Tag Archives: Security

After being hacked again, IRS shuts down e-File PIN service

Posted on by

“The United States Internal Revenue Service (IRS) has announced the abolition of its PIN tool due to the platform being hacked.  Under the now abolished electronic filing PIN tool (e-File PIN), people dealing with the IRS were able to use a PIN number to access services on IRS.gov or by toll-free phone call.  The agency cited ‘additional questionable activity’ as the impetus for the change.  According to Sophos, 800 cases of identity thefts were identified earlier this year causing the PIN system to be partially suspended in March, although at the time the IRS told taxpayers who already had a PIN to continue using the service to file their tax returns as they normally would.”

http://siliconangle.com/blog/2016/06/27/after-being-targeted-successfully-by-hackers-again-irs-shuts-down-e-file-pin-service/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Botnet formed of 25,000 malware-riddled surveillance cameras

Posted on by

“The unusual 25,000-strong botnet was apparently spotted by US security outfit Sucuri when it investigated an online assault against an ordinary jewelry store.  The shop’s website was flooded offline after drowning in 35,000 junk HTTP requests per second. When Sucuri attempted to thwart the network tsunami, the botnet stepped up its output and dumped more than 50,000 HTTP requests per second on the store’s website.  When the security biz dug into the source of the duff packets, it found they were all coming from internet-connected CCTV cameras – devices that had been remotely hijacked by miscreants to attack other systems.”

http://www.theregister.co.uk/2016/06/28/25000_compromised_cctv_cameras/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Thieves using laptops to hack into and steal cars

Posted on by

“Houston police told the WSJ that this method may have been used in the theft of four other late-model Wranglers and Cherokees in the city.  Security researchers have been able to take over cars remotely because automakers don’t always do a good job at limiting how car systems interact with wireless communications.  What’s more, even cars that aren’t internet-enabled can be taken over via third-party devices that introduce connectivity, such as through the diagnostics port.  Remote exploits have included taking over a 2014 Jeep Cherokee, controlling the car’s brakes, accelerator, steering and more by wireless connection”

https://nakedsecurity.sophos.com/2016/07/08/thieves-using-laptops-to-hack-into-and-steal-cars/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Bitcoin rival Ethereum fights for its survival after $50 million heist

Posted on by

“On Friday, thieves exploited a software bug that allowed them to transfer more than 3.6 million ‘ether’—the base unit of the Ethereum currency—out of The DAO’s coffers. The digital loot made up more than a third of The DAO’s 11.5 million ether endowment. The seized booty is valued at anywhere from $45 million (based on the plummeting value of ether following the attack) to as high as $77 million (based on pre-attack exchange rates). In the days following the theft, there have been at least a half-dozen copycat attacks (for instance, as documented here and here) that combined have purloined more than 785 ether.”

http://arstechnica.com/security/2016/06/bitcoin-rival-ethereum-fights-for-its-survival-after-50-million-heist/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

How the Top 5 PC Makers Open Your Laptop to Hackers

Posted on by

“As bad as Acer was, however, Asus was worse. Its updater was so bad the researchers called it ‘remote code execution as a service’—essentially a built-in service for hackers to do remote-code execution. Asus transmits unsigned manifests over HTTP instead of HTTPS. And although the manifest file was encrypted, it was encrypted with an algorithm known to be broken, and the key to unlock the file was an MD5 hash of the words ‘Asus Live Update.’ As a result, attackers could easily intercept and unlock the list to make changes. Asus update files weren’t signed, either, and they were also transmitted via HTTP.”

https://www.wired.com/2016/05/2036876/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

UK Police to Receive Hidden Browser History from Internet Providers

Posted on by

“The measure will force internet providers to retain all ‘web browsing information’ which will help police to ‘hunt down and identify the most serious cyberbullies and trolls,’ Theresa May of Britain’s home security said.  The Investigatory Powers Bill will give internet providers a pseudo-police role allowing them to ‘override encryption if needed.’  The new regulation will persuade all cell phone and web companies to retain records of every citizen for at least a year, providing a data pool which police and security services can access.  However many citizens are concerned over such a library of personal data, which has historically been ripe for abuse by authorities and hackers.”

http://www.copblock.org/150699/police-to-pursue-online-trolls-and-receive-hidden-browser-history-from-internet-providers/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

NSA Helped British Spies Find Security Holes In Juniper Firewalls

Posted on by

“A top-secret document dated February 2011 reveals that British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks, a leading provider of networking and Internet security gear.  The six-page document, titled ‘Assessment of Intelligence Opportunity – Juniper,’ raises questions about whether the intelligence agencies were responsible for or culpable in the creation of security holes disclosed by Juniper last week.”

https://theintercept.com/2015/12/23/juniper-firewalls-successfully-targeted-by-nsa-and-gchq/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Juniper Networks backdoor confirmed, password revealed, NSA suspected

Posted on by

“The next mystery to solve is where this unauthorized code comes from. Security advisories usually relate to vulnerabilities arising from defects — mistakes programmers made. In this case, someone deliberately inserted a backdoor password into Juniper’s devices. That’s a huge deal. If it’s the NSA (which looks possible, given one leak about a program called ‘FEEDTROUGH’ that installs persistent backdoors in Juniper devices) then it will mean that the US government deliberately sabotaged tens, if not hundreds, of thousands of networks that were protected by products from a US company that is the second-largest provider of networking equipment in the world, after Cisco.”

https://boingboing.net/2015/12/21/juniper-networks-backdoor-conf.html

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Hillary Clinton wants “Manhattan-like project” to break encryption

Posted on by

“Presidential candidate Hillary Clinton has called for a ‘Manhattan-like project’ to help law enforcement break into encrypted communications. This is in reference to the Manhattan Project, the top-secret concentrated research effort which resulted in the US developing nuclear weapons during World War II.  Though Clinton said she has ‘confidence in our tech experts’ to solve this problem, she has continued pushing for weakening encryption despite warnings from Apple, Google, Microsoft, and other tech companies that putting encryption back doors into their products would weaken data security for everyone.”

http://arstechnica.com/tech-policy/2015/12/hillary-clinton-wants-manhattan-like-project-to-break-encryption/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Banks: Card Breach at Landry’s Restaurants

Posted on by

“Fraud analysts in the banking industry tell KrebsOnSecurity that the latest hospitality firm to suffer a credit card breach is likely Landry’s Inc., a company that manages a nationwide stable of well-known restaurants — including Bubba Gump, Claim Jumper, McCormick & Schmick’s, and Morton’s.  It remains unclear how many of Landry’s 500 properties may be affected. The company says it is investigating reports of unauthorized charges on certain payment cards after the cards were used legitimately at some of its restaurants. An online FAQ about the incident posted to Landry’s site says the company does not yet know the extent of the breach.”

https://krebsonsecurity.com/2015/12/banks-card-breach-at-landrys-restaurants/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet