This Artist’s Images Integrate Code From Malware Like Stuxnet and Flame

posted Nov 29, 2014, 11:10 PM by Unknown user

For years, sophisticated state-created malware like Stuxnet and Regin has fascinated and vexed the security research community and launched a new foreign policy debate. Now it’s infecting the art world, too.

Only Half of USB Devices Have an Unpatchable Flaw, But No One Knows Which Half

posted Nov 29, 2014, 11:01 PM by Unknown user   [ updated Nov 29, 2014, 11:03 PM ]

First, the good news: that unpatchable security flaw in USB devices first brought to light over the summer affects only about half of the things you plug into your USB port. The bad news is it’s nearly impossible to sort out the secure gadgets from the insecure ones without ripping open every last thumb drive.

Continue at:

DarkHotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests

posted Nov 29, 2014, 10:57 PM by Unknown user   [ updated Nov 29, 2014, 11:06 PM ]

The hotel guest probably never knew what hit him. When he tried to get online using his five-star hotel’s WiFi network, he got a pop-up alerting him to a new Adobe software update. When he clicked to accept the download, he got a malicious executable instead.

Continue at:

There Is a New Security Vulnerability Named POODLE, and It Is Not Cute

posted Oct 15, 2014, 12:11 AM by Unknown user

POODLE affects SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server.

It’s not as serious as the recent Heartbleed and Shellshock vulnerabilities, but POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password.

Russian ‘Sandworm’ Hack Has Been Spying on Foreign Governments for Years

posted Oct 15, 2014, 12:09 AM by Unknown user   [ updated Oct 15, 2014, 12:12 AM ]

A cyberespionage campaign believed to be based in Russia has been targeting government leaders and institutions for nearly five years, according to researchers with iSight Partners who have examined code used in the attacks.

The campaign, dubbed “Sandworm” is believed to have been running since 2009, and used a wide-reaching zero-day exploit uncovered by the researchers that affects nearly every version of the Windows operating system released since Windows Vista.

Continue at:

Here’s How Malaysian ATMs Were Hacked Of RM3 Million By Latin Americans

posted Sep 30, 2014, 6:26 AM by Unknown user   [ updated Oct 15, 2014, 12:07 AM ]

ATM thefts have gone high-tech, and judging by how the police and banks are running around like a headless chicken trying to piece together the puzzle, the local authorities and financial institutions were obviously not ready for such an attack.

And it’s not hard to understand why – the police and banking institutions were trapped in stone age mentality where they thought the bad guys will always be the same “Oxy Gang”, using ox-acetylene blow torch to open the machine’s cash compartment.

Continue at:

Police: ATM heist syndicate used computer virus to steal money

posted Sep 30, 2014, 6:19 AM by Unknown user   [ updated Oct 15, 2014, 12:06 AM ]

KUALA LUMPUR, Sept 30 ― The syndicate that preyed on bank Auto-Teller Machines (ATMs) the last two days used a computer virus known as “ulssm.exe..” to steal money from them.

Federal police Commercial Crimes Investigation Department director Datuk Mortadza Nazerene said the virus would issue instructions to make withdrawals on the amount still left in the ATM being hacked.

Continue at:

Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks

posted Sep 28, 2014, 6:19 PM by Unknown user   [ updated Oct 15, 2014, 12:06 AM ]

With a bug as dangerous as the “shellshock” security vulnerability discovered yesterday, it takes less than 24 hours to go from proof-of-concept to pandemic.

As of Thursday, multiple attacks were already taking advantage of that vulnerability, a long-standing but undiscovered bug in the Linux and Mac tool Bash that makes it possible for hackers to trick Web servers into running any commands that follow a carefully crafted series of characters in an HTTP request.

The Internet Braces for the Crazy Shellshock Worm

posted Sep 28, 2014, 6:17 PM by Unknown user   [ updated Oct 15, 2014, 12:05 AM ]

A nasty bug in many of the world’s Linux and Unix operating systems could allow malicious hackers to create a computer worm that wreaks havoc on machines across the globe, security experts say.

The flaw, called Shellshock, is being compared to last spring’s Heartbleed bug because it lets attackers do some nasty stuff—in this case, run unauthorized code—on a large number of Linux computer servers. The flaw lies in Bash, a standard Unix program that’s used to connect with the computer’s operating system.

Kevin Mitnick, Once the World’s Most Wanted Hacker, Is Now Selling Zero-Day Exploits

posted Sep 28, 2014, 6:14 PM by Unknown user   [ updated Oct 15, 2014, 12:04 AM ]

As a young man, Kevin Mitnick became the world’s most notorious black hat hacker, breaking into the networks of companies like IBM, Nokia, Motorola, and other targets. After a stint in prison, he reinvented himself as a white hat hacker, selling his skills as a penetration tester and security consultant.

Continue at:

1-10 of 79