ring

now browsing by tag

 
 

#deepweb | Police in Midlands praised for bringing down Dark Web paedophile ring

Source: National Cyber Security – Produced By Gregory Evans A SPECIALIST police unit in the West Midlands has been credited with helping bring down one of the most shocking online paedophile rings in recent history. Yesterday (23 Jan) Portuguese police held a press conference praising the cooperation of law enforcement agencies across the world in […] View full post on AmIHackerProof.com

#cybersecurity | hacker | Ring camera hacks show the need for better IoT security

Source: National Cyber Security – Produced By Gregory Evans

Ring camera doorbells gained fame for catching porch pirates steal packages but after several high-profile cases where hackers gained control of them they are being held up by the cybersecurity industry as a prime example why companies and homeowners need to take IoT security seriously.

The Ring
cases revolve around malicious actors hijacking these devices and using them to
communicate with people inside the home. In an incident in Mississippi a
malicious actor used an internal Ring camera to talk to a young girl using racial
slurs and back in October another hacker gained control of a Nest camera and
threatened to kidnap a baby.

It is believed in each case the malicious actors took advantage of the device’s poor security to gain access. In the case of the Ring camera, which his owned by Amazon, the company recommended to those buying or who already have a Ring to not reuse old passwords and to implement MFA to make it more difficult to hack.

Keeping home
devices up to date with secure logins and having the latest security patches is
now a must for anyone who has installed this or any type of IoT said Avast Vice
President Leena Elias.

“Ordinary
people now need to be able to assess the security of new tech devices that
could be used against them,” We need to use a wide variety of security measures
to ensure that devices connected to our home networks are secure,” she said,
adding to not forget about the home’s router which is frequently shipped with a
standard admin login that needs to be changed.

One of the reasons consumers don’t update is that they are simply unaware of the need and the benefits of doing so. Another factor is difficulty. Gaining access to the admin functions is not always a simple matter for the average person.

“Recent
studies in the financial industry have found consumers are willing to embrace
more engagement around fraud prevention if it means their information is
secured (think: multi-factor authentication.) However, if consumers aren’t
aware of the benefits associated with taking more control, they leave
themselves vulnerable to malicious attacks. Sherif Samy, senior vice president,
North America for Entersekt.

Original Source link

The post #cybersecurity | hacker | Ring camera hacks show the need for better IoT security appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Litany of Bad Behavior At Bezos’ RING

Source: National Cyber Security – Produced By Gregory Evans Based on outrage as to the marketing tactics of Amazon’s RING unit (and the serious flaws discovered weekly with this hardware home security solution), I predict signifant lawfare targeting the company, for both it’s privacy related SNAFUs (and the product line’s deep security flaws) as well […] View full post on AmIHackerProof.com

#infosec | Artificial Fingerprint Ring Could Combat Biometric Data Theft

Source: National Cyber Security – Produced By Gregory Evans

A cybersecurity company has teamed up with a 3D accessory designer to produce a ring that could tackle the issue of what to do if your biometric data is stolen. 

The attractive and wearable piece of jewelry features a synthetic fingerprint that can be used to unlock phones, make payments, or even access a home or office. 

Unlike the actual fingerprint of a living human, which can never be replaced if lost, the artificial biometric identifier can be erased and substituted with a new version in the event of an identity theft. 

The ring represents the collaborative efforts of cybersecurity firm Kaspersky, Swedish designer Benjamin Waye, and creative agency Archetype.

“By combining the elements of art and technology, the ring makes the person wearing it stand out from the crowd as a visionary,” said the ring’s designer, Waye.

“It is a different approach to how we wear jewelry. Usually, it is much more practical. Not only is it considered beautiful, but it has been designed with the aim of helping to solve a quite serious problem in today’s modern life. It helps preserve our uniqueness in a world where everything could otherwise be copied.”

In 2015, the Office of Personnel Management (OPM) hack in the United States caused 5.6 million fingerprints to be leaked. More recently, the fingerprints of over 1 million people were discovered on a publicly accessible database used by the UK Metropolitan police, defense contractors, and banks. That is in addition to multiple examples where researchers have demonstrated proof-of-concept schemes that allow human fingerprints to be stolen with the help of digital cameras and other widely available tools.

“While the ring is just one of the possible ways to tackle the current cybersecurity problems related to biometrics, this is certainly not a silver bullet,” said Marco Preuss, director of the global research and analysis team at Kaspersky, Europe. 

“A real solution will involve creating measures and technologies that would guarantee the protection of people’s unique identities. Such a solution is yet to be developed, and the current situation surrounding the safety of biometrics is not where it needs to be.”

Although the ring is a proof-of-concept piece, it paves the way for further discussion on securing biometric data.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Artificial Fingerprint Ring Could Combat Biometric Data Theft appeared first on National Cyber Security.

View full post on National Cyber Security

Ring Flaw Underscores Impact of IoT Vulnerabilities

Source: National Cyber Security – Produced By Gregory Evans

A vulnerability in Amazon’s Ring doorbell cameras would have allowed a local attacker to gain access to a target’s entire wireless network.

A vulnerability in Amazon’s Ring Video Doorbell Pro IoT device could have allowed a nearby attacker to imitate a disconnected device and then sniff the credentials of the wireless networks when the owner reconfigured the device, according to a report issued by security firm Bitdefender.

The issue, which was fixed by Amazon in September, underscores the impact of a single insecure Internet-of-Things device on the organization in which it is deployed. While the vulnerability may only occur in a single network device, the result of the flaw could be leaked information — the wireless network password, for example — which  would have far more serious repercussions.

“IoT is a security disaster, any way you look at it,” says Alexandru Balan, Bitdefender’s chief security researcher. “Security is not the strong suit of IoT vendors — only rarely, do we see vendors who take security seriously.”

The discovery of a serious vulnerability in a popular IoT product comes as businesses and consumers increasingly worry about the impact that such devices may have on their own security. Only about half of security teams have a response plan in place to deal with attacks on connected devices, according to recent report from Neustar. Even critical-infrastructure firms, such as utilities that have to deal with connected operational technology, a widespread class of Internet-of-Things devices, are ill-prepared to deal with vulnerabilities and attacks, the report says.

Vulnerabilities in IoT devices can have serious repercussions. In July, a team of researchers found widespread flaws in the networking software deployed in as many as 200 million embedded devices and found millions more that could be impacted by a variant of the issue in other real-time operating systems.

The issue with Amazon Ring is not as serious but it is a reminder that vulnerabilities can still be easily found in the devices by attackers paying attention, says Balan“We tend to look at the popular devices, and those tend to have better security than the less popular devices,” 

The rest of the Ring device’s communications are encrypted and secure, according to Bitdefender. The mobile application only communicates with the device through the cloud, even if the app and device are already on the same network, the company’s analysis stated. Cloud communications are conducted over encrypted connections to API services using Transport Layer Security (TLS) and certificated pinning. 

The device’s initial connection with the local network is the only time that it sends data without encryption, Balan says. “This is a proximity based attack, so its not that big of a threat on a global scale. You need to be with a hundred meters or so to issue the deauthentication packets and force the user to reset the password.”

The existence of the vulnerability is not an indicator of the commitment of Ring’s security team, Balan adds, noting that within a few days Amazon responded and two months later closed out the report. By September, the company issued a patch — within three months after the initial communication, according to Bitdefender’s disclosure timeline. As of November, all affected devices had been patched, which Balan says is a better outcome then the majority of disclosures that Bitdefender works on with other IoT vendors.

“Amazon is one of the few that take security seriously,” he says. “Inherently everything has some flaw that will be discovered. The only challenge with IoT is whether you take that disclosure seriously.”

The trend that more vulnerabilities are being discovered in popular products is a sign that the manufacturers are paying attention and responding to researchers, Balan observes. “If someone does not have vulnerabilities disclosed in their product, then that is likely the most risky product, from a security perspective. If the vulnerabilities were discovered, then props to them — that’s a good thing.”

Related Content

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “What a Security Products Blacklist Means for End Users and Integrators.”

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

More Insights

Click here for the news story.

The post Ring Flaw Underscores Impact of IoT Vulnerabilities appeared first on National Cyber Security.

View full post on National Cyber Security

2 more members of ATM skimmer ring plead guilty

Source: National Cyber Security – Produced By Gregory Evans

NEWARK– Two men who were among 13 people accused of using secret card readers and pinhole cameras attached to ATMs to obtain banking information pleaded guilty Thursday, the U.S. Attorney’s Office said. Florin Mares, 49, and Gabriel Mares, 44, of College Point, N.Y., pleaded guilty to conspiracy to commit bank…

The post 2 more members of ATM skimmer ring plead guilty appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Identity theft ring bought information online, used student loan website to get $12 million in tax refunds

Source: National Cyber Security – Produced By Gregory Evans

Identity theft ring bought information online, used student loan website to get $12 million in tax refunds

Two people were indicted on federal charges related to a $12 million scam in which they stole identities in order to file fake tax returns and profit from the refunds. Taiwo K. Onamuti, 29, Doraville, Ga., and Muideen A. Adebule, 49, Indianapolis, face 23 federal charges including aggravated identity theft,…

The post Identity theft ring bought information online, used student loan website to get $12 million in tax refunds appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Front Range Identity Theft Ring Busted

Source: National Cyber Security – Produced By Gregory Evans

Front Range Identity Theft Ring Busted

A grand jury indicted 11 people on Wednesday, accused in an elaborate identity theft ring. Prosecutors say the suspects stole mail from victims’ homes along the front range, gathering any personal information they could find. They allegedly used that information to make counterfeit checks, then traded the blank checks for…

The post Front Range Identity Theft Ring Busted appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Central OH group charged with running identity theft ring

Source: National Cyber Security – Produced By Gregory Evans

Central OH group charged with running identity theft ring

A federal grand jury has charged five individuals in an identity theft ring that allegedly used victims’ information to obtain and use new and existing in-store lines of credit at well-known retailers in an indictment returned here yesterday. Benjamin C. Glassman, United States Attorney for the Southern District of Ohio, Frank S. Turner II, Special Agent in Charge, Internal Revenue …

The post Central OH group charged with running identity theft ring appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Additional sex charges raise new concerns of possible trafficking ring

Police forwarded new information to prosecutors that they believe could result with a human trafficking charge being filed against a former Muskogee firefighter who already faces several sex crimes.

Muskogee Police Officer Lincoln Anderson said during a news conference Tuesday the investigative findings have prompted concerns about a possible child pornographic, trafficking ring. Anderson said investigators have identified a second child who is believed to be a victim an another adult co-conspirator.

Zackery Blaine Perry, 30, was charged Jan. 19 with four felonies that included possessing and distributing child pornography, sexual exploitation of a child and crimes against nature. He was charged Monday along with Melissa Skelton, 26, for conspiracy and sexual abuse of a child younger 12 years old — both are being held without bond.

Read More

The post Additional sex charges raise new concerns of possible trafficking ring appeared first on Parent Security Online.

View full post on Parent Security Online