Once the magic card is inserted, the malware is ready to interact with two different types of cards, each with different functions: 1.Card type 1 – request commands through the interface 2.Card type 2 – execute the command hardcoded in the Track2 After the card is ejected, the user will be presented with a form, Read more about Skimer ATM Malware takes it to a new level[…]
TOKYO (Kyodo) — A total of 1.4 billion yen ($12.7 million) in cash has been stolen from some 1,400 automated teller machines in convenience stores across Japan in the space of two hours earlier this month, investigative sources said Sunday. Police suspect that the cash was withdrawn at ATMs using counterfeit credit cards containing account Read more about 1.4 bil. yen stolen from 1,400 convenience store ATMs across Japan[…]
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/may/gsmgprs-traffic-interception-for-penetration-testing-engagements/ An excellent howto on gsm gprs listening and setting up your own 4g / 2g base to intercept traffic
Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thousands of “ghost drivers” that can monitor the drivers around them—an exploit that could be used to track Waze users in real-time. They proved it to me by tracking my own movements around San Francisco and Las Vegas Read more about If you use Waze, hackers can stalk you, add thousands of ghost cars to divert your traffic[…]
_ _ _ ____ _ _ | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | _ | (_| | (__| < | |_) | (_| | (__|
A trove of leaked information, purported to be the entire Turkish citizenship database, has been leaked. The leaked info appears to contain names, addresses and ID numbers of more than 49 million citizens. If confirmed the leak would become one of the biggest privacy breaches, by number of records, ever. Source: Did hacktivists really just Read more about Did hacktivists really just expose half of Turkey’s entire population to ID theft?[…]
The team, led by Mohammad Al Faruque, director of UCI’s Advanced Integrated Cyber-Physical Systems Lab, showed that a device as ordinary and ubiquitous as a smartphone can be placed next to a machine and capture acoustic signals that carry information about the precise movements of the printer’s nozzle. The recording can then be used to Read more about 3D printed items can be reversed engineered using a smartphone to listen to the sound of the printing proces[…]
“These (mechanics) tool have the codes to read and write firmware and if it is compromised by a malicious car it can modify the firmware of other cars that come in afterwards,” Smith told Vulture South at the Nullcon security conference in Goa, India. Smith’s mechanic malware compromises of learning, simulation, and attack modes. Learning Read more about Pwn all cars by using the car mechanic PC as an attack vector[…]
The hackers breached Bangladesh Bank’s systems and stole its credentials for payment transfers, two senior officials at the bank said. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank’s account there to entities in the Philippines and Sri Lanka, the officials said. Read more about How a hacker’s typo helped stop a billion dollar bank heist[…]
The Vodafone network does not generate random TMSI numbers, which allows you to copy them and thereby listen in to other ongoing conversations. The network won’t throw off duplicates. If you have an IMSI catcher you can exploit this. It does, however, put the phone into conference call mode, which shows up on the screen. Read more about Vodafone network allows you to copy yourself into someone elses conversation[…]
Today at the Security Analyst Summit, researchers from Kaspersky Lab Global Research & Analysis Team unveiled details on two new criminal operations that have borrowed heavily from targeted nation-state attacks, and also shared an update on a resurgent Carbanak gang, which last year, it was reported, had allegedly stolen upwards of $1 billion from more Read more about Carbanak 2.0, Metel, GCMAN Borrow from APT Attacks[…]
As promised, hacker publishes personal information of 20,000 FBI agents, allegedly stolen from a hacked Department of Justice computer. Source: Hacker Publishes Personal Info of 20,000 FBI Agents | Motherboard
MERICAN AND BRITISH INTELLIGENCE secretly tapped into live video feeds from Israeli drones and fighter jets, monitoring military operations in Gaza, watching for a potential strike against Iran, and keeping tabs on the drone technology Israel exports around the world. Under a classified program code-named “Anarchist,” the U.K.’s Government Communications Headquarters, or GCHQ, working with Read more about Israeli Drone Feeds Hacked By British and American Intelligence[…]
“The largest attack reported by a respondent this year was 500Gbps, with other respondents reporting attacks of 450Gbps, 425Gbps, and 337Gbps,” (says the Arbor report) Source: 500Gbps DDoS attack flattens world record
Battered Ukrainian electricity utilities are being targeted with backdoors in attacks possibly linked to those fingered for recent blackouts. The phishing attacks are attempting to get backdoors installed on utility company computers using techniques similar to those seen in the BlackEnergy attacks. BlackEnergy ripped through Ukrainian utilities in what is largely considered the cause of Read more about Ukraine energy utilities attacked again with open source Trojan backdoor[…]
US spy chief James Clapper’s personal online accounts have been hacked, his office confirmed Tuesday, a few months after CIA director John Brennan suffered a similar attack. Clapper’s Office of the Director of National Intelligence confirmed the hack but refused to provide details. “We are aware of the matter and we reported it to the Read more about US spy chief’s personal accounts hacked[…]
Few, if any, companies or government agencies store more sensitive personal information than the IRS, and consumers have virtually no insight into how that data is used and secured. But, as the results of a recent Justice Department investigation show, when you start poking around in those dark corners, you sometimes find very ugly things. Read more about How an IRS Employee Allegedly Stole $1 Million from Taxpayers[…]
The HTTPS Bicycle attack can result in the length of personal and secret data being exposed from a packet capture of a user’s HTTPS traffic. For example, the length of passwords and other data (such as GPS co-ordinates) can be determined simply by analysing the lengths of the encrypted traffic.Some of the key observations of Read more about HTTPS Bicycle Attack – Obtaining Password lengths From TLS Encrypted Browser Requests[…]
SentinelOne director of mobile research Tim Strazzere said he found an open socket—shell@blackphone:/dev/socket $ ls l at_pal srwrwrw radio system 20150731 17:51 at_pal—accessible on the phone that the agps_daemon, a system-level shell is able to communicate with. The vulnerability, CVE-2015-6841, is specific to the modem used by the Blackphone, the Icera modem developed by nVidia. Read more about Silent Circle Blackphone Icera Modem Security Patch[…]
Time Warner Cable Inc said on Wednesday up to 320,000 customers may have had their email passwords stolen. The company said email and password details were likely gathered either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored Time Warner Cable’s customer information, including email addresses. Source: Time Read more about Time Warner Cable says up to 320,000 customers’ data may have been stolen[…]
The Israel-based duo pried apart and compromised KVMs (keyboard video mouse) units such that they could download malware and compromise attached computers. The attack, demonstrated at the Chaos Communications Congress in Hamburg last month is notable because KVMs are used to control multiple machines. A compromised unit would not be immediately suspicious to most admins Read more about Checkpoint chap’s hack whacks air-gaps flat[…]
Microsoft Corp (MSFT.O) experts concluded several years ago that Chinese authorities had hacked into more than a thousand Hotmail email accounts, targeting international leaders of China’s Tibetan and Uighur minorities in particular – but it decided not to tell the victims, allowing the hackers to continue their campaign, according to former employees of the company. Read more about Microsoft failed to warn victims of Chinese email hack[…]
37 US states could have been scammed by rogue security guy In July, Eddie Tipton, 52, was found guilty of installing a rootkit in the MSLA’s random-number generating computer that allowed him to predict the digits for future winning tickets. He also tampered with security cameras to cover up his time at the keyboard, the Read more about Feds widen probe into lottery IT boss who rooted game for profit[…]
InterApp can allow its operators to break into nearby smartphones that have their WiFi connection open, and then, employing a diverse arsenal of security vulnerabilities, gain root permission on devices and exfiltrate information to a tactical server. According to Rayzone, InterApp can steal a user’s email address password and content, passwords for social networking apps, Read more about RayZone InterApp: The Gadget That Can Spy on Any Smartphone[…]