What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-06 06:51:00 | 14 UK schools suffer cyberattack, highly confidential documents leaked (lien direct) | More than a dozen schools in the UK have suffered a cyberattack which has led to highly confidential documents being leaked online by cybercriminals. That's according to a report from the BBC which claimed that children's SEN information, child passport scans, staff pay scales and contract details have been stolen by notorious cybercrime group Vice Society, known for disproportionately targeting the education sector with ransomware attacks in the UK and other countries.Passport, contract data stolen and posted on dark web Pates Grammar School in Gloucestershire is one of 14 to have been impacted by the data breach, the BBC reported, with Vice Society hackers using generic search terms to steal documents. “One folder marked 'passports' contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked 'contract' contains contractual offers made to staff alongside teaching documents on muscle contractions. Another folder marked 'confidential' contains documents on the headmaster's pay and student bursary fund recipients,” the BBC wrote. The hack at Pates is estimated to have taken place on September 28 before data was published on the dark web. The UK Information Commissioner's Office (ICO) and Gloucestershire Police confirmed they were investigating the alleged breaches in 2022.To read this article in full, please click here | Ransomware Hack | ★★ | |
|
2022-11-22 02:00:00 | Know thy enemy: thinking like a hacker can boost cybersecurity strategy (lien direct) | As group leader for Cyber Adversary Engagement at MITRE Corp., Maretta Morovitz sees value in getting to know the enemy – she can use knowledge about cyber adversaries to distract, trick, and deflect them and develop strategies to help keep threat actors from getting whatever they're after.That could mean placing decoys and lures that exploit their expectations for what an attacker will find when they first hack into an environment, she says. Or it could mean deliberately disorienting them by creating scenarios that don't match up to those expectations. “It's about how to drive defenses by knowing how the adversaries actually behave,” says Morovitz, who is also group leader for MITRE Engage, a cyber adversary engagement framework.To read this article in full, please click here | Hack Threat Guideline | ★★★ | |
|
2022-10-24 07:16:00 | Iran\'s nuclear energy agency confirms email server hacked (lien direct) | The Atomic Energy Organization of Iran on Sunday confirmed that an email server at its Bushehr Nuclear Power Plant was hacked. The organization blamed a foreign country, but an Iranian hacking group that goes by the name Black Reward has claimed responsibility for the breach.The Atomic Energy Organization said that the IT group serving the Bushehr plant has examined and issued a report on the breach, and denied any sensitive information being exposed. The energy agency said the hack was intended to gain the attention of the public and media."It should be noted that the content in users' emails contains technical messages and common and current daily exchanges," according to a statement on the organization's website. "It is obvious that the purpose of such illegal efforts, which are carried out of desperation, is to attract public attention."To read this article in full, please click here | Hack | ||
|
2022-10-06 13:16:00 | Guilty verdict in the Uber breach case makes personal liability real for CISOs (lien direct) | Yesterday, a federal jury handed down a guilty verdict to Joe Sullivan, the former CSO on charges of “obstruction of the proceedings of the Federal Trade Commission and misprision of felony in connection with the attempted cover-up of a 2016 hack at Uber” according to a notice published by the Department of Justice (DOJ).US Attorney Stephanie Hinds, upon learning of the verdict, admonished companies that are storing data as to their responsibility to also “protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission (FTC) and took steps to prevent the hackers from being caught. We will not tolerate the concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users. Where such conduct violates the federal law, it will be prosecuted.”To read this article in full, please click here | Data Breach Hack | Uber Uber | |
|
2022-09-22 02:00:00 | D&O insurance not yet a priority despite criminal trial of Uber\'s former CISO (lien direct) | The trial of former Uber CISO Joe Sullivan marks the first time a cybersecurity chief has faced potential criminal liability. Sullivan is charged with trying to conceal from federal investigators the details of a 2016 hack at Uber that exposed the email addresses and phone numbers of 57 million drivers and passengers. The two charges against Sullivan, obstruction of justice and failure to report a crime, carry potential jail time of five and three years, respectively, in a watershed case that has drawn the attention of security professionals.To read this article in full, please click here | Hack | Uber Uber | |
|
