Image: Daniel Mears via AP Images The Obama administration is trying to check as many policy boxes as it can on the way out of the door, and today it finally announced a flexible framework for companies and governments involved in developing self-driving cars. Read more…
Link:
The U.S. Government Finally Got Around To Publishing Self-Driving Car Guidelines
An anonymous reader quotes a report from Digital Trends: ClixSense, a site which pays users to view ads and take surveys, was the victim of a massive data breach compromising around 6.6 million user accounts. Usually when there’s a data breach of this size, the information stolen contains usernames, passwords, and some other personal information, but due to the nature of ClixSense and the service it provided, home addresses, payment histories, and other banking details have also been compromised. According to the message posted to PasteBin along with a sample of the stolen data, social security numbers, dates of birth, and some internal emails from ClixSense may also have been compromised. Ars Technica reported this morning that about 2.2 million people have had their data posted to PasteBin over the weekend, reportedly just a taste of the 6.6 million user accounts that have been stolen. The hackers responsible stated in their PasteBin post that they intend to sell the user information they gathered, without disclosing a specific price. PasteBin has since removed the posts and the sample of the compromised user account information. Read more of this story at Slashdot.
Original post:
ClixSense Suffers Massive Data Breach, 6.6 Million Users Compromised
An anonymous reader writes from a report via Softpedia: David Levin, 31, of Estero, Florida will spend 20 days in prison after hacking two websites belonging to the Florida state elections department. Levin, a security researcher, tested the security of two Florida state election websites without permission, and then recorded a video and posted on YouTube. The problem is that the man appearing in the video next to Levin was a candidate for the role of state election supervisor, running for the same position against the incumbent Supervisor of Elections, Sharon Harrington. Harrington reported the video to authorities, who didn’t appreciate the media stunt pulled by the two, and charged the security researcher with three counts of hacking-related charges. The researcher turned himself in in May and pleaded guilty to all charges. This week, he received a 20-day prison sentence and two years of probation. In court he admitted to the whole incident being a political stunt. Read more of this story at Slashdot.
View the original here:
Researcher Gets 20 Days In Prison For Hacking State Websites As Political Stunt
An anonymous reader writes from a report via The Next Web: T-Mobile plans to boost its LTE speeds to up to 400 Mbps in the very near future. The Next Web reports: “The company is getting ready to boost its maximum theoretical internet speeds to become the faster carrier in the U.S. by a wide margin. The network will soon support theoretical speeds up to 400 Mbps — nearly half the speed of Google Fiber. There’s a two-pronged approach to the upgrade. First is incorporating 4×4 MIMO (multiple input, multiple output) technology, which will supposedly double the speed from the current 7-40 Mbps customers tend to experience with T-Mobile (about the same as Verizon with LTE-A). This upgrade is available now in 319 cities, although it’s a moot point because only the S7 and S7 Edge will be able to use the tech via a software update “later this month.” In October, the company will roll out 256 QAM support to the S7 and S7 Edge (and again, more phones later), which increases the amount of bits per transmission. T-Mobile says this will lead to theoretical maximum speeds of 400 Mbps.” The Next Web followed-up with T-Mobile to ask about what the real-world speeds would be after the upgrade. The company says “customers can expect to see real world peak speeds of 190 Mbps, ” which is over four times current peaks speeds, but also far below the theoretical 400 Mbps. Read more of this story at Slashdot.
A total of three men are said to be operators of file-sharing site KickassTorrents (KAT), according to U.S. prosecutors. Last month, federal authorities arrested the 30-year-old Ukrainian mastermind of KAT, Artem Vaulin, and formally charged him with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement. Two other Ukrainians were named in the new indictment (PDF): Levgen (Eugene) Kutsenko and Oleksander (Alex) Radostin. While only Vaulin has been arrested, bench warrants have been issue for the arrest of all three men. Ars Technica reports: “Prosecutors say the three men developed and maintained the site together and used it to ‘generate millions of dollars from the unlawful distribution of copyright-protected media, including movies, television shows, music, video games, computer software, and electronic books.’ They gave out ‘Reputation’ and ‘User Achievement’ awards to users who uploaded the most popular files, including a special award for users who had uploaded more than 1, 000 torrents. The indictment presents a selection of the evidence that the government intends to use to convict the men, and it isn’t just simple downloads of the copyrighted movies. The government combed through Vaulin’s e-mails and traced the bitcoins that were given to him via a ‘donation’ button.” Read more of this story at Slashdot.
Read More:
US Unveils Charges Against KickassTorrents, Names Two More Defendants
schwit1 writes from a report via CRN: Cisco Systems is laying off about 14, 000 employees, representing nearly 20 percent of the network equipment maker’s global workforce. San Jose, California-based Cisco is expected to announce the cuts within the next few weeks, the report said, as the company transitions from its hardware roots into a software-centric organization. Cisco increasingly requires “different skill sets” for the “software-defined future” than it did in the past, as it pushes to capture a higher share of the addressable market and aims to boost its margins, the CRN report said citing a source familiar with the situation. “The company’s headcount as of April 20, 2016, was 73, 104, ” reports CRN. “Cutting 14, 000 employees would be the single largest layoff in Cisco’s 32-year history.” Read more of this story at Slashdot.
See more here:
Cisco Systems To Lay Off About 14,000 Employees, Representing 20% of Global Workforce
tedlistens quotes a report from Fast Company: For years, security firms have warned of keystroke logging malware that surreptitiously steals usernames and passwords on desktop and laptop computers. In the past year, a similar threat has begun to emerge on mobile devices: So-called overlay malware that impersonates login pages from popular apps and websites as users launch the apps, enticing them to enter their credentials to banking, social networking, and other services, which are then sent on to attackers. Such malware has even found its way onto Google’s AdSense network, according to a report on Monday from Kaspersky Lab. The weapon would automatically download when users visited certain Russian news sites, without requiring users to click on the malicious advertisements. It then prompts users for administrative rights, which makes it harder for antivirus software or the user to remove it, and proceeds to steal credentials through fake login screens, and by intercepting, deleting, and sending text messages. The Kaspersky researchers call it “a gratuitous act of violence against Android users.” “By simply viewing their favorite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking Trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q, ” according to the company. “There you are, minding your own business, reading the news and BOOM! — no additional clicks or following links required.” The good news is that the issue has since been resolved, according to a Google spokeswoman. Fast Company provides more details about these types of attacks and how to stay safe in its report. Read more of this story at Slashdot.
More:
Malware That Fakes Bank Login Screens Found In Google Ads
(credit: HEI Hotels & Resorts) The chain that owns Starwood, Marriott, Hyatt, and Intercontinental hotels—HEI Hotels & Resorts— said this weekend that the payment systems for 20 of its locations had been infected with malware that may have been able to steal tens of thousands of credit card numbers and corresponding customer names, expiration dates, and verification codes. HEI claims that it did not lose control of any customer PINs, as they are not collected by the company’s systems. Still, HEI noted on its website that it doesn’t store credit card details either. “We believe that the malware may have accessed payment card information in real-time as it was being inputted into our systems,” the company said. The breach appears to have hit 20 HEI Hotels, and in most cases, the malware appears to have been active from December 2, 2015 to June 21, 2016. In a few cases, hotels may have been affected as early as March 1, 2015. According to a statement on HEI’s website, the malware affected point-of-sale (POS) terminals at the affected properties, but online booking and other online transactions were not affected. Read 4 remaining paragraphs | Comments
Read More:
20 hotels suffer hack costing tens of thousands their credit card information
Lorenzo Franceschi-Bicchierai, writing for Motherboard: One day, your thermostat will get hacked by some cybercriminal hundreds of miles away who will lock it with malware and demand a ransom to get it back to normal, leaving you literally in the cold until you pay up a few hundred dollars. This has been a scenario that security experts have touted as one of the theoretical dangers of the rise of the Internet of Things, internet-connected devices that are often insecure. On Saturday, what sounds like a Mr. Robot plot line came one step closer to being reality, when two white hat hackers showed off the first-ever ransomware that works against a “smart” device, in this case, a thermostat. Luckily, Andrew Tierney and Ken Munro, the two security researchers who created the ransomware, actually have no ill intention. They just wanted to make a point: some Internet of Things devices fail to take simple security precautions, leaving users in danger. “We don’t have any control over our devices, and don’t really know what they’re doing and how they’re doing it, ” Tierney told Motherboard. “And if they start doing something you don’t understand, you don’t really have a way of dealing with it.” Tierney and Munro, who both work UK-based security firm Pen Test Partners, demonstrated their thermostat ransomware proof-of-concept at the hacking conference Def Con on Saturday, fulfilling the pessimistic predictions of some people in security world. Read more of this story at Slashdot.
Original post:
Hackers Make the First-Ever Ransomware For Smart Thermostats
An anonymous reader quotes a report from Reuters: Hong Kong-based digital currency exchange Bitfinex said late on Tuesday it has suspended trading on its exchange after it discovered a security breach, according to a company statement on its website. The company said it has also suspended deposits and withdrawals of digital currencies from the exchange. “We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen, ” the company said. “We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up.” The company said it has reported the theft to law enforcement. It said it has not yet determined the value of digital currencies stolen from customer accounts. CoinDesk reports that the company confirmed roughly 120, 000 BTC (more than $60 million) has been stolen via social media. “In response, bitcoin prices fell to $560.16 by 19:30 UTC, $530 by 23:30 and $480 at press time, CoinDesk USD Bitcoin Price Index (BPI) data reveals, ” reports CoinDesk. “This price was roughly 20% lower than the day’s opening of $607.37 and 27% below the high of $658.28 reached on Saturday, July 30th, when the digital currency began pushing lower.” Read more of this story at Slashdot.
Read the original post:
Bitcoin Exchange Bitfinex Says It Was Hacked, Roughly $60M Stolen