NYPD detective charged with hiring email hackers to break into colleagues’ personal accounts
New York City police have arrested a NYPD detective for hiring an email hacking service to pinch the login details for at least 43 personal email accounts and one cell phone belonging to at least 30 individuals.
Edwin Vargas, 42, of Bronxville (a part of New York City), is accused of having paid $4,050 via PayPal to an illicit hacking service between March 2011 and October 2012.
According to a statement from Preet Bharara, the US Attorney for the Southern District of New York, Federal Bureau of Investigations (FBI) agents arrested Vargas outside his home on Tuesday.
Officials said that 19 of Vargas’ alleged targets are current NYPD officers, one is retired from the NYPD, and another is an administrative staff member of the NYPD.
Vargas allegedly used the login credentials to peek into at least one personal email account belonging to a current NYPD officer. He also allegedly accessed another victim’s online cellular telephone account.
To read more click here:
Why Twitter’s two-factor authentication isn’t going to stop media organisations from being hacked
A posting from Naked Security on Why Twitter’s two-factor authentication isn’t going to stop media organisations from being hacked:
Twitter has announced the availability of two factor authentication (2FA) for its service, meaning that users can opt-in to something stronger than just a username and password to protect their accounts.
In a blog post, Twitter explains how the new security measure works.
If you decide to turn 2FA on for your Twitter account, every time you try to log into the site you will be prompted to enter a six-digit code that Twitter sends to your phone via SMS.
Here is a video Twitter released, demonstrating the feature:
So, the big question is this… is this going to help media organisations such as The Guardian, NPR, the Financial Times, and others who have found their Twitter accounts hijacked by the likes of the Syrian Electronic Army?
Sadly, I don’t think it’s going to help them at all.
Media organisations who share breaking news via social media typically have many staff, around the globe, who share the same Twitter accounts.
2FA isn’t going to help these companies, because they can’t all access the same phone at the same time.
To read more click here:
Controlling The Risks Of Vulnerable Application Libraries
A posting from Dark Reading in there Application Security section:
During the past decade, developers have increasingly leaned on third-party components, such as open-source libraries, to dramatically lighten the load during coding. These components can help reduce time spent adding basic or universal features and functions so that developers can focus their work on the innovative code that will differentiate their applications from the crowd. Unfortunately, this valuable short cut adds another layer of risk to the development process.
“The cost of including a library has gone way down. Developers aren’t stupid, so they’re naturally going to say, ‘I don’t have to write that code, I’ll just pay a library to do it,'” says Jeff Williams, CEO of Aspect Security and a key volunteer in the OWASP organization, who explains that the resultant risk is that developers are pulling in potentially insecure code and running it with the full privilege of the application. “I can’t really underestimate the amount of risk we’re talking about here. If there is vulnerability in the library, you’ve now exposed everything that that application is in control of.”
To read more click here:
New Focus On Risk, Threat Intelligence Breathes New Life Into GRC Strategies
A posting Dark Reading in the Risk Management section:
A growing need for security discipline and the availability of better threat data are changing the old, monolithic Governance, Risk and Compliance concept into a near-term enterprise risk management project, experts say.
GRC, a methodology for building global IT policies, priorities and practices around key risk and compliance factors, has long been viewed as a framework that was too complex and resource-intensive for all but the largest enterprises. But driven by a need to improve security and add some means of measuring risk, many businesses are pushing past these old perceptions and implementing elements of the technology, without necessarily tagging their efforts with the GRC name.
“The market for [GRC] management is growing, as more companies recognize the value in safeguarding their business practices — not just because doing so is good for business, but because it’s necessary for protection against specific economic and market conditions,” says William Jan, vice president and practice leader at research firm Outsell, in the company’s 2013 GRC market assessment.
To read more click here:
Guantanamo Wi-Fi shuttered after Anonymous hacking threat
A posting from CNet News in there Security and Privacy section:
After the hacking collective Anonymous launched a Twitter campaign pledging to go after the Guantanamo Bay Naval Base in Cuba, the U.S. military barred all Wi-Fi access on the base, according to the Associated Press. All social media, including Facebook and Twitter, also has been banned.
Army Lt. Col. Samuel House told the Associated Press that the shuttering of the base’s Wi-Fi was because of Anonymous’ public plans to “disrupt activities” at the military prison.
While no disruptions have yet been reported, according to the Associated Press, Anonymous has promised to make good on its threats.
The group said it launched its online protest in solidarity with the prisoners who have been on a hunger strike for the last few months. Anonymous publicized its campaign via several “Twitter Storm” packages with various hashtags referencing days in May, including #GTMO17, #GTMO18, and #GTMO19.
To read more click here:
Breakfast malware at Tiffany’s? Trojan horses spammed out widely
A posting from Naked Security : Did you open your email inbox this morning to find an email like the following?
Kindly open to see export License and payment invoice attached, meanwhiole we sent the balance payment yesterday.
Please confirm if it has settled in your account or you can call if there is any problem.Thanks
Karen parker
Whatever you do, don’t open the file attached to the email.
Contained inside the file invoice copy.zip is a malicious Trojan horse, designed to compromise your computer.
Sophos products detect the malware proactively as Mal/BredoZp-B, but users of other vendors’ products should check that their software is fully up-to-date and defending against the threat.
To read more click here:
