Friday, July 31, 2015

Windows 10 is spying on almost everything you do here’s how to opt out

Windows 10 is amazing. Windows 10 is fantastic. Windows 10 is glorious. Windows 10 is faster, smoother and more user-friendly than any Windows operating system that has come before it. Windows 10 is everything Windows 8 should have been, addressing nearly all of the major problems users had with Microsoft’s previous-generation platform in one fell swoop.

But there’s something you should know: As you read this article from your newly upgraded PC, Windows 10 is also spying on nearly everything you do.

It’s your own fault if you don’t know that Windows 10 is spying on you. That’s what people always say when users fail to read through a company’s terms of service document, right?

Read more: http://bgr.com/2015/07/31/windows-10-upgrade-spying-how-to-opt-out/

Image courtesy of  Naypong at FreeDigitalPhotos.net

Thursday, July 30, 2015

What federal employees really need to worry about after the Chinese hack

A new government review of what the Chinese hack of sensitive security clearance files of 21 million people means for national security is in — and some of the implications are quite grave.

Covert intelligence officers and their operations could be exposed and high-resolution fingerprints could be copied by criminals, the Congressional Research Service disclosed in an 
analysis of one of the most harmful cyber thefts in U.S. history.

Since the breach was disclosed in June, the response to the compromised background investigation files and a separate intrusion
. . .

Read more: http://wapo.st/1KAHxkd

Image courtesy of hyena reality at FreeDigitalPhotos.net

Tuesday, July 28, 2015

Nearly 1 billion phones can be hacked with 1 text

“Stagefright” is one of the worst Android vulnerabilities to date.

So listen: Can I have your number?

Can I have it? Can I? Have it?

Um…maybe not. Actually, you should think twice before giving away your cell phone number—especially if you happen to own a phone that runs on Google’s Android operating system.

That’s the only thing a hacker needs to compromise a handset.

A mobile security researcher has uncovered a flaw that leaves as many as 95% of Android devices—that’s 950 million gadgets—exposed to attack. The computer bug, nicknamed “Stagefright” after a vulnerable media library in the operating system’s open source code, may be one of the worst Android security holes discovered to date. It affects Android versions 2.2 and on.

Read more: http://for.tn/1D3iRRC

Image courtesy of posterizeat FreeDigitalPhotos.net

Friday, July 24, 2015

FBI sees 53 percent jump in foreign spies trying to steal U.S. trade secrets

The Federal Bureau of Investigation has identified a 53 percent increase in the number of hostile intelligence agents that have been attempting to steal U.S. trade secrets since this time last year, federal authorities said Thursday.

The number of economic espionage cases that have robbed both large and small companies across the United States is classified, but federal authorities say that those cases are “in the hundreds.”

FBI agents and National Counterintelligence and Security Center officials say the increased cases of economic espionage are tied tightly to international transient trends, which show more and more foreigners are now obtaining jobs in America or have teaching positions at U.S. universities.

Read more: http://bit.ly/1MqHmen
Image courtesy of photostock at FreeDigitalPhotos.net

Thursday, July 23, 2015

Lottery IT security boss guilty of hacking lotto computer to win $14.3m

Your employees pose a credible threat to the security of your organization. If you suspect an employee or contractor is a insider threat, contact ComSec LLC. We detect eavesdropping devices and related cyber threats, including bugs, taps, hidden cameras, IMSI catcher attacks, malware, spyware, etc. We'll help you identify the threat and nullify it!

The Story:

Bloke rigged systems so he knew which numbers would come next!

Iowa state lottery's IT security boss hacked his employer's computer system, and rigged the lottery so he could buy a winning ticket in a subsequent draw.

On Tuesday, at the Polk County Courthouse in Des Moines, Iowa, the disgraced director of information security was found guilty of fraud.

Eddie Tipton, 52, installed a hidden rootkit on a computer system run by the Multi-State Lottery Association so he could secretly alter the lottery's random number generator, the court heard. This allowed him to calculate the numbers that would be drawn in the state's Hot Lotto games, and therefore buy a winning ticket beforehand.

The prosecution said he also tampered with security cameras covering the lottery computer to stop them recording access to the machine. 


Image courtesy of James Barker at FreeDigitalPhotos.net

Wednesday, July 22, 2015

Hackers Remotely Kill a Jeep on the Highway

If you don't think your car's computer system can be hacked, think again. This story by Andy Greenberg of Wired Magazine demonstrates the vulnerabilities of Jeep Cherokee's computer system. 
 

"I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold.

Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.

As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought."

Tuesday, July 21, 2015

Man arrested for 'installing spying app on girlfriend's mobile phone'

Image courtesy of adamr at FreeDigitalPhotos.net
A man has been arrested on suspicion of spying on his girlfriend - through her mobile phone.

The boyfriend allegedly installed an app to track her use of the phone and its messaging functions.

The software, found by police in JaƩn in southern Spain, apparently allowed him access to her Whatsapp messages and see her posts on social networks.

It also allowed him to activate the camera and microphone remotely on the phone because of software which he installed before he gave her the phone as a gift. Read more about this story: http://bit.ly/1CTxLcP


If you believe your mobile phone may be compromised by spyware or malware, contact ComSec LLC. We provide forensic services for mobile devices. Get more information here: http://comsecllc.com/cellular-forensic-services/ 

Monday, July 20, 2015

Documents Published by WikiLeaks Reveal the NSA's Corporate Priorities

"We are under pressure from the Treasury to justify our budget, and commercial espionage is one way of making a direct contribution to the nation's balance of payments." - Sir Colin McColl, MI6 Chief
For years public figures have condemned cyber espionage committed against the United States by intruders launching their attacks out of China. These same officials then turn around and justify the United States' far-reaching surveillance apparatus in terms of preventing terrorist attacks. Yet classified documents published by WikiLeaks reveal just how empty these talking points are. Specifically, top-secret intercepts prove that economic spying by the United States is pervasive, that not even allies are safe and that it's wielded to benefit powerful corporate interests.
At a recent campaign event in New Hampshire, Hillary Clinton accused China of "trying to hack into everything that doesn't move in America." Clinton's hyperbole is redolent of similar claims from the US deep state. Read more: http://bit.ly/1Sug9Gj
Image courtesy of  Naypong at FreeDigitalPhotos.net

Thursday, July 16, 2015

The truth about HackingTeam, jailbreaking and iOS – and how to keep your device safe

There has been a lot of mixed information and speculation in the media recently in regards to the HackingTeam leak and what it all means for iOS users. Do the surveillance tools the group has reportedly provided to governments and law enforcement present a risk to the average iPhone and iPad user? That’s a question we’ve been getting a lot, so I will attempt to present all of the facts based on the recently leaked documents detailing the HackingTeam’s tools, as well as my opinion on the impact of certain aspects for iOS devices. Advanced users will already be aware of what I am about to state, but for everyone else, here’s what we’re dealing with . . .

Read more: http://bit.ly/1O93Uhi

Image courtesy of Hyena Reality at FreeDigitalPhotos.net

Tuesday, July 14, 2015

Butterfly: the cyber gang that stings like a bee, stealing corporate secrets

A group of cyber criminals is attacking multi-billion dollar companies across Europe, the US and Canada in order to gain confidential information and intellectual property, IT security firm Symantec has warned.

The corporate espionage group, which is not-state sponsored but financially motivated, has compromised a string of major corporations over the past three years including those operating in the pharmaceutical, commodities, IT software and internet sectors – such as Twitter and Facebook.

Symantec is calling the attack group 'Butterfly'. However, there's nothing delicate about its impact. The group operates at a much higher level than the average cybercrime gang, bypassing credit card details or customer databases in favour of high-level corporate information.

Its motivations are to sell the information to the highest bidder, or the gang may be operating as hackers for hire, Symantec speculates. Or the stolen information may be used for insider trading purposes.

Read more: http://bit.ly/1CETJAl

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Monday, July 13, 2015

Flash HOLED AGAIN TWICE below waterline in fresh Hacking Team reveals

Two more serious Adobe Flash vulnerabilities have emerged from the leaked Hacking Team files, ones which allow malefactors to take over computers remotely – and crooks are apparently already exploiting at least one of them to infect machines.

The use-after-free() programming flaws, for which no patches exist, are identified as CVE-2015-5122 and CVE-2015-5123. They are similar to the CVE-2015-5119 Flash bug patched last week. The 5122 and 5123 bugs let malicious Flash files execute code on victims' computers and install malware. The bugs are present in the Windows, Linux and OS X builds of the plugin.

The 5119, 5122 and 5123 vulnerabilities were documented in stolen copies of files leaked online from spyware maker Hacking Team. The Italian biz's surveillance-ware exploits the vulnerabilities to infect computers, and these monitoring tools are sold to countries including Saudi Arabia, Sudan, Russia and the US.

Everyone with Flash installed should . . . .

Read more: http://bit.ly/1USlZFw


Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Saturday, July 11, 2015

Mom horrified after 5-year-old son finds hidden camera in Mississippi Starbucks bathroom

Cell Phone Recording Restroom Video in Mississippi Starbucks Bathroom

Sheriff's deputies in Lancaster were investigating the discovery of a hidden cellphone camera recording video inside the ladies bathroom at a Starbucks in Lancaster on Thursday.

A woman, who asked not to be identified, told KTLA that her 5-year-old son made the discovery around 10:30 a.m. at a downtown Starbucks.

"My son used the restroom first and I used the restroom after him," she said. "I noticed he was staring at the sink a little bit perplexed. I asked him what was wrong and he said, 'Mommy, why is there a phone under there."

