The explanation is first rate and will allow anyone to perform a non-technical man in the middle attack, going from eavesdropping to exploitation. Source: Tinder Social Engineering Attack – HERT

Infowars, created by famed radio host and conspiracy theorist Alex Jones, produces radio, documentaries and written pieces. The dumped data relates to Prison Planet TV, which gives paying subscribers access to a variety of Infowars content. The data includes email addresses, usernames, and poorly hashed passwords. The administrator of breach notification site Databases.Land provided a Read more about Tens of Thousands of Infowars Accounts Hacked: thats the sound of thousands of conspiracy loons crinkling up their tin foil hats as the pull them on tighter[…]

The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials. The FBI warning, contained in a “flash” alert from Read more about FBI says foreign hackers penetrated two seperate state election systems[…]

On Monday, a hacking group calling itself the “ShadowBrokers” announced an auction for what it claimed were “cyber weapons” made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect Read more about NSA cyberweapons being sold by hackers are real, Snowden Documents Confirm[…]

Protecting GPS From Spoofers Is Critical to the Future of Navigation – IEEE Spectrum http://spectrum.ieee.org/telecom/security/protecting-gps-from-spoofers-is-critical-to-the-future-of-navigation

‘DiskFiltration,’ a covert channel which facilitates the leakage of data from an air-gapped compute via acoustic signals emitted from its hard disk drive (HDD). Our method is unique in that, unlike other acoustic covert channels, it doesn’t require the presence of speakers or audio hardware in the air-gapped computer. A malware installed on a compromised Read more about DiskFiltration: sending data using Covert Hard Drive Noise[…]

The hack can be used by thieves to wirelessly unlock as many as 100 million VW cars, each at the press of a button. Almost every vehicle the Volkswagen group has sold for the past 20 years – including cars badged under the Audi and Skoda brands – is potentially vulnerable, say the researchers. The Read more about Thieves can wirelessly unlock up to 100 million Volkswagens (and other brands by VW), each at the press of a button[…]

The web interface contains a number of critical vulnerabilities that can be abused by unauthenticated attackers. These consist of monitoring backdoors left in the PHP files that are supposed to be used by NUUO’s engineers, hardcoded credentials, poorly sanitised input and a buffer overflow which can be abused to achieve code execution on NUUO’s devices Read more about 7(!) remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance products[…]

A new ransomlock variant, which mainly affects the US, tricks users into calling a toll-free number to reactivate their Windows computer. […] Victims of this threat can unlock their computer using the code: 8716098676542789 Source: New ransomware mimics Microsoft activation window | Symantec Connect Community It also turns out that calling the support number on Read more about New ransomware mimics Microsoft activation window[…]

The thermostat in question has a large LCD display, runs the operating system Linux, and has an SD card that allows users to load custom settings or wallpapers. The researchers found that the thermostat didn’t really check what kind of files it was running and executing. In theory, this would allow a malicious hacker to Read more about White hat Hackers Make the First-Ever Ransomware for Smart Thermostats[…]

In a proof-of-concept video the boffins place a phone in an empty conference room three metres (10 feet) from a speaker. Commands are issued that sound to like a drowning dalek to Vulture South’s ears. That garbling makes the commands difficult for humans to understand but passable for Siri and her ilk. The attackers activate Read more about Drowning Dalek commands Siri in voice-rec hack attack[…]

Wendy’s said hackers were able to steal customers’ credit and debit card information at 1,025 of its U.S. restaurants, far more than it originally thought. The hamburger chain said Thursday hackers were able to obtain card numbers, names, expiration dates and codes on the card, beginning in late fall. Some customers’ cards were used to Read more about Wendy’s Says More Than 1,000 Restaurants Affected by Hack[…]

MouseJack is a collection of security vulnerabilities affecting non-Bluetooth wireless mice and keyboards. Spanning seven vendors, these vulnerabilities enable an attacker to type arbitrary commands into a victim’s computer from up to 100 meters away using a $15 USB dongle.

Is it a bug or is it a backdoor? is exposed to a UEFI bug that can be exploited to disable firmware write-protection. If the claims made by Dmytro Oleksiuk at Github are correct, an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, Read more about Intel based PCs with BIOS vuln[…]

An anonymous hacker managed to obtain an enormous number of user credentials in June 2013 from fallen social networking giant MySpace — some 427 million passwords, belonging to approx. 360 million users. In May 2016, a person started selling that database of passwords on the dark web. Now, the entire database is available online for Read more about You can now browse through 427 million stolen MySpace passwords[…]

The PC maker has started writing to customers [PDF] warning that their personal records were siphoned off from its online store by crooks between May 12, 2015 and April 28, 2016. Acer did not say how many customers had their details swiped. The lost data includes customer names, addresses, card numbers, and three-digit security verification Read more about Acer leaks payment cards in e-store hack[…]

Researchers have uncovered an underground marketplace selling information on over 70,000 compromised servers based around the globe. Russia-based Kaspersky Lab has revealed today that the online forum, named xDedic, seems to be operated by a Russian-speaking organisation and allows hackers to pay for undetectable access to a wide range of servers, including those owned by Read more about Buy one of 70K hacked servers from $6, get control kit with it[…]

Bitdefender vulnerability researcher Radu Caragea presented today at the Hack In The Box Amsterdam conference a novel way to extract TLS keys from virtual machines, using an out-of-guest approach. The new technique works to detect the creation of TLS session keys in memory as the virtual machine is running. The presentation covers a novel technique Read more about TeLeScope can decrypt your TLS traffic realtime if on a hypervised machine (which most people are nowadays)[…]

the database shows email addresses, passwords that were hashed and salted passwords with MD5 (an algorithm that nowadays is easy to crack), as well as a user’s IP address (which in some cases can determine location), and the site that the record was taken from. Source: Exclusive: Hundreds of forums hacked, leaking millions of users’ Read more about Hundreds of VerticalScope forums hacked, leaking 45 million user accounts[…]

Troy Hunt, a security researcher who maintains the data breach awareness portal Have I Been Pwned, recently obtained a copy of the stolen data set. Hunt told Motherboard that the data contained 65,469,298 unique emails and passwords. Source: Hackers Stole 65 Million Passwords From Tumblr, New Analysis Reveals | Motherboard

Once the magic card is inserted, the malware is ready to interact with two different types of cards, each with different functions: 1.Card type 1 – request commands through the interface 2.Card type 2 – execute the command hardcoded in the Track2 After the card is ejected, the user will be presented with a form, Read more about Skimer ATM Malware takes it to a new level[…]

TOKYO (Kyodo) — A total of 1.4 billion yen ($12.7 million) in cash has been stolen from some 1,400 automated teller machines in convenience stores across Japan in the space of two hours earlier this month, investigative sources said Sunday. Police suspect that the cash was withdrawn at ATMs using counterfeit credit cards containing account Read more about 1.4 bil. yen stolen from 1,400 convenience store ATMs across Japan[…]

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/may/gsmgprs-traffic-interception-for-penetration-testing-engagements/ An excellent howto on gsm gprs listening and setting up your own 4g / 2g base to intercept traffic

Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thousands of “ghost drivers” that can monitor the drivers around them—an exploit that could be used to track Waze users in real-time. They proved it to me by tracking my own movements around San Francisco and Las Vegas Read more about If you use Waze, hackers can stalk you, add thousands of ghost cars to divert your traffic[…]

_ _ _ ____ _ _ | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | _ | (_| | (__| < | |_) | (_| | (__|