Subscribe to:

Subscribe to :: TheGuruReview.net ::

Did The Dow Jones Cloud Server Leak Personal Data

July 25, 2017 by  
Filed under Around The Net

A security Company called Upguard has exposed a problem with a Dow Jones server that partially exposed the details of as many as 4 million people.

This is bad news for Dow Jones and its punters. UpGuard suggests that there was some oversight in the setting up of the weak point, which could have been avoided. If it has been avoided a lot of people might be the sole owners of their own email addresses and some of their credit card details unmolested.

The UpGuard Cyber Risk Team can now report that a cloud-based file repository owned by financial publishing firm Dow Jones & Company, that had been configured to allow semi-public access exposed the sensitive personal and financial details of millions of the company’s customers,” said the firm.

“While Dow Jones has confirmed that at least 2.2 million customers were affected, UpGuard calculations put the number closer to 4 million accounts,” said UpGuard, adding that this is just the tip of the breach iceberg. 

The exposed data includes the names, addresses, account information, email addresses, and last four digits of credit card numbers of millions of subscribers to Dow Jones publications like The Wall Street Journal and Barron’s. 

“Also exposed in the cloud leak were the details of 1.6 million entries in a suite of databases known as Dow Jones Risk and Compliance, a set of subscription-only corporate intelligence programs used largely by financial institutions for compliance with anti-money laundering regulations,” the security firm added.

Other security companies have cottoned on to what is happening and have naturally thrown their tin foil propeller hats into the comment ring. Christiaan Beek, lead scientist and principal engineer at McAfee, seemed to sympathise by saying that firms face a lot of threats, but wound up blaming human error and software.

“Companies today are battling an increasingly varied threat landscape while managing huge amounts of data. It can be a challenge to keep close track of where this data resides to ensure it is secure – and in this case, one small error in the cloud resulted in a large scale exposure,” he said.

“The reality is that as companies become more focused on preventing cyber crime, they may be unconsciously shooting themselves in the foot in their efforts to be completely secure. It is not unusual for businesses to have over 10 security tools that require constant monitoring in order to ensure everything is correct – meaning that unfortunately, human error becomes a key factor in monitoring and safeguarding data.”

We have asked Dow Jones to explain itself.

Courtesy-TheInq

Dallas Emergency Sirens Set Off By Hacker

April 11, 2017 by  
Filed under Around The Net

A computer hack triggered all the emergency sirens in Dallas for about 90 minutes overnight in one of the largest known breaches of a siren warning system, officials in the Texas city said on Saturday.

Dallas’ 156 sirens, normally used to warn of tornadoes and other dangerous weather, were triggered at 11:42 p.m. CDT on Friday. The wailing did not end until 1:17 a.m. CDT on Saturday when engineers manually shut down the sirens’ radio system and repeaters, city Emergency Management Director Rocky Vaz said.

“At this point, we can tell you with a good deal of confidence that this was somebody outside of our system that got in there and activated our sirens,” he told reporters.

The breach in the city of 1.6 million people was believed to have originated in the area, city spokeswoman Sana Syed said in an emailed statement.

Vaz cited industry experts as saying the hack was among the largest ever to affect emergency sirens, with most breaches triggering one or two. “This is a very, very rare event,” he said.

Engineers are working to restart the system and should have it restored by late on Sunday, he said. Until the sirens are running, Dallas will rely on local media, emergency 911 phone calls, and a federal radio alert system, Vaz said.

The hack is being investigated by system engineers and the Federal Communications Commission has been contacted, but police have not been involved, he said.

The sirens went through 15 cycles of a 90-second activation before they were shut down, he said.

 

Cyber Attacks On Industrial Controls Systems Rising

January 15, 2016 by  
Filed under Around The Net

A U.S. government cyber security official warned that there has been an increase in attacks that penetrate industrial control system networks over the past year, and said they are vulnerable because they are exposed to the Internet.

Industrial control systems are computers that control operations of industrial processes, from energy plants and steel mills to cookie factories and breweries.

“We see more and more that are gaining access to that control system layer,” said Marty Edwards, who runs the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.

ICS-CERT helps U.S. firms investigate suspected cyber attacks on industrial control systems as well as corporate networks.

Interest in critical infrastructure security has surged since late last month when Ukraine authorities blamed a power outage on a cyber attack from Russia, which would make it the first known power outage caused by a cyber attack.

Experts attending the S4 conference of some 300 critical infrastructure security specialists in Miami said the incident has caused U.S. firms to ask whether their systems are vulnerable to similar incidents.

Edwards said he believed the increase in attacks was mainly because more control systems are directly connected to the Internet.

“I am very dismayed at the accessibility of some of these networks… they are just hanging right off the tubes,” he said in an on-stage interview with conference organizer Dale Peterson.

Edwards did not say whether those attacks had caused any service disruptions or threatened public safety.

Sean McBride, a critical infrastructure analyst with iSight Partners who attended the talk, said the increase may reflect more publicity in recent years over risks over cyber attacks, which prompted operators to find more infections.

McBride said he could not say if the increase was troubling because he did not know the intent of the attackers.

Edwards and a DHS spokesman declined to elaborate on his comments.

 

 

Drone Carrying Drugs Crashes

October 29, 2015 by  
Filed under Uncategorized

A drone carrying drugs, a mobile phone, hacksaw blades and other contraband was found crashed in an Oklahoma prison yard on.

Officers patrolling the Oklahoma State Penitentiary in McAlester noticed the drone lying upside down inside prison grounds after it apparently crashed after hitting razor wire that guarded the facility.

The officers found a package of illicit material that had been suspended from the drone by fishing line. It included two 12-in. hacksaw blades, a cell phone, a cell-phone battery, a hands-free device, two packages of cigarettes, two packages of cigars, two tubes of super glue, a bag containing 5.3 ounces of marijuana, a bag with 0.8 ounces of methamphetamine and a bag containing less than 1 gram of heroin.

The Oklahoma Department of Corrections issued a photo of the drone, which resembles a DJI Phantom quadcopter. Alongside it in the picture were the goods it was carrying.

The incident, which is the first reported case of its kind in the state, is under investigation.

Drones have been used to attempt to smuggle goods and contraband into prisons in other U.S. states.

 

 

Web.com Latest Victim of Credit Card Hacking

August 21, 2015 by  
Filed under Around The Net

Hackers gain unauthorized access to the computers of Internet services provider Web.com Group and stole credit card information of 93,000 customers.

According to a website set up by the company to share information about the incident, Web.com discovered the security breach on Aug. 13 as part of its ongoing security monitoring.

Attackers compromised credit card information for around 93,000 accounts, as well as the names and addresses associated with them. No other customer information like social security numbers was affected, the company said.

According to the company, the verification codes for the exposed credit cards were not leaked. However, there are websites on the Internet that don’t require such codes for purchases.

Web.com has notified affected customers via email and will also follow up with letters sent through the U.S. Postal Service. Those users can sign up for a one-year free credit monitoring service.

The company did not specify how the intruders gained access to its systems, but has hired a “nationally recognized” IT security firm to conduct an investigation.

Web.com provides a variety of online services, including website and Facebook page design, e-commerce and marketing solutions, domain registration and Web hosting. The company claims to have over 3.3 million customers and owns two other well known Web services companies: Register.com and Network Solutions.

Register.com and Network Solutions customers were not impacted by this breach unless they also purchased services directly from Web.com.

 

 

 

 

 

Google Self-driving Auto Has Been In 11 Accidents

May 13, 2015 by  
Filed under Around The Net

Technology giant  Google Inc’s self-driving cars have been involved in 11 accidents, but have not been the cause of any, over the last six years since the project began, the program’s director said on Monday.

A team of drivers that is testing the fleet of more than 20 vehicles have driven 1.7 million miles so far.

“…Not once was the self-driving car the cause of the accident,” Chris Urmson said in a post on technology news website Backchannel’s blog Medium.  No one was injured in the accidents, Urmson added.

