Information Security News
iT News (blog)
The danger of infosec ignorance in IoT - Security - Blogs - iTnews.com.au
iT News (blog)
Hackers taking remote control of our cars is a frightening prospect for many of us, but what are the real risks and what should we do about them? Last week two security researchers used a feature in the Fiat Chrysler Jeep called Uconnect to hook in ...
Officeworks spooked into infosec overhaul by Target breach
Wesfarmers-owned office supply chain Officeworks will upgrade its firewalls, vulnerability analysis and endpoint security systems after being scared into action by the 2013 attack against US retailer Target. On the sidelines of the RSA APJ conference ...
by Sean Gallagher
Last November, Charles Tendell quietly launched a website called Hacker's List. Its name was literal. In this online marketplace, white-hat security experts could sell their services in bite-size engagements to people with cyber-problems beyond their grasp.
"Hacker's List is meant to connect consumers who have online issues to hackers or professionals out there who have the skills to service them," Tendell told Ars. "Consumers get bullied online, they lose personal information, they have things stolen from them, they get locked out of things, and they have people post negative things or post personal information. They didn't have a place to go to be able to get help and make sure they're getting the right price or the best person for a particular job. That's what Hacker's List is for."
The idea seemed clever enough. Soon after launch, The New York Times found the site and brought a stampede of traffic that initially caused it to go down under the strain. In the six months or so since, Hacker's List has been running without technical hitches. (The site is also utilizing CloudFlare's content delivery network nowadays.)
Almost all Android mobile devices available today are susceptible to hacks that can execute malicious code when they are sent a malformed text message or the user is lured to a malicious website, a security researcher reported Monday.
The vulnerability affects about 950 million Android phones and tablets, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. It resides in "Stagefright," an Android code library that processes several widely used media formats. The most serious exploit scenario is the use of a specially modified text message using the multimedia message (MMS) format. All an attacker needs is the phone number of the vulnerable Android phone. From there, the malicious message will surreptitiously execute malicious code on the vulnerable device with no action required by the end user and no indication that anything is amiss.
In a blog post published Monday, Zimperium researchers wrote:
by Sean Gallagher
The Pakistan Telecommunication Authority (PTA) has issued a directive to mobile phone network operators to shut down access to BlackBerry Enterprise Services for all mobile customers by November 30. The new order is "for security reasons," a PTA spokesperson told The Guardian.
The order comes just six days after Privacy International issued a report warning that Pakistan's intelligence agencies are ramping up electronic surveillance efforts. The ongoing battle with the Pakistani Taliban and other insurgents has been used as justification for an increasingly broad surveillance campaign by Pakistan's intelligence community.
"The Pakistani government has been trying for years to capture all domestic phone and internet traffic across the nation’s networks," the authors of the Privacy International report noted. "As of 2013, they are significantly closer to achieving this goal."
Valve has patched a bug in its Steam system that let an attacker easily take over an arbitrary account using nothing but the account's username.
The hijacking exploit took advantage of a hole in Steam's password recovery feature, which sends a recovery code to the registered e-mail address associated with the account. That e-mailed code needs to be entered on a form through the Steam website, but an attacker could simply skip that code entry step, leaving the recovery code area blank, and have full access to the password change dialog, as demonstrated in this video.
In a statement to Kotaku, Valve said it quickly fixed the bug when made aware of it on Saturday, July 25 but that "a subset of Steam accounts" could have been affected since July 21. It's hard to know precisely how often the attack was used in that time, but a number of prominent Counter-Strike: GO streamers and others with well-known Steam usernames seem to have been affected.
Posted by InfoSec News on Jul 27http://www.theregister.co.uk/2015/07/27/plague_scanner_box_offers_invisibility_cloak_to_white_hats_vxers/
Posted by InfoSec News on Jul 27http://www.militarytimes.com/story/military/2015/07/24/utility-cyber-attack/30615033/
Posted by InfoSec News on Jul 27http://www.americanthinker.com/blog/2015/07/outrage_iran_deal_commits_us_to_teach_them_how_to_defeat_a_cyber_attack_.html
Posted by InfoSec News on Jul 27http://freebeacon.com/national-security/cybercom-big-data-theft-at-opm-private-networks-is-new-trend-in-cyber-attacks/
Posted by InfoSec News on Jul 27http://www.computerweekly.com/news/4500250398/Smartwatches-a-new-frontier-for-cyber-attack-HP-study-shows
Posted by InfoSec News on Jul 27http://www.csoonline.com/article/2952395/security-awareness/a-primer-on-dealing-with-the-media-as-a-hacker-and-dealing-with-hackers-as-the-media.html
Posted by InfoSec News on Jul 27http://www.crainsdetroit.com/article/20150726/NEWS/307269992/survey-nearly-1-in-4-it-firms-suffered-security-breach
Monday review – the hot 19 infosec stories of the week | Naked Security ...
... daily newsletter to make sure you don't miss anything. You can easily unsubscribe if you decide you no longer want it. Days of the week image courtesy of Shutterstock. Tags: computer security, Infosec, monday review, news, security news, weekly ...