Security

L33tdawg: If you're into IoT security, you might be interested in this upcoming talk by Chris Rouland at #HITBGSEC: A Walk Through Your Airspace: Understanding the IoT from DC to 10GhZ

The Internet of Things (IoT) is not a future opportunity and risk, it’s already here. In 2015, we are about to hit the point of no return with IoT – where all, and not just some, corporate IT departments must consider and address the IT management and security implications of IoT.

Cyber-attacks are ten a penny now, and the FBI and other authorities that investigate these crimes around the world have many hurdles to cross if they want to catch a hacker. Police forces can often be hindered by the dark web and anonymizing tools used by cyber-criminals to cover their tracks, but there are also political barriers in arresting cyber-criminals in other countries as well as lengthy trials and investigations into home-grown perpetrators. A couple of high profile cases from recent years have shined a light on how cyber-crime cases are carried out.

A researcher is advising drivers not to use a mobile app for General Motors Co's (GM.N) OnStar vehicle communications system, saying hackers can exploit a security flaw in the product to unlock cars and start engines remotely.

"White-hat" hacker Samy Kamkar posted a video on Thursday saying he had figured out a way to "locate, unlock and remote-start" vehicles by intercepting communications between the OnStar RemoteLink mobile app and the OnStar service.

Journalists and citizens living under repressive regimes alike depend on the encrypted Tor browser to surf the web anonymously. But in certain cases, an attacker can figure out which dark web site a user is trying to access by passively monitoring Tor traffic, and even reveal the identity of servers hosting sites on the Tor network.

Russian hackers have figured out a way to use Twitter to communicate with malware that’s infected target computers, allowing them to cover their tracks while making their way into confidential government computer systems.

The hackers upload special images to the social media site that stealthily transmit directions to installed malware that can then steal files or other unwanted actions, reported the Financial Times. The advantage of this approach is that targeted computer systems don’t register the intrusion. It looks like just another Tweet.

We reported on a newly discovered Android security vulnerability yesterday, hackers can gain access by simply sending a MMS message to the target’s device and it doesn’t even matter if that message is opened or not, Android’s default media handling system would automatically process the message and activate the code. Naturally this has raised security concerns and Google has now come out with a statement on the matter, it promises a fix for this flaw by next week.

L33tdawg: Dmitry Chastuhin from ERPScan will be at #HITBGSEC in Singapore where he'll show off an attack against SAP Afaria - One SMS to hack a company. 

ERPScan researcher Alexey Tuyrin says hundreds of Oracle PeopleSoft users, including banks, are running publicly-exposed services that are open to a token-plundering vulnerability.

We reported on a newly discovered Android security vulnerability yesterday, hackers can gain access by simply sending a MMS message to the target’s device and it doesn’t even matter if that message is opened or not, Android’s default media handling system would automatically process the message and activate the code. Naturally this has raised security concerns and Google has now come out with a statement on the matter, it promises a fix for this flaw by next week.

L33tdawg: This HITB GSEC session by folks from Citizen Lab and VXRL will hopefully shed some light: http://gsec.hitb.org/sg2015/sessions/session-014/

Once a month, cybersecurity lawyer Paul Haswell gets a call from an Asian company with the same question: We’ve been hacked. Who do we need to tell?

More often than not, his answer is “no one.” The client will hang up before Haswell can urge them to go public anyway.

Microsoft Windows 10 will have a number of improvements when it launches tomorrow, including a revamped Start menu, a speedy Microsoft Edge web browser, a built-in Cortana digital assistant and the ability to stream games from an Xbox One console to another device. But there is a controversial feature shipping with Windows 10 called Wi-Fi Sense — which will be enabled by default.