2022-08-11 03:53:00 | Cisco admits hack on IT network, links attacker to LAPSUS$ threat group (lien direct) | IT, networking, and cybersecurity solutions giant Cisco has admitted suffering a security incident targeting its corporate IT infrastructure in late May 2022. On August 10, the firm stated that an employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronized. Bad actors published a list of files from this security incident to the dark web, Cisco added.“The incident was contained to the corporate IT environment and Cisco did not identify any impact to any Cisco products or services, sensitive customer data or employee information, Cisco intellectual property, or supply chain operations,” the company said. Cisco claimed it took immediate action to contain and eradicate the bad actor, which it has linked to notorious threat group LAPSUS$. It also said that it has taken the decision to publicly announce the incident now as it was previously actively collecting information about the bad actor to help protect the security community.To read this article in full, please click here | Hack Threat | ||
|
2022-07-13 08:13:00 | BrandPost: Why Hackers are Increasingly Targeting Digital Supply Chains (lien direct) | For a large majority of the world, the SolarWinds hack in December 2020 was the first real introduction to digital supply chains and their vulnerabilities. But the reality is that hackers increasingly have been vested in software supply chain attacks, which increased 650% from July 2019 to May 2020 alone.Likewise, data from Netscout's 2H 2021 Threat Intelligence Report shows that hackers remain laser-focused on attacking the digital supply chain. Specifically, there was a 606% increase in attacks against software publishers from 1H 2021, as well as a 162% increase in attacks on computer manufacturers and a 263% increase against computer storage manufacturing. To read this article in full, please click here | Hack Threat | ||
|
2022-05-25 02:00:00 | Security and privacy laws, regulations, and compliance: The complete guide (lien direct) | This directory includes laws, regulations and industry guidelines with significant security and privacy impact and requirements. Each entry includes a link to the full text of the law or regulation as well as information about what and who is covered.CSO updates this directory, originally published on January 28, 2021, frequently as new laws and regulations are put in place.Click on a link to skip to information and resources on that law:Broadly applicable laws and regulations Sarbanes-Oxley Act (SOX) Payment Card Industry Data Security Standard (PCI DSS) Payment Service Directive, revised (PSD2) Gramm-Leach-Bliley Act (GLBA) Customs-Trade Partnership Against Terrorism (C-TPAT) Free and Secure Trade Program (FAST) Children's Online Privacy Protection Act (COPPA) Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule Federal Rules of Civil Procedure (FRCP) Industry-specific guidelines and requirements Federal Information Security Management Act (FISMA) North American Electric Reliability Corp. (NERC) standards Title 21 of the Code of Federal Regulations (21 CFR Part 11) Electronic Records Health Insurance Portability and Accountability Act (HIPAA) The Health Information Technology for Economic and Clinical Health Act (HITECH) Patient Safety and Quality Improvement Act (PSQIA, Patient Safety Rule) H.R. 2868: The Chemical Facility Anti-Terrorism Standards Regulation US state laws California Consumer Privacy Act (CCPA) California Privacy Rights Act (CPRA) Colorado Privacy Act Connecticut Data Privacy Act (CTDPA) Maine Act to Protect the Privacy of Online Consumer Information Maryland Personal Information Protection Act – Security Breach Notification Requirements – Modifications (House Bill 1154) Massachusetts 201 CMR 17 (aka Mass Data Protection Law) Massachusetts Bill H.4806 - An Act relative to consumer protection from security breaches | Hack | ||
|
2022-05-19 02:00:00 | Uber CISO\'s trial underscores the importance of truth, transparency, and trust (lien direct) | Truth, transparency and trust are the three T's that all CISOs and CSOs should embrace as they march through their daily grind of keeping their enterprise and the data safe and secure. Failure to adhere to the three T's can have serious consequences.Case in point: A federal judge recently ordered Uber Technologies to work with its former CSO, Joseph Sullivan (who held the position from April 2015 to November 2017), and review a plethora of Uber documents that Sullivan has requested in unredacted form for use in his defense in the upcoming criminal trial.The case against Uber's former CSO By way of background, Uber's former CSO faces a five-felony count superseding indictment associated with his handling of the company's 2016 data breach. The court document, filed in December 2021, alleges Sullivan “engaged in a scheme designed to ensure that the data breach did not become public knowledge, was concealed, and was not disclosed to the FTC and to impacted users and drivers.” Furthermore, the two individuals, who are believed to have affected the hack and subsequently requested payment for non-disclosure ultimately received $100,000 from Uber's bug bounty program. These individuals were identified in media as, Vasile Mereacre, a Canadian citizen living in Toronto, and Brandon Glover, a Florida resident, both of whom were later indicted for their breach of Lynda (a company acquired by Linkedin).To read this article in full, please click here | Data Breach Hack | Uber Uber | |
