Boffins get your mobe to spill the beans using Google text-to-speech kit. Researchers from the Chinese University of Hong Kong have developed bizarre malware that dictates contacts, emails and other sensitive text data in order to steal it.
In the novel attack a seemingly innocuous app that required no permissions called a bad guy's phone number and blabbered the stolen data out of the speakers and down the microphone using Google Voice Services (GVS). It affected 'nearly all' Android devices and could not be detected by VoicEmployer malware or victims, provided savvy hackers conducted the attack in the wee hours with the volume turned down.
Read moreAttackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers.
Elasticsearch is an increasingly popular open-source search engine server developed in Java that allows applications to perform full-text search for various types of documents through a REST API (representational state transfer application programming interface). Because it has a distributed architecture that allows for multiple nodes, Elasticsearch is commonly used in cloud environments. It can be deployed on Amazon Elastic Compute Cloud (EC2), Microsoft Azure, Google Compute Engine and other cloud platforms.
Read moreThe found vulnerabilities allow hackers to get into user accounts which are stored in managers. Researchers from the University of California have discovered vulnerabilities in five well-known password managers such as RoboForm, LastPass, My1Login, PasswordBox and NeedMyPassword.
They could take user accounts to any sites. The vulnerabilities were found in many password manager features, including one-time password, bookmarklets and shared password. Logic and authorization mistakes, even irregular web security model could cause vulnerability. Moreover such vulnerabilities as cross-site request forgery, and cross-site scripting were found.
Read moreHackers could inject fake video into popular home surveillance kit Dropcam and use the system to attack networks, researchers Patrick Wardle and Colby Moore say.
The wide-ranging attacks were tempered by the need for attackers to have physical access to the devices but the exploits offer the chance to inject video frames into cameras - handy for home robberies - intercept video, and exploit the Heartbleed vulnerability to pull passwords and SSL server's private key. Dropcam makes a video monitoring platform and was last month snapped up by Google's Nest Labs for $US555 million.
Read moreHackers have enrooted harmful programs in computer, which steal personal information from guests.
Secret Service of the USA has found keyloggers in hotels and advised all heads of hotel and restaurant business to check personal computers, which visitors can use. To steal personal and bank information on visitors, malefactors enrooted malware, which remembers pressing of keys on the keyboard. Some people, suspected in compromising computers of many large hotels in Fort Worth and Dallas areas were arrested in Texas. Sometimes the suspects used stolen credit cards to register as guests of the hotels.
Read moreAccording to experts, with the help of shortcomings in design and implementation of the Tor network users can be identified.
At the Black Hat conference in 2014 information security experts Alexander Volynkin and Michael McCord will show that not only NSA can recognize anonymous Tor network users and watch them. Experts say that Tor users‘ identification doesn’t require large financial investments, the project costs just $ 3,000. The research, called “You don’t have to be the NSA to break tor: Deanonymizing users on a budget“ was published in briefing on Black Hat website. With the help of shortcomings in design and implementation of the Tor network users can be identified, experts say.
Read moreThe Yo app is in the top 10 in the App Store in the USA plus it got 1 million dollars of investments.
The app was noted even by Elon Musk who had called it the best messenger. It appears that the app was hacked by three students from college. Firstly, cracking allows to recognize any phone number of the app user (hackers have already learnt phone number of app founder, and talked to him). Secondly, they can send "Yo" to any user in any quantity. Thirdly, cracking allows sending the push-notice to any user, with any text (guys decided not to do it). Generally, hackers have already reported to the author about the problem and he has confirmed the fact of cracking.
Read moreEvernote’s official discussion forum has suffered a security breach, which has allowed hackers to access user’s profile information and (in some cases) password hashes.
On Monday, Evernote‘s popular forum users became victims of a hacker attack. Hackers could get access to password hashes (this applies only to the users who created the passwords until 2011), names, birthday details and email addresses. “We do not store your Evernote password on our discussion forum servers and you do not need to change it,” Evernote representatives said. However, if you used the same account password on another sites you would need to change it.
Read moreThe Romanian hacker showed to the team on safety of PayPal the way of scam operation, using three separate accounts.
Convicted NASA hacker Razvan Cernaianu, better known by his handle TinKode, has disclosed a loophole that takes advantage of PayPal’s Terms of Service (TOS) and could allow scammers to pilfer funds by way of the company’s chargeback function. Cernaianu says the scam can be accomplished with three PayPal accounts – the first as a legitimate buyer verified with a personal card, the second used as a seller, and the third as a “mule” account – the last two using virtual credit cards.
Read moreHackers apparently based in Iran have mounted a three-year campaign of cyberespionage against high-ranking U.S. and international officials, including a four-star admiral, to gather intelligence on economic sanctions, antinuclear proliferation efforts and other issues, according to cybersecurity investigators.
Using an elaborate ruse involving more than a dozen personas working for a fake U.S. news organization, the hackers developed connections to their targets through websites like Facebook and LinkedIn to trick them into giving up personal data and logon information, the investigators say. The alleged campaign, which dates back at least to 2011 and is still under way, principally has focused on U.S. and Israeli targets in public and private sectors.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland