Security Feeds

Naked Security

How one guy could have taken over any Tinder account (but didn’t)

The potential outcome of the Tinder security hole - complete account takeover, with a crook logged in as you

02/22/18 5:43 am

Tesla cryptojacked by currency miners

Tesla's Amazon Web Services (AWS) cloud account was broken into by hackers who suckled at its computer power for cryptocurrency mining

02/22/18 5:42 am

Another baby monitor is allowing strangers to spy on children

Researchers say Mi-Cam is easy to hijack: turn it off to keep the kids from being eyeballed by prying eyes or chatted up by strangers.

02/22/18 4:23 am

Cyber Aware – are passwords past it? (Hint: no.) [VIDEO]

Getting your online password situation right is easier than you think - so here's how to do it!

02/21/18 10:40 am

Is your child a victim of identity theft?

Finding out someone has already established your child's credit for them is a nightmare to try and clean up after years of damage already done.

02/21/18 5:55 am

Krebs on Security

Money Laundering Via Author Impersonation on Amazon?

Patrick Reames had no idea why Amazon.com sent him a 1099 form saying he'd made almost $24,000 selling books via Createspace, the company's on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that's full of nothing but gibberish.

02/20/18 3:51 am

IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts

Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms' clients, the crooks contact those clients posing as a collection agency and demand that the money be "returned." In one version of the scam, criminals are pretending to be debt collection agency officials acting on behalf of the IRS. They'll call taxpayers who've had fraudulent tax refunds deposited into their bank accounts, claim the refund was deposited in error, and threaten recipients with criminal charges if they fail to forward the money to the collection agency. This is exactly what happened to a number of customers at a half dozen banks in Oklahoma earlier this month. Elaine Dodd, executive vice president of the fraud division at the Oklahoma Bankers Association, said many financial institutions in the Oklahoma City area had "a good number of customers" who had large sums deposited into their bank accounts at the same time.

02/19/18 6:44 am

New EU Privacy Law May Weaken Security

Companies around the globe are scrambling to comply with new European privacy regulations that take effect a little more than three months from now. But many security experts are worried that the changes being ushered in by the rush to adhere to the law may make it more difficult to track down cybercriminals and less likely that organizations will be willing to share data about new online threats. On May 25, 2018, the General Data Protection Regulation (GDPR) takes effect. The law, enacted by the European Parliament, requires technology companies to get affirmative consent for any information they collect on people within the European Union. Organizations that violate the GDPR could face fines of up to four percent of global annual revenues.

02/15/18 9:11 am

Microsoft Patch Tuesday, February 2018 Edition

Microsoft today released a bevy of security updates to tackle more than 50 serious weaknesses in Windows, Internet Explorer/Edge, Microsoft Office and Adobe Flash Player, among other products. A good number of the patches issued today ship with Microsoft's "critical" rating, meaning the problems they fix could be exploited remotely by miscreants or malware to seize complete control over vulnerable systems -- with little or no help from users.

02/13/18 1:13 pm

Domain Theft Strands Thousands of Web Sites

Newtek Business Services Corp. [NASDAQ:NEWT], a Web services conglomerate that operates more than 100,000 business Web sites and some 40,000 managed technology accounts, had several of its core domain names stolen over the weekend. The theft shut off email and stranded Web sites for many of Newtek's customers. An email blast Newtek sent to customers late Saturday evening made no mention of a breach or incident, saying only that the company was changing domains due to "increased" security. A copy of that message can be read here (PDF). In reality, three of their core domains were hijacked by a Vietnamese hacker, who replaced the login page many Newtek customers used to remotely manage their Web sites (webcontrolcenter[dot]com) with a live Web chat service. As a result, Newtek customers seeking answers to why their Web sites no longer resolved correctly ended up chatting with the hijacker instead.

02/12/18 5:41 am

Security Magazine

More intelligent viewing, from Bosch

The latest Bosch AUTODOME IP range is the only camera with built-in Essential Video Analytics and a pan, tilt and zoom (PTZ) function.

10/01/17 11:17 am

Over the Horizon: Emerging Security Threats and Risks to the Enterprise

We are entering a period of time when we are going to see an uptick in the number of security threats, both physical and in cyberspace. There is an increasing global unrest. Over the past few months what we’ve seen electorally, in the U.S., but also in Europe and in other parts of the world, has been a manifestation of that.

10/01/17 4:11 am

Protecting History: A Culture of Security at the Art Institute of Chicago

The Art Institute of Chicago hosts 1.5 million visitors annually, holds 300,000 works of art, serves as the venue for hundreds of private events every year and is a cornerstone of downtown Chicago tourism. All of these factors make security absolutely essential and absolutely challenging.

10/01/17 4:11 am

Preserving & Securing: Keeping Security Discreet at the Darwin Martin House

Iconic American architect Frank Lloyd Wright was commissioned to build a unique residential complex for Buffalo, New York, businessman Darwin D. Martin and his family between 1903 and 1905. Scholars consider the complex of six interconnected buildings as one of Wright’s finest achievements, but the history of the house has been a rocky one.

10/01/17 4:09 am

University Campuses Take Center Stage

Bike thefts, drug abuse, assaults and other violent crimes, protest-counterprotest melees, and cyber hackers are crowding onto the ever-expanding plates of college and university police and security forces. But those in the field say they’re up to those myriad challenges thanks to the combination of equipment, technology and training they can bring to bear.

10/01/17 4:08 am

ThreatPost

uTorrent Users Warned of Remote Code Execution Vulnerability

Google Project Zero researchers are warning of two critical remote code vulnerabilities in popular versions of uTorrent's web-based BitTorrent client and its uTorrent Classic desktop client.

02/21/18 1:26 pm

Intel Issues Updated Spectre Firmware Fixes For Newer Processors

Intel has issued a firmware fix to help its Kaby Lake, Coffee Lake and Skylake processors address the Spectre security flaw.

02/21/18 1:21 pm

New BEC Spam Campaign Targets Fortune 500 Businesses

A new business email compromise campaign targets financial transactions tied to Fortune 500 firms.

02/21/18 10:59 am

Flight Sim Labs’ ‘Heavy Handed’ Anti-Piracy Tactics Raise Hackles

Developer Flight Sim Labs is in hot water after acknowledging that it has installed malware in its flight simulator product that it said targets pirate users of its software.

02/20/18 2:13 pm

Year-Old Coldroot RAT Targets MacOS, Still Evades Detection

Researchers are warning users about the Coldroot remote access Trojan that is going undetected by AV engines and targets MacOS computers.

02/20/18 5:46 am

PacketStorm

Packet Storm

Hashcat Advanced Password Recovery 4.1.0 Source Code

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

02/21/18 6:04 am

Hashcat Advanced Password Recovery 4.1.0 Binary Release

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

02/21/18 6:04 am

Yab Quarx 2.4.3 Cross Site Scripting

Yab Quarx versions 2.4.3 and below suffer from multiple cross site scripting vulnerabilities.

02/21/18 6:00 am

Hackers Infiltrate Tesla To Mine Cryptocurrency

02/21/18 5:54 am

AI Ripe For Exploitation, Experts Warn

02/21/18 5:54 am