China electronics maker will recall some devices sold in U.S. after massive IoT hack


A China-based maker of surveillance cameras said Monday it will recall some products sold in the United States after a massive "Internet of Things" malware attack took down a major DNS provider in a massive DDOS attack. The stunningly broad attack brought much internet activity to a halt last Friday.

Read the rest

Internet-destroying outages were caused by "amateurish" IoT malware


Some of the internet's most popular, well-defended services -- including Twitter -- were knocked offline yesterday by a massive denial-of-service attack that security experts are blaming on botnets made from thousands of hacked embedded systems in Internet of Things devices like home security cameras and video recorders. Read the rest

California DMV thinks "INFOS3C" is a dirty word


The California DMV has rejected Opendns founder David Ulevitch's application for an "1NFOS3C" vanity license plate because it includes "a term of lust or depravity." Read the rest

The clumsy, amateurish IoT botnet has now infected devices in virtually all of the world's countries


Mirai, the clumsily written Internet of Things virus that harnessed so many devices in an attack on journalist Brian Krebs that it overloaded Akamai, has now spread to devices in either 164 or 177 countries -- that is, pretty much everywhere with reliable electricity and internet access.

Imperva, a company that provides protection to websites against Distributed Denial of Service (DDoS) attacks, is among the ones who have been busy investigating Mirai. According to their tally, the botnet made of Mirai-infected devices has reached a total of 164 countries. A pseudonymous researcher that goes by the name MalwareTech has also been mapping Mirai, and according to his tally, the total is even higher, at 177 countries.

Internet of Things Malware Has Apparently Reached Almost All Countries on Earth [Lorenzo Franceschi-Bicchierai/Motherboard] Read the rest

The malware that's pwning the Internet of Things is terrifyingly amateurish


Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes. Read the rest

HP blinked! Let's keep the pressure on! [PLEASE SHARE!]


Only three days after EFF's open letter to HP over the company's deployment of a stealth "security update" that caused its printers to reject third-party cartridges, the company issued an apology promising to let customers optionally install another update to unbreak their printers. Read the rest

The democratization of censorship: when anyone can kill as site as effectively as a government can


On the eve of the Stuxnet attacks, half a decade ago, I found myself discussing what it all meant with William Gibson (I'd just interviewed him on stage in London), and I said, "I think the most significant thing about any of these sophisticated, government-backed attacks is that they will eventually turn into a cheap and easy weapon that technically unskilled people can deploy for petty grievances." We haven't quite got there yet with Stuxnet, but there's a whole class of "advanced persistent threat" techniques that are now in the hands of fringey criminals who deploy them at the smallest provocation. Read the rest

Deep Insert skimmers: undetectable, disposable short-lived ATM skimmers


NCR reports in-the-wild sightings of "deep skimmers" (tiny, disposable card-skimmers that run on watch batteries and use crude radios to transmit to a nearby base-station) on ATMs around the world: "Greece, Ireland, Italy, Switzerland, Sweden, Bulgaria, Turkey, United Kingdom and the United States." Read the rest

Ransomware hackers steal a hospital. Again.


A month after a hospital in Hollywood was shut down by a ransomware infection that encrypted all the files on its computers and computer-controlled instruments and systems, another hospital, this one in Kentucky, has suffered a similar fate. Read the rest

Phishers make off with W2 tax forms for several thousand Seagate employees


Seagate has emailed its employees and ex-employees to warn them that someone in the company sent their W2 tax data to a criminal who pulled off a successful phishing fraud. Read the rest

Crapgadget apocalypse: the IoT devices that punch through your firewall and expose your network


Cheap Internet of Things devices like Foscam's home CCTVs are designed to covertly tunnel out of your home network, bypassing your firewall, so they can join a huge P2P network of 7 million other devices that is maintained and surveilled by their Chinese manufacturer. Read the rest

How fraudsters' call centers work


Say you've just scammed someone out of all their financial details using an online fraud, but now you need to call up their bank and impersonate them, and you don't speak their language, have the wrong accent, or are of a different gender -- what do you do? Read the rest

Paypal rolls out the welcome mat for hackers

online_payment (2)

It's not bad enough that Paypal is prone to shutting down your account and seizing your dough if you have a particularly successful fundraiser -- they also have virtually no capacity to prevent hackers from changing the email address, password and phone numbers associated with your account, even if you're using their two-factor authentication fob. Read the rest

Someone snuck skimmers into Safeway stores


Some Safeway customers in California and Colorado who used debit/credit cards have had their card numbers and PINs slurped up by criminals who then took the cards out for spending sprees. Read the rest

Stolen-card crime sites use "cop detection" algorithms to flag purchases


Cops covertly buy stolen cards from underground sites to figure out where they came from, and so these sites implement security measures that try to figure out whether a purchaser is an undercover cop, and refuse to sell to them if they trip a positive result. Read the rest

US Senate passes CISA, a very bad spying bill dressed up as a cybersecurity bill


CISA won't make you and I any more secure, and it threatens what's left of our online privacy. The very helpful sounding “Cybersecurity Information Sharing Act” will definitely help the government, though: it'll make it a lot easier for technology companies to share your personal data with the government, and everyone knows that this data never ends up in the wrong hands, so you're fine.

The gaping privacy flaws in CISA didn't stop the Senate from passing it by a wide margin today: 74 to 21. CISA now goes to a conference committee between House and Senate.

Here's the EFF's take, by Mark Jaycox:

CISA passed the Senate today in a 74-21 vote. The bill is fundamentally flawed due to its broad immunity clauses, vague definitions, and aggressive spying authorities. The bill now moves to a conference committee despite its inability to address problems that caused recent highly publicized computer data breaches, like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.

The conference committee between the House of Representatives and the Senate will determine the bill's final language. But no amount of changes in conference could fix the fact that CISA doesn't address the real cybersecurity problems that caused computer data breaches like Target and the U.S. Office of Personnel Management (OPM).

Read the rest

Ukrainian botmaster who tried to frame Brian Krebs extradited to US


When security-researcher/hornet-nest-kicker Brian Krebs outed Sergey "Flycracker" Vovnenko as administrator of a darknet crime site and botmaster of a 13,000-PC-strong botnet used to attack sites and launder stolen data, Vovnenko allegedly masterminded a plot to frame Krebs by mailing him heroin. Read the rest

Next page