Shoring up Tor: Researchers mount successful attacks against popular anonymity network — and show how to prevent them
With 2.5 million daily users, the Tor network is the world’s most popular system for protecting Internet users’ anonymity. Researchers have now demonstrated a vulnerability in Tor’s design. They show that an adversary could infer a hidden server’s location, or the source of the information reaching a given Tor user, by analyzing the traffic patterns […] more…Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Today, Fiat Chrysler recalled 1.4 million vehicles possibly affected by a vulnerability in the UConnect infotainment system that could allow attackers to hijack the vehicle’s steering and braking. Car hacking researchers Chris Valasek and Charlie Miller demonstrated proof of concept in striking fashion, when they wirelessly took control of a 2014 Jeep Cherokee driven by […] more…Security threats and why you never want to name anything
There is a bit of a name fight going on with a new class of security software. Traditionally, this has been called UBA, for User Based Analysis or Analytics. However, recently newer firms are coming to market arguing that the name should have more to do with the benefit the technology provides and reflect that […] more…Your brain’s unique response to words can reveal your identity
Watch your language. Words mean different things to different people – so the brainwaves they provoke could be a way to identify you. Blair Armstrong of the Basque Center on Cognition, Brain, and Language in Spain and his team recorded the brain signals of 45 volunteers as they read a list of 75 acronyms – […] more…Security pros name their must-have tools
Secure file sharing is imperative for Lawyers Without Borders, a group that works with volunteer lawyers to advance human rights law in conflict-ridden regions. The nonprofit organization, headquartered in Hartford, Conn., uses Intralinks VIA to protect confidential legal documents and court papers from unsanctioned access. The SaaS solution for content sharing and collaboration is a […] more…Sophos takes rare step of citing Microsoft flaw as a must-fix
Sophos generally steers clear of pointing to a single patch from Microsoft’s Patch Tuesday, but is breaking its own rule this month by highlighting one it says can prevent a world of hurt. The patch – MS15-034 – addresses a bug that could allow remote-code execution on a victim machine, and that can be exploited […] more…Multiplatform Boleto Fraud Hits Users in Brazil
A study conducted around June last year revealed a malware-based fraud ring that infiltrated one of Brazil’s most popular payment methods – the Boleto Bancário, or simply the boleto. While the research and analysis was already published by RSA, we’ve recently discovered that this highly profitable fraud is still out in the wild and remains […] more…The four main roadblocks holding up self-driving cars
SOME day soon, driverless podcars will cluster around our cities, waiting to pick us up on demand. There will be no steering wheel, no brake pedal; once seated, you can take a nap or watch a movie. This public facility will reduce traffic and carbon emissions. Not having to own a car will make transport […] more…Warning to white-hat hackers: Obama proposal a threat to what you do
President Obama’s proposal to update the computer fraud and abuse act could put white-hat hackers at risk of prosecution as members of organized crime, the SchmooCon hacking conference was told. Under Obama’s proposal, simply sharing passwords with friends – something hackers do routinely – could be enough to indicate that the person doing the sharing […] more…Hacktivist Group CyberBerkut Behind Attacks on German Official Websites
A pro-Russian group called CyberBerkut claimed responsibility for a recent hack on certain German government websites in early January. We were able to gather some information on some of its members based on Pastebin data that had been leaked by the Ukrainian nationalist political party (Pravy Sektor). A Background on CyberBerkut CyberBerkut is an organized group […] more…Barack Obama proposes shielding companies that share cyber threat data
President Obama on Tuesday proposed new cybersecurity legislation that would put cybercrime on par with racketeering and would protect companies from getting sued if they share computer threat data with the government. more…Why is ICANN rushing its ‘UN ‘net security council’? So it can be announced at Davos
Despite rejections from its closest allies and calls for delay, ICANN is determined to create a “coordination council” for its internet-steering NetMundial Initiative this month. Why? The initiative was born out of a meeting in April between some governments, ICANN, and others, in Brazil, to discuss the future direction of the web in the wake […] more…New trojan aims to steal your password manager’s password
Password managers are supposed to protect our logins and other sensitive information in one encrypted database, secured with a master key. They’re a much better alternative to using the same password on multiple sites or constantly forgetting your passwords. But now hackers are targeting these password managers. Ars Technica reports that a new Citadel trojan, […] more…Citadel malware attacking open source password managers
The king of the castle has a new tormentor. IBM’s Trusteer researchers have discovered a new configuration of the Citadel malware that attacks certain password managers. The configuration activates key logging when certain processes are running on the infected machine. The targeted processes include Password Safe and KeePass, two open-source password managers. The variant also […] more…Malware served through rogue Tor exit node tied to cyberespionage group
A malware program distributed recently through a rogue server on the Tor anonymity network was also used in targeted attacks against European government agencies. The malware has been dubbed OnionDuke by security researchers from antivirus firm F-Secure, who believe it is connected to MiniDuke, a cyberespionage threat of Russian origin that was used to attack […] more…Drupal releases patch for severe SQL injection flaw
Drupal has released a patch for a highly critical flaw in its content management system, which could allow rogue code to run. Drupal, which is a volunteer open-source project whose software is used by websites such as The White House and the Economist, said all of 7.x releases prior to 7.32 are affected, according to […] more…More information
- Kremlin’s New Cyber Weapons Spark Fears and Fantasies
- SynAck Ransomware Uses Process Doppelgänging for Evasion
- Court records system has been open to hackers for decades
- CERT advises users to ‘discontinue use’ of two Netgear routers due to major security flaw
- Google Nearby: location-aware popup ads for location-aware apps
- Kaspersky apologizes for antivirus update that continues to disrupt customer nets
- S3 Ep2: Creepy smartwatches, botnets and Pings of Death – Podcast
- Former Palo Alto Networks Employee Charged With Insider Trading
- Cyber-Security Chief on Wave of Web Attacks
- To punish Symantec, Google may distrust a third of the web’s SSL certificates