Posted by Admin | Investing

Another week, another revelation of a huge breach with possibly far-reaching consequences. Well, two of those this week, really. First, Symantec disclosed that hackers–likely based in Russia, even though the security firm did not go so far as to name names–had hacked more than 20 power companies in North America and Europe , and at a small number of cases, had immediate access to their management systems. And Equifax confessed it had been the goal of a breach that stole 143 million Americans’ data, among the worst data spills {}, and one that raises concerns about information centralization, especially for Social Security Numbers .

Megabreaches aside, Facebook confessed that a Russian troll farm had spent $100,000 on sway ads during last year’s election. Google patched a flaw in Android that would permit a nasty “toast overlay” assault to take control of apparatus. WIRED dug to the long-running collection of scams and scams plaguing new monies in the cryptocoin market . And we talked to the Democratic National Committee’s chief technology officer about how he hopes to stop the next attack targeted at disemboweling the celebration.

And there is more. As always, we have rounded up all of the news we did not break or pay in depth this week. Click on the headlines to see the complete stories.

Researchers Uncover Serious Holes in Germany’s Voting Software

After hackers thought to be Russian meddled in both the US and French elections, Germany is probably next on the target list. And this week the Chaos Computer Club, a German collective of hackers and security researchers, exposed the results of the unsolicited audit of the nation’s voting infrastructure. They found a program named PC-Wahl, employed for recording, counting, displaying, and analyzing votes in German elections from the local level to the federal government. The hackers discovered that they could tainted the updates in the server controlling that applications to re-tabulate votes at will, with possibly disastrous consequences for the nation’s October parliamentary election. The CCC says that VOTE-IT, the company behind the software, independently fixed the security defects that the group exposed while publicly refusing to admit the vulnerabilities.

Ultrasonic Voice Commands Can Hijack Siri and Amazon Echos

Nowadays, it isn’t only politicians who can use “dog-whistles” to send messages meant just for a very particular audience. So can hackers. Researchers at the University of Zhejiang have proven they can send ultrasonic signals to voice supporters such as your iPhone’s Siri, Amazon’s Echo, Google Now, as well as the voice control systems of an Audi car that are inaudible to humans, but nonetheless picked up and obeyed by these systems. Their technique, which they call DolphinAttack, may be accomplished with only a couple dollars of gear like an ultrasonic transducer and a battery, in addition to a smartphone, and might allow hackers to quietly “talk” to nearby devices and lead them to visit malware-infected sites, make calls which stream audio for surveillance purposes, or other mischief. And because the attack takes advantage of physical attributes of the mic that make it to pick up commands from ultrasonic waves, there is no easy cure for the issue.

Critical Bug in Open-Source Framework May Endanger Corporate Data A bug announced this week at the Apache Struts web application software could allow attackers to take over servers running applications built with the framework, allowing the intruders to steal or manipulate sensitive information. The bug is now patched, but is important since many associations and Fortune 100 firms run and rely on applications that are affected. The vulnerability specifically impacts an Apache Struts plugin named REST that has existed since 2008. Vulnerable systems are everywhere, from public-facing platforms for reservations and banking to back-end software in a business, and researchers say exploiting the bug is easy using a web browser. They had not seen evidence that the insect has been exploited before their statement, but stressed how important it is for organizations to spot and monitor their systems.

Resumes of Army and Intelligence Personnel Discovered at Unsecured S3 Bucket Roughly 9,400 sensitive resumes, many from US specialists, were found available and exposed in a recruitment firm’s Amazon Web Services server, based on Chris Vickery and other investigators in the UpGuard security company. The resumes date back to 2008 and were from applicants applying to work for the personal security team TigerSwan, which contracted with the third party TalentPen until February. A few of the applicants claimed in their resumes to possess US government top secret clearance, and lots of detailed sensitive military and intelligence work. The files also naturally included personal information like email addresses, telephone numbers, home addresses, and even passport numbers and partial social security numbers. A few of the submissions were from Iraqi and Afghan nationals who worked with US organizations. “While offenders could use the deep understanding of work experience and individual details … the value of the database to foreign intelligence agencies if they were to get it’s not insignificant,” UpGuard noted.

Widespread Protests Criticizing Togolese Government Prompt Telecommunications Blackouts Starting on Tuesday, internet users in Togo started reporting inaccessible or slow internet and wireless connections, and lost access to communication platforms such as WhatsApp, Facebook, as well as SMS text messaging over mobile networks. The country was undergoing widespread blackouts by Thursday, and a few residents traveled to Togo’s borders searching for connectivity leaking in from neighboring states. The West African NGO Internet Without Borders and the online infrastructure company Dyn both supported local reports. The blackouts are in response to extensive protests demanding Togolese President Faure GnassingbĂ©’s resignation. Governments in countries such as Gabon and Cameroon have utilized similar repression approaches to try to quiet dissent.


You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Your email address will not be published. Required fields are marked *