This week, inquisitive netizens discovered that, when presented with even modest amounts of network packets – as little as 1.5Mbps spread across various TCP or UDP ports – modems equipped with a Puma 6 slow to an unusable crawl. According to one engineer who spoke to El Reg on the issue, the flaw would be Read more about FYI: You can blow Intel-powered broadband modems off the ‘net with a ‘trivial’ packet stream[…]

The NSA’s Equation Group hacking tools, leaked last Friday by the Shadow Brokers, have now been used to infect thousands of Windows machines worldwide, we’re told. On Thursday, Dan Tentler, founder of security shop Phobos Group, told The Register he’s seen rising numbers of boxes on the public internet showing signs they have DOUBLEPULSAR installed Read more about Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools[…]

The advertisment says: “Hello Google, what is the whopper burger?” and Google home reads out the first line of the wiki page. So Google blocked Burger King. So BK re-recorded and Google Home devices recite the first Absolutely brilliant and very funny! Alexa next! And even more funny: changing the wiki page just as the Read more about Burger King ads talk to Google Home devices, make them talk when listening.[…]

A partnership between computer scientists at the University of California San Diego and Google has allowed the search giant to reduce by 70 percent fraudulent business listings in Google Maps. The researchers worked together to analyze more than 100,000 fraudulent listings to determine how scammers had been able to avoid detection—albeit for a limited amount Read more about Scammers place fake pins on Google Maps[…]

The self-styled Shadow Brokers group has made a collection of NSA hacking tools and exploits publicly available. The group released a password for their archive, making it available to all and sundry. They (unsuccessfully) attempted to auction off the trove last year. In a (ranty) statement, Shadow Brokers said it was making the 2013 vintage Read more about Shadow Brokers crack open NSA hacking tool cache for world+dog[…]

Source: 1046 – Broadcom: Heap overflow in TDLS Teardown Request while handling Fast Transition IE – project-zero – Monorail Comes with proof of concept code

The Bricker Bot PDoS attack used Telnet brute force – the same exploit vector used by Mirai – to breach a victim’s devices. Bricker does not try to download a binary, so Radware does not have a complete list of credentials that were used for the brute force attempt, but were able to record that Read more about “BrickerBot” tries to kill your poorly secured IoT things[…]

A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. […] Scheel’s method, which he recently Read more about About 90% of Smart TVs Vulnerable to Remote Hacking via Rogue TV Signals[…]

According to allegations in the indictment against Rimasauskas, which was unsealed this week, he had orchestrated his scheme between 2013 and 2015, targeting “a multinational technology company and a multinational online social media company” and tricking them into wiring funds to bank accounts under his control. The bank accounts in question belonged to companies that Read more about Bloke, 48, accused of whaling two US tech leviathans out of $100m[…]

Mark Vartanyan, who operated under the handle “Kolypto”, was arrested in Norway last year, and extradited to America in December. The 29-year-old was charged with one count of computer fraud. On Monday, he pleaded guilty [PDF] to a district court in Atlanta, US. He faces up to 10 years in the clink and a $250,000 Read more about Russian mastermind of $500m bank-raiding Citadel coughs to crimes[…]

We recently announced a new addition to Metasploit to help you do exactly that: the Hardware Bridge API. The Hardware Bridge API extends Metasploit’s capabilities into the physical world of hardware devices. Much in the same way that the Metasploit framework helped unify tools and exploits for networks and software, the Hardware Bridge looks to Read more about Metasploit hwbridge connects to your car[…]

If PostScript is the printer driver, the printer is vulnerable to what they call Cross-Site Printing attacks, documented in detail at Hacking Printers here. The bugs range from attackers exfiltrating copies of what’s sent to printers, to denial-of-service, code execution, forced resets and even bricking the targets. The work from the University Alliance Ruhr landed Read more about PostScript printers extremely vulnerable outside of the network[…]

“Hmm, what is that unauth.cgi thingy? and what does that id number mean?”, I thought to myself. Luckily for me the Internet connection had come back on its own, but I was now a man on a mission, so I started to look around to see if there were any known vulnerabilities for my VEGN2610. Read more about Bypassing Authentication on NETGEAR Routers[…]

Some 35,000 mostly Amazon Web Services ElasticSearch servers are open to the internet and to ransoming criminals, Shodan boss John Matherly says. So far more than 360 instances have had data copied and erased, held to ransom using the same techniques that blitzed tens of thousands of MongoDB servers this week. Affected ElasticSearch administrators are Read more about MongoDB hackers now sacking ElasticSearch[…]

Hackers have brewed up a strain of Android malware that uses compromised smartphones as conduits to attack routers.The Switcher trojan does not attack Android device users directly. Instead, the malware uses compromised smartphones and tablets as tools to attack any wireless networks they connect to.Switcher brute-forces access to the network’s router and then changes its Read more about New Android-infecting malware brew hijacks devices and then attacks your wifi router[…]

Yahoo has discovered a 3-year-old security breach that enabled a hacker to compromise more than 1 billion user accounts, breaking the company’s own humiliating record for the biggest security breach in history. The digital heist disclosed Wednesday occurred in August 2013, more than a year before a separate hack that Yahoo announced nearly three months Read more about Yahoo Suffers World’s Biggest Hack Affecting 1 Billion Users ub 2013[…]

Cyber attacks targeting the global bank transfer system have succeeded in stealing funds since February’s heist of $81 million from the Bangladesh central bank as hackers have become more sophisticated in their tactics, according to a SWIFT official and a previously undisclosed letter the organization sent to banks worldwide. Source: Exclusive: SWIFT confirms new cyber Read more about SWIFT confirms 1/5th of cyber attacks get through, steal money.[…]

Robert Graham, CEO of Errata Security, on Friday documented his experience setting up a $55 JideTech security camera behind a Raspberry Pi router configured to isolate the camera from his home network. According to Graham’s series of Twitter posts, his camera was taken over by the Mirai botnet in just 98 seconds. Note: it was Read more about Surveillance camera compromised in 98 seconds[…]

hree has suffered a massive data breach in which the personal information and contact details of millions of customers could have been accessed. It is believed to one of the largest hacks of its kind to affect people living in Britain. Here’s everything you need to know about the hack. What happened? UK-based cyber criminals Read more about Three Mobile hack: millions of UK customers breached[…]

An attacker with access to the console of the computer and with the ability to reboot the computer can launch a shell (with root permissions) when he/she is prompted for the password to unlock the system partition. The shell is executed in the initrd environment. Obviously, the system partition is encrypted and it is not Read more about Enter 30 to shell: Cryptsetup Initram Shell / instant access to encrypted linux machines[…]

Bangladesh’s central bank hopes to retrieve $30 million more of the $81 million stolen from its account at the New York Federal Reserve in February, two bank officials said on Monday. Hackers used stolen Bangladesh Bank credentials to try to send three dozen SWIFT messages to transfer nearly $1 billion from its Fed account. They Read more about Bangladesh hopes to recover $30 million more from $81m cyber heist[…]

Adultfriendfinder.com 339,774,493 users “World’s largest sex & swinger community” Cams.com 62,668,630 users “Where adults meet models for sex chat live through webcams” Penthouse.com 7,176,877 users Adult magazine akin to Playboy Stripshow.com 1,423,192 users Another 18+ webcam site iCams.com 1,135,731 users “Free Live Sex Cams” Unknown domain 35,372 users Total: 412,214,295 aff Source: AdultFriendFinder was hacked Read more about AdultFriendFinder was hacked, together with affiliates. 400m users data out there[…]

Remember the days back in the 90s when you could cripple someones Internet connection simply by issuing a few PING command like “ping -t [target]”? This type of attack was only successful if the victim was on a dial-up modem connection. However, it turns out that a similar form of ICMP flooding can still be Read more about BlackNurse: Ping of death is back, DoS using only a laptop[…]

With proof of concept. Of course, this requires “hacking” the originating bot back and only works if the bot is running over http, but still, better than nothing. Source: Invincea Labs