“The largest attack reported by a respondent this year was 500Gbps, with other respondents reporting attacks of 450Gbps, 425Gbps, and 337Gbps,” (says the Arbor report) Source: 500Gbps DDoS attack flattens world record

Battered Ukrainian electricity utilities are being targeted with backdoors in attacks possibly linked to those fingered for recent blackouts. The phishing attacks are attempting to get backdoors installed on utility company computers using techniques similar to those seen in the BlackEnergy attacks. BlackEnergy ripped through Ukrainian utilities in what is largely considered the cause of Read more about Ukraine energy utilities attacked again with open source Trojan backdoor[…]

US spy chief James Clapper’s personal online accounts have been hacked, his office confirmed Tuesday, a few months after CIA director John Brennan suffered a similar attack. Clapper’s Office of the Director of National Intelligence confirmed the hack but refused to provide details. “We are aware of the matter and we reported it to the Read more about US spy chief’s personal accounts hacked[…]

Few, if any, companies or government agencies store more sensitive personal information than the IRS, and consumers have virtually no insight into how that data is used and secured. But, as the results of a recent Justice Department investigation show, when you start poking around in those dark corners, you sometimes find very ugly things. Read more about How an IRS Employee Allegedly Stole $1 Million from Taxpayers[…]

The HTTPS Bicycle attack can result in the length of personal and secret data being exposed from a packet capture of a user’s HTTPS traffic. For example, the length of passwords and other data (such as GPS co-ordinates) can be determined simply by analysing the lengths of the encrypted traffic.Some of the key observations of Read more about HTTPS Bicycle Attack – Obtaining Password lengths From TLS Encrypted Browser Requests[…]

SentinelOne director of mobile research Tim Strazzere said he found an open socket—shell@blackphone:/dev/socket $ ls ­l at_pal srw­rw­rw­ radio system 2015­07­31 17:51 at_pal—accessible on the phone that the agps_daemon, a system-level shell is able to communicate with. The vulnerability, CVE-2015-6841, is specific to the modem used by the Blackphone, the Icera modem developed by nVidia. Read more about Silent Circle Blackphone Icera Modem Security Patch[…]

Time Warner Cable Inc said on Wednesday up to 320,000 customers may have had their email passwords stolen. The company said email and password details were likely gathered either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored Time Warner Cable’s customer information, including email addresses. Source: Time Read more about Time Warner Cable says up to 320,000 customers’ data may have been stolen[…]

The Israel-based duo pried apart and compromised KVMs (keyboard video mouse) units such that they could download malware and compromise attached computers. The attack, demonstrated at the Chaos Communications Congress in Hamburg last month is notable because KVMs are used to control multiple machines. A compromised unit would not be immediately suspicious to most admins Read more about Checkpoint chap’s hack whacks air-gaps flat[…]

Microsoft Corp (MSFT.O) experts concluded several years ago that Chinese authorities had hacked into more than a thousand Hotmail email accounts, targeting international leaders of China’s Tibetan and Uighur minorities in particular – but it decided not to tell the victims, allowing the hackers to continue their campaign, according to former employees of the company. Read more about Microsoft failed to warn victims of Chinese email hack[…]

37 US states could have been scammed by rogue security guy In July, Eddie Tipton, 52, was found guilty of installing a rootkit in the MSLA’s random-number generating computer that allowed him to predict the digits for future winning tickets. He also tampered with security cameras to cover up his time at the keyboard, the Read more about Feds widen probe into lottery IT boss who rooted game for profit[…]

InterApp can allow its operators to break into nearby smartphones that have their WiFi connection open, and then, employing a diverse arsenal of security vulnerabilities, gain root permission on devices and exfiltrate information to a tactical server. According to Rayzone, InterApp can steal a user’s email address password and content, passwords for social networking apps, Read more about RayZone InterApp: The Gadget That Can Spy on Any Smartphone[…]

Cracking Wi-Fi passwords, spoofing accounts, and testing networks for exploits is all fun enough, but if you want to take the show on the road, you’ll want an easily portable rig. Enter Kali Linux and the Raspberry Pi. Source: How to Build a Portable Hacking Station with a Raspberry Pi and Kali Linux

Kiwi hacker Lachlan Temple has found holes in a popular cheap car tracking and immobilisation gadget that can allow remote attackers to locate, eavesdrop, and in some cases cut the fuel intake to hundreds of thousands of vehicles, some while in motion. the flaws allow attackers who log into any account — including a universal Read more about Hundreds of thousands of engine immobilisers hackable over the net[…]

WordPress hosting outfit WP Engine has confessed to a security breach, prompting it to reset 30,000 customers’ passwords. Security firm Trend Micro has also warned that The Independent newspaper’s WordPress-based blog section has been compromised Source: WordPress hosting biz confesses to breach, urgently contacts 30,000 users

We see around 77,000 accounts hijacked and pillaged each month. These are not new or naïve users; these are professional CS:GO players, reddit contributors, item traders, etc. Users can be targeted randomly as part of a larger group or even individually. Hackers can wait months for a payoff, all the while relentlessly attempting to gain Read more about 77000 Valve accounts get hacked per month[…]

A database containing personally identifiable information was accessed, potentially compromising the names, email addresses, dates of birth, and phone numbers of 656,723 customers. Source: JD Wetherspoon: A ‘hacker’ nicks 650,000 pub-goers’ data

The hacktivist group Anonymous breached into the website of United Nations Framework Convention on Climate Change (UNFCCC) and leaked a trove of personal information of 1415 officials. Source: Anonymous Hacks UN Climate Change Site Against Police Attack on Cop21 March

US hotel chain Hilton revealed Tuesday that hackers infected some of its point-of-sale computer systems with malware crafted to steal credit card information. Hilton would not disclose whether data was taken, but advised anyone who used payment cards at Hilton Worldwide hotels between November 18 and December 5 of last year or April 21 and Read more about Hilton hotels hit by cyber attack[…]

Allows you to store all of your credit cards and magstripes in one device Works on traditional magstripe readers wirelessly (no NFC/RFID required) Can disable Chip-and-PIN (code not included) Correctly predicts Amex credit card numbers + expirations from previous card number (code not included) Supports all three magnetic stripe tracks, and even supports Track 1+2 Read more about samyk/magspoof · GitHub[…]

Researchers find ways to p0wn industrial control systems Source: SAP pumps 70m barrels of oil a day … and might also blow them up

U.S. prosecutors on Tuesday unveiled criminal charges against three men accused of running a sprawling computer hacking and fraud scheme that included a huge attack against JPMorgan Chase & Co and generated hundreds of millions of dollars of illegal profit. Source: U.S. charges three in huge cyberfraud targeting JPMorgan, others

Mimic implements a devilishly sick idea floated on Twitter by Peter Ritchie: “Replace a semicolon (;) with a Greek question mark (;) in your friend’s C# code and watch them pull their hair out over the syntax error.” There are quite a few characters in the Unicode character set that look, to some extent or Read more about Mimic, the Evil Script That Will Drive Programmers To Insanity[…]

British broadband provider TalkTalk has admitted that all of its 4 million customers’ names, addresses, dates of birth, email addresses, phone numbers and bank details may have stolen by hackers. Source: Huge Hack Hits 4 Million British Broadband Customers