How 14-Years-Old coders hacked the ATM Machine | Hackers News Bulletin

Canada: The smallest security researcher we reported here is 14-Years-Old and again the same age students hacked a Bank of Montreal ATM in WINNIPEG and informed the BANK about how they were able to do that.

Two students named Mathew Hewlett and Caleb Turon study in grade 9, they found an old ATM operators manual online that shows how to get into the ATM operator mode.

EC3: Darknet & cloud the barriers to prosecuting cyber-criminals | SC Magazine UK

Troels Oerting, head of European Cybercrime Centre (EC3), spoke about the difficulties of catching cyber-criminals during his keynote speech at the Infosecurity Europe exhibition in London earlier today.
In his talk entitled ‘Combating crime in a digital age', Oerting said that cyber-crime is changing the ‘world as we know it' and said that this is down in part to the growing number of internet user base - which is predicted to grow from 2.7 billion online users to 4 billion in the next few years.

He also said that cyber-crime investigations have been harder by the leaks from former CIA contractor Edward Snowden, perhaps on the basis that cyber-criminals have look to increase their anonymity.

“The Snowden revelations seemed to, one way or another, have made it more difficult law enforcement to clamp down on [internet] rules,” said Oerting.

How to confirm your systems aren’t suffering a major Heartbleed | GFI.com

The Internet was rocked last week when a two-year-old bug in OpenSSL was revealed. Heartbleed, as the vulnerability is known, can result in massive information disclosure through simple requests that require no privileges, and leave no logs. Anything from command history to other users’ credentials to private keys can be exposed, and the aftershocks of this revelation will go on for months as SysAdmins try to patch their systems and data losses are reported. CVE 2014-0160 details the vulnerability.

Defcon to feds: 'We need some time apart' | cnet.com

In the wake of revelations about the NSA's PRISM program, Defcon's founder asks federal government employees to skip this year's hacker convention.

(Credit: Screenshot by Lance Whitney/CNET)

The federal government is persona non grata at this year's Defcon.
For the first time in the 21-year history of the famed hacker's convention, government employees are being asked to stay away, albeit in a polite fashion.
Defcon founder Jeff Moss, aka The Dark Tangent, posted the following request late Wednesday on the event's site:

Malware In Your Car - How Hackers Kill You | eHacking.net

While we may not be headed for a dystopian era where our automobiles are our overlords, forcing us to do their bidding or they'll crush us to death with their mega-ton bodies. It sort of sounds like a transformers meets Armageddon situation. While this scenario is very far-fetched and improbable, there are some equally terrifying things that people have and can do remotely to your car.

  

Researchers at the University of California recently exposed flaws in a car's braking system. They were able to hack in and manipulate the car while it was in motion. They were able to selectively brake the wheels, which allowed them to steer the car. Just to add even more fear and nail-biting suspense to the car hacks, it was noted that none of the driver's manual commands had any impact on the vehicle. This means that no matter how hard they slammed on the brakes, steered the wheel, or even tried to unlock the door, the car was an uncontrollable death trap.

Facebook Data-Leaking Bug Exposes 6 Million Users' Data | infosecurity-magazine.com

Facebook has admitted to a bug in its system that has given users of the Download Your Information (DYI) tool "additional email addresses or telephone numbers for their contacts or people with whom they have some connection."

Facebook apologized, stating that it has notified regulators in the US, Canada and Europe, and that it is contacting affected users by email. Security commentators, meanwhile, are trying to work out exactly what happened, and how.

Facebook has admitted that the bug caused the phone numbers and email addresses of six million users to be shared unintentionally. The number of UK users affected by the bug is believed to be around 200,000 according to the Telegraph.

White-hat hacker fights cyber intrusions on NATO systems | NATO News

Cyber attacks around the world are becoming more frequent, alarming and complex. Our interconnected societies depend on new technologies, which are constantly being probed for vulnerabilities to exploit. NATO calls on the skills of cyber-security experts to assess its computer networks and takes measures to avert and defend against cyber attacks.


"I put myself in the mindset of a hacker and simulate cyber attacks so that I can identify potential weak points in our systems and then set up appropriate defences," explains Nuri Fattah, Senior Security Consultant, at the NATO Communications and Information Agency.

NSA has direct access to Google, Facebook, Apple servers | Help Net Security

After yesterday's news that Verizon is compelled to share all phone call metadata with the NSA on a daily basis comes the incendiary revelation that the spy agency has direct access to the servers - and the data contained on them - of a host of big U.S. Internet companies, including Microsoft, Facebook, Google, Yahoo, Apple, AOL, YouTube, Skype and PalTalk.