“If you spend enough time on the road, accidents will happen whether you’re in a car or a self-driving car.”

The cars had been hit from behind seven times, mainly at traffic lights, with a majority of the accidents being on city streets rather than on freeways.

“We’ll continue to drive thousands of miles so we can all better understand the all-too common incidents that cause many of us to dislike day-to-day driving  –  and we’ll continue to work hard on developing a self-driving car that can shoulder this burden for us,” Urmson said.

 

 

ACLU Launches ‘Mobile Justice’ App

May 5, 2015 by  
Filed under Mobile

A California civil liberties group unveiled a mobile application that will allow bystanders to record cell phone videos of possible cases of police misconduct and then quickly save the footage to the organization’s computer servers.

The California chapter of the American Civil Liberties Union said the app will send the video to the organization and preserve it even if a phone is seized by police or destroyed.

The launch of the ACLU’s “Mobile Justice CA” app comes as law enforcement agencies face scrutiny over the use of lethal force, especially against African-Americans, following several high-profile deaths of unarmed black men in encounters with police over the last year in the United States.

“It’s critical that people understand what is being done by police officers, because what is being done is being done in the name of the public,” said Hector Villagra, executive director of the ACLU of Southern California.

The app is targeted at residents of the most populous U.S. state, but ACLU chapters have launched similar mobile apps in at least five other states, including New York, Missouri and Mississippi over the last three years.

It also sends an alert to anyone with the app who might be in the area, giving them an opportunity to go to the location and observe, the ACLU said.

Villagra said the ACLU, in looking at which cases to delve into more deeply, will prioritize those that come with a written report, which is another element users can submit through the app. Records of incidents from users living in other states will be sent to ACLU officials there, he said.

ACLU officials advised anyone interacting directly with officers who wants to use the app to announce they are reaching for a phone, because officers might mistake the device for a weapon.

A representative from the California Peace Officers Association declined to comment immediately on the app.

 

 

Chat Tool Slack Admits To Being Hacked

March 31, 2015 by  
Filed under Around The Net

The popular group chat tool Slack had its central database hacked in February, according to the company, potentially compromising users’ profile information like log-on data, email addresses and phone numbers.

The database also holds any additional information users may have added to their profiles like their Skype IDs.

The passwords were encrypted using a hashing technique. There was no indication the hackers were able to decrypt the passwords, Slack Technologies said in a blog post. No financial or payment information was accessed or compromised, it said.

The unauthorized access took place over about four days in February. The company said it has made changes to its infrastructure to prevent future incidents.

Slack was contacting a “very small number” of individual users who had suspicious activity tied to their accounts, or whose messages may have been accessed. Slack did not say how many users it thinks may have been affected in this way. A company spokeswoman declined to comment further.

There’s been strong interest in Slack’s business chat app since it launched last year, and its user base now tops 500,000.

To beef up security, Slack added a two-factor authentication feature on Friday. If it’s enabled, users must enter a verification code in addition to their normal password whenever they sign in to Slack. The company recommends that all users turn it on.

Slack has also released a password kill-switch feature, to let team owners and administrators reset passwords for an entire team at once. Barring that, users can reset their passwords in their profile settings.

 

 

Chargers For HP, Google Chromebooks Recalled

December 18, 2013 by  
Filed under Consumer Electronics

Google and Hewlett-Packard have recalled the micro-USB chargers of their Chromebook 11 due to fire and burn hazards, an example of an innovation that turned into a potential consumer safety issue.

Users should stop using the Chromebook 11 charger immediately and call Google for replacements, said the U.S. Consumer Product Safety Commission in a statement issued Tuesday.

The product was deemed unsafe after Google received reports of chargers overheating and melting. The company also received one report of a small burn to a consumer and “one report of minor property damage to a pillow from an overheating charger.” The recall involves 145,000 units.

Google and HP’s Chromebook 11 was announced in October, and was the first laptop to come with a micro-USB charger, which is also used to charge smartphones and tablets. But incidents of overheating and melting prompted the companies to pull it from retail shelves in early November.

