again

now browsing by tag

 
 

Hackers to #Help Make #Voting #Machines Safe Again

Source: National Cyber Security – Produced By Gregory Evans

Following the recent declaration by the U.S. National Security Agency that Russian hackers tried to infiltrate the electronic voting machines used in the last U.S. presidential election, many people are calling for a lot of things especially for the electronic voting machines to be scrapped. Although the Russians did not succeed, more questions are still left on the table.

Bipartisan bill to secure voting machines

U.S. senators looking for answers have constituted a committee and is hoping to pass a bipartisan bill called the Securing America’s Voting Equipment (SAVE) Act. The bill will enlist help from the Department of Homeland Security to organize an event like the one held at the DEFCON hackers conference in July, themed the “Voting Machine Hacking Village.”

That DEFCON event exposed vulnerabilities in the electronic voting machines used in the last U.S. election. Hackers took less than two hours to break into the 25 voting machines that were brought to the DEFCON conference, and the first machine was penetrated in minutes. The results of the findings released at an event at the Atlantic Council in October was one of the key provocations for the US senators to introduce the SAVE bill.

Interestingly, some of the significant findings after the alleged Russian breach were centered on the use of foreign materials in the production of these voting machines. Hackers at the DEFCON event pointed to the possibility of having malware embedded into the hardware and software along the entire supply and distribution chain. It was also believed that hackers could have tampered with voters’ registration on the touch screen voting machines.

Hackers enlisted to hunt for vulnerabilities in voting machines

Called the “Cooperative Hack the Election Program”, the initiative mirrors the bug bounty programs previously ran by the U.S. Department of Defense (DoD) where friendly hackers were invited to hack the Pentagon, Army and Air Force. The program is set to swing into motion one year after the bill is in play.

The stated objective of the program is “to strengthen electoral systems from outside interference by encouraging entrants to work cooperatively with election system vendors to penetrate inactive voting and voter registration systems to discover vulnerabilities of, and develop defenses for, such systems.”

Just like past U.S. DoD programs, the “Hack the Election” competition will offer incentives for hackers to find security weakness in the election system. Hackers playing by the rules will also be waived from the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA).

Hackers to replicate past successes against voting machines

Looking at past results, we can expect excellent outcomes for the new program. The first of these bug bounties was the ‘Hack the Pentagon’ program where hackers found 138 vulnerabilities. This was quickly followed by the ‘Hack the Army’ program which yielded 118 vulnerabilities and ‘Hack the Air Force’ program with a bountiful harvest of 207 vulnerabilities.

While it is not clear if the hacking program is a one-off event, the bill does propose a requirement for integrity audits to be performed every four years on the voting machines starting from 2019. There is also the provision for grants to be given to help states enhance the security of their voting systems.

The post Hackers to #Help Make #Voting #Machines Safe Again appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Verticalscope #hacked again: At least 2.7 million #accounts #compromised in second major #data #breach

Source: National Cyber Security – Produced By Gregory Evans

Verticalscope #hacked again: At least 2.7 million #accounts #compromised in second major #data #breach

Hackers have once again targeted Verticalscope, a Canadian firm that manages hundreds of popular web discussion forums with over 45 million user accounts. The breach has compromised at least 2.7 million user accounts. The Toronto-based company runs a network of support forums and online community websites catering to a wide range of interests, from outdoor and automotive to sports and technology.

In June 2016, Verticalscope admitted that it had suffered a data breach that saw at least 45 million user accounts compromised and their data leaked in a blog post on Leakedsource.com.

The latest breach impacted six websites, including Toyotanation.comJeepforum.com – the company’s second-most popular website – and Watchuseek.com, security expert Brian Krebs first reported.

Security researcher and founder of Hold Security, Alex Holden, notified Krebs last week that hackers were selling access to Verticalscope.com and a number of other sites operated by the company.

Holden initially suspected that a nefarious actor was just trying to resell data stolen in the 2016 breach.

“That was before he contacted one of the hackers selling the data and was given screen shots indicating that Verticalscope.com and several other properties were in fact compromised with a backdoor known as a ‘Web shell’,” Krebs wrote. “With a Web shell installed on a site, anyone can remotely administer the site, upload and delete content at will, or dump entire databases of information — such as usernames, passwords, email addresses and Internet addresses associated with each account.”

The hackers reportedly obfuscated certain details in the screenshots that allowed him to locate at least two backdoors on Verticalscope’s website and Toyotanation.com, one of the company’s most popular forums.

Krebs reported that a simple search on one of Verticalscope’s compromised domains led to a series of Pastebin posts that have since been deleted “suggesting that the individual(s) responsible for this hack may be trying to use it to advertise a legally dicey new online service called LuiDB”.

“Similar to Leakedsource, LuiDB allows registered users to search for account details associated with any data element compromised in a breach — such as login, password, email, first/last name and Internet address,” Krebs noted. “The first search is free, but viewing results requires purchasing a subscription for between $5 and $400 in Bitcoin.”

“The intrusion granted access to each individual website files,” Verticalscope said in a statement to Krebs. “Out of an abundance of caution, we have removed the file manager, expired all passwords on the 6 websites in question, added the malicious file pattern and attack vector to our detection tools, and taken additional steps to lock down access.”

The company did not provide any details regarding when and how the attack took place or who carried out the hack. IBTimes UK has reached out to Verticalscope for further details.

