Tag Archives: Security

IRS: 330K Taxpayers Hit by ‘Get Transcript’ Scam

Posted on by

“The Internal Revenue Service (IRS) disclosed today that identity thieves abused a feature on the agency’s Web site to pull sensitive data on more than 330,000 potential victims as part of a scheme to file fraudulent tax refund requests. The new figure is far larger than the number of Americans the IRS said were potentially impacted when it first acknowledged the vulnerability in May 2015 — two months after KrebsOnSecurity first raised alarms about the weakness. The IRS’s experience should tell consumers something about the effectiveness of the technology that the IRS, banks and countless other organizations use to screen requests for sensitive information.”

http://krebsonsecurity.com/2015/08/irs-330k-taxpayers-hit-by-get-transcript-scam/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

FTC can sue companies with poor information security: U.S. court

Posted on by

“On Monday, a federal appeals court ruled that the Federal Trade Commission (FTC) has the power to take action (PDF) against companies that employ poor IT security practices. The FTC sued Wyndham in 2012 for failing to protect its customers from hackers, and Wyndham countered by saying that it was a victim of the hack itself and should not be penalized by the FTC for the breach.  Although the US government has not mandated a level of security necessary for businesses to meet when they hold customer data, the FTC has been trying to push companies to invest in security.”

http://arstechnica.com/tech-policy/2015/08/ftc-can-sue-companies-with-poor-information-security-appeals-court-says/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Hackers turn Square reader into card skimmer in under 10 minutes

Posted on by

“Square created their tiny, portable card reader to revolutionize the credit card processing business. As it turns out, they may have unwittingly revolutionized card skimming, too.  Researchers Alexandrea Mellen  and John Moore were on hand at this year’s Black Hat conference demonstrating that it only takes 10 minutes to turn an ordinary Square reader into a portable skimmer. It simply requires very little work, and a high level of skill isn’t needed to pull it off. All the duo had to do to hack the reader was to solder in a short length of wire to bypass Square’s built-in encryption chip. Once the wire is in place, the reader can then slurp up and spit out credit card swipe data in the clear.”

http://www.geek.com/mobile/hackers-turn-square-reader-into-card-skimmer-in-under-10-minutes-1630512/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Hacked: yup, even your skateboard isn’t safe

Posted on by

“Every young person I knew who came out of the theatre after watching ‘Back to the Future’ shared dreams of Marty McFly’s hoverboarding future as they hopped onto their trusty skateboards, wishing away the years until their current mode of transport could be both self-propelled and capable of hovering in the air.  Both of those wishes have just about come true in the form of the Lexus hoverboard. But those of you with more modest means may have settled upon a non-liquid-nitrogen, electric version of the skateboard.  And that, for the time being at least, may have been a mistake.  As Wired reports, massive flaws exist that allow Bluetooth-enabled skateboards to be hacked.”

https://nakedsecurity.sophos.com/2015/08/05/hacked-yup-even-your-skateboard-isnt-safe/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Rootkit uses Thunderbolt accessories to infect Mac firmware

Posted on by

“Dubbed ‘Thunderstrike 2,’ the new proof-of-concept attack still spreads primarily through infected Thunderbolt accessories. But where the original Thunderstrike required a malicious user to have physical access to your computer to work—something sometimes referred to as an ‘evil maid’ attack—the new one can be spread remotely. The malware can be delivered ‘via a phishing e-mail and malicious Web site,’ and once downloaded it can infect connected accessories that use Option ROM (Apple’s Thunderbolt-to-gigabit-Ethernet accessory is a commonly cited example). Once the accessory is infected, the malware can spread to any Mac that you plug the accessory into.”

http://arstechnica.com/apple/2015/08/thunderstrike-2-rootkit-uses-thunderbolt-accessories-to-infect-mac-firmware/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Even when told not to, Windows 10 just can’t stop talking to Microsoft

Posted on by

“Windows 10 uses the Internet a lot to support many of its features. The operating system also sports numerous knobs to twiddle that are supposed to disable most of these features and the potentially privacy-compromising connections that go with them.  Unfortunately for privacy advocates, these controls don’t appear to be sufficient to completely prevent the operating system from going online and communicating with Microsoft’s servers.  We’ve argued recently that operating systems will continue to make privacy-functionality trade-offs.  But the flip side of this is that disabling these services for those who don’t want to use them should really disable them.”

http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Lenovo Caught Using Rootkit to Secretly Install Unremovable Software

Posted on by

“Two years ago Chinese firm Lenovo got banned from supplying equipment for networks of the intelligence and defense services various countries due to hacking and spying concerns.  Earlier this year, Lenovo was caught red-handed for selling laptops pre-installed with Superfish malware.  One of the most popular Chinese computer manufacturers ‘Lenovo’ has been caught once again using a hidden Windows feature to preinstall unwanted and unremovable rootkit software on certain Lenovo laptop and desktop systems it sells.  The feature is known as ‘Lenovo Service Engine’ (LSE) – a piece of code presents into the firmware on the computer’s motherboard.”

http://thehackernews.com/2015/08/lenovo-rootkit-malware.html

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

The NSA Playset: Espionage tools for the rest of us

Posted on by

“When Der Spiegel and Jacob Appelbaum published leaked pages of the National Security Agency’s ANT Catalog—the collection of tools and software created for NSA’s Tailored Access Operations (TAO) division—it triggered shock, awe, and a range of other emotions around the world. Among some hardware hackers and security researchers, it triggered something else, too—a desire to replicate the capabilities of TAO’s toolbox to conduct research on how the same approaches might be used by other adversaries.  The NSA Playset project has done just that. The collection boasts over a dozen devices that put the power of the NSA’s TAO into the hands of researchers.”

http://arstechnica.com/information-technology/2015/08/the-nsa-playset-espionage-tools-for-the-rest-of-us/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Corvette’s brakes wirelessly hacked through an insurance dongle

Posted on by

“Researchers at the University of California at San Diego have found a way to wirelessly hack thousands of vehicles by exploiting the on-board diagnostics (or OBD) devices that insurance companies use to monitor speed and location. In a video posted to YouTube (seen above), they were able to activate the windshield wipers and engage or disengage the brakes of a 2013 model Corvette by sending an SMS message to the OBD dongle’s cellular radio. The OBD attack isn’t limited to just Corvettes, or Chevrolets for that matter. The researchers also told Wired that the hack could be modified to grant access to other systems like the locks, steering, and transmission of most modern vehicles.”

http://www.theverge.com/2015/8/11/9130203/wireless-hack-corvette-brakes-insurance-dongle

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Stagefright Patch Incomplete Leaving Android Devices Still Exposed

Posted on by

“Google today released to open source a new patch for the infamous Stagefright vulnerability found in 950 million Android devices after researchers at Exodus Intelligence discovered the original patch was incomplete and Android devices remain exposed to attack.  The original four-line code fix for CVE-2015-3824, one of several patches submitted by researcher Joshua Drake of Zimperium Mobile Security’s zLabs who discovered the flaw in Stagefright, still leads to a crash and device takeover.  The vulnerabilities affect Android devices going back to version 2.2; newer versions of Android have built-in mitigations such as ASLR that lessen the effects of Stagefright exploits.”

https://threatpost.com/stagefright-patch-incomplete-leaving-android-devices-still-exposed/114267

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet