giovedì, dicembre 29, 2016

Watch a drone hack a room full of smart lightbulbs from outside the window

http://www.theverge.com/2016/11/3/13507126/iot-drone-hack

For two years, criminals stole sensitive information using malware hidden in individual pixels of ad banners

http://boingboing.net/2016/12/07/for-two-years-criminals-stole.html

TalkTalk and Post Office routers hit by cyber-attack - BBC News

http://www.bbc.com/news/technology-38167453

New Mirai Worm Knocks 900K Germans Offline — Krebs on Security

https://krebsonsecurity.com/2016/11/new-mirai-worm-knocks-900k-germans-offline/

Come violare 18app per avere il Bonus Cultura infinito (responsible disclosure)

https://lmilano.blogspot.com/2016/11/come-violare-18app-per-avere-il-bonus.html

Hackers stole Tesla car using App

http://www.ehackingnews.com/2016/11/hackers-stole-tesla-car-using-app.html

Vulnerabilities in McAfee enterprise system gives hacker root access

http://www.ehackingnews.com/2016/12/vulnerabilities-in-mcafee-enterprise.html

Venezuelan Army Website Hacked, Details of 3,000 Accounts Exposed

http://news.softpedia.com/news/venezuelan-army-website-hacked-details-of-3-000-accounts-exposed-510676.shtml

Russian central bank, private banks lose $31 mln in cyber attacks

http://www.reuters.com/article/us-russia-cenbank-cyberattack-idUSKBN13R1TO

PayPal proffers patch for OAuth app hack hole

http://www.theregister.co.uk/2016/11/30/paypal_proffers_patch_for_oauth_app_hack_hole/

Hackers Are Trading Hundreds of Thousands of xHamster Porn Account Details

http://motherboard.vice.com/read/hackers-are-trading-hundreds-of-thousands-of-xhamster-porn-account-details

Saudi Arabia Has Just Suffered a Series of Major Cyber Hack Attacks

https://www.bloomberg.com/news/articles/2016-12-01/destructive-hacks-strike-saudi-arabia-posing-challenge-to-trump

SF’s Transit Hack Could’ve Been Way Worse—And Cities Need to Get Ready

https://www.wired.com/2016/11/sfs-transit-hack-couldve-way-worse-cities-must-prepare/

Hackers accessed personal data of 130.000 US Navy Sailors

http://fortune.com/2016/11/24/hackers-130000-navy-sailors-personal-data/

Switcher: Android joins the ‘attack-the-router’ club - Securelist

https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/

giovedì, ottobre 20, 2016

VESK coughs up £18k in ransomware attack • The Register

http://www.theregister.co.uk/2016/09/29/vesk_coughs_up_18k_in_ransomware_attack/

And! it! begins! Yahoo! sued! over! ultra-hack! of! 500m! accounts! • The Register

http://www.theregister.co.uk/2016/09/24/yahoo_sued_hack/

College student hacked college system to change grades - E Hacker News

http://www.ehackingnews.com/2016/09/college-student-hacked-college-system.html

www.nytimes.com

http://www.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html?_r=1

D-Link DWR-932 B owner? Trash it, says security bug-hunter • The Register

http://www.theregister.co.uk/2016/09/29/dlink_dwr932_b_owner_trash_it_says_security_bughunter/

152k cameras in 990Gbps record-breaking dual DDoS • The Register

http://www.theregister.co.uk/2016/09/27/152463_hacked_cameras_deliver_990gbps_recordbreaking_dual_ddos/

Source code unleashed for junk-blasting Internet of Things botnet • The Register

http://www.theregister.co.uk/2016/10/03/iot_botnet/

Internet of Things comes back to bite us as hackers spread botnet code

http://www.usatoday.com/story/tech/news/2016/10/03/internet-things-brian-krebs-ddos-attack-distributed-denial-of-service/91481588/

Attenzione al virus xic.graphics che arriva come messaggio di Facebook | Computerworld

http://www.cwi.it/attenzione-al-virus-xic-graphics-arriva-messaggio-facebook_94832/

Revealed: How one Amazon Kindle scam made millions of dollars | ZDNet

http://www.zdnet.com/article/exclusive-inside-a-million-dollar-amazon-kindle-catfishing-scam/

Let's not meet up with JPEG 2000 – researchers find security hole in image codec • The Register

http://www.theregister.co.uk/2016/10/04/jpeg_2000_security_hole/

TalkTalk fined £400K for mistakes that led to 2015 hack

https://www.engadget.com/2016/10/05/talktalk-400-000-ico-hack-fine/

These diabetes pumps obey unencrypted radio commands – which is, frankly, f*%king stupid • The Register

http://www.theregister.co.uk/2016/10/05/animas_diabetes_pump_flaw/

Mac malware lies in wait for YOU to start a vid sesh... • The Register

http://www.theregister.co.uk/2016/10/06/sneaky_mac_webcam_hijack_malware/

Malware diffusi tramite gli avvisi pubblicitari di Spotify su PC e Mac - HDblog.it

http://windows.hdblog.it/2016/10/06/spotify-malware-attacco-pc-mac/

Amazon finds cache of reused passwords: change yours now! Naked Security

https://nakedsecurity.sophos.com/2016/10/11/amazon-finds-cache-of-reused-passwords-change-yours-now/