CPSC is advising Chromebook 11 owners to call Google by phone at 1-866 628-1371 or visit the company’s charger replacement form page to request a free replacement. The defective charger unit’s model number is MU15-N1052-A00S.

Meanwhile, Google and HP have resumed sales of Chromebook 11 with non-defective chargers.

“We apologize again for the inconvenience this has caused. Your safety is our top priority. With our partner HP, we are resuming sales of the HP Chromebook 11. All new packages will include the replacement charger,” Google said in a blog entry earlier this week.

 

The FBI Discusses The Syrian Electronic Army(SEA)

September 9, 2013 by  
Filed under Around The Net

The Federal Bureau of Investigation (FBI) has issued a warning about the Syrian Electronic Army (SEA), the pro-Assad hacker group that has become adept at spearphishing attacks and Twitter account takeovers.

The warning is in a memo and comes to us via the security blog belonging to Matthew Keys.

Keys has reproduced the memo and shared it on Scribd. The document says that the SEA has been around since 2011 and has compromised a number of high profile media outlets.

It warns of attack methods that include spearphishing, DNS attacks and web defacements, and it reminds us that the SEA posted a story about US President Obama to the Associated Press.

“Please maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security,” said the FBI memo. “If you detect anomalous or malicious traffic or network behavior, please contact your local FBI Cyber Task Force.”

The SEA acknowledged the FBI’s attention on its Twitter feed. It appeared unmoved by the glare of law enforcement publicity.

It has long played a game of whack-a-mole with websites like Facebook and Twitter, both of which regularly force it to change accounts. According to the SEA the group is on its 225th Facebook account.

It publishes details of its takeovers through these accounts, and on it’s own homepage, a Pinterest webpage and an Instagram account.

As well as hacking into media websites the hacker group has also struck mobile apps, DNS systems and the Australian web hosting business Melbourne IT. Doing all this has helped it to break onto the webpages of news media outfits like the Huffington Post, the BBC and Reuters.

Courtesy-TheInq

Is The FBI Snooping Data From TOR?

August 7, 2013 by  
Filed under Around The Net

The Federal Bureau of Investigation (FBI) has been accused of gathering data from the anonymous network known as TOR.

The FBI might be behind a security assault on the TOR network that grabs users’ information.

Security researcher Vlad Tsyrklevich said that the attack is a strange one and is most likely the work of the authorities.

“[It] doesn’t download a backdoor or execute any other commands, this is definitely law enforcement,” he said in a tweet about the discovery.

He went a bit further in a blog post, explaining that the Firefox vulnerability is being used to send data in one direction.

“Briefly, this payload connects to 65.222.202.54:80 and sends it an HTTP request that includes the host name (via gethostname()) and the MAC address of the local host (via calling SendARP on gethostbyname()->h_addr_list). After that it cleans up the state and appears to deliberately crash,” he added.

“Because this payload does not download or execute any secondary backdoor or commands it’s very likely that this is being operated by an LEA and not by blackhats.”

The bug is listed at Mozilla, and the firm has a blog post saying that it is looking into it.

Over the weekend a blog post appeared on the TOR website that sought to distant it from a number of closed down properties or hidden websites. It is thought that the shuttered websites, which were hosted by an outfit called Freedom Hosting, were home to the worst kind of abuses.

A report at the Irish Examiner said that a chap called Eric Eoin Marques is the subject of a US extradition request. He is accused of being in charge of Freedom Hosting.

“Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the TOR Network,” the TOR project said.

“There are a variety of [rumors] about a hosting company for hidden services: that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site,” it said.

“The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The TOR Project, Inc., the organization coordinating the development of the TOR software and research.”

Courtesy-TheInq

Are CCTV Cameras Hackable?

June 20, 2013 by  
Filed under Around The Net

When the nosy British bought CCTV cameras, worried citizens were told that they could not be hacked.

Now a US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military. Craig Heffner, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet.

They could use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems. Heffner said that it was a significant threat as somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.

He will show how to exploit these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas. Heffner said he has discovered hundreds of thousands of surveillance cameras that can be accessed via the public internet.

