Monday, November 4, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Cybercrime & Hacking

ComputerWorld Independent 

Scammers scare iPhone users into paying to unlock not-really-locked Safari

admin , ,

Credit to Author: Gregg Keizer| Date: Tue, 28 Mar 2017 13:28:00 -0700

Apple yesterday patched a bug in the iOS version of Safari that had been used by criminals to spook users into paying $125 or more because they assumed the browser was broken.

The flaw, fixed in Monday’s iOS 10.3 update, had been reported to Apple a month ago by researchers at San Francisco-based mobile security firm Lookout.

“One of our users alerted us to this campaign, and said he had lost control of Safari on his iPhone,” Andrew Blaich, a Lookout security researcher, said in a Tuesday interview. “He said, ‘I can’t use my browser anymore.'”

The criminal campaign, Blaich and two colleagues reported in a Monday post to Lookout’s blog, exploited a bug in how Safari displayed JavaScript pop-ups. When the browser reached a malicious site implanted with the attack code, the browser went into an endless loop of dialogs that refused to close no matter who many times “OK” was tapped. The result: Safari was unusable.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Newly leaked documents show low-level CIA Mac and iPhone hacks

admin , , ,

Credit to Author: Lucian Constantin| Date: Thu, 23 Mar 2017 11:53:00 -0700

The CIA has had tools to infect Apple Mac computers by connecting malicious Thunderbolt Ethernet adapters to them since 2012, according to new documents purported to be from the agency and published by WikiLeaks.

One of the documents, dated Nov. 29, 2012, is a manual from the CIA’s Information Operations Center on the use of a technology codenamed Sonic Screwdriver. It is described as “a mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting.”

Sonic Screwdriver allows the CIA to modify the firmware of an Apple Thunderbolt-to-Ethernet adapter so that it forces a Macbook to boot from an USB stick or DVD disc even when its boot options are password protected.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Private photos of more celebrities leaked in Fappening 2.0

admin , ,

Credit to Author: Darlene Storm| Date: Mon, 20 Mar 2017 09:51:00 -0700

Here we go again with another round of The Fappening which was also known as Celebgate.

The Fappening 2.0, or Celebgate 2.0, started with private photos of Emma Watson and Amanda Seyfried circulating on the “dark web” and then 4chan last week before the images made it to Reddit.

Softpedia reported that more private images of celebrities are also circulating online, including pictures of the following actresses and models: “Rose McGowan (actress), Katie Cassidy (actress), Alyssa Arce (model), Rhona Mitra (actress), Analeigh Tipton (figure skater & actress), Iliza Shlesinger (comedian), Jilliain Murray (actress), Paige (WWE star), Dylan Penn (model, daughter of Sean Penn), Kristanna Loken (actress), April Love Geary (model), Trieste Kelly Dunn (actress), and Lili Simmons (actress).” The article claims that the leak also included footage of at least one celebrity engaging in sexual acts.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

U.S. faces limits in busting Russian agents over Yahoo breach

admin , ,

Credit to Author: Michael Kan| Date: Thu, 16 Mar 2017 03:52:00 -0700

In a rare move, the U.S. has indicted two Russian government agents for their suspected involvement in a massive Yahoo data breach. But what now?

Security experts say Wednesday’s indictment might amount to nothing more than naming and shaming Russia. That’s because no one expects the Kremlin to play along with the U.S. indictment.

“I can’t imagine the Russian government is going to hand over the two FSB officers,” said Jeremiah Grossman, chief of security strategy at SentinelOne.

“Even in the most successful investigations, state hackers are still immune from prosecution or retaliation,” said Kenneth Geers, a research scientist at security firm Comodo.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

4 charged, including Russian gov't agents, for massive Yahoo hack

admin , ,

Credit to Author: Martyn Williams| Date: Wed, 15 Mar 2017 09:22:00 -0700

The FBI on Wednesday charged four people, including two Russian state intelligence agents, for their involvement in a massive hack of Yahoo that affected half a billion accounts.

In September, Yahoo said hackers had managed to steal personal data on more than 500 million users during an attack in late 2014. The stolen data included names, email addresses, telephone numbers and hashed passwords. Blame for the attack was put on a “state-sponsored” group.

The FBI said that group was the Russian Federal Security Service, the FSB, and it identified agents Dmitry Dokuchaev and Igor Sushchin as leaders of the attack.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Of course your TV’s spying on you

admin , , ,

Credit to Author: Steven J. Vaughan-Nichols| Date: Mon, 13 Mar 2017 10:22:00 -0700

Julian Assange, Wikileaks’ founder and Russian propagandist, must be proud of himself. In his latest “revelation” that the Central Intelligence Agency (CIA) can hack Apple and Android smartphones, PC operating systems and smart TVs, he has people throwing fits about how awful the CIA is.

Please. Give me a break.

Wikileaks uncovered nothing really new. Zero. Zilch.

As my fellow Computerworld writer buddy Mike Elgin said, “The Wikileaks/CIA stories simply remind us anything with a camera, microphone or IP address could theoretically be hacked.”

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

CIA hacking tools targeting Windows

admin , , ,

Credit to Author: Darlene Storm| Date: Wed, 08 Mar 2017 08:22:00 -0800

By releasing information about CIA hacking tools, WikiLeaks has given a new meaning to March Madness.

The CIA’s project Fine Dining is intriguing, since it outlines DLL hijacks for Sandisk Secure, Skype, Notepad++, Sophos, Kaspersky, McAfee, Chrome, Opera, Thunderbird, LibreOffice, and some games such as 2048, which the CIA writer “got a good lol out of.” Yet I was curious about what the CIA does to targeted machines running Windows since so many people use the OS.

Nearly everything dealing with the CIA hacking arsenal and Windows is labeled as “secret.” Nicholas Weaver, a computer scientist at the University of California at Berkeley, told NPR that the Vault 7 release is not all that big of a deal, not too surprising the agency hacks. Yet if “Year Zero” was obtained by a non-government hacker compromising the CIA’s system, then that would be a big deal.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

If the CIA can sidestep encryption, what makes you think cyberthieves can’t?

admin ,

Credit to Author: Evan Schuman| Date: Wed, 08 Mar 2017 06:48:00 -0800

Having just spent much of the day browsing through Wikileaks’ latest batch of documents from the intelligence community — in which government agents discussed ways to circumvent mobile encryption and to listen in on conversations near smart devices including smart TVs — it’s clear that government agents have long had the ability to grab mobile content before it’s encrypted.

Some of the tactics have names that are quite explicit about their function, such as a TV mode called “TV Fake-Off.” These docs provide a fascinating look into the government teams that are emulating cyberthieves, trying to improve on their techniques rather than thwart them.

To read this article in full or to leave a comment, please click here

Read more