NHS attacked by ransomware 'dozens' of times - SC Magazine UK

http://www.scmagazineuk.com/nhs-attacked-by-ransomware-dozens-of-times/article/546557/

Four vulnerabilities found in Dell SonicWALL Email Security virtual appliance application - Help Net Security

https://www.helpnetsecurity.com/2016/10/12/sonicwall-email-security-vulnerabilities/

Personal info on more than 58 million people spills onto the web from data slurp biz • The Register

http://www.theregister.co.uk/2016/10/13/us_data_aggregator_megabreach/

Outlook-on-Android alternative 'Nine' leaked Exchange Server creds • The Register

http://www.theregister.co.uk/2016/10/17/outlook_app_slapped_in_maninthemiddle_diddle/

Audit sees VeraCrypt kill critical password recovery, cipher flaws • The Register

http://www.theregister.co.uk/2016/10/18/veracrypt_audit/

Oracle puts out 253 fixes and a request to please apply patches NOW! Naked Security

https://nakedsecurity.sophos.com/2016/10/19/oracle-puts-out-253-fixes-and-a-request-to-please-apply-patches-now/

33 million CLEARTEXT creds for Russian IM site dumped by chap behind Last.FM mess • The Register

http://www.theregister.co.uk/2016/09/12/qipru_breach/

Peccant pwners post 670,000 Pokémon punter MD5 passwords • The Register

http://www.theregister.co.uk/2016/09/12/peccant_pwners_post_670000_pokemon_punter_md5_passwords/

Queensland TAFE suffers security breach, student data accessed | Delimiter

https://delimiter.com.au/2015/11/13/queensland-tafe-suffers-security-breach-student-data-accessed/

Logins for US Navy, NASA's JPL among US gov logins sold on deepweb • The Register

http://www.theregister.co.uk/2016/09/14/nasas_jpl_navy_part_of_thousands_of_us_gov_logins_sold_on_deepweb/

IP telephony biz VoIPtalk quietly admits to possible data breach • The Register

http://www.theregister.co.uk/2016/09/13/voiptalk_suspected_breach/

Researcher reports XSS hole in Google France • The Register

http://www.theregister.co.uk/2016/09/14/google_france_xss/

Cisco drops patch for nasty WebEx remote code execution hole • The Register

http://www.theregister.co.uk/2016/09/16/cisco_webex_patch/

FBI investigating City Hall 'ransomware' attack - News - Sarasota Herald-Tribune - Sarasota, FL

http://www.heraldtribune.com/news/20160824/fbi-investigating-city-hall-ransomware-attack

Medical device cyber attacks on rise - E Hacker News

http://www.ehackingnews.com/2016/09/medical-device-cyber-attacks-on-rise.html

Going, going, done: Trio of prolific auction fraud fraudsters jailed • The Register

http://www.theregister.co.uk/2016/09/20/auction_fraud_trio_jailed/

Mobile review website MoDaCo coughs to data breach • The Register

http://www.theregister.co.uk/2016/09/20/modaco_breach/

Police: Student hacks into Kennesaw State's system changes grades steals personal data - Story | WAGA

http://www.fox5atlanta.com/news/206545219-story

Maker of smart vibrator sued for snooping on customers use Naked Security

https://nakedsecurity.sophos.com/2016/09/20/maker-of-smart-vibrator-sued-for-snooping-on-customers-use/

Security Advisories Relating to Symantec Products - Symantec Decomposer Engine Security Update - 2016-09-19T02:37:38 PDT| Symantec

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00

BT's Wi-Fi Extender works great – at extending your password to hackers • The Register

http://www.theregister.co.uk/2016/09/21/bt_wifi_booster_fix/

Greybeards beware: Hair dye for blokes outfit Just For Men served trojan • The Register

http://www.theregister.co.uk/2016/09/21/just_for_men_serves_passwordstealing_trojan/

Victoria Police warn of malware-laden USB sticks in letterboxes • The Register

http://www.theregister.co.uk/2016/09/21/letterbox_usb_police_warning/

Pramworld admits mailing list breach • The Register

http://www.theregister.co.uk/2016/09/16/pramworld_breach/

Which voting machines can be hacked through the Internet?

https://freedom-to-tinker.com/2016/09/20/which-voting-machines-can-be-hacked-through-the-internet/

Mozilla wants woeful WoSign certs off the list • The Register

http://www.theregister.co.uk/2016/09/27/mozilla_wants_woeful_wosign_certs_off_the_list/

Patch AGAIN: OpenSSL security fixes now need their own security fixes

http://www.theregister.co.uk/2016/09/26/openssl_patches_last_weeks_patch/

4.5 million web servers have private keys that are publicly known! Naked Security

https://nakedsecurity.sophos.com/2016/09/12/4-5-million-web-servers-have-private-keys-that-are-publicly-known/

Microsoft Patches Zero Day Flaw Used In Two Massive Malvertising Campaigns

http://www.darkreading.com/attacks-breaches/microsoft-patches-zero-day-flaw-used-in-two-massive-malvertising-campaigns/d/d-id/1326908?_mc=sm_dr&hootPostID=24b950465f4f7252b2558e544825d7ab

Indonesian arrested for playing porn on public billboard - E Hacker News

http://www.ehackingnews.com/2016/10/indonesian-arrested-for-playing-porn-on.html?m=1

Hacked Republican website skimmed donor credit cards for 6 months

http://arstechnica.com/security/2016/10/hacked-republican-website-skimmed-donor-credit-cards-for-6-months/

Netflix reminds password re-users to run a reset

http://www.theregister.co.uk/2016/10/16/netflix_reminding_password_reusers_to_run_a_reset/

Cybercrime, Roma tra le città con più 'computer zombie'

http://www.repubblica.it/tecnologia/sicurezza/2016/10/08/news/cybercrime_roma_tra_le_citta_con_piu_computer_zombie_-149349372/

Flaw in Intel chips could make malware attacks more potent

http://arstechnica.com/security/2016/10/flaw-in-intel-chips-could-make-malware-attacks-more-potent/

venerdì, agosto 12, 2016

We watched RedTeam Security hack into a power company

http://www.techinsider.io/red-team-security-hacking-power-company-2016-4

Gorizia, hacker nel server scolastico. E i “4” sono diventati “10”
- Cronaca - Il Piccolo

http://m.ilpiccolo.gelocal.it/trieste/cronaca/2016/05/21/news/gorizia-l-attacco-informatico-1.13513088?ref=fbfpi

Issue 820 - project-zero - Symantec/Norton Antivirus ASPack Remote Heap/Pool memory corruption Vulnerability CVE-2016-2208 - Monorail

https://bugs.chromium.org/p/project-zero/issues/detail?id=820

Celebrity gossip site PerezHilton.com serves up malicious ads to its visitors

http://www.scmagazine.com/celebrity-gossip-site-perezhiltoncom-serves-up-malicious-ads-to-its-visitors/article/495360/

High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic

http://thehackernews.com/2016/05/openssl-vulnerability.html?m=1

Dental Assn Mails Malware to Members — Krebs on Security

http://krebsonsecurity.com/2016/04/dental-assn-mails-malware-to-members/

The Vigilante Who Hacked Hacking Team Explains How He Did It | Motherboard

http://motherboard.vice.com/read/the-vigilante-who-hacked-hacking-team-explains-how-he-did-it

Hijacking the PC Update Process - Schneier on Security

https://www.schneier.com/blog/archives/2016/06/hijacking_the_p.html?utm_source=twitterfeed&utm_medium=twitter

uTorrent Forums Hacked, Passwords Compromised - TorrentFreak

https://torrentfreak.com/utorrent-forums-hacked-passwords-compromised-160608/

Wi-Fi hack disables Mitsubishi Outlander's theft alarm – white hats • The Register

http://www.theregister.co.uk/2016/06/06/mitsubishi_outlander_hack/

$587.24 – Your Bitcoin Wallet May Be At Risk: Safenet HSM Key-Extraction Vulnerability – Gemini

https://gemini.com/blog/your-bitcoin-wallet-may-be-at-risk-safenet-hsm-key-extraction-vulnerability/

Slicing Into a Point-of-Sale Botnet — Krebs on Security

http://krebsonsecurity.com/2016/06/slicing-into-a-point-of-sale-botnet/

Shriram Life Insurance Servers Hacked? - InfoRiskToday

http://www.inforisktoday.in/shriram-life-insurance-servers-hacked-a-9231

25,000 malware-riddled CCTV cameras form network-crashing botnet • The Register

http://www.theregister.co.uk/2016/06/28/25000_compromised_cctv_cameras/

South African ISP suffers massive password leak online

http://mybroadband.co.za/news/security/169341-south-african-isp-suffers-massive-password-leak-online.html

Kiwis hack into cyber sex toys, reveal frisky risks

http://m.nzherald.co.nz/lifestyle/news/article.cfm?c_id=6&objectid=11692549

Hacking Your Computer Monitor - Schneier on Security

https://www.schneier.com/blog/archives/2016/08/hacking_your_co.html?utm_source=twitterfeed&utm_medium=twitter