|
2021-01-06 02:00:00 | SolarWinds hack is a wakeup call for taking cybersecurity action (lien direct) | Advanced Persistent Threats (APTs) have long been a concern of the cybersecurity community. Well-organized teams with significant resources and targets they are not willing to give up attacking until their mission is accomplished are certainly not a threat to be underestimated. The tactics deployed by such groups involve a combination of attack types, from exploiting zero-day vulnerabilities to social engineering, gaining access, establishing a foothold and deepening access, and then remaining in a target's systems undetected until realizing their goal. | Hack Threat | ||
|
2020-07-21 03:00:00 | Twitter hack raises alarm among government officials, security experts (lien direct) | A hack of Twitter last week shook the foundations of the internet, cybersecurity, and political worlds. A gang of young people purportedly obsessed with OGusers, early Twitter adopters with one or two characters in their handles, ostensibly targeted 130 high-profile accounts and reset passwords and sent messages from the accounts of 45 “celebrities.” The hacks appear financially motivated, with the attackers fleeing with $121,000 worth of bitcoin generated through the scam messages they sent from the accounts of Joe Biden, Barack Obama, Bill Gates, Elon Musk and other personages. [ Learn what makes these 6 social engineering techniques so effective. | Get the latest from CSO by signing up for our newsletters. ] | Hack | ||
|
2020-07-17 11:53:00 | Twitter VIP account hack highlights the danger of insider threats (lien direct) | Most companies are putting a lot of effort into making sure their network perimeters are secure against remote attacks, but they don't pay the same level of attention to threats that might originate inside their own organizations. The attack earlier this week that resulted in the hijacking of Twitter accounts belonging to high-profile individuals and brands is the perfect example of the impact a malicious or duped insider and poor privileged access monitoring could have on businesses. [ Learn what makes these 6 social engineering techniques so effective. | Get the latest from CSO by signing up for our newsletters. ] | Hack | ||
|
2020-04-09 11:01:00 | 16 real-world phishing examples - and how to recognize them (lien direct) | You think you know phishing? Image by ThinkstockEven though computer users are getting smarter, and the anti-phishing tools they use as protection are more accurate than ever, the scammers are still succeeding. Lured with promises of monetary gain or threats of financial or physical danger, people are being scammed out of tens of thousands of dollars. Corporations lose even more - tens of millions. |
Malware Hack | ||
|
2019-09-23 04:03:00 | CISA\'s Krebs seeks more measured approach to election security heading into 2020 (lien direct) | Given the too-late realization that Russia interfered in the 2016 presidential election through massive disinformation campaigns and -- as the Mueller report most recently documented with a few new twists -- actual efforts to hack into state elections systems, it's no surprise that election security under the rubric of “Protect 2020” was a key theme running throughout the Cybersecurity and Infrastructure Security Agency's (CISA) second annual Cybersecurity Summit.[ Learn what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ] Even so, CISA Director Christopher Krebs kicked off the summit by cautioning against the kind of fearful language and overwrought concerns currently surrounding the topic of election security. “We've got to be more straightforward, more measured, more reasonable in how we talk about things. Election security is a great example. Are there true, absolute, fundamental risks in the infrastructure? Yes, but we have to take the hysteria out of the conversation because ultimately what we do is we drive broader voter confidence down,” he said. | Hack | ||
|
2019-09-10 05:53:00 | IDG Contributor Network: How a small business should respond to a hack (lien direct) | Hacks and data breaches are, unfortunately, part of doing business today. Ten years ago, it was the largest corporations that were most targeted by hackers, but that has changed. As large organizations have improved their cybersecurity, and more and more small businesses go online, hackers have shifted their attention to smaller targets.The threat Putting numbers on the scale of cybercrime is difficult, not least because many companies are resistant to acknowledging that they've been hacked. A huge study from 2010, though, conducted by Verizon working in conjunction with the US Secret Service, found that even then smaller businesses were under huge threat from cybercriminals: over 60% of the data breaches covered in that report were from businesses with less than 100 employees. | Hack Threat | ||
