Other – Page 17 – Computer Security Articles

Dahua, Hikvision IoT Devices Under Siege

March 10, 2017 admin Amit Serper, bashis, Cybereason, Dahua backdoor, DH-IPC-HDBW13A0SN, DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDW13A0SN, DH-IPC-HDW23A0RN-ZS, DH-IPC-HFW13A0SN-W, Hikvision, Other, P2P, UPnP

Credit to Author: BrianKrebs| Date: Fri, 10 Mar 2017 20:07:51 +0000

Dahua, the world’s second-largest maker of “Internet of Things” devices like security cameras and digital video recorders (DVRs), has shipped a software update that closes a gaping security hole in a broad swath of its products. The vulnerability allows anyone to bypass the login process for these devices and gain remote, direct control over vulnerable systems. Adding urgency to the situation, there is now code available online that allows anyone to exploit this bug and commandeer a large number of IoT devices.

Independent Krebs

WikiLeaks: We’ll Work With Software Makers on Zero-Days

March 9, 2017 admin CIA hack, Julian Assange, Other, WikiLeaks

Credit to Author: BrianKrebs| Date: Thu, 09 Mar 2017 18:10:30 +0000

When WikiLeaks on Tuesday dumped thousands of files documenting hacking tools used by the U.S. Central Intelligence Agency, many feared WikiLeaks would soon publish a trove of so-called “zero days,” the actual computer code that the CIA uses to exploit previously unknown flaws in a range of software and hardware products used by consumers and businesses. But on Thursday, WikiLeaks editor-in-chief Julian Assange promised that his organization would work with hardware and software vendors to fix the security weaknesses prior to releasing additional details about the flaws.

Independent Krebs

WikiLeaks Dumps Docs on CIA’s Hacking Tools

March 8, 2017 admin Bloomberg, Bugcrowd, Casey Ellis, Center for Cyber Intelligence, Central Intelligence Agency, Cisco, Craig Dods, Edward Snowden, Equation Group, Hillary Clinton, John Podesta, Juniper, Leonid Bershidsky, national security agency, NSA, Open Whisper Systems, Other, Samsung, signal, smart TVs, The New York Times, The Shadow Brokers, US CIA, vault 7, Weeping Angel, WhatsApp, WikiLeaks, Zero-Day

Credit to Author: BrianKrebs| Date: Wed, 08 Mar 2017 18:39:11 +0000

WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking everything from smart phones and TVs to compromising Internet routers and computers. KrebsOnSecurity is still digesting much of this fascinating data cache, but here are some first impressions based on what I’ve seen so far.

Independent Krebs

Payments Giant Verifone Investigating Breach

March 7, 2017 admin Andy Payment, Anunak, avivah litan, Carbanak, Foregenix, Gartner Inc., Hyatt breach, mastercard, MICROS, Oracle, Oracle Micros Breach, Other, Steve Horan, Trustwave, Verifone breach, Visa

Credit to Author: BrianKrebs| Date: Tue, 07 Mar 2017 18:02:30 +0000

Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its corporate computer networks that could impact companies running its point-of-sale solutions, according to multiple sources. Verifone says the extent of the breach was “limited” and that its payment services network was not impacted. San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations. On Jan. 23, 2017, Verifone sent an “urgent” email to all company staff and contractors, telling them that they had 24 hours to change all company passwords.

Independent Krebs

Ransomware for Dummies: Anyone Can Do It

March 1, 2017 admin mercy, Other, Philadelphia ransomware

Credit to Author: BrianKrebs| Date: Thu, 02 Mar 2017 03:14:52 +0000

Among today’s fastest-growing cybercrime epidemics is “ransomware,” malicious software that encrypts all of your computer files, photos, music and documents and then demands payment in Bitcoin to recover access to the files. A big reason for the steep increase in ransomware attacks in recent years comes from the proliferation of point-and-click tools sold in the cybercrime underground that make it stupid simple for anyone to begin extorting others for money.

Independent Krebs

More on Bluetooth Ingenico Overlay Skimmers

February 26, 2017 admin Bluetooth, Ingenico overlay skimmer, ISC-250, Other, self-checkout skimmer

Credit to Author: BrianKrebs| Date: Mon, 27 Feb 2017 01:54:58 +0000

This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store checkout lanes. I’m revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles on Ingenico overlay skimmers.

Independent Krebs

iPhone Robbers Try to iPhish Victims

February 24, 2017 admin apple, Edu Rabin, findmyiphone, iPhone, Other

Credit to Author: BrianKrebs| Date: Fri, 24 Feb 2017 21:21:24 +0000

In another strange tale from the kinetic-attack-meets-cyberattack department, earlier this week I heard from a loyal reader in Brazil whose wife was recently mugged by three robbers who nabbed her iPhone. Not long after the husband texted the stolen phone — offering to buy back the locked device — he soon began receiving text messages stating the phone had been found. All he had to do to begin the process of retrieving the device was click the texted link and log in to the phishing page mimicking Apple’s site.

Independent Krebs

How to Bury a Major Breach Notification

February 21, 2017February 21, 2017 admin Adrian Grigorof, EventID.net, eventreader.com, firegen.com, grigorof.com, Kent Backman, Kevin Stear, Kingslayer, Other, RSA

Credit to Author: BrianKrebs| Date: Tue, 21 Feb 2017 17:44:39 +0000

Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation’s largest companies. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure. This post is an attempt to remedy that.