Read more: http://aol.it/1Rq5oJQ

Image courtesy of Akeeris at FreeDigitalPhotos.net

Thursday, July 9, 2015

Symantec uncovers Morpho cyber espionage operation


Technology, internet, commodities and pharmaceutical companies in the US, Europe and Canada, reports Symantec

Symantec has uncovered a new corporate espionage group, dubbed Morpho, that has compromised a string of major corporations in recent years.

Targets include high-profile technology, internet, commodities and pharmaceutical companies located or headquartered in the US, Europe and Canada.

Technology firms targeted by the Morpho espionage group for confidential information and intellectual property (IP) include Facebook, Twitter, Microsoft and Apple.

Read more: http://bit.ly/1Rm3slJ

Image courtesy of cooldesign at FreeDigitalPhotos.net

Monday, July 6, 2015

Not OK, Google! Covert installations of ‘eavesdropping tool’ raise alarm

Open source developers and privacy campaigners are raising concerns over the automatic installation of a shady “eavesdropping tool” designed to enable ‘OK Google’ functionality but potentially capable of snooping on any conversation near the computer.
When one installs an open source Chromium browser, as it turns out, it “downloads something” followed by a status report that says “Microphone: Yes” and “Audio Capture Allowed: Yes,” according to an article by Rick Falkvinge, Swedish Pirate Party founder, published on the website Privacy Online News. 
While the Chromium, the open source basis for Google’s browser, at least shows the code and allows user to notice it and turn it off, the same installation is included by default in the most popular browser Chrome, used by over 300 million people.
Image courtesy of cuteimage at FreeDigitalPhotos.net

Bitcoin Exchange Hacked With Word Macro


$5 Million Bitstamp Breach Detailed in Unconfirmed Report

Memo to organizations: Do not allow PCs that run software such as Skype and Microsoft Office to connect to a server that hosts your bitcoin wallet.

That's one takeaway from a breach report apparently prepared for Bitstamp, a European bitcoin exchange - the company is officially registered in the United Kingdom - that suffered a Jan. 4 breach. The breach resulted in the theft of 18,977 bitcoins, which at the time were worth 4.4 million euros, or $5.3 million (see Bitstamp Back Online After Breach).

Bitstamp did not immediately respond to a request to verify the authenticity of the apparently leaked breach report, dated Feb. 20, which is now circulating online. The report, which is attributed to Bitstamp general counsel George Frost, says that it includes information gathered by digital forensics investigations firm Stroz Friedberg, plus information shared by the U.S. Secret Service and FBI . . . 

Read more: http://www.healthcareinfosecurity.com/bitcoin-exchange-hacked-word-macro-a-8372

Image courtesy of Victor Habbick at FreeDigitalPhotos.net Victor Habbick

Thursday, July 2, 2015

Bethesda Man Charged with Spying on Neighbor with Selfie Stick


Police say he kept an audio log of neighbor's activities.

A Bethesda man has been charged with using a selfie stick to spy on his neighbor, which he allegedly used to record at least 16 videos of the woman, including one that showed her naked.
The Washington Post reports that Donald Frazier Beard, 60, also kept an audio diary of his activities, and those of the 58-year-old neighbor he was allegedly spying on.
Citing court documents, the Postsays the woman and a friend were watching a football game in the living room of her Montrose Avenue apartment when she spotted the camera on a stick outside the apartment’s sliding glass doors. When she shouted “What are you doing?,” the camera allegedly was pulled away and an adjacent apartment door shut.
Read more: http://www.bethesdamagazine.com/Bethesda-Beat/2015/Bethesda-Man-Charged-with-Spying-on-Neighbor-with-Selfie-Stick/


Image courtesy of Witthaya Phonsawat at FreeDigitalPhotos.net

Wednesday, July 1, 2015

CYBERSECURITY – A COMPREHENSIVE APPROACH TO BALANCING RISKS & REWARDS



Cybersecurity – A Comprehensive Approach to Balancing Risks & Rewards
Key Considerations From CEO Prioritization to TSCM / Cyber TSCM Inclusion
Ask your CIO or CISO if your company is winning the cybersecurity war, and the reply may not be the confident, positive affirmation the CEO or the Board of Directors wants to hear. Why? Information security professionals know the cybersecurity war cannot simply be “won”. Maintaining corporate cybersecurity posture is a constant battle. The identity of attacker(s), the nature of the attack(s) and the weapon(s) used constantly change. To be effective, corporate cybersecurity initiatives must address the variability of the threats, and evolve as the attacker(s) and their tactic(s) change. But, how can corporations implement a comprehensive cybersecurity initiative while striking a balance between the risks and rewards of the stakeholders? In this article, a corporate counterespionage and TSCM / Cyber TSCM expert addresses the need for a comprehensive approach to cybersecurity, with consideration of the risks and rewards of internal and external stakeholders.