In new research published Tuesday and shared with TechCrunch, Dardaman and Wheeler found three security flaws which, when chained together, could be abused to open a front door with a smart lock. Smart home technology has come under increasing scrutiny in the past year. Although convenient to some, security experts have long warned that adding Read more about Zipato Zipamicro smart home hub totally pwned[…]

Hackers infiltrated the networks of at least ten cellular telcos around the world, and remained hidden for years, as part of a long-running tightly targeted surveillance operation, The Register has learned. This espionage campaign is still ongoing, it is claimed. Cyber-spy hunters at US security firm Cybereason told El Reg on Monday the miscreants responsible Read more about Telcos around the world were so severely pwned, they didn’t notice the hackers setting up VPN points[…]

Chris Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, issued a statement on June 22 following similar warnings from private American cybersecurity firms. Krebs, whose recently renamed agency is tasked with protecting American critical infrastructure, said CISA is “aware of a recent rise in malicious cyber activity” against American Read more about U.S. and Iran’s Hackers Are Trading Blows[…]

A member of the Facebook Wink Users Group discovered that after selling his Nest cam, he was still able to access images from his old camera—except it wasn’t a feed of his property. Instead, he was tapping into the feed of the new owner, via his Wink account. As the original owner, he had connected Read more about Buyer Beware: Used Nest Cams Can Let People Spy on You[…]

Clinical lab testing titan Quest Diagnostics acknowledged in a press release on Monday that an “unauthorized user” had gained access to personal information on around 11.9 million customers, including some financial and medical data. Per NBC News, news of the breach comes via way of a Securities and Exchange Commission filing in which Quest wrote Read more about Lab Testing Giant Quest Diagnostics Says Data Breach May Have Hit Nearly 12 Million Patients[…]

Owners of Supra Smart Cloud TVs are in danger of getting some unwanted programming: it’s possible for miscreants or malware on your Wi-Fi network to switch whatever you’re watching for video of their or its choosing. Bug-hunter Dhiraj Mishra laid claim to CVE-2019-12477, a remote file inclusion zero-day vulnerability that allows anyone with local network Read more about Supra smart TVs allow anyone on wifi network to switch video to whatever they want[…]

The Australian National University (ANU) today copped to a fresh breach in which intruders gained access to “significant amounts” of data stretching back 19 years. The top-ranked Oz uni said it noticed about a fortnight ago that hackers had got their claws on staff, visitor and student data, including names, addresses, dates of birth, phone Read more about Strewth: Hackers slurp 19 years of Oz student data in uni’s second breach within a year[…]

With about $600 and a few tools, hackers could fake the radio signals used by commercial airplanes to navigate and land safely, according to new research. In a paper and demonstration from researchers at Northeastern University in Boston, a software defined radio — a non-traditional radio that uses software instead of hardware for many components Read more about Radio signals used for ILS plane landings can easily be spoofed using tools amounting to just $600[…]

ASUS’ update mechanism has once again been abused to install malware that backdoors PCs, researchers from Eset reported earlier this week. The researchers, who continue to investigate the incident, said they believe the attacks are the result of router-level man-in-the-middle attacks that exploit insecure HTTP connections between end users and ASUS servers, along with incomplete Read more about Hackers abuse ASUS cloud service to install backdoor on users’ PCs – again[…]

Cryptocurrency trading hub Binance, one of the world’s largest, has confirmed it lost about 7,000 Bitcoins (around $40 million) to hackers after its so-called “hot wallet,” i.e. one connected to the internet and used to process transactions, was breached, Bloomberg reported on Tuesday. The hot wallet in question contained about two percent of Binance’s holdings Read more about One of the World’s Largest Crypto Exchanges, Binance, Hacked to the Tune of $40 Million[…]

Marcus Hutchins, the British security researcher who shot to fame after successfully halting the Wannacry ransomware epidemic, has pleaded guilty to crafting online bank-account-raiding malware. For nearly two years now, Hutchins, 24, has been under house arrest in the US after being collared at Las Vegas airport by FBI agents acting on a tip-off. The Read more about Wannacry-slayer Marcus Hutchins pleads guilty to two counts of banking malware creation after being held for 2 years by US. Forced confession, maybe?[…]

The discovery of a new, sophisticated team of hackers spying on dozens of government targets is never good news. But one team of cyberspies has pulled off that scale of espionage with a rare and troubling trick, exploiting a weak link in the internet’s cybersecurity that experts have warned about for years: DNS hijacking, a Read more about Hackers take control of top level domains to perform massive man in the middle attack[…]

