An extraordinary, focused attack on DNS provider Dyn continues to disrupt internet services for hundreds of companies, including online giants Twitter, Amazon, AirBnB, Spotify and others. The worldwide assault started at approximately 11am UTC on Friday. It was a massive denial-of-service blast that knocked Dyn’s DNS anycast servers offline, resulting in knock-on impacts across the Read more about DNS devastation: Top websites whacked offline as Dyn dies again[…]

Avtech is the second most popular search term in Shodan. According to Shodan, more than 130.000 Avtech devices are exposed to the internet. That’s because there are 14 serious unpatched vulnerabilities, the guide in the link goes through. Ensure the admin interface is not exposed to the internet, change the default admin password if you Read more about Avtech devices 14 serious unpatched vulnerabilities[…]

Online skimming is a new form of card fraud. In November 2015, the first case was reported. Upon investigating, I scanned a sample of 255K online stores globally and found 3501 stores to be skimmed. It is now ten months later. Are the culprits in jail yet? Not quite, here are the numbers of compromised Read more about 69% increase in hacked online stores stealing your credit card details from 2015[…]

VIDEO Chinese hackers have attacked Tesla electric cars from afar, using exploits that can activate brakes, unlock doors, and fold mirrors from up to 20 kilometres (12 miles) away while the cars are in motion. Keen Security Lab senior researchers Sen Nie, Ling Liu, and Wen Lu, along with director Samuel Lv, demonstrated the hacks Read more about Hackers hijack Tesla Model S from afar, while the cars are moving, control is scary[…]

The answer is simpler than you might think: The defense of an innocent, learning disabled, 15-year-old girl. In the criminal complaint, she’s called “Patient A,” but to me, she has a name, Justina Pelletier. Boston Children’s Hospital disagreed with her diagnosis. They said her symptoms were psychological. They made misleading statements on an affidavit, went Read more about Why I Knocked Boston Children’s Hospital Off The Internet: A Statement From Martin Gottesfeld[…]

The Russian government “directed the recent compromises of emails from US persons and institutions,” the US Department of Homeland Security and the Office of the Director of National Intelligence said on Friday, an accusation that gives formal recognition to a claim previously voiced through unnamed sources. In late July, The New York Times reported that Read more about US govt straight up accuses Russia of hacking DNC emails[…]

The problem occurred with Spotify Free, which lets people to stream music gratis in exchange for being played and shown adverts. One advertiser sneakily embedded nasty software code into its Spotify ads that hijacked browsers on macOS and Linux systems. We’re told the ads caused the computers’ default browsers to open up dodgy websites that Read more about Is this the real life? Is this just fantasy? Spotify serving malware, no escape from reality[…]

The world’s largest distributed denial of service (DDoS) attack has been clocked from the same network of 152,463 compromised low-powered cameras and internet-of-things devices which punted a media outlet off the internet. Last days, we got lot of huge DDoS. Here, the list of “bigger that 100Gbps” only. You can see the simultaneous DDoS are Read more about 152k cameras in 990Gbps record-breaking dual DDoS[…]

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and Read more about Yahoo suffers largest leak of all time: 550m users[…]

It has been an odd day for Newsweek – its main site was taken offline after it published a story claiming a company owned by Republican presidential candidate Donald Trump broke an embargo against doing deals with Cuba. The magazine first thought that the sheer volume of interest in its scoop was the cause for Read more about Criticize Donald Trump, get your site smashed offline from Russia[…]

systemd fails an assertion in manager_invoke_notify_message when a zero-length message is received over /run/systemd/notify. This allows a local user to perform a denial-of-service attack against PID 1.Proof-of-concept:NOTIFY_SOCKET=/run/systemd/notify systemd-notify “” Source: Assertion failure when PID 1 receives a zero-length message over notify socket · Issue #4234 · systemd/systemd · GitHub

By creating config files you can escalate through the mysqld_safe script using malloc_lib Source: Bad news: MySQL can dish out root access to cunning miscreants

ClixSense, a site which pays users to view ads and take surveys, was the victim of a massive data breach compromising around 6.6 million user accounts. Usually when there’s a data breach of this size, the information stolen contains usernames, passwords, and some other personal information, but due to the nature of ClixSense and the Read more about Over 6 million ClixSense users compromised by data breach[…]

Perhaps feeling a little bent out of shape about how much shit their country caught for running a massive, Cold War-style doping program for Olympic athletes, a group of Russian hackers have obtained confidential documents that they claim prove American Olympians are also big fat cheaters. The only problem is that the leaked documents don’t Read more about Russian Hackers Get Into World Anti-Doping Agency Data, Find Nothing Incriminating[…]

How hackers broke into millions of US govt personnel files Source: Read the damning dossier on the security stupidity that let China ransack OPM’s systems

It’s hard to detect because once it infects it deletes the files and lays dormant in memory. It executes now and again to find and infect other hosts and can be used as part of a botnet. Malwaremustdie

HITB Florian Lukavsky hacks criminals profiting from out-of-control multi-billion dollar CEO wire transfer scams… and they hate him for it. The director of SEC Consult’s Singapore office has made a name striking back at so-called “whaling” scammers by sending malicious Word documents that breach their Windows 10 boxes and pass on identity information to police. Read more about Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops[…]

If I plug in a device that masquerades as a USB Ethernet adapter and has a computer on the other end, can I capture credentials from a system, even when locked out (yes, logged in, just locked). (..or do even more, but we’ll save that for another time, this post is already too long) Source: Read more about Use a USB dongle to emulate a nic and get credentials from locked windows machines[…]

One in five firms that pay ransom fail to get their data back, according to new research from Trend Micro. A poll of IT managers at 300 UK businesses sponsored by Trend Micro found that 44 per cent of UK businesses have been infected by ransomware in the last two years. The study also found Read more about When you’ve paid the ransom but you don’t get your data back[…]

Music service Last.fm was hacked on March 22nd, 2012 for a total of 43,570,999 users. This data set was provided to us by daykalif@xmpp.jp and Last.fm already knows about the breach but the data is just becoming public now like all the others. Each record contains a username, email address, password, join date, and some Read more about Last.fm lost 43.5 million poorly encrypted accounts in 2012. They are out now, and the top 50 are…[…]

Dubbed USBee, the technique turns a computer’s USB ports into mini RF transmitters by modulating the data fed at high speed to plugged-in devices. By banging out a string of ‘0’ bits to a USB port, the voltage changes in the interface generate detectable emissions between 240MHz and 480MHz, according to Guri. Next, by writing Read more about USBee stings air-gapped PCs: Wirelessly leak secrets with a file write on a USB stick, measuring the voltage changes[…]

A data dump purported to contain 60 million Dropbox user IDs [and passwords] is the real thing, with the company confirming it to The Register, and independent verification from security researcher Troy Hunt. Source: Dropbox: 2012 credentials file is real

At its then peak, Angler was behind a whopping 40 percent of all exploit kit infections having compromised nearly 100,000 websites and tens of millions of users, generating some US$34 million annually for its authors. Source: Angler’s obituary: Super exploit kit was the work of Russia’s Lurk group