Courtesy-Fud

Is The FBI Saving Your Cell Phone Conversations?

May 8, 2013 by  
Filed under Mobile

A former FBI counter-terrorism agent Tim Clemente appeared on CNN to claim that most of the great unwashed did not know the real capabilities and behavior of the US surveillance state. The comments stem out of anonymous government officials claiming that they are now focused on telephone calls between one of the Boston Bombers and his wife to see if she had prior knowledge of the plot or participated in any way.

The only problem with that was that if the calls were already made, how could the FBI listen to them. Tim Clemente, a former FBI counter-terrorism agent was asked about whether the FBI would be able to discover the contents of past telephone conversations between the two. He quite clearly insisted that they could.

He said that there were ways in national security investigations to find out exactly what was said in that conversation. It’s not necessarily something that the FBI is going to want to present in court, but it may help lead the investigation and/or lead to questioning of her. We certainly can find that out. He said that all of that stuff is being captured as we speak whether people know it or like it or not.

Courtesy-Fud

EPIC Wants Your Biometric Data From The FBI

April 10, 2013 by  
Filed under Around The Net

The Electronic Privacy Information Center (EPIC) has pressed the US Federal Bureau of Investigation (FBI) for access to its database of US citizens’ biometric data.

EPIC already tried to get access twice last September, and now it is trying again. It said that it has sent repeated freedom of information act requests regarding the database, and that the FBI has failed to respond. Now it has filed a lawsuit for access (PDF).

It warned that the Next Generation Identification system (NGI) is a massive database that “when completed, [will] be the largest biometric database in the world”.

The NGI will use CCTV systems and facial recognition, and it includes DNA profiles, iris scans, palm prints, voice identification profiles, photographs, and other “identifying information”.

The FBI has an information page about the NGI, and there it said that photographs of tattoos are also included and that the system is designed to speed up suspect detection and response times.

“The NGI system will offer state-of-the-art biometric identification services and provide a flexible framework of core capabilities that will serve as a platform for multimodal functionality,” it said.

“The NGI Program Office mission is to reduce terrorist and criminal activities by improving and expanding biometric identification and criminal history information services through research, evaluation, and implementation of advanced technology”.

In its lawsuit EPIC said that the NGI database will be used for non law enforcement purposes and will be made available to “private entities”.

EPIC said that it has asked the FBI to provide information including “contracts with commercial entities and technical specifications”.

It said that so far it has received no information from the FBI in response to its requests.

Courtesy-TheInq

FBI Scouting For Social Media Monitoring Tool

February 14, 2012 by  
Filed under Around The Net

In a move that’s will most likely cause alarm with privacy advocates, the FBI has begun searching for a tool that will allow it to gather and mine data from social networks like Facebook, Twitter and blogs.

The goal is to use the tool to keep on top of breaking events, incidents and emerging threats, the agency said in a recent Request for Information (RFI) from IT vendors.

The FBI said it’s seeking a “secure, lightweight web application portal using mashup technology.”

According to the RFI document, “The application must have the ability to rapidly assemble critical open source information and intelligence that will allow [the FBI’s Strategic Information and Operations Center] to quickly vet, identity and geo-locate” potential threats to the U.S.

The FBI said the tool must have the ability to automatically search and scrape data off social networking and news sites based on specific queries. It must also be able to display alerts on geo-spatial maps and give users the ability to quickly summarize the “who, what, when, where and why” of specific threats and incidents.

The FBI hopes to use information posted on social networks to detect specific and credible threats, locate those organizing and taking part in dangerous gatherings and predict upcoming events, the FBI said.

“Social media will be a valued source of information to the SIOC intelligence analyst in a crisis because it will be both eyewitness and first response to the crisis,” the RFI said.

It noted that social media networks have been trumping police, firefighters and new media when it comes to communicating news of developing incidents and protests.

An FBI spokesman said the proposed system will be used only to monitor publicly available information, and won’t be used to focus on specific individuals or groups, according to an Associated Press report.

 

Next Page »