|
2019-08-26 10:38:00 | Capital One hack shows difficulty of defending against irrational cybercriminals (lien direct) | Software engineer Paige Thompson was arrested in late July for an unprecedented hack into a cloud server containing the personal data of over 100 million people who had filed credit card applications with leading financial institution Capital One. Thompson, who at the time of her arrest ran a hosting company called Netcrave Communications, had held a series of engineering jobs, including a stint at Amazon Web Services (AWS) in 2015 and 2016, where she presumably gained the skills to exploit a vulnerability in an application firewall on Capital One's AWS server. | Hack Vulnerability Guideline | ||
|
2019-05-10 11:04:00 | New Intel firmware boot verification bypass enables low-level backdoors (lien direct) | Researchers have found a new way to defeat the boot verification process for some Intel-based systems, but the technique can also impact other platforms and can be used to compromise machines in a stealthy and persistent way.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Researchers Peter Bosch and Trammell Hudson presented a time-of-check, time-of-use (TOCTOU) attack against the Boot Guard feature of Intel's reference Unified Extensible Firmware Interface (UEFI) implementation at the Hack in the Box conference in Amsterdam this week. | Hack | ||
|
2019-04-18 03:00:00 | Assume breach is for losers: These steps will stop data breaches (lien direct) | “Assume breach” is the popular computer defense strategy based on the idea that your company is either already breached or could easily be breached by a dedicated attacker. There is a lot of validity to this approach. Most companies and organizations are super easy to hack and compromise. However, it doesn't have to be this way. | Hack | ||
|
2019-04-08 03:00:00 | Inside the 2014 hack of a Saudi embassy (lien direct) | An attacker claiming to be ISIS took control of the official email account of the Saudi Embassy in the Netherlands in August, 2014 and sent emails to more than a dozen embassies at The Hague demanding $50 million for ISIS, or they would blow up a major diplomatic reception, documents seen by CSO reveal. | Hack | ||
|
2019-03-14 03:00:00 | My two favorite companies from RSA Conference 2019 (lien direct) | I've got a confession to make. I've never attended an RSA Conference before last week. For RSAC 2019, however, I had the honor of giving one of my favorite presentations, 12 Ways to Hack 2FA. The crowd filled the presentation room and a spill-over room to hear it. I was a little under the weather, but I think it went well enough. | Hack | ||
|
2019-03-07 03:00:00 | How to hack a smartcard to gain privileged access (lien direct) | I can change an email address and steal your most privileged credentials. | Hack | ||
|
2019-02-27 10:23:00 | What is ethical hacking? How to get paid to break into computers (lien direct) | What is ethical hacking? Ethical hacking, also known as penetration testing or pen testing, is legally breaking into computers and devices to test an organization's defenses. It's among the most exciting IT jobs any person can be involved in. You are literally getting paid to keep up with the latest technology and get to break into computers without the threat of being arrested. Companies engage ethical hackers to identify vulnerabilities in their systems. From the penetration tester's point of view, there is no downside: If you hack in past the current defenses, you've given the client a chance to close the hole before an attacker discovers it. If you don't find anything, your client is even happier because they now get to declare their systems “secure enough that even paid hackers couldn't break into it.” Win-win! | Hack Threat | ||
|
2019-02-07 03:00:00 | Power LogOn offers 2FA and networked password management for the enterprise (lien direct) | Like most humans, I'm more vocal about the things I don't like and less likely to crow about the things I do like. Since I wrote my popular 11 ways to hack 2FA article, I've been besieged by vendors eager to show me how their authentication solution defeats all the hacking issues I wrote about. | Hack | ||
|
2019-01-29 03:00:00 | OSCP cheating allegations a reminder to verify hacking skills when hiring (lien direct) | Few infosec certifications have developed the prestige in recent years of the Offensive Security Certified Professional (OSCP), an entry-level penetration testing certification with a reputation for being one of the most difficult out there. Run by Offensive Security (OffSec), the makers of Kali Linux, whose motto is "Try harder," the OSCP features a grueling 24-hour exam that requires students to hack a variety of machines on a test network. (Full disclosure: This reporter previously paid to self-study for the OSCP but did not take the exam. He plans to #TryHarder.) | Hack | ||
|
2019-01-10 03:00:00 | 2 critical ways regulations and frameworks weaken cybersecurity (lien direct) | I'm a big believer in regulations and frameworks. Early on I wasn't. When you're young, just starting to cybersleuth, you feel like you can take on the world. You can hack anything. You can prevent anyone from hacking you. Policies and frameworks were for the losers who couldn't secure their way out of a paper bag. | Hack | ||
|
2018-12-27 03:00:00 | The most interesting and important hacks of 2018 (lien direct) | Each year a few hackers do something new that begs further examination. The general public and Hollywood paints most hackers as these uber-smart people who can take control of entire city's infrastructure and crack any password in seconds. The reality is that most hackers are fairly average people with average intelligence. Most don't do anything new. They just repeat the same things that have worked for years, if not decades, using someone else's tool based on someone else's hack from many years ago. | Hack Tool | Uber | |
|
2018-12-10 06:19:00 | 8 old technologies that still play roles in security (lien direct) | It's easy to assume newer is better, but technology that has been around for decades or longer still has a place in cybersecurity. In some cases, it is difficult to hack and therefore less vulnerable. In others, it just continues to be the best option for a very specific purpose. | Hack | ||
|
2018-11-06 02:54:00 | The OPM hack explained: Bad security practices meet China\'s Captain America (lien direct) | In April of 2015, IT staffers within the United States Office of Personnel Management (OPM), the agency that manages the government's civilian workforce, discovered that some of its personnel files had been hacked. Among the sensitive data that was exfiltrated were millions of SF-86 forms, which contain extremely personal information gathered in background checks for people seeking government security clearances, along with records of millions of people's fingerprints. The OPM breach led to a Congressional investigation and the resignation of top OPM executives, and its full implications-for national security, and for the privacy of those whose records were stolen-are still not entirely clear. | Hack | ||
|
2018-11-05 08:42:00 | (Déjà vu) Republican Kemp accuses Georgia Democrats of hacking but provides no proof (lien direct) | Toss around accusations of a failed attempt to hack a state's voter registration system - without actually providing any proof - that's one way to really stir things up right before the midterm elections.That is what Brian Kemp, Georgia's current secretary of state - who is also the Republican candidate for governor - did on Sunday. With the midterm elections just a few days away, Kemp accused the Democratic Party of Georgia of hacking the state's voter registration system. Democrat Stacey Abrams, his opponent, called it “a reckless and unethical ploy” to mislead voters. | Hack Guideline | ||
|
2018-11-05 08:42:00 | (Déjà vu) Republican Kemp accused Georgia Democrats of hacking but provided no proof (lien direct) | Toss around accusations of a failed attempt to hack a state's voter registration system – without actually providing any proof, that's one way to really stir things up right before the midterm election.That is what Brian Kemp, Georgia's current secretary of state – who is also the Republican candidate for governor, did on Sunday. As you know, midterm elections are on Tuesday. So right before the election, Kemp accused the Democratic Party of Georgia of hacking. Democrat Stacey Abrams, his opponent, called it “a reckless and unethical ploy” to mislead voters. | Hack Guideline | ||
|
2018-10-30 03:00:00 | Biggest data breach penalties for 2018 (lien direct) | Uber: $148 million Image by Getty/UberIn 2016 ride-hailing app Uber had 600,000 driver and 57 million user accounts were breached. Instead of reporting the incident the company paid the perpetrator $100,000 to keep the hack under wraps. Those actions, however, cost the company dearly. The company was fined $148 million -- the biggest data-breach payout in history – for violation of state data breach notification laws. |
Data Breach Hack | Uber | |
|
2018-09-25 03:00:00 | The Sony hacker indictment: 5 lessons for IT security (lien direct) | In August 2018, the US Department of Justice (DoJ) unsealed the indictment of a North Korean spy, Park Jin Hyok, whom they claim was behind the hack against Sony and the creation and distribution of the WannaCry ransomware. The 170-plus-page document was written by Nathan Shields of the FBI's LA office and shows the careful sequence of forensic analysis they used to figure out how various attacks were conducted. | Hack | Wannacry | |
|
2018-09-13 09:15:00 | IDG Contributor Network: Can you hack me now? (lien direct) | “Can you hear me now?”With well over 200,000 cell towers up and running in the United States (and counting), the question posed by Verizon in a wildly successful 2011 ad campaign, has been answered in the affirmative for the overwhelming majority of the country. But in the wake of a new, super connected wireless world, some other questions have emerged:How secure is all that wireless coverage?What types of attack loopholes, if any, exist?Are the wireless carriers favoring supreme accessibility too greatly over commonsense security, which is essentially the same oversight made by the Internet's founding fathers many years ago? That oversight unknowingly paved the way for the current state of today's networking world, which is wrought with data breaches, device corruption, and system downtime… Let's not make that same mistake again. | Hack | ||
