Anyone with a free Amazon Web Services account could have looked at the hoard of information stored in the cloud by the U.S. Defense Department, according to Chris Vickery, a researcher at cybersecurity firm UpGuard who discovered the exposure.
Amazon Web Services is a cloud platform that individuals, businesses and the government use for things like storing data and boosting computing power. Amazon said on its website it is best practice to restrict access to information stored in the cloud to "people that absolutely need it." The military databases hold at least 1.8 billion internet posts scraped from social media, news sites, forums and other publicly available websites, Vickery told.Read more
The personal computer of an NSA worker who took government hacking tools and classified documents home with him was infected with a backdoor trojan, unrelated to these tools, that could have been used by criminal hackers to steal the US government files.
The Moscow-based antivirus firm, which has been accused of using its security software to improperly grab NSA hacking tools and classified documents from the NSA worker's home computer and provide them to the Russian government, says the worker had at least 120 other malicious files on his home computer.Read more
The Terdot banking Trojan packs information-stealing capabilities that could easily turn it into a cyber-espionage tool, Bitdefender says in a new report. Highly customized and sophisticated, Terdot is based on the source code of ZeuS, which leaked online in 2011.
The banking Trojan resurfaced in October last year and Bitdefender has been tracking its whereabouts ever since, the security company notes in a technical paper. Terdot was designed to operate as a proxy to perform man-in-the-middle attacks, as well as to steal browser information such as login credentials or the stored credit card data. Furthermore, the malware is capable of injecting HTML code into visited web pages.Read more
Security research firm Rhino Security Labs found a vulnerability in the Amazon Key in-home delivery service's security procedures that could allow either the courier or even a savvy and malicious bystander to enter your home undetected after the delivery is completed.
Amazon has promised to change how Key works in order to make it easier for you to tell when something unusual is happening in this event, but the changes proposed by Amazon don't necessarily resolve the vulnerability. Amazon Key is available to Amazon customers who have bought and installed Amazon's own Cloud Cam security camera and installed it at their front door.Read more
Researchers are warning users about a wave of recent attacks targeting U.S. financial institutions that leverage a new banking Trojan dubbed IcedID.
The IcedID Trojan was spotted in September. They said the Trojan has several standout techniques and procedures, such as the ability to spread over a network and the ability to monitor a browser’s activity by setting up a local proxy for traffic tunneling. “At this time, the malware targets banks, payment card providers, mobile services providers, payroll, webmail and e-commerce sites in the U.S.,” researchers wrote in a report released Monday explaining the discovery.Read more
More than 20 million Amazon Echo and Google Home devices are vulnerable to attacks via the BlueBorne Bluetooth vulnerability that was first disclosed back in September.
Security firm Armis said this week that BlueBorne, a Bluetooth-based attack vector that was initially reported as exploitable on phones and PCs with an active Bluetooth connection, is now setting its sights on digital AI assistants. The firm said that both the Amazon Echo and Google Home can be exploited using existing BlueBorne vulnerabilities (of which there are eight in total).Read more
OnePlus, a major Chinese smartphone manufacturer, has gotten itself into a hell of a lot of security trouble lately, and now the situation is only getting worse.
Mobile security researcher Robert Baptiste, who goes by the pseudonym Elliot Alderson (a nod to the main character in the Mr. Robot series), discovered that OnePlus smartphones have been apparently shipping for years with a hidden backdoor. It makes it easy for a clever hacker with physical access to root a OnePlus phone with just a few lines of code. Alderson found an application on OnePlus devices intended for factory testing, and discovered it could be used to obtain “root access” to the phone.Read more
Imagine a plane: large, wings, lots of passengers — you get the picture. And it can be hacked, or so it seems. Such a theoretical possibility has been voiced more than a few times by more than a few people; a plane, like any other modern craft, is after all a network of computers, some of which are connected to the Internet. Now such theorizing seems to have been confirmed in practice.
The claim was made by none other than a representative of the US Department of Homeland Security. In the space of two days, Robert Hickey managed to gain access to the internal systems of an aircraft parked at an airport, without having physical access to the aircraft or any insider assistance.Read more
All of us use the Internet and have by now probably settled into some online routines. For example, the first thing many people do in the morning is check their e-mail.
Such actions seem so normal and natural that we just do them and don’t think twice. But perhaps we should. Some everyday habits negatively affect our life in general, others only one aspect of it: online security. That’s what we’re here to talk about. With the above in mind, pause and think if you ever… You read about a new cool app for music streaming, you’re looking for a fitness tracker or task manager, or maybe you’re after a browser add-on for downloading photos or music from social media.Read more
The U.S. International Trade Commission said on Tuesday it had launched an investigation into allegations of patent infringement by Apple Inc on various devices. The commission said in a statement the probe was based on a complaint by Aqua Connect Inc and Strategic Technology Partners of Orange, California.
The products at issue are certain Apple Mac computers, iPhones, iPads, iPods, and Apple TVs, it said. The investigation is based on a complaint filed by Aqua Connect, Inc., and Strategic Technology Partners, LLC, of Orange, CA, on October 10, 2017. The complaint alleges violations of section 337 of the Tariff Act of 1930 in the importation into the US.Read more