More bad news for Volkswagen.
A team of researchers has found that Volkswagen stores secret keys in car components that leave almost all its vehicles since 1995 vulnerable to theft.
Source: A New Wireless Hack Can Unlock 100 Million Volkswagens
More bad news for Volkswagen.
A team of researchers has found that Volkswagen stores secret keys in car components that leave almost all its vehicles since 1995 vulnerable to theft.
Source: A New Wireless Hack Can Unlock 100 Million Volkswagens
Another impressive likely-state-sponsored malware. Data exfiltration from air-gapped machines is the holy grail of the malware world. If they succeeded this will be huge.
The malware—known alternatively as “ProjectSauron” by researchers from Kaspersky Lab and “Remsec” by their counterparts from Symantec—has been active since at least 2011 and has been discovered on 30 or so targets. Its ability to operate undetected for five years is a testament to its creators, who clearly studied other state-sponsored hacking groups in an attempt to replicate their advances and avoid their mistakes.
Source: Researchers crack open unusually advanced malware that hid for 5 years
It has long been known that telephony services like SMS are not secure. When your infrastructure provider is hostile it gets challenging to protect your users.
Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system, cyber researchers told Reuters.
Source: Exclusive: Hackers accessed Telegram messaging accounts in Iran – researchers
Great, now we’re on BBC for the wrong reasons. This goes totally against the Smart Nation, IoT and cloud movement. The scary prospect is that quasi-government agencies and even private organizations may take a cue from this and do the same.. Expect a strong pushback from the industry. OTOH, server vendors will be very happy 🙂
Singapore says it will restrict access to the internet for public servants from May next year because of information security concerns.
Source: No internet for Singapore public servants – BBC News
Yet another major fail from a hardware vendor. The tl;dr version is this: Asus laptop comes with a software called LiveUpdate that deliver updates from Asus. The problem is it does so insecurely and without proper validation. So that makes it possible for someone to perform MiTM and deliver fake updates.
Source: *indrora->mind — DeadUpdate; Or, How I learned to stop worrying and…
TeamViewer is a very popular tool for remote access due to its ease of use and firewall bypassing capability. It is widely used by IT support, sysadmins, appliance manufacturer, Pos system makers, individuals etc. If this hack is real it would have huge ramifications for users of this tool.
Remote-control tool wobbles offline, blames bad passwords for compromises
Source: TeamViewer denies hack after PCs hijacked, PayPal accounts drained
Update (2016-06-04): Also reported here.
ImageMagick and its fork – GraphicsMagick – are widely used libraries by tons of applications for “displaying, converting, and editing raster image and vector image files”.
All existing releases of GraphicsMagick and ImageMagick support a file
open syntax where if the first character of the file specification is
a ‘|’, then the remainder of the filename is passed to the shell for
execution using the POSIX popen(3C) function.
via CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename
Banking systems around the world under attack from Anonymous group.
By: Jay Syrmopoulos via thefreethoughtproject.com After announcing a global call to arms against the “corrupt global banking cartel,” the hacker collective known as Anonymous, in conjunction with numerous other hacktivist groups, have taken over 20 central banks offline, including striking at the heart of the Western imperialist empire; the U.S. Federal Reserve Bank of Boston, […]
This is an amazingly detailed account of the actions taken to take down HT. One of the key moments in the article was how he went after the people with keys to the kingdom – the sysadmins.
One of my favourite passtimes is stalk the sysadmins. By spying on Christian Pozzi (Hacking Team’s sysadmin), I gained access to the Nagios server, which gave me access to the ‘rete sviluppo’ (the development network with the RCS source code). With a simple combination of PowerSploit’s Get-Keystrokes and Get-TimedScreenshot [13], nishang’s Do-Exfiltration, and GPO, I could spy on any employee I wanted, or even the entire domain.
,-._,-._ _,-\ o O_/; / , ` `| | \-.,___, / ` \ `-.__/ / ,.\ / `-.__.-\` ./ \' / /| ___\ ,/ `\ ( ( |.-"` '/\ \ ` \ \/ ,, | \ _ \| o/o / \. \ , / / ( __`;-;'__`) \\ `//'` `||` `\ _// || __ _ _ _____ __ .-"-._,(__) .(__).-""-. | | | | |_ _| | / \ / \ | | |_| | | | | \ / \ / | | _ | | | | `'-------` `--------'` __| |_| |_| |_| |__ #antisec
Via Ghostbin
The Panama papers leak has been affecting a lot of high-profile individuals. How did it actually happen? Here’s one plausible theory.
The Mossack Fonseca (MF) data breach, aka Panama Papers, is the largest data breach to journalists in history and includes over 4.8 million emails. Yesterday we broke the story that MF was running WordPress with a vulnerable version of Revolution Slider and the WordPress server was on the same network as their email servers when […]
Source: Panama Papers: Email Hackable via WordPress, Docs Hackable via Drupal – Wordfence