A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned. The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. Read more about Script kiddie Hackers publish personal data on thousands of US police officers and federal agents and have more in the pipeline[…]

Facebook has been prompting some users registering for the first time to hand over the passwords to their email accounts, the Daily Beast reported on Tuesday—a practice that blares right past questionable and into “beyond sketchy” territory, security consultant Jake Williams told the Beast. A Twitter account using the handle @originalesushi first posted an image Read more about Facebook Is Just Casually Asking Some New Users for Their Email Passwords [note – never give out your email password!!!!][…]

In January, the National Enquirer published a special edition that revealed an intimate relationship Bezos was having. He asked me to learn who provided his private texts to the Enquirer, and why. My office quickly identified the person whom the Enquirer had paid as a source: a man named Michael Sanchez, the now-estranged brother of Read more about Bezos’ Investigator Gavin de Becker Finds the Saudis Obtained the Amazon Chief’s Private Data (for the dick pic extortion thing a few weeks ago)[…]

NSO and a competitor, the Emirati firm DarkMatter, exemplify the proliferation of privatized spying. A monthslong examination by The New York Times, based on interviews with current and former hackers for governments and private companies and others as well as a review of documents, uncovered secret skirmishes in this burgeoning world of digital combat. A Read more about A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments[…]

The personal information of roughly 3.1 million Toyota customers may have been leaked following a security breach of multiple Toyota and Lexus sales subsidiaries, as detailed in a breach notification issued by the car maker today. As detailed in a press release published on Toyota’a global newsroom, unauthorized access was detected on the computing systems of Tokyo Sales Read more about Toyota Security Breach Exposes Personal Info of 3.1 Million Clients, could be part of Vietnam attack[…]

A Lithuanian man admitted he helped trick Facebook Inc. and Alphabet Inc.’s Google into sending more than $100 million through a phishing scheme. Evaldas Rimasauskas, 50, pleaded guilty to one count of wire fraud before U.S. District Judge George Daniels on Wednesday under an agreement with prosecutors and will forfeit $49.7 million. Rimasauskas was extradited Read more about Man Pleads Guilty in $100 Million Scam of Facebook and Google – colleagues not yet found[…]

30 m radius (wifi) 4MB RAM for 4 million characters QWERTY keyboards hidden network (wifi) remote key injection open source software Source: KEYVILBOARD | Dé hardware keylogger voor jouw arsenaal

Citrix today warned its customers that foreign hackers romped through its internal company network and stole corporate secrets. The enterprise software giant – which services businesses, the American military, and various US government agencies – said it was told by the FBI on Wednesday that miscreants had accessed Citrix’s IT systems and exfiltrated a significant Read more about Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets – they had to be told by the FBI that they were hacked at all[…]

If you open a PDF document and your viewer displays a panel (like you see below) indicating that the document is signed by invoicing@amazon.de and the document has not been modified since the signature was applied You assume that the displayed content is precisely what invoicing@amazon.de has created. During recent research, we found out that Read more about How to fake PDF signatures[…]

In new research they plan to present at the USENIX Security conference on Thursday, a group of researchers from the University of Washington has shown for the first time that it’s possible to encode malicious software into physical strands of DNA, so that when a gene sequencer analyzes it the resulting data becomes a program Read more about Biohackers Encoded Malware in a Strand of DNA[…]

Last August, Zac Plansky woke to find that the rifle scopes he was selling on Amazon had received 16 five-star reviews overnight. Usually, that would be a good thing, but the reviews were strange. The scope would normally get a single review a day, and many of these referred to a different scope, as if Read more about Dirty dealing in the $175 billion Amazon Marketplace[…]

Earlier this month, security researcher Troy Hunt identified the first tranche of that mega-dump, named Collection #1 by its anonymous creator, a set of cobbled-together breached databases Hunt said represented 773 million unique usernames and passwords. Now other researchers have obtained and analyzed an additional vast database called Collections #2–5, which amounts to 845 gigabytes Read more about Hackers Are Passing Around a Megaleak of 2.2 Billion Records[…]

Airbus has admitted that a “cyber incident” resulted in unidentified people getting their hands on “professional contact and IT identification details” of some Europe-based employees. The company said in a brief statement published late last night that the breach is “being thoroughly investigated by Airbus’ experts”. The company has its own infosec business unit, Stormguard. Read more about Personal data slurped in Airbus hack – but firm’s industrial smarts could be what crooks are after[…]