sensitive

now browsing by tag

 
 

EU looks to #blockchain to solve #cybersecurity problems while #easing #communication of #sensitive #data

Source: National Cyber Security News

The European Commission is to explore broader EU-level uses of blockchain beyond its original role in the oversight of cryptocurrencies, and is looking at the potential of the secure records management software to handle sensitive data passing between member states more efficiently and securely.

“In the next [EU budget], we would like to possibly make investments in areas like VAT reporting, chemicals registration, climate data and others,” said Pēteris Zilgalvis, head of unit for start-ups and innovation in the digital single market directorate. “You could have cross-border shared information in a digital ledger for those that need to know.”

Zilgalvis’ comments at a seminar in Brussels on Tuesday follow an announcement by the EU last week that it was establishing a forum to study the technology.

“It’s a breakthrough technology of great interest. But we don’t believe the hype, we’re taking a critical view of where it can be used,” Zilgalvis told an audience gathered by the Brussels-based think tank Bruegel.

Announcing plans for the forum last week, digital commissioner Mariya Gabriel said the EU wants to be at the forefront of the wider application of blockchain. “We have been funding blockchain projects since 2013.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Researchers #Hack Car Infotainment #System and Find #Sensitive User #Data Inside

Source: National Cyber Security – Produced By Gregory Evans

People who are worried about their security will use a secure phone, lock down their computer, and use strong passwords for their online accounts. But how many people have considered that their car could be leaking their most sensitive data?

A researcher who recently decided to investigate his car’s infotainment system found that it was not designed using modern software security principles, yet it stored a lot of personal information taken from his phone that could be valuable to hackers.

Executing code on the car’s infotainment unit was extremely easy by connecting a USB flash drive with specially crafted scripts. The system automatically picked up those files and executed them with full administrative privileges.

Car enthusiasts have used the same method in the past to customize their infotainment systems and run non-standard applications on them, but Gabriel Cîrlig, a senior software engineer at security firm Ixia, wanted to understand the security implications of this technique.

What he found was a major privacy issue where call histories, contacts, text messages, email messages, and even directory listings from mobile phones that had been synchronized with the car, were being stored persistently on the infotainment unit in plain text.

Mobile operating systems like Android and iOS go to great lengths to protect such data by restricting which applications have access to it or by allowing users to encrypt their devices. All that security could be undone if people pair their devices over Bluetooth with an infotainment system like the one found in Cîrlig’s car.

Cîrlig and an Ixia colleague Ștefan Tănase decided to go even further and investigate how the car’s infotainment unit could be potentially abused by an attacker or even law enforcement to track users and obtain information about them that they couldn’t otherwise get from their mobile devices.

The researchers presented their findings Friday at the DefCamp security conference in Bucharest, but declined to disclose the car make or model because they’re still in the process of reporting the privacy issue they found. However, they mentioned that the car was made by a Japanese manufacturer.

Cîrlig told me that there is a firmware update available that blocks the USB attack vector on his car, but installing it requires going to a dealership. This means that a large number of cars will likely never be patched.

The infotainment system itself is a hacker’s paradise and is more powerful than most embedded devices, including home routers. It has a Cortex-A9 CPU with 1GB of RAM, as well as Wi-Fi and GPS. The operating system is based on Linux and has a fully functional Bash command-line shell with all its usual utilities. On top of that, there are various debugging tools, including for the GPS, that the system’s developers did not bother to remove, according to Cirlig.

It looks like technology that was created in a rush without any concern for security engineering, Cîrlig told me. “A production system, at least for a car, should be completely locked down.”

He thinks that some of the software design choices were driven by convenience, like the storing of unencrypted user sensitive data indefinitely instead of requesting it again from the phone when the device is in proximity.

In addition to data copied from mobile devices, Cîrlig found other sensitive information on the infotainment unit, such as a list of favorite locations the car has been driven to or from, voice profiles, vehicle status information, and GPS coordinates.

For their presentation, Cîrlig and Tanase showed a proof-of-concept malware program—a Bash script—that when executed via USB, continuously looked for open Wi-Fi hotspots, connected to them and could exfiltrate newly collected data. By combining this malware with location data from the GPS, an attacker could also track the car in real time on a map.

To make things worse, the rogue script is installed as a cron job—a scheduled task on Linux—and is persistent. Even if the infotainment system is reset to factory defaults, cron jobs are not removed, the researchers said.

Hackers could take the attack even further and create a USB worm, where a compromised infotainment system could infect all USB dongles plugged into it and potentially spread the infection to other cars, Cîrlig said. Or the car could be used in a wardriving scenario, trying to automatically exploit Wi-Fi networks and other systems it encounters, he said.

