Modern endpoint backup means real-time data protection. Get it from Code42. Click here.
Welcome Guest | Sign In
LinuxInsider.com
Apple Ransomware Reveals Cert Problem
March 17, 2016
Researchers last week discovered the first ransomware in the wild aimed at Apple's hardware platform. While the threat was subdued quickly, it exposed the weakness of digital certificates in authenticating software to devices. The ransomware appeared as a legitimate application because it contained a digital certificate stolen from a bona fide Mac developer in Turkey.
Celebgate Hacker Strikes Plea Deal
March 17, 2016
Prosecutors for the U.S. Attorney's Office for the Central District of California on Tuesday announced they had reached a plea agreement with Ryan Collins, a Pennsylvania resident, over charges that he hacked Apple and Google email accounts of more than 100 people back in 2014. The allegations stemmed from the official investigation into the hacking case dubbed "Celebgate."
Facebook Exec's Brazilian Misadventure Signals Bigger Problem
March 10, 2016
The jailing last week of Facebook Regional Vice President Diego Dzoda in Brazil may have been the tip of an iceberg. Frustrated police made the arrest after Facebook failed to produce WhatsApp messages connected to a drug trafficking case. The incident is one of a growing heap of examples that highlight the difficulties law enforcement agencies face when trying to collect digital evidence.
Google Brings Project Shield to DDoS Battlefield
February 26, 2016
Google on Thursday announced that it was expanding its Project Shield program, offering to protect news and human rights websites from distributed denial of service attacks for free. Project Shield uses Google's security infrastructure to detect and filter DDoS attacks, which flood websites with Internet traffic or service requests in order to impair their functioning or take them down altogether.
Operation Blockbuster Brings the Fight to Sony Hackers
February 25, 2016
Operation Blockbuster, a coalition of security companies led by Novetta, on Wednesday published a report detailing the activities of the Lazarus Group, the organization responsible for the 2014 cyberattack against Sony Pictures Entertainment. Researchers last week published detection signatures to the companies' respective software in the hope of disrupting the group's activities.
The Downside of Linux Popularity
February 25, 2016
Popularity is becoming a two-edged sword for Linux. The open source operating system has become a key component of the Internet's infrastructure, and it's also the foundation for the world's largest mobile OS, Google's Android. Widespread use of the OS, though, has attracted the attention of hackers looking to transfer the dirty tricks previously aimed at Windows to Linux.
Security Pros to Users: Do as We Say, Not as We Do
February 24, 2016
IT pros -- the gatekeepers of company security policies -- are willing to bend the rules to get things done, according to Absolute Software, based on survey findings it released last week. Forty-five percent of IT pros confessed they knowingly worked around their own security policies, according to the survey. Moreover, 33 percent admitted to hacking their own or another organization's systems.
Hollywood Hospital Succumbs to Hacker Shakedown
February 19, 2016
Hollywood Presbyterian Medical Center on Wednesday announced that it paid approximately $17,000 to resume normal operations after digital extortionists knocked its computer systems offline. The Los Angeles hospital discovered its computer network infected with ransomware earlier this month. After paying the ransom, the hospital was able to bring its electronic medical record system online.
DHS Ready to Share Intelligence With Private Sector
February 18, 2016
The U.S. Department of Homeland Security this month will start sharing threat information with a small number of hand-picked companies under the newly enacted Cybersecurity Information Sharing Act. DHS hopes to collect threat indicators from companies and redistribute them to other companies so everyone gets a better view of threats and can use that knowledge to bolster defenses.
Hollywood Hospital Hacked Back to Paper Age
February 17, 2016
Hollywood Presbyterian Medical Center last week revealed its computer systems were offline after a ransomware attack scrambled the data on its systems. Ransomware is a form of malware that encrypts data and system files on a computer and demands a ransom payment to unscramble the files. Since the attack, HPMC medical personnel have resorted to faxes and handwritten charts to perform their tasks.
IRS Halts Hack Attack
February 11, 2016
The Internal Revenue Service on Tuesday said it recently discovered and halted an automated bot attack on its electronic filing PIN application website. Identity thieves used malware in an attempt to generate E-file PINs for 464,000 Social Security numbers stolen from another source, the IRS said. The hackers succeeded in accessing an E-file PIN for 101,000 of those numbers.
Hacker Posts Stolen Data on FBI, Homeland Security Employees Online
February 9, 2016
The U.S. departments of Justice and Homeland Security on Monday announced they were investigating reports that a hacker broke into government computer systems and stole sensitive information about employees at the agencies. The hacker posted stolen information for about 9,000 DHS employees online Sunday and made public data on 20,000 FBI employees Monday.
Old-Timey Mischief on Display at the Malware Museum
February 9, 2016
The Internet Archive on Friday cut the ribbon on its online Malware Museum, an online compendium of malware programs computer users in the 1980s and 1990s sometimes encountered. Everything old is new again, apparently. The museum presents examples of the viruses, complete with the messages or animations they would have shown when infecting a computer.
Oracle Pulls Plug on Java Browser Plug-In
January 30, 2016
Oracle earlier this week announced its decision to scrap its Java browser plug-in. The plug-in, a frequent target of hackers, won't be included in the next version of JDK 9, which is expected to ship in September. Oracle's action was motivated by browser makers' withdrawal of support for the plug-in. Developers of applications that depend on it need to consider alternatives, the company said.
FDA Guidelines Target IoT Medical Device Security
January 28, 2016
The U.S. Food and Drug Administration last week took a step toward addressing the threat the Internet of Things poses to patients and their data by releasing some proposed guidelines for managing cybersecurity in medical devices. "Networked medical devices, like other networked computer systems, incorporate software that may be vulnerable to cybersecurity threats," the FDA says in its proposal.
Snap-Happy Trojan Targets Linux Servers
January 22, 2016
Security researchers at Dr.Web on Tuesday revealed details of the Trojan Linux.Ekoms.1, which takes screen shots and records audio to acquire sensitive and personal information, mostly from Linux servers. Malware for Linux is becoming more diverse and includes spyware programs, ransomware and Trojans designed to carry out distributed denial-of-service attacks, according to Dr.Web.
GM Bug Program Gets Mixed Notices
January 21, 2016
Two white-hat hackers, Charlie Miller and Chris Valasek, made headlines last year when they demonstrated how they could hijack the control systems of a moving motor vehicle over the Internet. The move got the attention of the auto industry, and last week General Motors put in place a program to encourage more digital dabblers to alert the company when they find bugs in GM vehicles.
Ukraine Mounts Investigation of Kiev Airport Cyberattack
January 20, 2016
Ukrainian officials earlier this week said they had launched a probe into the source of a cyberattack that targeted a Kiev Airport. The attack may be related to the BlackEnergy malware attacks that recently targeted Ukrainian infrastructure facilities, apparently from Russia. CERT-UA on Monday warned system administrators to be on the alert for the presence of BlackEnergy malware.
Phishing Attack Could Net LastPass Credentials
January 19, 2016
LastPass has boosted security for its users after a security researcher alerted the company of a phishing attack he devised to steal users' login and two-factor authentication credentials. Sean Cassidy, CTO of Praesidio, demonstrated the phishing attack, which he calls "LostPass," last week at ShmooCon. "We think this is a very serious problem," said Praesidio CEO Edgardo Nazario.
OpenSSH Flaw Could Leak Crypto Keys
January 15, 2016
Qualys on Thursday reported a flaw in the OpenSSH client that could let a hacker steal the client's private crypto keys. The bug is the result of an undocumented feature called "roaming" that exists in version 5.4 and above. It's one of two vulnerabilities that a malicious SSH server or a trusted but compromised server can exploit, Qualys said. The other is a heap-based buffer overflow.
Privacy as a Service Advocates Promise Better Data Protection
January 14, 2016
There's been a lot of wailing and gnashing of teeth about the Sisyphean task of protecting privacy in the Digital Age, but that hasn't stopped innovators from searching for ways to preserve it. One of the latest ideas to emerge in the field is Privacy as a Service. As with many emerging technologies, the definition of "PaaS" (not to be confused with Platform as a Service) is in flux.
Hack Lets PS4 Run Linux
January 7, 2016
Hacking team fail0verflow last week demonstrated a hack of Sony's PlayStation 4 game console that allows anyone running the modification to run the Linux OS on the appliance. The demo was part of a lightning talk session at the 32nd Chaos Communication Congress. The hackers used exploits in FreeBSD, PS4's operating system and WebKit, which powers the game console's browser.
Major Security Flaw Found in Silent Circle's Blackphone
January 7, 2016
Security researchers at SentinelOne on Wednesday revealed a vulnerability they discovered in the Blackphone. The flaw -- an obscure socket -- lets an attacker take over and control communications on the Blackphone, a highly secure Android smartphone Silent Circle developed and marketed in reaction to news of government surveillance of people's communications.
Iranian Cyberattack on American Dam Viewed As Rarity
January 7, 2016
Just days before Christmas, a rare event occurred: the report of a successful intrusion into America's infrastructure by overseas hackers. The event -- penetration of the control system of a dam 20 miles from New York City -- happened more than two years ago but wasn't made until last month. Cloaking such incidents in secrecy is standard operating procedure for industries that use control systems.
Security Execs Sweat Insider Threats
December 31, 2015
Insider threats are becoming increasingly worrisome to corporate security executives. That is one of the findings in a survey of C-level businesspeople Nuix released last week. "The insider threat seems to be a bigger concern this year than it was in previous years," said Nuix's Keith Lowry. "People are recognizing that it is a significant weakness that has yet to be fully addressed."
Backspace Flaw Enables Linux Zero-Day Attack
December 28, 2015
Researchers last week revealed a zero-day flaw that lets attackers take over a Linux system by pressing the backspace key repeatedly. Pressing backspace 17 to 20 times will overwrite the highest byte of the return address of the grub_memset() function, ultimately causing a reboot by redirecting control flow to the 0x00eb53e8 address, according to the Cybersecurity Group at the Universitat Politecnica de Valencia.
All Security Pros Want for Christmas: Smarter Users, Decoy Networks
December 24, 2015
People like to see gifts from their wish lists under the Christmas tree, and security pros are no exception. Here are things some cyberwarriors would like old St. Nick to deliver to them. "It's probably never going to happen, but it would be fantastic to get smarter users who are less susceptible to social engineering," said Proofpoint's Ryan Kalember.
Three Charged in Hacking Case That Spammed 60M
December 17, 2015
Federal prosecutors in New Jersey on Tuesday charged three men in a $2 million identity theft scheme to hack corporate computer systems and blast spam messages to more than 60 million people. The defendants face up to 20 years in prison and $250,000 in fines on wire fraud charges, and up to five years in prison and $250,000 in fines on email and computer conspiracy charges.
Creating Rules of War for Cyberspace
December 17, 2015
The idea of a "Cyber Geneva Convention" has gained steam in the last five years. Based on the original Geneva Convention, it would ensure that certain types of attacks and specific targets would remain off-limits in a cyberwar. The concept of rules dictating what shouldn't be allowed in war came about after Henry Dunant visited wounded soldiers during the Second Italian War of Unification.
UK Police Pinch Suspect in VTech Hack
December 16, 2015
UK police have arrested a 21-year-old man as part of their investigation into last month's hack on VTech's systems. The man was arrested in Bracknell, 30 miles west of London, on suspicion of unauthorized access to a computer to facilitate the commission of an offense and suspicion of causing a computer to perform functions to secure or enable unauthorized access to a program or data, police said.
See More Articles in Hacking Section >>
Facebook Twitter LinkedIn Google+ RSS
About Russia's possible involvement in Democratic Party hack attacks:
It's highly unlikely that Russia orchestrated the attacks.
Russia is behind them, and they're a threat to U.S. democracy.
Blaming Russia is just a distraction from damaging leaks.
Russia's meddling won't have much effect.
If they can expose Clinton, more power to the Russians.
Trump's encouragement of Russian cyberspying was irresponsible.