The Five Scariest Hacks We Saw Last Week
An interesting article by By Heather Kelly on CNN.com:
(CNN) — If something can connect to a network, it can be hacked. Computers and phones are still popular targets, but increasingly so are cars, home security systems, TVs and even oil refineries.
That was the message at this year’s Black Hat and DefCon computer security conferences, which took place last week in Las Vegas. The annual conferences draw a mix of computer researchers and hackers who present the latest bugs and vulnerabilities they’ve discovered. It’s a combination of public service, business and sport.
These are some of the more popular targets covered at this year’s conferences. By drawing attention to them, the “white-hat” hackers hope to encourage greater security from the various manufacturers and industries, and more vigilance from consumers.
Typically, the presenters inform manufacturers of bugs ahead of their talks so the companies can fix the issues before they are exploited by criminals.
Remote–controlled cars
Someone hacking your computer can be an inconvenience. Someone hacking your car can be deadly.
A pair of presentations on hacking cars kicked off the DefCon conference on Friday. Australian hacker Zoz outlined the security issues fully autonomous cars will face and said car-hacking is inevitable.
Autonomous vehicles like cars and drones are essentially robots, and they rely on sensors to operate. He said a hacker could theoretically take complete control of a car over wireless networks or trick its various sensors into feeding a motorist false information about location, speed and the proximity of other cars or objects.
Fully driverless cars are still a few years away, but computerized systems are common in vehicles on the road today. Electronic control units can control a range of car functions, including braking, accelerating and steering. They manage security features, in-car displays and even seat belts.
Researchers Charlie Miller and Chris Valasek, funded by a grant from the U.S. military’s DARPA, looked into what kind of damage hackers could do to a car by taking control of a Toyota Prius and a Ford Escape.
To access the systems, they had to physically connect a computer to the cars through a diagnostics port. They wrote custom software that let them hijack the cars’ systems.
Once in control, they disabled brakes, changed the display to show incorrect speed or gas levels, and messed with the steering and seat belts. They were able to kill the engine and toy with with less consequential features like the car’s horn and lights.
Toyota played down the wired demonstration and said it is focusing on security measures to prevent wireless attacks.
Compromising smartphones
Read the rest here.
Security Books from @PacktPub use discount code (secorb18) & receive an 18% discount on each ebook
#Security books @PacktPub – http://www.packtpub.com/books/security-and-testing use code (secorb18) & receive an 18% discount on each ebook.
Cisco to Buy Sourcefire, a Cybersecurity Company, for $2.7 Billion
An interesting article by By MICHAEL J. DE LA MERCED on the NYTimes.com:
Cisco Systems agreed on Tuesday to buy Sourcefire, a provider of cybersecurity services, for about $2.7 billion in cash, in a reflection of the growing fervor for companies that can help guard against computer-based attacks.
Under the terms of the deal, Cisco will pay $76 a share in cash, nearly 30 percent higher than Sourcefire’s closing price on Monday. The offer includes retention-based incentives for Sourcefire’s executives.
The deal is Cisco’s biggest since its $5 billion acquisition of NDS Group Ltd. last year.
Sourcefire, founded in 2001, has grown into a major cybersecurity provider – one that has rejected numerous takeover bids through the years. Last year, the company reported $5 million in profit on revenue $223.1 million.
In a statement, Cisco said that adding Sourcefire would give it a portfolio of next-generation security offerings.
Read the FULL ARTICLE HERE.
New Ultimate C)PTC Penetration Testing Bootcamp by Mile2
New Ultimate C)PTC Penetration Testing Bootcamp 8/19-25 With Eric Deshetler – World Renown Pen Tester! 50% off!
Total value $9000, Aug 19 Price is only $4500
When: 8/19-25 from 8-6 Daily. Exams on 7th day.
Where: Live remote or Tampa Florida.. Your choice!
Who: Eric Deshetler, World Renown Pen Tester
Eric Deshetler – CISSP, C)ISSO, C)PTC, C)PTE, C)NFE, Linux+
Mile2 Sr. Instructor/Developer
Eric has over 10 years’ experience as a cyber-security instructor and information assurance expert. Eric served in the US Army for 8 years and led several wartime cyber-attack missions under the Joint Cyber Attack Team (JCAT), Cyber Command.
During his military tenure, Eric’s capabilities led him to work under the National Security Agency. While he was in the NSA, he conducted many computer network operations that included penetration tests, advanced forensics and malware analysis in some of the most complex incident handling events.
After the US Army, Eric worked for NASA as a Security Analyst where he was responsible for engineering and protecting high level security systems for one of the world’s fastest super computers. In addition, Eric is also responsible for testing advanced exploits, XSS vectors and engineering comprehensive security solutions.
Eric is an expert in penetration testing, cyber attacker methodologies, incident handling, malware analysis, threat mitigation, network forensics, linux/unix systems & scripts and content development. Presently Eric works for Mile2 as a cyber-security researcher, curriculum manager and instructor.
What do you you get:
- C)PTE & New C)PTC work book/lab guide
- 2 student labs (Focuses on Layer 2/3/4 firewalls, IDS, SSL VPNS and MS and Linux Boxes)
- Full access to mile2’s cyber hacking range.
- Free Exam prep guides
- Free 2nd chance exam on the C)PTE/C)PTC!
- Free C)PTE CBT – Video of course & lab demonstration
- Sexy mile2 shirt & Pen
Total value $9000, Price is $4500
Note: C)PTE is now accredited by the NSA CNSS!
Buy Now and use this discount code: bootcamp at check out:
mile2
11928 Sheldon Rd
Tampa, FL 33626
Phone: 813-920-6799
www.mile2.com
BillNelson [at] Mile2.com
Apple Developer site hacked, 275000 credentials stolen
An interesting article by our content partners at HackersNewsBulletin.com:
Apple developer site was offline since last Thursday; Apple did not comment on the incident until yesterday, blaming hackers for breaking into the site and Stealing login credentials for 275000 External Third party developers.
Apple sent an email to developers yesterday citing the hack and that they are renewing their developer systems, updating software and rebuilding entire database. People have reported that their account passwords were changed, probably meaning that the hackers had stolen important information like passwords or secret questions/answers from the site and they are trying to use it.
Apple reported hackers couldn’t get access to the developer code, but if they did, they would have been able to upload malicious applications to the ‘App Store’. The Apple Store was also unavailable on Sunday for almost 20 minutes, highlighting that the company might be doing wide security inspections.
Read the FULL ARTICLE HERE.
SIM Cards can be Hacked; Give me any phone number i will clone that researcher says
An interesting article from HackersNewsBulletin.com:
In this Modern Era everyone knows that his/her latest mobile can be hacked by hackers but now The sim card hacking flaw was discovered by German programmer Karsten Nohl, who has informed mobile operators of the potential danger.
After that all the Mobile phone users have been put on an alert that their sim cards can be hacked anytime which leads to fraud and soaring premium rate bills.
On the other hands, if we talk about the mobile operators then they says that they already aware about this flaw and taking steps to patch the flaw before customers are hit.
Worldwide Mobile Phones are Major source to be used in accessing online banking and other sensitive personal information and if the discovered flaw will be used by Hackers can make a privacy disaster, this flaw also makes some noise for the mobile customers who use their smartphones to pay bills and transfer money.
The security flaw is due to aging sim card security technology, which has struggled to keep up with high-tech smartphones such as the iPhone and Samsung’s Galaxy S4.
Flaw Researcher (Karsten Nohl) says something about his Flaw:
“Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,”
Read the rest here.
