Consumer

Facebook Graph Search API Used To Brute Force Phone Numbers From Profiles

Facebook’s Graph Search feature hasn’t been released yet. But white hat hackers are already harnessing the powerful social search engine to gather sensitive information on Facebook users. A new module for Recon-ng an open source “web reconnaissance framework” allows anyone with a Facebook Developer account to use Graph Search and Recon-ng’s features to harvest phone numbers associated with Facebook user accounts. The tool, dubbed “Facebook Harvester” allows brute force searching by partial phone numbers, using brute-force techniques, according to a blog post by Rob Simon, a Canton, Ohio- based security professional. Simon, who counts penetration testing and reverse engineering  among his skill set, wrote about his experiments using Graph Search on his blog, kc57.com. in April. In a phone interview with The Security Ledger, Simon said his work doing penetration testing drew him to the Graph Search API, which allows programmatic interaction with the Graph Search engine. He said the […]

Continue Reading

Homeland Security Warns Of Expanding Medical Device Attacks

A bulletin published by the Department of Homeland Security has warned that the increasing use of wireless networking technology to enable medical devices expands the ways that those devices could be hacked. The bulletin, published May 4 by DHS’ National Cybersecurity and Communications Integration Center, warns that advances in medical devices, including Internet connectivity and the use of smartphones, tablets and other mobile devices in patient care “expands the attack surface” of medical devices. “Smartphones and tablets are mini computers with instant access to the internet or linked directly to a hospital’s network. The device or the network could be infected with malware designed to steal medical information if not upgraded with the latest anti-virus and spy-ware software,” DHS said. Advances in medical device technology have already greatly improved medical care, especially in areas like medical health records and remote monitoring of patients with implantable medical devices. However, too little […]

Continue Reading

Fitbitten: Researchers Exploit Health Monitor To Earn Workout Rewards

Call it “the quantified self” – that intersection of powerful, IP-enabled personal health monitoring tools and (usually) Web based tools for aggregating, analyzing and reporting. The last five years has brought an explosion in these products. In addition to the long-popular gear like Garmin GPS watches – must have items for the exercise addicted – there’s a whole range of new tools for the merely “exercise curious” or folks interested in losing weight or just figure out what, exactly, they do all day. Count  Nike’s FuelBand, Jawbone’s UP, and Fitbit in that category. Alas, a growing number of reports suggest that, when it comes to medical devices and health monitoring tools, the security of sensitive personal data isn’t a top priority. The latest news comes by way of researchers at Florida International University in Miami, Florida. A team of three researchers, composed of students and faculty, analyzed the Fitbit health monitoring device […]

Continue Reading

New Banking Trojan Hacks The FAQ To Fool Users

Cyber criminals are notoriously crafty and persistent, especially when it comes to defeating security measures created to thwart them. But a group behind a recent version of the Ramnit banking malware has raised their game to a new level: hacking the customer FAQ (frequently asked questions) document to make their malicious activity look like it was business-as-usual. A report on Tuesday by the security firm Trusteer finds that new variants of Ramnit targeting a UK bank  have added features to game a one-time-password (OTP) feature at the bank. Among other tricks, the Ramnit variant uses an HTML injection attack to alter the wording of the bank’s customer FAQ, making it seem as if prompts created by the malware were standard security features at the bank. The report, published on the Trusteer blog, described a complex ruse in which Ramnit lies dormant on infected machines, then springs to action once a […]

Continue Reading

BadNews: Mobile Attackers Pivot To Malicious Ads

The identification over the weekend of a large-scale outbreak of mobile malware dubbed “BadNews” is bad news, indeed for millions of Android device users, who downloaded applications from the official Google Play application store that connected their devices to a malicious advertising network, dubbed “BadNews.” The discovery of the malware-infected apps, which were downloaded between two- and nine million times, suggests a new wrinkle in the mobile malware space, with attackers turning to honest-seeming mobile ad networks to push out malicious links and collect information on compromised devices. “This is one of the first times that we’ve seen a malicious distribution network clearly posing as an ad network,” wrote Lookout’s Marc Rogers on the company blog. He speculated that the new tactic may reflect improved security on the Google Play app store following the introduction of the Bouncer malware scanner. Lookout said that the company notified Google, which removed the […]

Continue Reading
1 79 80 81 82 83 87