Hackers nick $60m from Taiwanese bank in tailored SWIFT attack

Hackers managed to pinch $60m from the Far Eastern International Bank in Taiwan by infiltrating its computers last week. Now, most of the money has been recovered, and two arrests have been made in connection with the cyber-heist. On Friday, the bank admitted the cyber-crooks planted malware on its PCs and servers in order to Read more about Hackers nick $60m from Taiwanese bank in tailored SWIFT attack[…]

If you don’t want Sonos to have your personal data, they will brick your players for you

Sonos’ policy change, outlined by chief legal officer Craig Shelburne, allows the gizmo manufacturer to slurp personal information about each owner, such as email addresses and locations, and system telemetry – collectively referred to as functional data – in order to implement third-party services, specifically voice control through Amazon’s Alexa software, and for its own Read more about If you don’t want Sonos to have your personal data, they will brick your players for you[…]

Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack | why it’s a great idea to entrust personal data to governments (not)

In November 2016, the Australian Signals Directorate (ASD) was alerted by a “partner organisation” that an attacker had gained access to the network of a 50-person aerospace engineering firm that subcontracts to the Department of Defence. Restricted technical information on the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft, Read more about Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack | why it’s a great idea to entrust personal data to governments (not)[…]

Companies overlook risks in open source software: compliance and policy

Open source code helps software suppliers to be nimble and build products faster, but a new report reveals hidden software supply chain risks of open source that all software suppliers and IoT manufacturers should know about. […] “We can’t lose sight that open source is indeed a clear win. Ready-to-go code gets products out the Read more about Companies overlook risks in open source software: compliance and policy[…]

4 TOR marketplaces being DDOSed

Four of the world’s key illicit marketplaces—Dream, Tochka, Trade Route, and Wall Street—went down suddenly on Friday. And no one seems to know why. Now, someone is trying to take the four largest drug marketplaces offline, seemingly by flooding them with a torrent of traffic. These sites offer a mail-order service for pretty much any Read more about 4 TOR marketplaces being DDOSed[…]

Dutch privacy regulator says Windows 10 breaks the law: wants MS to inform you how it’s breaching your privacy, not stop it.

The lack of clear information about what Microsoft does with the data that Windows 10 collects prevents consumers from giving their informed consent, says the Dutch Data Protection Authority (DPA). As such, the regulator says that the operating system is breaking the law. To comply with the law, the DPA says that Microsoft needs to Read more about Dutch privacy regulator says Windows 10 breaks the law: wants MS to inform you how it’s breaching your privacy, not stop it.[…]

OnePlus Admits It Was Snooping on OxygenOS Users, Says It Will Tweak Data Collection Program. Current fix still spies on you.

Earlier this month, software engineer Christopher Moore discovered that Shenzen, China-based phone manufacturer OnePlus was secretly collecting a trove of data about users without their consent and communicating it to company servers. Moore had routed his OnePlus 2’s internet traffic through security tool OWASP ZAP for a holiday hack challenge, but noticed his device was Read more about OnePlus Admits It Was Snooping on OxygenOS Users, Says It Will Tweak Data Collection Program. Current fix still spies on you.[…]

Russia tweaks Telegram with tiny fine for decryption denial

Encrypted messaging app Telegram must pay 800,000 roubles for resisting Russia’s FSB’s demand that it help decrypt user messages. The fine translates to just under US$14,000, making it less of a serious punishment and more a shot across the bows. […] Telegram founder Pavel Durov has posted to Russian social site VK.com that it’s not Read more about Russia tweaks Telegram with tiny fine for decryption denial[…]

KRACK attacks WPA2 – ie all the WiFis

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to Read more about KRACK attacks WPA2 – ie all the WiFis[…]

Paramount group acquires 4 French dual seat Mirage F-1 fighters for agressor training

Paramount Aerospace Systems has been in negotiation with the French Government to acquire four Dual-Seater Mirage F1s. These aircraft are compatible with the existing fleet of Mirage F1 aircraft that was acquired by Paramount group from the South African Government. The Company has extensive capability on this aircraft type with full airframe and engine overhaul Read more about Paramount group acquires 4 French dual seat Mirage F-1 fighters for agressor training[…]

Disqus discovers its comments tool was hacked in 2012. 17.5m accounts involved, 2/3rds without passwords.

Disqus has confirmed its web commenting system was hacked. The company, which builds and provides a web-based comment plugin for news websites, said Friday that hackers stole more than 17.5 million email addresses in a data breach in July 2012. About a third of those accounts contained passwords, salted and hashed using the weak SHA-1 Read more about Disqus discovers its comments tool was hacked in 2012. 17.5m accounts involved, 2/3rds without passwords.[…]

Dutch defence minister and top general step down for munition problem out of their control. How is this taking responsibility?

Due to an accident caused by a mortar exploding within the launch tube, both the Dutch minister of Defence, Jeanine Hennis-Plasschaert, and commander of the armed forces, Tom Middendorp have both fallen on their swords. The incident involved the sloppy purchasing of a mortar grenade in 2006 (expedited for the Afghan war), which led to Read more about Dutch defence minister and top general step down for munition problem out of their control. How is this taking responsibility?[…]

BLE is weak and can be used to map and hack sex toys, hearing aids. The rise of screwdriving

Using your favourite BLE sniffing hardware (we used a Bluefruit but an Ubertooth is just as great) you can visualise the BLE packets in Wireshark. In this case we can see the app has caused the Hush to start vibrating when the handle 0x000e has “Vibrate:5” written to it. We can also start to replay Read more about BLE is weak and can be used to map and hack sex toys, hearing aids. The rise of screwdriving[…]

Azure fell over for 7 hours in Europe because someone accidentally set off the fire extinguishers

During a routine periodic fire suppression system maintenance, an unexpected release of inert fire suppression agent occurred. When suppression was triggered, it initiated the automatic shutdown of Air Handler Units (AHU) as designed for containment and safety. While conditions in the data center were being reaffirmed and AHUs were being restarted, the ambient temperature in Read more about Azure fell over for 7 hours in Europe because someone accidentally set off the fire extinguishers[…]

Many Protostellar and cometary detections of organohalogens: probably not alien in origin.

Organohalogens, a class of molecules that contain at least one halogen atom bonded to carbon, are abundant on the Earth where they are mainly produced through industrial and biological processes1. Consequently, they have been proposed as biomarkers in the search for life on exoplanets2. Simple halogen hydrides have been detected in interstellar sources and in Read more about Many Protostellar and cometary detections of organohalogens: probably not alien in origin.[…]

Equifax breach: 2.5m US citizens larger than thought. A timeline.

Equifax said late Monday that an outside review determined about 2.5 million additional U.S. consumers were potentially impacted, for a revised total of 145.5 million. The company said the review also found that just 8,000 Canadian citizens were impacted, rather than up to 100,000 Canadians, as previously announced. Equifax was alerted to the breach by Read more about Equifax breach: 2.5m US citizens larger than thought. A timeline.[…]

Amateur Radio Hams get Satellite from the US to run BBS on

FalconSAT-3 was built in 2005 and 2006 by cadets and faculty in the Space Systems Research Center at the US Air Force Academy in Colorado Springs, CO. In amateur service the downlink is at 435.103 MHz transmitting 1W into a ¼ whip that extends from a corner of the satellite near the Lightband separation ring. Read more about Amateur Radio Hams get Satellite from the US to run BBS on[…]

Kalashnikov Unveils Flying ‘Hovercycle’

A Russian defense manufacturer named after the inventor of the AK-47 showed off its “flying car” to company officials and the Internet. The “car,” which has sixteen sets of rotors, could have military applications down the road including scouting, communications, and other tasks. The unnamed vehicle was demonstrated Monday by officials at Kalashnikov Concern, part Read more about Kalashnikov Unveils Flying ‘Hovercycle’[…]