The Guardian and The Washington Post have both managed to get their hands on a top secret PowerPoint presentation that is used to inform intelligence operatives about the capabilities of the so-called PRISM program. It apparently allows access to email and chat content, videos, photos, stored data, transferred files, notifications, online social networking details, and more.

According to the presentation, the companies in question are knowingly participating in the program, but several of them (Google, Apple, Microsoft) have already denied it and knowing anything about it.

Microsoft, Feds Take Down Citadel Botnets | eSecurity

How did Microsoft shut down the notorious Citadel botnet ring, which stole more than $500 million from victims?
By Sean Michael Kerner

For over a year, Microsoft and its partners in the financial services community watched a big botnet operation siphon millions of dollars from victims. On Wednesday night, Microsoft announced that in coordination with the FBI, it had moved in to disrupt the massive botnet-based crime ring known as Citadel.

Richard Boscovich, assistant general counsel in the Microsoft Digital Crimes Unit, told eSecurity Planet that there were more than 1,400 botnets associated with this malware. As such, it took Microsoft and its partners a significant amount of time to locate all of the Citadel botnets operating around the world.

"This was a lengthy process and we relied heavily on our financial services and technology industry partners to ensure that we would be able to take aggressive action against this threat," Boscovich said.

The Citadel malware infected PCs with a keylogger that monitored user activity on financial websites. The malware infected more than five million people across 90 countries and stole more than $500 million in assets.

Black Hat security conference to include 110 talks | scmagazine.com

by Dan Kaplan, Executive Editor

When Black Hat's annual security conference rolls into Las Vegas at the end of July, event organizers promise one of the most "content-heavy" installments yet.

Last week, the conference, now in its 16th year, announced some of the planned presentations, most of which are known as "briefings" and which will span 11 tracks. In total, there will be 110 talks.

"Normally Black Hat accepts in the 80-90 range, but they expanded the number this year because there was so much incredible content – it was hard to fit it all in," a Black Hat spokeswoman told SCMagazine.com. "Not all of these talks have been announced on the website yet."

Scammers Impersonate Bank Exec on LinkedIn to Target Corporate Bank Accounts | HOTforSecurity

Imagine you receive an e-mail from an unknown prince / political refugee – the classic Nigerian scam of the past 10 years. You wouldn’t fall for that, would you?
Imagine now a legit business proposal from a bank manager with all the credentials, work experience and peers. It’s not even disguised as a Nigerian operation – it’s a business proposition. And it’s on LinkedIn.

We got such a message from an individual impersonating Aziz Mohammad, a manager at a highly popular bank in Malaysia. A brief look at his profile revealed it was built using the visual identity and profile information of the real Aziz Mohammad, a third-degree connection.



The scam message is crafted generically, as it lays the ground for the con: a business proposal for people who have full control of the company, including the possibility to initiate money transfers. The contact information is, of course, an e-mail address that does not belong to the banking institution the impersonator claims to be affiliated with, but rather a disposable account set up with Yahoo.

Hackers gain access to all .edu domains | H-Online

The hacker collective "Hack the Planet" (HTP) has claimed responsibility for an attack on MIT (Massachusetts Institute of Technology) computer systems in late January, in which it claims to have briefly taken control of the university's domain, redirected email traffic, and obtained administrator access to all .edu domains. HTP also claims to have compromised web servers for other sites, including security tool Nmap, network security service Sucuri, IT security company Trend Micro, and network analysis tool Wireshark.

Some of the hacks made use of a zero-day exploit, which the group has now taken the opportunity to disclose, against a vulnerability in the MoinMoin wiki system. Hack the Planet has also released information about an exploit against web servers running ColdFusion 9 or 10. The group claims to have used a variant of this exploit for their April attack on hosting company Linode.

Phishers target eBay customers via live chat support | Help Net Security

U.K.-based ISP Netcraft is warning users about phishers impersonating eBay's live chat support feature in the hopes of getting their hands on eBay users' login, personal and financial information.


The ISP blocked the bogus site offering the fraudulent service, but says that others might easily pop up.

In this particular case, the phishers were using a third-party live chat service provided by Volusion, and the fraudulent chat window was, at first, showing the eBay logo.

The eBay branding later disappeared from the site, and was replaced by a place-holder company logo, which means that the phishers can easily impersonate any of the other companies that outsource their live chat support. The fact that Volusion's services have a valid SSL certificate could also make many victims believe that they are dealing with a legitimate service.

BlackBerry BB10 fails government security test | SC Magazine

The UK government has rejected the BB10 software, calling it not secure enough for essential work.

