The wonderful and terrifying thing about the security world is that things never stay calm for long. As soon as you think you have a chance to catch your breath, someone breaks something and it’s time to scramble again. In 2014, those small moments of downtime were hard to come by.
Tag Archives: Hacks
Staples Confirms 1.2 Million Cards Lost in Breach
Staples confirmed that it lost close to 1.2 million payment cards in a data breach lasting close to six months and affecting 115 locations in 35 states.
USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds
Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it’s a $20 USB microcontroller that Kamkar has loaded with code that can install a backdoor on a target machine in […]
12 Million Home Routers Vulnerable to Takeover
Check Point has disclosed few details on a cookie vulnerability in the RomPager webserver running inside 12 million embedded devices. The flaw puts home routers at risk to attack.
Attackers Compromise ICANN, Access Zone Files System
Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names. The attack apparently took place in November and ICANN officials discovered it earlier this month. The intrusion started […]
Sony: Employee Health Information May Have Been Compromised
Sony Pictures Entertainment has sent a letter to employees warning them that, along with huge amounts of corporate and employee information, some personal health data belonging to SPE employees may also have been compromised in the attack that hit the company in late November. The letter, which also was sent to the California Office of […]
Researcher: ‘Lax’ Crossdomain Policy Puts Yahoo Mail At Risk
A security researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that puts email content and contacts at risk.
Black Energy Malware May Be Exploiting Patched WinCC Flaw
Experts at ICS-CERT say that the BlackEnergy malware that has been seen infecting human-machine interface systems may be exploiting a recently patched vulnerability in the Siemens SIMATIC WinCC software in order to compromise some systems.
Some Recursive DNS Implementations Patch DoS Vulnerability
Some domain name server (DNS) implementations are at risk for denial-of-service attacks after a vulnerability was disclosed and patched in a few popular server packages, including BIND, PowerDNS and NLnetLabs.
EC3 Head Paints Bleak Cybercrime Picture
Troels Oerting, head of Europol’s EC3, explains the extreme difficulties law enforcement faces when investigating and prosecuting cybercrime at Georgetown Law’s Cybercrime 2020.