Thieves were regularly using high-tech devices to access cars with electric locks. These devices were originally intended for locksmiths to get into cars without a key, but can have devastating consequences in the wrong hands.
The gadgets are able to spoof the radio frequencies sent out by key fobs, and if they find the right one the door will simply open. Sky said that it is possible to hack any of 50 low-powered computers in a modern car in less than 10 seconds. Here's a paper looking at how the attacks work, and what can be done. There are also various videos online which apparently show how to hack key fobs. Underneath one video a commenter asks, tongue in cheek, "do they have the frequencies for Lamborghinis?"Read more
Salesforce.com is warning its customers that the Dyreza banker Trojan is now believed to be targeting some of the company’s users.
The Trojan, which has the ability to bypass SSL, typically goes after customers of major banks, but seems to be expanding its reach. Dyreza is relatively new among the banker Trojan crowd and it hasn’t had the reach or effect of older bankers such as Carberp or Zeus. But it has some interesting capabilities that make it troublesome. The malware installs itself on a victim’s machine after a user clicks on a malicious attachment in a spam message. Once on the machine, Dyreza reaches out to a C2 server and waits for the victim to visit a targeted banking site.Read more
SMS-virus attacks Ukrainian users‘ smartphones. Only devices, based on Android platform are under thread. Many owners of smartphones, Ukrainian mobile operators subscribers became victims of SM-virus. It attacks in such a way that all money is drawn from account, calls are locked, and thus a virus sends messages with the harmful program link to all contacts in the phone book.
Having received the message from known or unknown number, the subscriber follows the link and automatically catches Trojan. After installation, the virus sends information on the victim‘s device, such as IMEI, IMSI, owner‘s number, his location, the version of OS, the model of smartphone etc.Read more
White hat hacker Ben Caudill is halfway through his sandwich when he casually reaches over to his iPhone, swipes the screen a few times, then holds it up to me. “Is that you?” he asks.
It is, but nobody was supposed to know. He’s showing me one of my posts to Secret, the popular anonymous sharing app that lets you confess your darkest secrets to your friends without anyone knowing it’s you. A few minutes ago I gave Caudill my personal e-mail address, and that was all he needed to discover my secret in the middle of a Palo Alto diner, while eating a BLT. My secret is pretty lame, but Secret’s stream is slurry of flippant posts, Silicon Valley gossip, and genuinely personally confessions like.Read more
Victims of the CryptoWall ransomware have been extorted out of at least $1m. Despite a takedown operation in June, CryptoWall continues to be the largest and most destructive ransomware threat on the internet, according to the latest analysis of the threat by security researchers from Dell SecureWorks Counter Threat Unit.
Cryptowall is a strain of file-encrypting ransomware that encrypts files on infected Windows PCs and attached storage devices with RSA-2048 encryption before demanding a ransom for the private key that recovers the documents. Dell SecureWorks CTU researchers registered a domain used by the CryptoWall malware as a backup command and control (C2) server in February.Read more
The FBI is investigating an incident of data theft from JPMorgan Chase & Co. (JPM) that could potentially have been carried out by Russian hackers, Bloomberg reported Thursday, citing sources familiar with the situation.
“The way the Russians do it, to the extent we can see into the process, is they encourage certain targets,” James Lewis, the director of the Strategic Technologies program at the Center for Strategic and International Studies in Washington, was quoted as saying by Bloomberg. “The Russians typically keep open the options to do something more, and the question now is what would trigger that and what would our response be,” he added.Read more
As many of you may have already been aware, a breach at Community Health Systems (CHS) affecting an estimated 4.5 million patients was recently revealed. TrustedSec obtained the first details on how the breach occured and new information relating to this breach.
The initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability which led to the compromise of the information. This confirmation of the initial attack vector was obtained from a trusted and anonymous source close to the CHS investigation. Attackers were able to glean user credentials from memory on a CHS Juniper device via the heartbleed vulnerability.Read more
Cryptolocker is being flogged over YouTube by vxers who have bought advertising space, researchers Vadim Kotov and Rahul Kashyap have found. The researchers made the discovery while monitoring YouTube and website banners for instances where malware writers had actually purchased space to foist their wares on unpatched web users.
The duo who will present at the upcoming Virus Bulletin 2014 conference in Seattle wrote in a paper advertisement networks was a viable way to flog virus and trojans.Read more
The Swiss Switch CH Company declared that the Trojan code, which attacks online banking systems of Switzerland‘s large banks was found.
Experts claim that the code is Russian; it is also capable to change settings in domain system of the computer or abduct SMS keys. In practice the Trojan aims the victim to appear on hacker‘s site and there all requisites for access to the real banking will be taken. The most important thing is the malicious code is capable to bypass even a two-factorial identification system; in addition it is capable to change DNS records in such a way that the client won’t notice anything.Read more
The Bluebox Labs Company experts have published information about security vulnerability on Android platform which allows hackers to get access into functions of gadgets and to personal information without user‘s knowledge.
However many users are in danger as vulnerability was corrected only in the last Android version, but in other versions it still exists. After the Bluebox Labs Company found vulnerability, in English-speaking releases "hole" it was called "super vulnerability of new type", it is likely because of possibility to extend extremely malicious software. BlueBox experts called vulnerability Fake ID, because it allows malware apps to pass fake credentials to Android, which fails to properly verify the app's cryptographic signature.Read more