According to a report by the Guardian, the operating system on the new Z10device has been rejected after BlackBerry version 7.1 was cleared by the UK's Communications Electronics Security Group (CESG) for classifications up to ‘Restricted' – two levels below ‘Secret'. A survey by Trend Micro deemed that the BlackBerry 7.0 was named most secure mobile OS for enterprises.

However tests on BB10 and the BlackBerry Balance software have failed the same security requirements and BlackBerry could not offer a date when revised software would be submitted.

A BlackBerry statement said: “We have a long-established relationship with CESG and we remain the only mobile solution approved for use at 'Restricted' when configured in accordance with CESG guidelines. This level of approval only comes following a process which is rigorous and absolutely necessary given the highly confidential nature of the communications being transmitted.

South Korea Television and Banks Hacked; Fingers Pointed at North Korea | HORforSecurity

Several broadcasters and banks in South Korea were hacked in one of the country’s largest cyber-attacks, and fingers are once again pointed at neighbors to the north, according to The Guardian.

The computer networks of KBS, MBC and YTN, and those of the Shinhan and Nonghyup banks were targeted in a simultaneous cyber-attack, which is still under investigation. While television networks were not seriously affected by the breach, ATMs and mobile banking in the South are still recovering.

Speculations are rising that North Korea could be responsible for the attack, with hacking collective “WhoisTeam” in “charge” of the assault. The group claimed this was only the beginning of a “movement,” and showed images of skulls on computer screens they managed to control.

South Korean organizations under cyber attack | Help Net Security

A suspected cyber attack has paralyzed computer networks at three broadcasting organisations and two banks in South Korea. The organizations' networks had been "partially or entirely crippled", with some banking services including ATM machines also affected.

The cause of the problems remains unknown, and South Korean authorities are "now trying to determine the cause of the network paralysis". While no government-related computer networks had been affected, officials stated it was not yet known whether North Korea was involved, but "We do not rule out the possibility of North Korea being involved," said South Korean Defence Ministry spokesman Kim Min-seok.

Copy from : http://www.net-security.org/secworld.php?id=14624

5 Ways to Make Your Browser More Secure | eSecurity Planet

Think installing antivirus software is all you need to do to protect data while surfing the Web? Don't kid yourself -- and use these five ways to make browsing sessions more secure.  

While installing antivirus software is a good start to safe Internet browsing, it's only a start. There is much more you can do to help protect yourself when browsing the Web than merely installing antivirus.

Here I’ll share a couple ways. In this article you’ll discover extra security features in Firefox and Chrome, sandboxing to secure any browser, third-party DNS service for content filtering, and VPNs for securing your browsing while on Wi-Fi hotspots and other public networks.

Android apps 'leak' personal details | BBC News Technology

Better tools are needed to help developers
secure data, say researchers

Millions of people are using Android apps that can be tricked into revealing personal data, research indicates.

Scientists tested 13,500 Android apps and found almost 8% failed to protect bank account and social media logins.
These apps failed to implement standard scrambling systems, allowing "man-in-the-middle" attacks to reveal data that passes back and forth when devices communicate with websites.

Your Facebook Account Hacked? Protect it Now! | eHacking.net

Facebook has become a popular platform not only for social networking but also for business promotion. You will find many brand exposure on Facebook these days. But how will you feel when such an important account gets hacked? In the present scenario, hacking a Facebook account is quite alike hacking the email account or the bank account. It’s true that your life seems to get ruined when your Facebook account gets hacked.

Many users spend hours after hours staying online on these sites and hence, such a breach of act can affect them adversely. When your account gets hacked, all your personal details are hijacked and spam mails are sent to a number of high grade professionals. Want to safeguard yourself from getting hacked?
Follow these steps and protect yourself.

Microsoft Security Toolkit delivers new defensive technology | Microsoft

Microsoft's Trustworthy Computing Group today released the Enhanced Mitigation Experience Toolkit (EMET) 3.5 Technology Preview, which includes new Return Oriented Programming (ROP) defenses inspired by BlueHat Prize contest finalist Ivan Fratric.

The EMET 3.5 Technology Preview is a freely available security tool that makes it more difficult for attackers to exploit vulnerabilities and gain system access.

The BlueHat Prize competition, a program aimed at nurturing innovation in exploit mitigations through awarding more than $250,000 in cash and prizes, was launched by Microsoft one year ago at the Black Hat security conference in Las Vegas.

"In less than three months, we successfully integrated one of the BlueHat Prize finalists' technologies with EMET 3.5 Technology Preview to help make software significantly more resistant to exploitation," said Mike Reavey, senior director of the Microsoft Security Response Center at Microsoft.