The development of infotainment systems is usually outsourced to third-party electronic component suppliers and not made by the automobile manufacturers themselves. Other researchers have shown in the past that there are ways to jump from the infotainment systems to more critical electronic control units (ECUs)—the specialized embedded computers that control a car’s functions.

The auto industry continues to work using outdated programming principles and very old technology stacks that would be unacceptable today in a modern software development environment; and that needs to change, Cîrlig said. “For someone like myself who has a software development background, that style of coding looks ancient, from the age of the dinosaurs.”

The post Researchers #Hack Car Infotainment #System and Find #Sensitive User #Data Inside appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

I’m quite sensitive to women. I saw how my sister got…………..

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ I’m quite sensitive to women. I saw how my sister got treated by boyfriends. I read this thing that said when you are in a relationship with a woman, imagine how you would feel if you…

The post I’m quite sensitive to women. I saw how my sister got………….. appeared first on Become007.com.

View full post on Become007.com

Army authorities foil hackers’ bid for sensitive information

Source: National Cyber Security – Produced By Gregory Evans

Army authorities foil hackers’ bid for sensitive information

Many serving Indian Army officers have received a suspicious e-mail purportedly from the principal controller of defence accounts (officers) PCDA (O). The email contained a link and asked the recipients …

The post Army authorities foil hackers’ bid for sensitive information appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

BDSwiss Trading Hacked; Sensitive Data, Passports, Credit Cards Leaked

bdsw

Source: National Cyber Security – Produced By Gregory Evans

BDSwiss Trading Hacked; Sensitive Data, Passports, Credit Cards Leaked

EUROPE’S LARGEST TRADING FIRM BDSWISS SUFFERS DATA BREACH; HACKERS ACCUSE THE OWNER OF MONEY LAUNDERING, MURDER AND SCAM LEAK SENSITIVE DATA INCLUDING NEO-NAZI PICTURES, NUDE PICTURES OF HOLLYWOOD CELEBRITIES, PASSPORTS AND CREDIT CARDS SAVED ON THE SERVER.
On September 5th,

The post BDSwiss Trading Hacked; Sensitive Data, Passports, Credit Cards Leaked appeared first on National Cyber Security.

View full post on National Cyber Security

Hackers could steal sensitive data just by listening to a hard drive

tin-can-phone-580x358

Source: National Cyber Security – Produced By Gregory Evans

Hackers could steal sensitive data just by listening to a hard drive

BAD NEWS on the insecurity front. Fiendish researchers have worked out and demonstrated another way to access and exploit your personals.
The researchers from Cornell University warned that a thing called DiskFiltration is your new nightmare, that is if you’ve

The post Hackers could steal sensitive data just by listening to a hard drive appeared first on National Cyber Security.

View full post on National Cyber Security

20 Questions to Ask Her to Show Your Sensitive Side

Not all women go for the caveman and a sensitive soul is highly attractive. To show her you’re not like the others, ask her a few of these questions. Deciding which role to fulfill is a real tough call for the modern guy in the dating arena. Read More….

The post 20 Questions to Ask Her to Show Your Sensitive Side appeared first on Dating Scams 101.

View full post on Dating Scams 101

A hacker cartel is using a mysterious Flash vulnerability to steal sensitive business data

Source: National Cyber Security – Produced By Gregory Evans

Hackers are using a mysterious, as yet undiscovered, Flash vulnerability, to steal sensetive business data from Macbook and Windows users, according to researchers at Kaspersky Lab. Kaspersky Lab revealed the campaign in a threat advisory, warning a hacker group, known as Wild Neutron is using the “unknown Flash Player exploit” to infect companies and private web users with a data siphoning malware. “The initial infection vector from the 2014-2015 attacks is still unknown, although there are clear indications that the victims are exploited by a kit that leverages an unknown Flash Player exploit,” read the advisory. The attacks have reportedly targeted businesses involved in law, the Bitcoin cryptocurrency, investment, IT, healthcare, and real estate. Known targets have been detected in France, Russia, Switzerland, Germany, Austria, Palestine, Slovenia, Kazakhstan, UAE, Algeria, and the United States. Kaspersky Lab director of global research and analysis team Costin Raiu said Wild Neutron’s wide range of targets is atypical and indicates the attackers are significantly more advanced than most cyber crime groups. “The group’s targeting of major IT companies, spyware developers (FlexiSPY), jihadist forums (the ‘Ansar Al-Mujahideen English Forum’) and Bitcoin companies indicate a flexible yet unusual mindset and interests,” he said. The Kaspersky researchers said […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post A hacker cartel is using a mysterious Flash vulnerability to steal sensitive business data appeared first on National Cyber Security.

View full post on National Cyber Security