A database containing personally identifiable information was accessed, potentially compromising the names, email addresses, dates of birth, and phone numbers of 656,723 customers. Source: JD Wetherspoon: A ‘hacker’ nicks 650,000 pub-goers’ data

The hacktivist group Anonymous breached into the website of United Nations Framework Convention on Climate Change (UNFCCC) and leaked a trove of personal information of 1415 officials. Source: Anonymous Hacks UN Climate Change Site Against Police Attack on Cop21 March

US hotel chain Hilton revealed Tuesday that hackers infected some of its point-of-sale computer systems with malware crafted to steal credit card information. Hilton would not disclose whether data was taken, but advised anyone who used payment cards at Hilton Worldwide hotels between November 18 and December 5 of last year or April 21 and Read more about Hilton hotels hit by cyber attack[…]

Allows you to store all of your credit cards and magstripes in one device Works on traditional magstripe readers wirelessly (no NFC/RFID required) Can disable Chip-and-PIN (code not included) Correctly predicts Amex credit card numbers + expirations from previous card number (code not included) Supports all three magnetic stripe tracks, and even supports Track 1+2 Read more about samyk/magspoof · GitHub[…]

Researchers find ways to p0wn industrial control systems Source: SAP pumps 70m barrels of oil a day … and might also blow them up

U.S. prosecutors on Tuesday unveiled criminal charges against three men accused of running a sprawling computer hacking and fraud scheme that included a huge attack against JPMorgan Chase & Co and generated hundreds of millions of dollars of illegal profit. Source: U.S. charges three in huge cyberfraud targeting JPMorgan, others

Mimic implements a devilishly sick idea floated on Twitter by Peter Ritchie: “Replace a semicolon (;) with a Greek question mark (;) in your friend’s C# code and watch them pull their hair out over the syntax error.” There are quite a few characters in the Unicode character set that look, to some extent or Read more about Mimic, the Evil Script That Will Drive Programmers To Insanity[…]

British broadband provider TalkTalk has admitted that all of its 4 million customers’ names, addresses, dates of birth, email addresses, phone numbers and bank details may have stolen by hackers. Source: Huge Hack Hits 4 Million British Broadband Customers

Security researchers at Pen Test Partners have found a security vulnerability in the iKettle Wi-Fi Electric Kettle that allows attackers to crack the password of the WiFi network to which the kettle is connected. Researchers say that using this simple trick and information about iKettles, they drove around London, cracked home WiFi networks, and created Read more about Tattling Kettles Help Researchers Crack WiFi Networks In London[…]

This rig is able to send radio waves at an iPhone or Android with its headphones still plugged in, using the headphone cable as a receiver that picks up the radio signals and relays them to the operating system’s voice recognition software. Source: Hackers Can Use Radio Waves to Hijack Androids and iPhones via Siri Read more about Hackers Can Use Radio Waves to Hijack Androids and iPhones via Siri and Google Now[…]

Flat, firewall-free network was a walk in the park, boffins say.[…]They say the casino lacked even basic firewalls around its payment platforms and did not have logging. “It was a very flat network, single domain, with very limited access controls for access to payment systems,” Emmanuel Jean-Georges told the Cyber Defence Summit (formerly Mircon) in Read more about Jackpot: New hacking group steals 150,000 credit cards from casino[…]

“It appears that the focus was to obtain contact information such as names, addresses, email addresses and phone numbers of current and former subscribers in order to send fraudulent solicitations.”[…]“As part of the investigation to date, we also determined that payment card and contact information for fewer than 3,500 individuals could have been accessed, although Read more about Dow Jones hacked for 3 years, 3500 of 1%ers data taken[…]

Dridex, which seeks to harvest users’ banking credentials, apparently originates with what the NCA’s release describes as ‘technically skilled cyber criminals in Eastern Europe’, and is said to target both individuals and consumers alike. Losses in the UK to the attacks are currently estimated at £20mn. Source: FBI and NCA join forces against Dridex banking Read more about Dridex banking malware steals GBP 20m +[…]

Depressingly familiar and stupid mistakes in EEG kit, health org’s storage of recorded brains Source: Hackers can steal your BRAIN WAVES EEG results are basically not encrypted or stored or transmitted any way securely, allowing them to be stolen, replayed and altered in transit. It’s not too much of a problem to fix, but it Read more about Hackers can steal your BRAIN WAVES[…]

Researchers have created an app that follows the micro-movements of your smartwatch and is able to detect what keys you’re pressing with your left hand and thus guess what words you may be typing on a keyboard. Source: Creepy Smartwatch Spies What You Type on a Keyboard – Softpedia

A British infosec company has found that cheap thermal imaging accessories for smartphones can be used to glean personal identification numbers entered on push-button security devices on bank ATMs.. Thermal imaging devices used to be bulky and expensive, but Sec-Tec told iTnews they can now be bought cheaply as compact iPhone accessories – for instance, Read more about Cheap thermal imagers can steal user PINs[…]

You can be identified by how you type, even behind proxies and Tor. Protect yourself with KeyboardPrivacy. Source: Behavioral Profiling: The password you can’t change. Some websites are storing your typing patterns and it turns out that after some training, systems can identify who is in a system by the way in which passwords are Read more about Behavioral Profiling: The password you can’t change. Your identity through how you type[…]

UCLA Health hospitals say hackers may have accessed personal information and medical records on 4.5 million patients.The California medical group admitted today that miscreants infiltrated its computer systems as long ago as September. It is possible the intruders accessed databases holding patient names, addresses, dates of birth, social security numbers, medical records, health plan numbers, Read more about Hackers invade systems holding medical files on 4.5 million California patients[…]

A spokeswoman for AFC Kredieten, when asked if customers whose data had been stolen had been informed, replied: “They are not our customers. They are applicants, we had not necessarily organised a loan for them yet. AFC Credits is the victim here. What that group did is illegal and writing about it would be against Read more about AFC Kredieten loan application data hacked, company responds: Meh, not our customers[…]

Source: WikiLeaks – The Hackingteam Archives

And let the shouting begin about who’s fault it was. ‘Most devastating cyber attack in US history’ Source: As the US realises it’s been PWNED, when will OPM heads roll? • The Register “Incidentally, the stolen OPM database was reportedly being offered on Hell, an onion site hosting a e-crim forum. According to Brian Krebs. Read more about US personel files and intelligence agents copied – multiple disclosures, could be 18million records out[…]

Because people don’t every patch their BIOSes, it is extremely likely that the vast majority of systems in the wild are vulnerable to at least one known exploit. We made public the details of the new SMM “Incursion” vulnerabilities (CERT VU# 631788, reported Oct 29th), that can be found automatically from SMM dumps. We showed Read more about Lighteater goes through BIOS owns your PC[…]

These extreme hacks rise above the unending morass of everyday, humdrum hacks because of what they target or because they employ previously unknown, unused, or advanced methods. They push the limit of what we security pros previously thought possible, opening our eyes to new threats and systemic vulnerabilities, all while earning the begrudging respect of Read more about Be paranoid: 10 terrifying extreme hacks[…]