|
2018-09-11 07:32:00 | (Déjà vu) British Airways hack was by same group that compromised Ticketmaster (lien direct) | The British Airways hack boiled down to attackers using 22 lines of code for digital payment card skimming on the baggage claim page and resulted in 380,000 customers having their personal and payment information stolen between Aug. 21 and Sept. 5, 2018.RiskIQ head researcher Yonathan Klijnsma attributed the hack to the cybercriminal group dubbed Magecart – the same group of attackers responsible for the Ticketmaster UK breach.While apologizing for the customer data theft, British Airways' boss Alex Cruz told the BBC that hackers pulled off a “sophisticated, malicious criminal attack.” Despite technical details being all but nonexistent in British Airways' breach notification, experts say attackers used a “simple but highly targeted approach.” | Hack | ||
|
2018-09-11 07:32:00 | (Déjà vu) British Airways hack used digital skimmers by group that compromised Ticketmaster (lien direct) | The British Airways hack boiled down to attackers using 22 lines of code for digital payment card skimming on the baggage claim page and resulted in 380,000 customers having their personal and payment information stolen between August 21 and September 5.RiskIQ head researcher Yonathan Klijnsma attributed the hack to the cybercriminal group dubbed Magecart – the same group of attackers responsible for the Ticketmaster UK breach.While apologizing for the customer data theft, British Airways' boss Alex Cruz told the BBC that hackers pulled off a “sophisticated, malicious criminal attack.” Despite technical details being all but nonexistent in British Airways' breach notification, experts say attackers used a “simple but highly targeted approach.” | Hack | ||
|
2018-09-06 11:50:00 | IDG Contributor Network: Why data loss prevention is a throwback technology (lien direct) | Black Hat 2018 may be behind us, but the trends, conversations and news coming out of the show are still top of mind. The conference was buzzing with cutting-edge topics, from election hacking to “whack-a-mole” security (as dubbed by Parisa Tabriz, director of engineering at Google).For me, Black Hat is a time to connect with customers, prospects, partners, colleagues and friends to discuss the latest in insider threat management. Typically, during conference season, I come away with a few key takeaways (and free swag) that inform decisions I make for the strategy and management of the organization I run. This year proved to be no different.Self-driving cars, election hacking and more Black Hat is one of the top conferences for security professionals to learn about the latest technologies and vulnerabilities to be aware of in the coming year. From the surprising safety of self-driving cars, to new ways to hack into what many thought were secure systems, Black Hat is the spot for the latest innovations, hacking methods and more. | Hack Threat | ||
|
2018-09-02 09:00:00 | (Déjà vu) Bitfi removes unhackable claim from crypto wallet (lien direct) | I'm so surprised the unhackable Bitfi wallet was hacked - said no one ever. While this was not even the first time the $120 hardware wallet was hacked, it was enough for Bitfi to strike the “unhackable” claim from its website.Bitfi wallet backer and big mouthpiece John McAfee, however, still claims the cryptocurrency wallet is unhackable and went so far as to offer $20 million to one particular hacker if he can hack McAfee's wallet. BitFi offered $100,000 to anyone who could take the coins from its factory wallet. Hackers complained it was too little, and why should they have to buy the wallet. It increased to $250,000. No takers. I'm now offering $20 mil to one fraudulent hacker - @cybergibbons He refused. | Hack | ||
|
2018-09-02 09:00:00 | (Déjà vu) Bitfi removed unhackable claim yet McAfee offers hacker $20 million for wallet hack (lien direct) | I'm so surprised the unhackable Bitfi wallet was hacked…said no one ever; while it was not even the first time the $120 hardware wallet was hacked, it was enough for Bitfi to strike the “unhackable” claim from its website. Bitfi wallet backer and big mouthpiece John McAfee, however, still claims the cryptocurrency wallet is unhackable and went so far as to offer $20 million to one hacker if he could hack McAfee's wallet. BitFi offered $100,000 to anyone who could take the coins from its factory wallet. Hackers complained it was too little, and why should they have to buy the wallet. It increased to $250,000. No takers. I'm now offering $20 mil to one fraudulent hacker - @cybergibbons He refused. | Hack | ||
|
2018-08-16 02:56:00 | Hack mobile point-of-sale systems? Researchers count the ways (lien direct) | Ever since the infamous and massive security breach at retailer Target nearly five years ago, more and more attention has focused on the potential flaws that can make payment systems vulnerable to digital attack.And now, with payments increasingly shifting to mobile platforms, it appears that the potential for hacking the mobile point-of-sale (mPOS) systems that make it possible for merchants to accept card and even cryptocurrency payments on-the-go is also shifting.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Presenting at the Black Hat USA information security conference last week in Las Vegas, prominent U.K. security researchers showcased recent research detailing the inherent vulnerabilities they discovered among four of the most popular mPOS systems operating in both the United States and Europe. In what is believed to be the most comprehensive review of mPOS security to-date, security researchers from London-based Positive Technologies plumbed the inner workings of the mobile payment infrastructure of seven mPOS readers offered by Square, SumUp, PayPal and iZettle and found a host of potential ways to hack these systems. | Hack | ★★ | |
|
2018-08-15 03:00:00 | Why you should consider crowdsourcing IT security services (lien direct) | A crucial part of securing IT infrastructure, applications and services is asking independent white hat hackers to hack it. Hackers will try to break in regardless, so you might as well be part of the process to maximize the benefits. Unfortunately, not every company has the resources to hire a penetration testing team. [ Find out how to do penetration testing on the cheap ... and not so cheap. | Get the latest from CSO by signing up for our newsletters. ] | Hack | ★★ | |
|
2018-08-09 13:16:00 | IDG Contributor Network: Here I am, hack me (lien direct) | Those of us in healthcare are reeling from the recent ransomware attack at LabCorp. The company, one of the largest medical testing companies in the world, confirmed that a known group of bad actors penetrated their network late on a Friday night via an exposed RDP port, and infected more than 30,000 systems with SamSam ransomware. LabCorp deserves some kudos, given reports that they had the attack contained in less than 50 minutes, which is quite amazing, if true. Kudos notwithstanding, however, why did they allow their network to be penetrated in the first place? | Ransomware Hack | ||
|
2018-07-19 04:00:00 | IDG Contributor Network: Hack like a CISO (lien direct) | I have written several times over the last couple of years about how the role of today's CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as their most senior security executive requires one to be creative and flexible on how to approach issues. Part of this creativity that many CISOs develop over time is specific processes or “hacks” that they have found useful to grow their security programs and use resources efficiently.A hack has multiple definitions; it can be defined as a piece of computer code providing a quick or inelegant technique to solve a particular problem. It also can be what I believe is a more appropriate definition for CISOs – a process, strategy or technique for managing one's time, resources, teams or program more efficiently. | Hack | ||
|
2018-07-16 02:58:00 | 5 ways to hack blockchain in the enterprise (lien direct) | One of the hottest topics in cybersecurity circles is the enterprise blockchain. This is the same technology that underpins cryptocurrencies like Bitcoin. Simply defined, blockchain is a list of transactions or contracts shared with peers and locked down by some clever cryptography. Beyond Bitcoin, it can ensure the integrity of supply chains, manage contracts, or even as serve as a platform for financial transactions. | Hack | ||
|
2018-07-09 07:55:00 | Thieves hack Marathon gas station, steal $1,800 of gas (lien direct) | An hour past high noon, hackers allegedly used a “remote device” to control a prepaid gas pump at a Marathon gas station in Detroit, allowing 10 vehicles to steal $1,800 of gas over a 90-minute period.How many gallons of gas can your vehicle hold? Surely not 60? Yet the Detroit gas “hack” reportedly included a “convoy” of 10 vehicles, pulling in and pumping one after another for an hour and a half, managing to steal 600 gallons of gas. That implies each vehicle stole 60 gallons. There is no mention of people in those vehicles also filling up gas cans, barrels or other storage, so the total of 10 vehicles filling up for free to make off with 600 gallons doesn't seem quite right. | Hack | ||
|
2018-06-26 03:40:00 | 4 scams that illustrate the one-way authentication problem (lien direct) | My 11 ways to hack 2FA column a few weeks ago continues to be a popular discussion topic with readers. Most people are shocked about how easy it is to hack around two-factor (2FA) and multi-factor authentication (MFA). It isn't hard. Sometimes it's as easy as a regular phishing email. [ Learn about alternatives to the password. | Get the latest from CSO by signing up for our newsletters. ] | Hack |
1
We have: 45 articles.
We have: 45 articles.
To see everything:
Our RSS (filtrered)
