For years, sophisticated state-created malware like Stuxnet and Regin has fascinated and vexed the security research community and launched a new foreign policy debate. Now it’s infecting the art world, too.
Continue at: http://www.wired.com/2014/11/malware-art/
First, the good news: that unpatchable security flaw in USB devices first brought to light over the summer affects only about half of the things you plug into your USB port. The bad news is it’s nearly impossible to sort out the secure gadgets from the insecure ones without ripping open every last thumb drive.
Continue at: http://www.wired.com/2014/11/badusb-only-affects-half-of-usbs/
The hotel guest probably never knew what hit him. When he tried to get online using his five-star hotel’s WiFi network, he got a pop-up alerting him to a new Adobe software update. When he clicked to accept the download, he got a malicious executable instead.
Continue at: http://www.wired.com/2014/11/darkhotel-malware/
POODLE affects SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server.
It’s not as serious as the recent Heartbleed and Shellshock vulnerabilities, but POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password.
Continue at: http://www.wired.com/2014/10/poodle-explained/
A cyberespionage campaign believed to be based in Russia has been targeting government leaders and institutions for nearly five years, according to researchers with iSight Partners who have examined code used in the attacks.
The campaign, dubbed “Sandworm” is believed to have been running since 2009, and used a wide-reaching zero-day exploit uncovered by the researchers that affects nearly every version of the Windows operating system released since Windows Vista.Continue at: http://www.wired.com/2014/10/russian-sandworm-hack-isight/
ATM thefts have gone high-tech, and judging by how the police and banks are running around like a headless chicken trying to piece together the puzzle, the local authorities and financial institutions were obviously not ready for such an attack.
And it’s not hard to understand why – the police and banking institutions were trapped in stone age mentality where they thought the bad guys will always be the same “Oxy Gang”, using ox-acetylene blow torch to open the machine’s cash compartment.
Continue at: http://www.financetwitter.com/2014/09/here-is-how-malaysian-atms-were-hacked-of-rm3-million-by-latin-americans.html
Continue at: http://m.themalaymailonline.com/malaysia/article/police-atm-heist-syndicate-used-computer-virus-to-steal-money
KUALA LUMPUR, Sept 30 ― The syndicate that preyed on bank Auto-Teller Machines (ATMs) the last two days used a computer virus known as “ulssm.exe..” to steal money from them.
Federal police Commercial Crimes Investigation Department director Datuk Mortadza Nazerene said the virus would issue instructions to make withdrawals on the amount still left in the ATM being hacked.
With a bug as dangerous as the “shellshock” security vulnerability discovered yesterday, it takes less than 24 hours to go from proof-of-concept to pandemic.
As of Thursday, multiple attacks were already taking advantage of that vulnerability, a long-standing but undiscovered bug in the Linux and Mac tool Bash that makes it possible for hackers to trick Web servers into running any commands that follow a carefully crafted series of characters in an HTTP request.
A nasty bug in many of the world’s Linux and Unix operating systems could allow malicious hackers to create a computer worm that wreaks havoc on machines across the globe, security experts say.
The flaw, called Shellshock, is being compared to last spring’s Heartbleed bug because it lets attackers do some nasty stuff—in this case, run unauthorized code—on a large number of Linux computer servers. The flaw lies in Bash, a standard Unix program that’s used to connect with the computer’s operating system.
As a young man, Kevin Mitnick became the world’s most notorious black hat hacker, breaking into the networks of companies like IBM, Nokia, Motorola, and other targets. After a stint in prison, he reinvented himself as a white hat hacker, selling his skills as a penetration tester and security consultant.
Continue at: http://www.wired.com/2014/09/kevin-mitnick-selling-zero-day-exploits/