Security research firm Rhino Security Labs found a vulnerability in the Amazon Key in-home delivery service's security procedures that could allow either the courier or even a savvy and malicious bystander to enter your home undetected after the delivery is completed.
Amazon has promised to change how Key works in order to make it easier for you to tell when something unusual is happening in this event, but the changes proposed by Amazon don't necessarily resolve the vulnerability. Amazon Key is available to Amazon customers who have bought and installed Amazon's own Cloud Cam security camera and installed it at their front door.Read more
Imagine a plane: large, wings, lots of passengers — you get the picture. And it can be hacked, or so it seems. Such a theoretical possibility has been voiced more than a few times by more than a few people; a plane, like any other modern craft, is after all a network of computers, some of which are connected to the Internet. Now such theorizing seems to have been confirmed in practice.
The claim was made by none other than a representative of the US Department of Homeland Security. In the space of two days, Robert Hickey managed to gain access to the internal systems of an aircraft parked at an airport, without having physical access to the aircraft or any insider assistance.Read more
A consumer group is urging major retailers to withdraw a number of “connected” or “intelligent” toys likely to be popular at Christmas, after finding security failures that it warns could put children’s safety at risk.
Tests carried out by Which? with the German consumer group Stiftung Warentest, and other security research experts, found flaws in Bluetooth and wifi-enabled toys that could enable a stranger to talk to a child. The investigation found that four out of seven of the tested toys could be used to communicate with the children playing with them. Security failures were discovered in the Furby Connect, i-Que Intelligent Robot, Toy-Fi Teddy and CloudPets.Read more
The US government doesn't get along with hackers. That's just how it is. Hacking protected systems, even to reveal their weaknesses, is illegal under the Computer Fraud and Abuse Act, and the Department of Justice has repeatedly made it clear that it will enforce the law.
In the last 18 months, a new Department of Defense project called "Hack the Pentagon" has offered real glimmers of hope that these prejudices could change. The government's longstanding defensive posture makes some sense in theory—it has important secrets to keep—but in practice experts have long criticized the stance as a fundamental misunderstanding of how cybersecurity works.Read more
When Apple released the iPhone X, it touched off an immediate race among hackers around the world to be the first to fool the company's futuristic new form of authentication.
A week later, hackers on the actual other side of the world claim to have successfully duplicated someone's face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible. Bkav released a blog post and video showing that—by all appearances—they'd cracked Face ID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking.Read more
A hacking group previously linked to the Vietnamese government or working on its behalf has broken into the computers of neighboring countries as well as a grouping of Southeast Asian nations, according to cybersecurity company Volexity.
Steven Adair, founder and CEO, said the hacking group was still active, and had compromised the website of the Association of Southeast Asian Nations over several high-profile summit meetings. ASEAN is holding another summit of regional leaders in the Philippines capital Manila this week. In May, cybersecurity company FireEye reported that the group was actively targeting foreign multinationals and dissidents in Vietnam.Read more
When you think you've seen it all, malware authors always find a way to impress you. Today's "that's clever!" moment comes courtesy of a criminal group that's been spreading a new version of the Zeus Panda banking trojan since June, this year.
Instead of relying on old techniques of malvertising and spam campaigns, this group has taken a novel approach, never before seen in the distribution of banking trojans. Black-hat SEO, for the win! This Zeus Panda group decided to rely on a network of hacked websites, on which they inserted carefully chosen keywords in new pages or hid the keywords inside existing pages.Read more
A threat actor is mass-scanning the Internet for Ethereum mining equipment running ethOS that is still using the operating system's default SSH credentials. The attacker is using these creds to gain access to the mining rig and replace the owner's Ethereum wallet address with his own.
Replacing this wallet ID sends all subsequent mining revenue to the attacker instead of the equipment's real owner. Scans started on Monday. The attacks started on Monday and were first detected by a honeypot set up by Romanian cyber-security firm Bitdefender. Honeypot logs showed attackers trying two peculiar SSH username and password combos.Read more
Britain said on Friday it believed North Korea was behind the “WannaCry” cyber attack in May that disrupted businesses and government services worldwide, including the National Health Service (NHS) in England.
Security Minister Ben Wallace said Britain believed “quite strongly” that the ransomware attack came from a foreign state. "North Korea was the state that we believe was involved in this worldwide attack on our systems," he told BBC radio. “We can be as sure as possible - I can’t obviously go into the detailed intelligence but it is widely believed in the community and across a number of countries that North Korea had taken this role.”Read more
An unknown hacker appears to have breached a dark web marketplace called Basetools and leaked samples of its database online.
The hacker has threatened to leak the dark web market operator's identity as well as Basetools' data to US authorities, including the FBI, DHS, DoJ and others, unless a ransom of $50,000 (£38,112) is paid. Basetools is an underground marketplace often advertised in Russian-speaking cybercrime forums and markets, which allows dark web vendors to sell spamming tools, credit card data, hacked customer accounts, among other things.Read more