The post Verticalscope #hacked again: At least 2.7 million #accounts #compromised in second major #data #breach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Was Equifax Hacked Again?

Source: National Cyber Security – Produced By Gregory Evans

Was Equifax Hacked Again?

While Equifax continues to deal with the fallout of the massive data breach it announced in September, a security expert is raising fears that the consumer credit rating agency might have another security problem on its hands.

Independent security analyst Randy Abrams says the site redirected some visitors to download a fraudulent update for Adobe Flash that, when clicked, would infect the user’s computer with Malware. (Fortune was unable to reproduce the steps that caused the ‘update’ to appear on Thursday morning.)

Abrams, who says he encountered the spyware three times on Wednesday, posted a video warning people what to look out for.

When users attempted to contest incorrect information on their credit report, the site redirected them to an unfamiliar URL, which prompted the update.

The Flash “update” was actually a file called MediaDownloaderIron.exe, which was infected with Adware.Eorezo, an adware program that only sounds alarms on three of the leading virus scanners.

Equifax, in a statement, said they were aware of the matter and have taken the page offline.

“We are aware of the situation identified on the equifax.com website in the credit report assistance link,” said a spokesperson. ” Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”

The September breach at Equifax exposed the personal data of nearly half the country. It has spawned class-action lawsuits and Congressional investigations, but many have criticized the company’s response, which included executive stock selloffs and a security check tool that asked for even more personal information.

Source:

The post Was Equifax Hacked Again? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The DNC Begins Cybersecurity Effort To Try To Make Sure 2016 Doesn’t Happen Again

Source: National Cyber Security – Produced By Gregory Evans

Phishing drills, top Silicon Valley hires, constant cybersecurity education, emails in the cloud, Tom Perez on Signal, and end-to-end encryption apps like Wickr, which the rest of the Democratic party committees have already adopted. The DNC’s new CTO, now concluding an internal security review, wants a “culture change inside the…

The post The DNC Begins Cybersecurity Effort To Try To Make Sure 2016 Doesn’t Happen Again appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why Russia Will Hack Again

Source: National Cyber Security – Produced By Gregory Evans

The Trump presidency has been an endless, overwhelming swirl of scandal. Whether it’s using the presidency to promote his businesses, firing former FBI Director James Comey, providing support and comfort to neo-Nazis in Charlottesville, Virginia or pardoning a sheriff held in contempt of court, President Donald Trump has invited fresh…

The post Why Russia Will Hack Again appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Florida deputy pleads guilty again in identity theft case

Source: National Cyber Security – Produced By Gregory Evans

WEST PALM BEACH, Fla. (AP) – A Florida sheriff’s deputy has pleaded guilty once again to identity theft after withdrawing a previous guilty plea. A U.S. Attorney’s Office news release says 42-year-old Frantz Felisma pleaded guilty Thursday to aggravated identity theft and access device fraud, the same charges he previously…

The post Florida deputy pleads guilty again in identity theft case appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How to Make Your Ex Boyfriend Miss You – Make Him Crave to Be With You Again

They say that all’s fair in love and war but they likely never were dumped by the man they adore. Being in a relationship and then suddenly losing that person is devastating. You feel alone, confused and scared. Often, it’s hard to see the break up coming until it smacks you in the face. Then you’re faced with the excruciating choice of moving forward and trying to rebuild your life without the man you love or figuring out a way to get him back. Read More….

The post How to Make Your Ex Boyfriend Miss You – Make Him Crave to Be With You Again appeared first on Dating Scams 101.

View full post on Dating Scams 101

Russia’s Fancy Bear Hackers Are Stealing Athlete Drug Data Again

Russia’s Fancy Bear Hackers Are Stealing Athlete Drug Data AgainSource: National Cyber Security – Produced By Gregory Evans The Fancy Bear hackers, believed to be sponsored by Russia’s main intelligence arm, the GRU, are back at it and have successfully breached the International Association of Athletics Federations. The IAAF is the world governing body for track and field. … The post Russia’s Fancy Bear […]

The post Russia’s Fancy Bear Hackers Are Stealing Athlete Drug Data Again appeared first on AmIHackerProof.com.

View full post on AmIHackerProof.com | Can You Be Hacked?

Trump Vindicated, AGAIN, On Phony Russian Hacking Story

Source: National Cyber Security – Produced By Gregory Evans President Trump has been fighting an uphill battle against the mainstream media regarding Russia for months. Finally, it seems, the overdrawn and immediately debunked fallacy will be buried in a shallow grave, in a plot adjacent to the rest of … The post Trump Vindicated, AGAIN, […]

The post Trump Vindicated, AGAIN, On Phony Russian Hacking Story appeared first on AmIHackerProof.com.

View full post on AmIHackerProof.com | Can You Be Hacked?

Hacking Team hits back at ‘vigilante hackers’ again following Cellebrite breach

Source: National Cyber Security – Produced By Gregory Evans

Hacking Team hits back at ‘vigilante hackers’ again following Cellebrite breach

The recent high-profile Cellebrite data breach, which saw a vigilante hacker reportedly break into the Israeli phone hacking firm’s systems made headlines for the nature of the attack. Around 900GB data was reportedly stolen in the attack, which has angered …

The post Hacking Team hits back at ‘vigilante hackers’ again following Cellebrite breach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures