cybersecurity

Auto Added by WPeMatico

Hackers are getting really good at hacking Ring cameras and the results are terrifying

Hackers are getting really good at hacking Ring cameras and the results are terrifying

In case you needed another reminder of the potentially terrifying downside of having a Wi-Fi-connected security camera in your home, consider this: it’s surprisingly easy for hackers to gain access to them.

Hackers have created software that essentially streamlines the process, and are selling and sharing it on internet forums, Motherboard reported. The exploit is possible not because of any one vulnerability in Ring’s software, but rather how it takes advantage of insecure passwords in order to get into the accounts in question. 

This is much more than a theoretical vulnerability. There have been reports all around the country of people encountering strangers on the other end of their in-home security camera.  Read more…

More about Tech, Amazon, Cybersecurity, Ring, and Tech

Hackers are getting really good at hacking Ring cameras and the results are terrifying

Hackers are getting really good at hacking Ring cameras and the results are terrifying

In case you needed another reminder of the potentially terrifying downside of having a Wi-Fi-connected security camera in your home, consider this: it’s surprisingly easy for hackers to gain access to them.

Hackers have created software that essentially streamlines the process, and are selling and sharing it on internet forums, Motherboard reported. The exploit is possible not because of any one vulnerability in Ring’s software, but rather how it takes advantage of insecure passwords in order to get into the accounts in question. 

This is much more than a theoretical vulnerability. There have been reports all around the country of people encountering strangers on the other end of their in-home security camera.  Read more…

More about Tech, Amazon, Cybersecurity, Ring, and Tech

Cybersecurity expert Alex Stamos on Facebook’s counter terrorism team and the private-public divide

Alex Stamos rose to fame as the former chief security officer for Yahoo and then Facebook. But today he’s the director of Stanford’s Internet Observatory, where he’s immersed in teaching and research safe tech — and understands better than most the threats that the U.S. is facing, particularly as we sail toward the next U.S. presidential election.

Last night, at a StrictlyVC event in San Francisco, he talked with New York Times cybersecurity correspondent Sheera Frenkel about a small number of these massively impactful issues, first by revisiting what happened during the 2016 president election, then catching up the audience on whether the country’s defenses have evolved since. (The short version: they haven’t. If there’s any good news at all, it’s that the federal and state governments are at least aware now there’s an issue, whereas they appeared largely blindsided by it the last time around.)

What worries Stamos most are “direct attacks on our election infrastructure” because there’s been so little to bolster it. In fact, a big theme of the interview was the growing inability of the public sector to protect Americans or U.S. democracy against actors who would do the country harm.

As it relates to election infrastructure specifically, Stamos used a hyperlocal example to underscore what the U.S. is dealing with right now. As he told Frenkel, “I live in San Mateo County. I’ve met the CIO of San Mateo County. Really nice guy. I’m sure he has a staff of very hard-working people. The idea that the CIO of San Mateo County has to stand up and protect himself against the [Russian military intelligence agency known as the] GRU or China’s Ministry of State Security or Iran’s Islamic Revolutionary Guard Corps or the Lazarus Group of North Korea . . . that’s frickin’ ridiculous. Like, we don’t ask the San Mateo County Sherriff’s department to get ready to repel an invasion by the People’s Liberation Army, but we ask for the cyber equivalent in the United States.”

Put into perspective, San Mateo County is one of about about 10,000 local governments in the United States that are involved in elections, said Stamos. “Nobody else in the world runs their elections this way.”

In fact, in nearly every conceivable way, “responsibilities that were once clearly public sector responsibilities are now private sector responsibilities,” he told Frenkel during a later part of their discussion. He would know, having seen it first-hand.

“When I was the chief security officer at Facebook,” he told the audience, “I had a child safety team. We probably put more bad guys away than almost any law enforcement agency outside of the FBI or [Homeland Security Investigations unit] in the child safety realm. Like, there’s no local police department in the United States that put away more child predators than the Facebook child safety team. That is a crazy stat.

Facebook also has a counter terrorism team — which not everyone realizes — and which has become in many ways the country’s first responder, he suggested. Indeed, Stamos said that “there are several terrorist attacks that you’ve never heard of because they didn’t happen because we caught them. Now, there’s some local law enforcement agency took credit for it, but it was actually our team that found it and turned it over to them with a bow on it.”

Americans might shrug off this continuing shift in who is tackling what, but they do it at their peril, suggested Stamos — who managed to keep the crowd laughing, even as he painted a bleak picture. As he noted, the big tech “companies are exercising this power without any kind of democratic oversight.” Consider, he said, that “[Facebook’s] authorization is the terms of service that people click through and never read when they join Facebook or Instagram. That’s a bizarre set of rules to be bound by when you have such incredible power.”

Another huge blind spot, said Stamos, is the apparently inability — as well as the collective lack of determination required — of the public and the increasingly powerful private sector to coordinate their work.  Here, he offered another broad example to make it accessible. “Say you had an organized group in the United States that’s running a bunch of Facebook ads, but their money is coming from bitcoin from St. Petersburg,” said Stamos. “That is completely invisible to Facebook. That is perhaps visible to FBI . . .but they don’t have access to that actual content [on FB]. And figuring out a way for these two groups to work with each other without massively violating the privacy of everybody on the platform turns out to be super hard.”

Yet it’s worse than even that sounds, he continued. The reason: there’s no decision-tree in part because the issue has grown so unmanageable that no one wants to own what goes awry. “There’s effectively nobody in charge of this right now, which is one of the scariest things we’re facing as a country. Almost nobody is in defense of cyber, and certainly nobody is in charge of the big picture, [meaning] how do we defend against election [interference] both from a cybersecurity perspective and a disinformation perspective.”

Stamos even jokingly referred to “pockets of people in the U.S. government who are effectively hiding from the White House and trying very, very hard” to escape its attention, given the daunting job they’d be tasked with figuring out. Except, all kidding aside, with no one at the helm and “no real cross-agency process, there’s really nobody in charge,” said Stamos.

That means the “tech companies are effectively the coordinating body for this. And that’s actually really screwed up.”

Despite embracing the government, DEF CON maintains its mischievous hacker roots

TwitterFacebook

Raucous applause filled the the large convention room inside Las Vegas’s Paris casino: the government had arrived.

Seated behind a table at the annual DEF CON conference in Las Vegas was Congressman Ted Lieu, and, joined by Rep. James Langevin of Rhode Island, he had come to ask a large crowd of hackers and security professionals for help. The once famously Fed-averse crowd was loving it

But don’t get it twisted — DEF CON hadn’t gone soft. The mischievous and lawless side of this assemblage of the hacker community was out in full effect – assuming, that is, you knew where to look.  Read more…

Inviting the Man to your party

More about Hackers, Def Con, Tech, and Cybersecurity

He tried to prank the DMV. Then his vanity license plate backfired big time.

TwitterFacebook

Everyone hates parking tickets. Not everyone, however, is an information security researcher with a mischievous side and a freshly minted vanity license plate reading “NULL.”

That would be Droogie (his handle, if that’s not obvious), a presenter at this year’s DEF CON hacking conference in Las Vegas and man with a very specific problem: He’s on the receiving end of thousands of dollars worth of tickets that aren’t his. But don’t tell that to the DMV.

It wasn’t, of course, supposed to end up this way. In fact, exactly the opposite. Droogie registered a vanity California license plate consisting solely of the word “NULL” — which in programming is a term for a value of zero — for fun. And, he admitted to laughs, on the off chance it would confuse automatic license plate readers and the DMV’s ticketing system.  Read more…

More about Hackers, Def Con, Dmv, Tech, and Cybersecurity

Teenager finds educational software exposed millions of student records

TwitterFacebook

Teenager Bill Demirkapi had been ghosted. Hard. “It didn’t feel good,” he explained to the large crowd gathered to hear him speak. “It hurt my feelings.” 

But Demirkapi, despite his status as a recent high-school graduate, wasn’t lamenting the traditional spurned-love problems typical of his cohort. Far from it. Instead, he was speaking at the famous DEF CON hacker conference in Las Vegas, and the ghoster-in-question was educational software maker Blackboard. 

Demirkapi had reported numerous vulnerabilities in Blackboard’s software to the company; after initially being in communication with him, the company stopped responding to his emails. But Demirkapi, who found he could access a host of student data — including family military status, weighted GPAs, and special education status — through vulnerabilities in Blackboard’s system, was undeterred.  Read more…

More about Hacking, Students, Def Con, Tech, and Cybersecurity

Turns out your office printer is a huge cybersecurity risk

TwitterFacebook

Consider the office printer.

Massive, hulking things — the devices looming in the corner of workplaces around the world have come to represent untold hours of frustration in the form of printer jams and toner problems. According to security researchers set to present their findings this Saturday at the DEF CON hacking convention in Las Vegas, they also happen to be a cybersecurity nightmare. 

Daniel Romero Pérez and Mario Rivas Vivar, researchers at NCC Group, announced the discovery of major vulnerabilities on Thursday in name-brand printers made by the likes of Xerox, HP, Lexmark, Kyocera, Brother, and Ricoh. NCC Group shared some of the researchers’ findings with Mashable ahead of the aforementioned Aug. 10 talk, and they’re enough to elicit serious double take.   Read more…

More about Hackers, Printers, Def Con, Tech, and Cybersecurity

Turns out your office printer is a huge cybersecurity risk

TwitterFacebook

Consider the office printer.

Massive, hulking things — the devices looming in the corner of workplaces around the world have come to represent untold hours of frustration in the form of printer jams and toner problems. According to security researchers set to present their findings this Saturday at the DEF CON hacking convention in Las Vegas, they also happen to be a cybersecurity nightmare. 

Daniel Romero Pérez and Mario Rivas Vivar, researchers at NCC Group, announced the discovery of major vulnerabilities on Thursday in name-brand printers made by the likes of Xerox, HP, Lexmark, Kyocera, Brother, and Ricoh. NCC Group shared some of the researchers’ findings with Mashable ahead of the aforementioned Aug. 10 talk, and they’re enough to elicit serious double take.   Read more…

More about Hackers, Printers, Def Con, Tech, and Cybersecurity

Cloudflare announces termination of 8chan’s service

TwitterFacebook

Cloudflare has announced that it will terminate its protection of 8chan after the forum site was linked to another mass shooting over the weekend, tying the site’s “lawlessness” directly to “multiple tragic deaths.”

Pressure had mounted on the company to cease its service to 8chan, arguing that it enabled the spread of violent white supremacist rhetoric and the celebration of perpetrators of massacres. Manifestos or open letters by shooters including those responsible for the Christchurch, Poway, and El Paso shootings, all of which occurred in 2019, have been hosted on the mostly-unmoderated forums. Read more…

More about White Supremacy, 8chan, Cloudflare, Tech, and Cybersecurity

100 million Americans’ data accessed in massive Capitol One hack

TwitterFacebook

Well, this is not good. 

Finance services giant Capital One announced Monday that there had been a major cybersecurity incident directly affecting 100 million Americans and six million Canadians. Specifically, a host of their customers’ private financial data had been accessed by a hacker. 

According to a statement issued by the company, two separates breaches occurred — once on March 22 and another on March 23 — and were discovered on July 19. 

Bloomberg reports that a Seattle woman has been arrested and accused of hacking Capital One’s server at an unnamed cloud-computing company.

Notably, it seems that although the customer data in question was encrypted, the hacker was able to decrypt it.  Read more…

More about Capital One, Data Breach, Tech, and Cybersecurity

Popular Mac apps caught harvesting users’ browsing data without consent

TwitterFacebook

A number of applications on Apple’s Mac App Store are secretly gathering user data and uploading it to analytics servers.

Popular applications including Dr. Unarchiver, Dr. Cleaner, and others distributed by developer “Trend Micro, Inc.” collect and upload the user’s browser history from Safari, Google Chrome, and Firefox onto their servers via access to the macOS home directory.

These rogue apps will also collect data from other apps installed on the system, all of which is gathered the moment you launch them, according to 9to5Mac. The issue was originally spotted by a user on the Malwarebytes forum. Read more…

More about Cybersecurity, Mac Apps, Tech, and Cybersecurity

Hacker convention in Vegas is full of tin-foil hats. Literally.

TwitterFacebook

What if they really are out to get you. 

If you spend enough time walking the Las Vegas casino floors, you’re sure to come across some unique sights. But scores of people sporting all shapes and sizes of literal tin-foil hats? Welcome to DEF CON.

The annual hacker convention currently underway in the Nevada desert draws a diverse crowd of professional and hobbyist security researchers from around the world. And, for the most part, they all share one defining characteristic: the desire to stick it to The Man. 

Which, well, that specific proclivity just might end up making you a target. Read more…

More about Hackers, Def Con, Tech, and Cybersecurity

These stoner hackers want machine learning to save us from sick weed

TwitterFacebook

Nothing harshes a good mellow like sick buds. Thankfully, there may one day be an app for that. 

Hidden from the hazy Friday afternoon of Las Vegas, tucked away in the basement of the Flamingo casino, a group of likeminded hackers and security researchers gathered to explore “DIY cannabis tech” at DEF CON’s Cannabis Village. One researcher in particular, Harry Moreno, told the rather laid-back crowd that he believed that machine learning could one day solve a huge problem for home-grow enthusiasts: determining whether or not, and in what capacity, a marijuana plant is sick.

More about Marijuana, Machine Learning, Def Con, Tech, and Cybersecurity

Box that unlocks iPhones is the hottest new gadget for police

TwitterFacebook

Law enforcement agencies — despite protests from privacy advocates — have long lobbied to get access to your smartphone.

Now a mysterious U.S. startup called Grayshift — which reportedly has an ex-Apple security engineer on staff — is providing iPhone unlocking tools to cops, according to Motherboard.

GrayKey is a box that measures four by four inches wide, and features two Lightning cables at the front, as per a post by security software company Malwarebytes. 

According to Forbes, Grayshift claims the device only works with iOS 10 and 11, with iOS 9 compatibility slated for the future. Devices ranging from the iPhone X to the 6 are supported, as are various iPad models. Read more…

More about Apple, Iphone, Cybersecurity, Fbi, and Law Enforcement

Crunch Report | HBO NOW Passes 2 Million Subscribers

HBO NOW passes 2 million subscribers, Trident Capital Cybersecurity raises a $300 million fund, Pinterest adds new visual search features and Y Combinator now takes recommendations from anyone. All this on Crunch Report! Read More

Powered by WPeMatico

Google’s bug bounty program pays out $3 million, mostly for Android and Chrome exploits

security globe If you’re willing to hunt for flaws within its vast array of software and services, Google’s happy to pay up. Over the course of its 2016 Vulnerability Rewards Program, the company paid out $3 million—a third of the total $9 million that enthusiastic researchers have earned since the initiative, more colloquially known as a bug bounty program, launched in 2010. The… Read More

Powered by WPeMatico

Trump to sign yet another trash executive order, this time on 'the cyber'

‘President’ Donald Trump is expected to sign an executive order addressing cybersecurity today, Reuters reports in an item that cites “two sources familiar with the situation.” The EO is expected to be Trump’s first action to address what he called a top priority of his administration during the Presidential campaign.

(more…)

Powered by WPeMatico

What your security scientists can learn from your data scientists to improve cybersecurity

Double Exposure Of Computer Language And Man Wearing Sunglasses Security remains one of the top unresolved challenges for businesses. Billions of dollars have been spent on security technology over the last 30 years, yet hackers seem to be more successful than ever. Every organization is now under extreme threat, all the time. Here are some lessons that data scientists have learned and to which security professionals need to pay attention. Read More

Powered by WPeMatico

Secret Double Octopus nabs $6M for a stronger, easier alternative to regular 2FA

8093376393_713fb93477_k Israel is home to around 450 active startups in the field of cybersecurity, according to a recent report in Reuters. Now, the one with perhaps the most distinctive name of them all is announcing some funding for a novel approach to authentication. Secret Double Octopus — which borrows a concept from the world of nuclear launch codes to build extra-secure, but simple, keyless… Read More

Powered by WPeMatico

Recommendations on cyber security for the 45th president… Use more hackers

New York City - USA - April 27 2016: Republican presidential candidate Donald Trump gestures while speaking to press after his five-state super Tuesday win 2016 was an extraordinary year. A record number of security breaches affected billions of people worldwide, including cyber attacks that dramatically impacted the course of businesses and governments. The Unites States, the world’s most connected nation, and the rest of the world will face a deficit of 1.5 million cyber professionals over the next  five years whose jobs are essential… Read More

Powered by WPeMatico