A trove of leaked information, purported to be the entire Turkish citizenship database, has been leaked. The leaked info appears to contain names, addresses and ID numbers of more than 49 million citizens. If confirmed the leak would become one of the biggest privacy breaches, by number of records, ever. Source: Did hacktivists really just Read more about Did hacktivists really just expose half of Turkey’s entire population to ID theft?[…]

“These (mechanics) tool have the codes to read and write firmware and if it is compromised by a malicious car it can modify the firmware of other cars that come in afterwards,” Smith told Vulture South at the Nullcon security conference in Goa, India. Smith’s mechanic malware compromises of learning, simulation, and attack modes. Learning Read more about Pwn all cars by using the car mechanic PC as an attack vector[…]

The hackers breached Bangladesh Bank’s systems and stole its credentials for payment transfers, two senior officials at the bank said. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank’s account there to entities in the Philippines and Sri Lanka, the officials said. Read more about How a hacker’s typo helped stop a billion dollar bank heist[…]

The Vodafone network does not generate random TMSI numbers, which allows you to copy them and thereby listen in to other ongoing conversations. The network won’t throw off duplicates. If you have an IMSI catcher you can exploit this. It does, however, put the phone into conference call mode, which shows up on the screen. Read more about Vodafone network allows you to copy yourself into someone elses conversation[…]

Today at the Security Analyst Summit, researchers from Kaspersky Lab Global Research & Analysis Team unveiled details on two new criminal operations that have borrowed heavily from targeted nation-state attacks, and also shared an update on a resurgent Carbanak gang, which last year, it was reported, had allegedly stolen upwards of $1 billion from more Read more about Carbanak 2.0, Metel, GCMAN Borrow from APT Attacks[…]

As promised, hacker publishes personal information of 20,000 FBI agents, allegedly stolen from a hacked Department of Justice computer. Source: Hacker Publishes Personal Info of 20,000 FBI Agents | Motherboard

“The largest attack reported by a respondent this year was 500Gbps, with other respondents reporting attacks of 450Gbps, 425Gbps, and 337Gbps,” (says the Arbor report) Source: 500Gbps DDoS attack flattens world record

Battered Ukrainian electricity utilities are being targeted with backdoors in attacks possibly linked to those fingered for recent blackouts. The phishing attacks are attempting to get backdoors installed on utility company computers using techniques similar to those seen in the BlackEnergy attacks. BlackEnergy ripped through Ukrainian utilities in what is largely considered the cause of Read more about Ukraine energy utilities attacked again with open source Trojan backdoor[…]

US spy chief James Clapper’s personal online accounts have been hacked, his office confirmed Tuesday, a few months after CIA director John Brennan suffered a similar attack. Clapper’s Office of the Director of National Intelligence confirmed the hack but refused to provide details. “We are aware of the matter and we reported it to the Read more about US spy chief’s personal accounts hacked[…]

Few, if any, companies or government agencies store more sensitive personal information than the IRS, and consumers have virtually no insight into how that data is used and secured. But, as the results of a recent Justice Department investigation show, when you start poking around in those dark corners, you sometimes find very ugly things. Read more about How an IRS Employee Allegedly Stole $1 Million from Taxpayers[…]

The HTTPS Bicycle attack can result in the length of personal and secret data being exposed from a packet capture of a user’s HTTPS traffic. For example, the length of passwords and other data (such as GPS co-ordinates) can be determined simply by analysing the lengths of the encrypted traffic.Some of the key observations of Read more about HTTPS Bicycle Attack – Obtaining Password lengths From TLS Encrypted Browser Requests[…]

SentinelOne director of mobile research Tim Strazzere said he found an open socket—shell@blackphone:/dev/socket $ ls ­l at_pal srw­rw­rw­ radio system 2015­07­31 17:51 at_pal—accessible on the phone that the agps_daemon, a system-level shell is able to communicate with. The vulnerability, CVE-2015-6841, is specific to the modem used by the Blackphone, the Icera modem developed by nVidia. Read more about Silent Circle Blackphone Icera Modem Security Patch[…]

Time Warner Cable Inc said on Wednesday up to 320,000 customers may have had their email passwords stolen. The company said email and password details were likely gathered either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored Time Warner Cable’s customer information, including email addresses. Source: Time Read more about Time Warner Cable says up to 320,000 customers’ data may have been stolen[…]

The Israel-based duo pried apart and compromised KVMs (keyboard video mouse) units such that they could download malware and compromise attached computers. The attack, demonstrated at the Chaos Communications Congress in Hamburg last month is notable because KVMs are used to control multiple machines. A compromised unit would not be immediately suspicious to most admins Read more about Checkpoint chap’s hack whacks air-gaps flat[…]

Microsoft Corp (MSFT.O) experts concluded several years ago that Chinese authorities had hacked into more than a thousand Hotmail email accounts, targeting international leaders of China’s Tibetan and Uighur minorities in particular – but it decided not to tell the victims, allowing the hackers to continue their campaign, according to former employees of the company. Read more about Microsoft failed to warn victims of Chinese email hack[…]

37 US states could have been scammed by rogue security guy In July, Eddie Tipton, 52, was found guilty of installing a rootkit in the MSLA’s random-number generating computer that allowed him to predict the digits for future winning tickets. He also tampered with security cameras to cover up his time at the keyboard, the Read more about Feds widen probe into lottery IT boss who rooted game for profit[…]

InterApp can allow its operators to break into nearby smartphones that have their WiFi connection open, and then, employing a diverse arsenal of security vulnerabilities, gain root permission on devices and exfiltrate information to a tactical server. According to Rayzone, InterApp can steal a user’s email address password and content, passwords for social networking apps, Read more about RayZone InterApp: The Gadget That Can Spy on Any Smartphone[…]

Cracking Wi-Fi passwords, spoofing accounts, and testing networks for exploits is all fun enough, but if you want to take the show on the road, you’ll want an easily portable rig. Enter Kali Linux and the Raspberry Pi. Source: How to Build a Portable Hacking Station with a Raspberry Pi and Kali Linux

Kiwi hacker Lachlan Temple has found holes in a popular cheap car tracking and immobilisation gadget that can allow remote attackers to locate, eavesdrop, and in some cases cut the fuel intake to hundreds of thousands of vehicles, some while in motion. the flaws allow attackers who log into any account — including a universal Read more about Hundreds of thousands of engine immobilisers hackable over the net[…]

WordPress hosting outfit WP Engine has confessed to a security breach, prompting it to reset 30,000 customers’ passwords. Security firm Trend Micro has also warned that The Independent newspaper’s WordPress-based blog section has been compromised Source: WordPress hosting biz confesses to breach, urgently contacts 30,000 users

We see around 77,000 accounts hijacked and pillaged each month. These are not new or naïve users; these are professional CS:GO players, reddit contributors, item traders, etc. Users can be targeted randomly as part of a larger group or even individually. Hackers can wait months for a payoff, all the while relentlessly attempting to gain Read more about 77000 Valve accounts get hacked per month[…]