilities is not only commonplace, but also makes a lot of sense.
Some Uber riders are being told to reset their passwords after the company saw a spike in account takeovers in February.
The emails going out confused users who thought their accounts had been hacked or that the emails from the ride-hailing company were a phishing attempt from hackers to take over their accounts.
Instead, the password resets were from Uber to make sure they wouldn’t be hacked in the first place. Uber confirmed to Business Insider that the emails are real, and says that the company did not have a recent security breach.
L33tdawg: If you're into automobile security, you might be interested in the world's first IDS for automobiles set to be unveiled in May at #HITB2016AMS
The Internet and the growing interconnectedness of networks have made it incredibly easy for threat actors to deliver and propagate malware. But not all cyber threats are Internet-borne.
Take USB Thief, new malware sample that researchers at security firm ESET recently discovered. As its name implies, the malware is completely USB-borne, meaning it spreads exclusively through devices that plug into the USB port of computers.
Nick Biasini is the Outreach Engineer at Cisco Talos. He has researched a wide range of topics including exploit kits and various malware campaigns being distributed through email.
Biasini is presenting at HITBSecConf Amsterdam 2016 this spring. Come see his session, Exploit Kits: Hunting the Hunters, on May 26, 2016.
BinDiff is a constant presence inside a security researcher’s toolbox, ideal for patch and malware analysis or reverse engineering of code. The Google-owned software allows researchers to conduct side-by-side comparisons of binary files in disassembled code looking for differences in the samples. Until last week, BinDiff came with a price, but on Friday Google announced that it was making the plug-in available for free. Researchers still have purchase the Hex-Rays IDA Pro disassembler, 6.8 or later to use the plug-in, however.
