Tag: forensics

Study Finds Unrelenting Cyber Attacks Against China’s Uyghurs

A group representing the Uyghurs,a  persecuted religious minority in China, faces unrelenting, targeted cyber attacks that appear aimed at stealing sensitive data and otherwise undermining the group’s activity, according to a new study by researchers at Northeastern University in Boston as well as the Max Planck Institute for Software Systems and the National University of Singapore.   A study of more than 1,400 suspicious email messages sent to members of groups representing the Uyghur minority found that more than three quarters of the messages contained malicious attachments. The messages targeted 724 individuals at 108 separate organizations. Moreover, researchers found overlap between the individuals associated with the Uyghur World Contress (UWC) and western targets such as the New York Times and U.S. embassies. The study, “A Look at Targeted Attacks Through the Lense of an NGO” is being presented at the UNENIX Security Conference in San Diego on August 21. (A copy of the full paper is […]

Continue Reading

PasswordsCon Preview: Passwords Are Dead. Long Live Passwords.

I had an opportunity to sit with Per Thorsheim, co-founder of PasswordsCon about next week’s Passwords14 Conference in Las Vegas, Nevada. If you haven’t checked it out before, PasswordsCon is the world’s premiere technical conference that is just focused on the security of passwords and pin codes. PasswordsCon is a one-of-a-kind event: bringing together folks whose specialty is cracking and defeating password security with security experts whose interest is in shoring up protections for sensitive data. This year’s conference, which is sharing space with the B-Sides Las Vegas Conference on August 5 and 6. PasswordsCon has earned a reputation for being the launching pad for some eye-popping new tools for password cracking. Back in 2012, we reported on a 25 GPU device that radically lowered the bar to cracking even the strongest passwords protected with weaker encryption algorithms, like Microsoft’s LM and NTLM, obsolete. Among other things, the Conference will feature […]

Continue Reading

That LIFX Smart Lightbulb Hack Wasn’t Easy

If you’ve been following your Internet of Things security news, you probably read about the latest hack of a consumer-oriented ‘smart home’ device: Context Information Security’s analysis of security holes in LIFX-brand smart light bulbs. The top line on this is scary enough. As The Register reported: researchers at Context discovered that, by gaining access to a “master bulb” in LIFX deployments, they could control all connected lightbulbs and expose user network configurations. That’s scary – and recalls research on hacking Philips HUE light bulbs that was published last year. But read down in the Context research and you’ll realize that, while the LIFX technology wasn’t perfect, the job of hacking the technology wasn’t child’s play, either. LIFX connected its smart bulbs using a 6LoWPAN-based mesh network. The company made the mistake of transmitting most bulb-bulb communications in the clear, which made analyzing traffic sent between master- and slave bulbs easy. Context researchers found […]

Continue Reading

Paypal Disables Two Factor From Mobile

In the wake of a disclosure, yesterday, that a secure log-in feature was vulnerable to hacking, PayPal has suspended the ability of customers who elect to use the feature to log in to PayPal using the company’s mobile application. In a blog post on Wednesday, PayPal Director of Global Initiatives Anuj Nayar said that the company took the step of disabling mobile application log ins after the researcher, Zach Lanier of DUO Security, published his findings in a blog post yesterday. As reported by The Security Ledger, researcher Zach Lanier of DUO Labs discovered that a PayPal mobile API (application program interface) for its Security Key two-factor authentication technology contains a vulnerability that would allow even a non-technical hacker to bypass the second factor when accessing a Paypal customer’s account. The problem comes up when trying to access a Paypal account protected using two-factor authentication using a PayPal mobile application – […]

Continue Reading

Code Spaces Probably A ‘Target of Opportunity’

The spectacular collapse this week of Code Spaces, a cloud-based code repository, may have been the result of a an unspectacular “opportunistic” hack, rather than a targeted operation, according to one cloud security expert. The sudden demise of the online application repository has sent shock waves through the tech industry, laying bare what some say are lax practices among many cloud-based application and infrastructure providers. But the attack itself was almost certainly the result of a larger, indiscriminate cyber criminal campaign, said Jeff Schilling, the Chief Security Officer of Firehost, a Texas-based secure cloud provider. “This is something we pretty frequently: companies get held ransom with a DDoS attack, and if that doesn’t work, (the attackers) will resort to doing other things,” Schilling told The Security Ledger. But Code Spaces almost certainly wasn’t the only company the extortionists worked on, Schilling said. Instead, the company was likely caught up in a wide net […]

Continue Reading
1 7 8 9 10 11 13