Tag Archives: Personal

[ISN] Hackers post private files of America’s biggest police union

www.theguardian.com/uk-news/2016/jan/28/fraternal-order-of-police-hacked-fbi-investigation-data-servers By Jon Swaine and George Joseph in New York The Guardian 28 January 2016 Private files belonging to America’s biggest police union, including the names and addresses of officers, forum posts critical of Barack Obama, and controversial contracts made with city authorities, were posted online Thursday after a hacker breached its website. The Fraternal Order of Police (FOP), which says it represents about 330,000 law enforcement officers across the US, said the FBI was investigating after 2.5GB of data taken from its servers was dumped online and swiftly shared on social media. The union’s national site, fop.net, remained offline on Thursday evening. “We have contacted the office of the assistant attorney general in charge of cyber crime, and officials from FBI field offices have already made contact with our staff,” Chuck Canterbury, the FOP’s national president, said in an interview. The FBI did not respond to a request to confirm that it was investigating. Canterbury said he was confident that no sensitive personal information or financial details of their members had been obtained. “Some names and addresses were taken,” he said. “It concerns us. We’re taking steps to try to notify our members but that is going to take some time.” […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Feds primary network security weapon needs more bang

www.networkworld.com/article/3027635/security/dhs-gao-feds-primary-network-security-weapon-needs-more-bang.html By Michael Cooney Layer 8 Network World Jan 28, 2016 In the face of relenting network attacks and it seems that the government’s chief weapon for combatting the assault lacks some teeth. That weapon – the Department of Homeland Security’s (DHS) National Cybersecurity Protection System (NCPS)—also known as Einstein has is intended to provide DHS with capabilities to detect malicious traffic traversing federal agencies’ computer networks, prevent intrusions, and support data analytics and information sharing. A tall tale no doubt but one that is imperative to protecting the gargantuan amount of government intelligence and personally identifiable information the feds watch over. The threat is obvious


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CarolinaCon-12 – March 2016 – FINAL ANNOUNCEMENT

Forwarded from: Vic Vandal CarolinaCon-12 will be held on March 4th-6th, 2016 in Raleigh NC. For the cheap price of $40 YOU could get a full weekend of talks, hacks, contests, and parties. Regarding the price increase to $40, it was forced due to ever-rising venue costs. But we promise to provide more value via; great talks, great side events, kickass new attendee badges, cool giveaways, etc. We’ve selected as many presentations as we can fit into the lineup. Here they are, in no particular order: – Mo Money Mo Problems: The Cashout – Benjamin Brown – Breaking Android apps for fun and profit – Bill Sempf – Gettin’ Vishy with it – Owen / Snide- @LinuxBlog – Buffer Overflows for x86, x86_64 and ARM – John F. Davis (Math 400) – Surprise! Everything can kill you. – fort – Advanced Reconnaissance Framework – Solray – Introducing PS>Attack, a portable PowerShell attack toolkit – Jared Haight – Reverse Engineer iOS apps because reasons – twinlol – FLOSS every day – automatically extracting obfuscated strings from malware – Moritz Raabe and William Ballenthin – John the Ripper sits in the next cubicle: Cracking passwords in a Corporate environment – Steve Passino – Dynamic Analysis with Windows Performance Toolkit – DeBuG (John deGruyter) – Deploying a Shadow Threat Intel Capability: Understanding YOUR Adversaries without Expensive Security Tools – grecs – AR Hacking: How to turn One Gun Into Five Guns – Deviant Ollam – Reporting for Hackers – Jon Molesa @th3mojo – Never Go Full Spectrum – Cyber Randy – I Am The Liquor – Jim Lahey CarolinaCon-12 Contests/Challenges/Events: – Capture The Flag – Crypto Challenge – Lockpicking Village – Hardware Hack-Shop – Hacker Trivia – Unofficial CC Shootout LODGING: If you’re traveling and wish to stay at the Con hotel here is the direct link to the CarolinaCon discount group rate: www.hilton.com/en/hi/groups/personalized/R/RDUNHHF-CCC-20160303/index.jhtml NOTE: The website defaults to March 3rd-6th instead of March 4th-6th and the group rate is no longer available on March 3rd. So make sure that you change the reservation dates to get the group rate. ATTENTION: The discount group rate on Hilton hotel rooms expires THIS weekend on JANUARY 31st 2016, so act quickly if you plan on staying at the hotel for all of the weekend fun and you want the group rate. CarolinaCon formal proceedings/talks will run; – 7pm to 11pm on Friday – 10am to 9pm on Saturday – 10am to 4pm on Sunday For presentation abstracts, speaker bios, the final schedule, side event information, and all the other exciting details (as they develop and as our webmaster gets to them) stay tuned to: www.carolinacon.org ADVERTISERS / VENDORS / SPONSORS: There are no advertisers, vendors, or sponsors allowed at CarolinaCon….ever. Please don’t waste your time or ours in asking. CarolinaCon has been Rated “M” for Mature. Peace, Vic


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] After OPM Hack, Pentagon to Store and Secure Sensitive Security Clearance Docs

www.nextgov.com/cybersecurity/2016/01/after-opm-hack-pentagon-store-and-secure-sensitive-security-clearance-docs/125338/ By Jack Moore Nextgov.com January 22, 2016 In the continuing aftermath of the massive hack of sensitive records stored by the Office of Personnel Management, the Obama administration announced today it’s shifting the responsibility for conducting background investigations of sensitive personnel to the Defense Department In the future, files containing personal information on security clearance seekers


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hackers Target U.S. Intelligence Director

www.pcmag.com/article2/0,2817,2497873,00.asp By Don Reisinger pcmag.com January 14, 2016 The so-called “teenage hackers” who last year found their way into the CIA director’s AOL email account are back at it, according to a report. A member of hacking group “Crackas with Attitude (CWA)” contacted Vice’s Motherboard to inform the publication that it hacked several accounts owned by James Clapper, U.S. director of national intelligence. According to Motherboard, hackers broke into Clapper’s FiOS account and forward all phone calls to the Free Palestine Movement. They also hacked his wife’s Yahoo account. Clapper’s office confirmed the breach to Motherboard, but declined to elaborate. CWA came on the hacking scene in a big way last year after hacking CIA Director John Brennan’s personal email account. Upon doing so, they claimed to have gained access to several tools and portals used by U.S. agencies. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] 8 out of 10 mobile health apps open to HIPAA violations, hacking, data theft

www.healthcareitnews.com/news/8-out-10-mobile-health-apps-open-hipaa-violations-hacking-data-theft By Bill Siwicki Healthcare IT News January 13, 2016 A new report shows 84 percent of U.S. FDA-approved health apps tested by IT security vendor Arxan Technologies did not adequately address at least two of the Open Web Application Security Project top 10 risks. Most health apps are susceptible to code tampering and reverse-engineering, two of the most common hacking techniques, the report found. Ninety-five percent of the FDA-approved apps lack binary protection and have insufficient transport layer protection, leaving them open to hacks that could result in privacy violations, theft of personal health information, as well as device tampering and patient safety issues. The new research from Arxan, which this year placed special emphasis on mobile health apps, was based on analysis of 126 popular health and finance apps from the United States. United Kingdom, Germany and Japan. There is a disparity between consumer confidence and the attention given to security by app developers, the study found. While the majority of app users and app executives said they believe their apps are secure, nearly all apps Arxan assessed proved to be vulnerable […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ‘Most complex malware ever’: Security experts smash system that stole cash from millions

www.rt.com/news/323641-modpos-complex-cash-malware/ RT.com 27 Nov, 2015 Security experts have exposed a cash register malware of previously unseen complexity and secretiveness. It is unknown who created the virus and profited from it, but it has been stealing personal data for years, affecting millions of people. Malware, or ‘malicious software’, is software that is used to disrupt computer systems or gather secret or sensitive information from them. The malware in question, dubbed ModPOS (for Modular Point Of Sale), has been exposed by security experts from cyber intel firm iSight, who say they’ve seen nothing like it in eight years of exploring malicious point-of-sale (POS) software. It took three weeks of constant work for the researchers to perform reverse engineering of the ‘scumware’, compared to the no more than half an hour usually needed to crack most POS malware. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail