Meet Evgeniy Mikhailovich Bogachev. He enjoys automobiles, boat adventures, money, and aggravated identity theft. He’s also wanted by the FBI with a bounty on his head of $3 million, the highest ever for a cybercriminal. Seriously, this dude is straight out of an Ian Fleming novel. Read more…
See the article here:
The World’s Most Wanted Hacker Sounds Like a Goddamn James Bond Villain
An anonymous reader writes: “Attacks on WordPress sites using a vulnerability in the REST API, patched in WordPress version 4.7.2, have intensified over the past two days, as attackers have now defaced over 1.5 million pages, spread across 39, 000 unique domains, ” reports BleepingComputer. “Initial attacks using the WordPress REST API flaw were reported on Monday by web security firm Sucuri, who said four groups of attackers defaced over 67, 000 pages. The number grew to over 100, 000 pages the next day, but according to a report from fellow web security firm WordFence, these numbers have skyrocketed today to over 1.5 million pages, as there are now 20 hacking groups involved in a defacement turf war.” Making matters worse, over the weekend Google’s Search Console service, formerly known as Google Webmaster, was sending out security alerts to people it shouldn’t. Google attempted to send security alerts to all WordPress 4.7.0 and 4.7.1 website owners (vulnerable to the REST API flaw), but some emails reached WordPress 4.7.2 owners. Some of which misinterpreted the email and panicked, fearing their site might lose search engine ranking. Read more of this story at Slashdot.
Read More:
Attacks On WordPress Sites Intensify As Hackers Deface Over 1.5 Million Pages
Orome1 quotes a report from Help Net Security: Cisco has patched a critical authentication bypass vulnerability that could allow attackers to completely take over Cisco Prime Home installations, and through them mess with subscribers’ home network and devices. The vulnerability (CVE-2017-3791), found internally by Cisco security testers, affects the platform’s web-based GUI, and can be exploited by remote attackers to bypass authentication and execute any action in Cisco Prime Home with administrator privileges. No user interaction is needed for the exploit to work, and exploitation couldn’t be simpler: an attacker just needs to send API commands via HTTP to a particular URL. The bug exists in versions 6.4 and later of Cisco Prime Home, but does not affect versions 5.2 and earlier. “Administrators can verify whether they are running an affected version by opening the Prime Home URL in their browser and checking the Version: line in the login window. If currently logged in, the version information can be viewed in the bottom left of the Prime Home GUI footer, next to the Cisco Prime Home text, ” Cisco instructed in the security advisory. Read more of this story at Slashdot.
Originally posted here:
Cisco Patches ‘Prime Home’ Flaw That Allowed Hackers To Reach Into People’s Homes
Image: Alex Cranz/Gizmodo One of the beauties of iOS versus other phone operating systems is its relative security and stability versus other phone operating systems. There just aren’t a lot of hacks that can harm an iPhone unless it has been jailbroken or hacked by Israeli cyber weapons dealers . But a new exploit will permanently disable the Messages app. So prepare to be wary of any text your asshole friends and colleagues send your way. Read more…
Read this article:
A Single Text Can Disable iOS Messages Forever
Today a massive DDoS attack took out a major piece of Internet infrastructure , causing huge outages across the United States and Europe. Watch it spread like a disease across the States. Read more…
Read the original:
Watch America’s Internet Get Wiped Out by a Massive DDoS Attack
Under the Fourth Amendment, Americans are protected from unreasonable searches and seizures, but according to one group of federal prosecutors, just being in the wrong house at the wrong time is cause enough to make every single person inside provide their fingerprints and unlock their phones . Read more…
View article:
Feds Claim They Can Enter a House and Demand Fingerprints to Unlock Everyone’s Phones
Yahoo built software to secretly scan its users emails at the behest of U.S intelligence officials, according to a report by Reuters. Read more…
Read the original:
Yahoo Secretly Scanned Users’ Emails For The NSA and FBI: Report
We already knew that a recent hack that targeted Democratic officials was going to be more than just access to possibly incriminating emails, but we didn’t realize it would be this soon. Read more…
More:
Personal Information of Nearly 200 Democrats Leaked in Latest Hack
Lorenzo Franceschi-Bicchierai, writing for Motherboard: One day, your thermostat will get hacked by some cybercriminal hundreds of miles away who will lock it with malware and demand a ransom to get it back to normal, leaving you literally in the cold until you pay up a few hundred dollars. This has been a scenario that security experts have touted as one of the theoretical dangers of the rise of the Internet of Things, internet-connected devices that are often insecure. On Saturday, what sounds like a Mr. Robot plot line came one step closer to being reality, when two white hat hackers showed off the first-ever ransomware that works against a “smart” device, in this case, a thermostat. Luckily, Andrew Tierney and Ken Munro, the two security researchers who created the ransomware, actually have no ill intention. They just wanted to make a point: some Internet of Things devices fail to take simple security precautions, leaving users in danger. “We don’t have any control over our devices, and don’t really know what they’re doing and how they’re doing it, ” Tierney told Motherboard. “And if they start doing something you don’t understand, you don’t really have a way of dealing with it.” Tierney and Munro, who both work UK-based security firm Pen Test Partners, demonstrated their thermostat ransomware proof-of-concept at the hacking conference Def Con on Saturday, fulfilling the pessimistic predictions of some people in security world. Read more of this story at Slashdot.
Original post:
Hackers Make the First-Ever Ransomware For Smart Thermostats
A video demonstration of the vulnerability here, using a temporary password. (credit: Kapil Haresh) This piece first appeared on Medium and is republished here with the permission of the author. It reveals a limitation in the way Apple approaches 2FA, which is most likely a deliberate decision. Apple engineers probably recognize that someone who loses their phone won’t be able to wipe data if 2FA is enforced, and this story is a good reminder of the pitfalls. As a graduate student studying cryptography, security and privacy (CrySP ), software engineering and human-computer interaction , I’ve learned a thing or two about security. Yet a couple of days back, I watched my entire digital life get violated and nearly wiped off the face of the Earth. That sounds like a bit of an exaggeration, but honestly it pretty much felt like that. Here’s the timeline of a cyber-attack I recently faced on Sunday, July 23, 2016 (all times are in Eastern Standard): That’s a pretty incidence matrix (credit: Kapil Haresh) 3:36pm— I was scribbling out an incidence matrix for a perfect hash family table on the whiteboard, explaining how the incidence matrix should be built to my friends. Ironically, this was a cryptography assignment for multicast encryption. Everything seemed fine until a rather odd sound started playing on my iPhone. I was pretty sure it was on silent, but I was quite surprised to see that it said “Find My iPhone Alert” on the lock screen. That was odd. Read 20 remaining paragraphs | Comments
View post:
There are limits to 2FA and it can be near-crippling to your digital life