security – Page 147

$40 Hardware Is Enough To Hack $28,000 Police Drones From 2km Away

mask.of.sanity writes: Thieves can hijack $28, 000 professional drones used widely across the law enforcement, emergency, and private sectors using $40 worth of hardware. The quadcopters can be hijacked from up to two kilometers away thanks to a lack of encryption, which is not present due to latency overheads. Attackers can commandeer radio links to the drones from up to two kilometers away, and block operators from reconnecting to the craft. With the targeted Xbee chip being very common in drones, IBM security guy Nils Rodday says it is likely many more aircraft are open to compromise. Read more of this story at Slashdot.

Follow this link:
$40 Hardware Is Enough To Hack $28,000 Police Drones From 2km Away

Chinese Scammers Take Mattel To the Bank, Phishing Them For $3 Million

itwbennett quotes a report from The Associated Press: Mattel, the popular toy maker behind Barbie and Hot Wheels, was the victim of a phishing attack last year that nearly cost them $3 million. On April 30, 2015, a Mattel finance executive got a note from the new CEO, Christopher Sinclair, requesting a new vendor payment to China. Transfers required approval from two high-ranking managers; the finance exec qualified and so did the CEO. The transfer was made. The only thing preventing a total loss was the fact that the following day was a bank holiday. Details of the attack against Mattel come from a report by the Associated Press, investigating money laundering and other financial crime in Wenzhou, China. Read more of this story at Slashdot.

Read this article:
Chinese Scammers Take Mattel To the Bank, Phishing Them For $3 Million

Petya Ransomware Uses DOS-Level Lock Screen, Prevents OS Boot Up

An anonymous reader writes: A new type of ransomware was discovered that crashes your PC into a BSOD, restarts your computer, and then prevents your OS from starting by altering the hard drive’s master boot record (MBR). This keeps the user locked in a DOS screen that doubles as the ransomware’s ransom note. The ransomware’s name is Petya, and was currently seen only targeting HR departments in Germany. Read more of this story at Slashdot.

Kentucky Hospital Calls State of Emergency In Hack Attack

An anonymous reader quotes a report from CNBC: A Kentucky hospital is operating in an internal state of emergency following an attack by cybercriminals on its computer network, Krebs on Security reported. Methodist Hospital, based in Henderson, Kentucky, is the victim of a ransomware attack in which hackers infiltrated its computer network, encrypted files and are now holding the data hostage, Krebs reported Tuesday. The criminals reportedly used new strain of malware known as Locky to encrypt important files. The malware spread from the initial infected machine to the entire internal network and several other systems, the hospital’s information systems director, Jamie Reid, told Krebs. The hospital is reportedly considering paying hackers the ransom money of four bitcoins, about $1, 600 at the current exchange rate, for the key to unlock the files. Read more of this story at Slashdot.

See more here:
Kentucky Hospital Calls State of Emergency In Hack Attack

Starboard Launches Proxy Fight To Remove Entire Yahoo Board

An anonymous reader quotes a report from Reuters: Activist hedge fund Starboard Value LP moved on Thursday to overthrow the entire board of Yahoo Inc, including Chief Executive Marissa Mayer, who has struggled to turn around the company in her nearly four years at the helm. Starboard, which has been pushing for changes at Yahoo since 2014 and owns about 1.7 percent of the company, said it would nominate nine candidates for the board. The proxy fight comes as Yahoo is pressing ahead with an auction of its core Internet business, which includes search, mail and news sites. Yahoo and Starboard could still come to an agreement before the company’s annual meeting, expected to be in late June. If they cannot avoid a proxy fight and the Yahoo board election is taken to a shareholder vote, attention will swing to the large mutual and index funds that own the stock and will carry heavy weight in the final tally. Yahoo and Starboard representatives met on March 10 to discuss ways the two sides could avoid a proxy fight, according to people familiar with the matter. But those talks broke down, in part because Starboard was upset by Yahoo’s announcement that same day that it appointed two new board directors, these people say. Read more of this story at Slashdot.

Read the original post:
Starboard Launches Proxy Fight To Remove Entire Yahoo Board

U.S. Indicts 7 Iranians Accused of Hacking U.S. Financial Institutions

An anonymous reader quotes a report from NPR: The U.S. Department of Justice has indicted seven Iranians with intelligence links over a series of crippling cyberattacks against 46 U.S. financial institutions between 2011 and 2013. The indictment, which was unsealed Thursday, also accuses one of the Iranians of remotely accessing the control system of a small dam in Rye, N.Y, during the same period. Attorney General Loretta Lynch said the indictment is meant to send a message: “That we will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market.” According to the indictment, the seven men worked for two Iran-based computer security companies that have done work for the Iranian government, including the powerful Islamic Revolutionary Guard Corps. The men allegedly carried out large-scale distributed denial of service (DDoS) attacks, which overwhelm a server with communications in order to disable it. Read more of this story at Slashdot.

More:
U.S. Indicts 7 Iranians Accused of Hacking U.S. Financial Institutions

CCTV DVR Vulnerabilities Traced To Chinese OEM Which Spurned Researchers’ Advice

An anonymous reader writes: RSA security researcher Rotem Kerner has identified a common vulnerability in the firmware of 70 different CCTV DVR vendors, which allows crooks to execute code and gain root privileges on the affected devices. The problem was actually in the firmware of just one DVR sold by Chinese firm TVT. The practice of “white-labeling” products helped propagate this issue to other “manufacturers” who did nothing more than to buy a non-branded DVR, tweaked its firmware, slapped their logo on top, and sold it a their own, vulnerability included. Read more of this story at Slashdot.

View article:
CCTV DVR Vulnerabilities Traced To Chinese OEM Which Spurned Researchers’ Advice

Radio Attack Lets Hackers Steal 24 Different Car Models

An anonymous reader writes from a Wired article: A group of German vehicle security researchers has released new findings about the extent of a wireless key hack, and their work ought to convince hundreds of thousands of drivers to keep their car keys next to their Pudding Pops. The Munich-based automobile club ADAC recently made public a study it had performed on dozens of cars to test a radio ‘amplification attack’ that silently extends the range of unwitting drivers’ wireless key fobs to open cars and even start their ignitions (in German). The ADAC researchers say that 24 different vehicles from 19 different manufacturers were all vulnerable, allowing them to not only reliably unlock the target vehicles but also immediately drive them away. “This clear vulnerability in [wireless] keys facilitates the work of thieves immensely, ” reads the post. “The radio connection between keys and car can easily be extended over several hundred meters, regardless of whether the original key is, for example, at home or in the pocket of the owner.” Here’s the full list of vulnerable vehicles from their findings, which focused on European models: the Audi A3, A4 and A6, BMW’s 730d, Citroen’s DS4 CrossBack, Ford’s Galaxy and Eco-Sport, Honda’s HR-V, Hyundai’s Santa Fe CRDi, KIA’s Optima, Lexus’s RX 450h, Mazda’s CX-5, MINI’s Clubman, Mitsubishi’s Outlander, Nissan’s Qashqai and Leaf, Opel’s Ampera, Range Rover’s Evoque, Renault’s Traffic, Ssangyong’s Tivoli XDi, Subaru’s Levorg, Toyota’s RAV4, and Volkswagen’s Golf GTD and Touran 5T. Read more of this story at Slashdot.

See the original article here:
Radio Attack Lets Hackers Steal 24 Different Car Models

Bitcoin Trading Platform Announces Huge Downtime Following Cyber-Attack

An anonymous reader writes: BitQuick, a US-based Bitcoin trader has announced that it will shut down its platform for up to 2 to 4 weeks following a cyber-attack this week. The platform took this step because it has not yet identified how the hackers infiltrated their systems. It is unusual for companies to take down their systems for weeks, but after the recent Cryptsy and LoanBase hacks, the company is not willing to lose millions of dollars worth of Bitcoin. BitQuick announced clients of the incident, and 97% already withdrew their funds from the platform. Read more of this story at Slashdot.

More:
Bitcoin Trading Platform Announces Huge Downtime Following Cyber-Attack

Millions of Android Devices Vulnerable To New Stagefright Exploit

An anonymous reader writes: Security researchers have found yet another flaw in Android’s Stagefright. The researchers were able to remotely hack an Android phone by exploiting the bugs. According to their estimation, the flaw exposes devices running Android software version between 5.0-5.1, or 36% of 1.4 billion, to security attacks. “I would be surprised if multiple professional hacking groups do not have working Stagefright exploits by now. Many devices out there are still vulnerable, so Zimperium has not published the second exploit in order to protect the ecosystem, ” Zuk Avraham, chairman of Zimperium, the firm which found the first Stagefright exploit told Wired. Read more of this story at Slashdot.

View post:
Millions of Android Devices Vulnerable To New Stagefright Exploit

Ken May

Tag: security