How Evil Hackers Can Cause Chaos At Horribly Vulnerable Car Parks
There’s been growing interest in car hacking in recent years, inspired by researchers showing off exploits in real vehicles, tinkering with Teslas, and uncovering glaring vulnerabilities in third party kit. But criminal hackers could vex drivers in other ways, such as compromising internet-connected, easily hackable parking management systems, according to Spanish researcher Jose Guasch. Tags: […] more…Library Service interruption: The Cat, 05/19/2015
The CAT will be unavailable due to scheduled maintenance between 4:00 am and 4:30 am EST on Tuesday, May 19 2015. Certain features within LionSearch may not be available during this interruption. Other library services such as the Libraries website, and A-Z Database List are not impacted by this work. more…Warrantless laptop seizure at US borders shouldn’t be rubber-stamped, rules judge
In a rare blow to the border exception rule, the judge disagreed that laptops and phones are just “containers” that can be searched like luggage. more…Cybercriminals borrow from APT playbook in attack against PoS vendors
Cybercriminals are increasingly copying cyberespionage groups in using targeted attacks against their victims instead of large-scale, indiscriminate infection campaigns. This change in tactics has been observed among those who launch attacks, as well as those who create and sell attack tools on the underground market. A recent example of such behavior was seen in a […] more…Resurrection of the Living Dead: The “Redirect to SMB” Vulnerability
An 18-year-old vulnerability called Redirect to SMB has been resurrected with a new attack vector. This vulnerability can be used to redirect a victim to a malicious Server Message Block (SMB) server, without any direct action from the user except visiting a website. If the SMB security policy is not secure enough, the SMB client will try to make an authenticated […] more…Dropbox to pay security researchers for bugs
Dropbox said Wednesday it will pay rewards to independent researchers who find software flaws in its applications, joining a growing list companies who see merit in crowdsourcing parts of their security testing. The popular file storage service previously publicly recognized researchers, but did not pay a reward, also sometimes referred to as a bug bounty. […] more…Quantum cryptography at the speed of light: Researchers design first all-photonic repeaters
Engineers bring perfectly secure information exchanges one step to reality. They have now designed the first all-photonic quantum repeaters — protocols that ensure data can be carried reliably and securely across longer distances when using quantum cryptography. more…The Resurrection of CVE-2011-2461
Security researchers Luca Carettoni and Mauro Gentile recently found during their research that even though Adobe has fixed an old vulnerability found in 2011 (CVE-2011-2461), its side effects still linger around the Internet. Your favorite websites might still be affected by this bug. They have shared great details in their blog post. Let’s take a quick look […] more…What, me worry? Despite Snowden leaks, Americans’ use of the ‘Net largely unchanged
Don’t worry, be happy. That seems to be the attitude most Americans have toward widespread government snooping on their Internet activities. Numerous leaks illuminating the massive scale of government surveillance programs have not rattled Americans. Relatively few people have made major changes to better secure their online communications and activities, even after the alarming revelations […] more…Google error leaks website owners’ personal information
A Google software problem inadvertently exposed the names, addresses, email addresses and phone numbers used to register websites after people had chosen to keep the information private. The privacy breach involves whois, a database that contains contact information for people who’ve bought domain names. For privacy reasons, people can elect to make information private, often […] more…Google services disrupted by routing error
Google’s services were disrupted briefly on Thursday after a broadband provider in India made a network routing error. The provider, Hathway, made a technical change that caused traffic to more than 300 network prefixes belonging to Google to be directed to its own network, wrote Doug Madory, director of Internet analysis at Dyn, which studies […] more…First medical apps built with Apple’s ResearchKit won’t share data for commercial gain
As concern grows about data collection by mobile apps, Apple and companies involved with its new ResearchKit software development framework for medical studies say users of the first five apps have nothing to worry about. Access to health data collected by the apps will be restricted to approved medical researchers and barred from commercial use, […] more…Researchers show why buying a used Nest may not be such a bright idea
At last year’s Black Hat security conference, a team comprised mostly of researchers from the the University of Central Florida set alarm bells ringing when it showed just how easily a hacker could make deep cyber inroads into a smart home using the Nest thermostat. Inspired and curious, researchers at security firm TrapX Security took […] more…TorrentLocker Ransomware Uses Email Authentication to Refine Spam Runs
In monitoring the ransomware TorrentLocker, we noticed a new development in its arrival vector. In previous entries, we noted that a particular wave of the crypto-ransomware was using spammed messages that were designed to evade spam filters. Our research now shows that TorrentLocker malware are using emails that are designed to pass spam filters and […] more…Vulnerability Research and Disclosure: Evolving To Meet Targeted Attacks
Recently, both HP’s Zero Day Initiative (ZDI) and Google’s Project Zero published vulnerabilities in Microsoft products (specifically, Internet Explorer and Windows 8.1) because Redmond did not fix them within 90 days of the vulnerabilities being reported. This has resulted in an argument between security researchers and software vendors on how vulnerabilities should be disclosed. A case where […] more…Researcher releases 10 million usernames, passwords from data breaches
A researcher has released 10 million usernames and passwords collected from data breaches over the last decade, a step he worries could be a legally murky but one that will help security research. The data comes from major data breaches at companies including Adobe Systems and Stratfor, all of which have already been publicly released […] more…More information
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Patches Critical Vulnerabilities in Small Business Routers, SD-WAN
- 3-D Secure SMS-OTP Phishing
- “There is no inside” – How to get the most from your firewall
- Second Database Exposing Voter Records Found Online
- Facebook, Google and Twitter agree to German demand to delete hate speech within 24 hours
- Adobe launches bountyless bug hunt program on HackerOne
- Microsoft Windows Kernel ‘Win32k.sys’ CVE-2017-0079 Local Privilege Escalation Vulnerability
- Podcast: WWDC 2021: What to expect at Apple’s June event
- Web Application Firewalls Tested Against XSS Attacks