News – Page 37 – New England Safety Partners, LLC

Credit Card Fraud That Bypasses 2FA

September 20, 2022 Cyber Security Ed Gardner 0

Someone in the UK is stealing smartphones and credit cards from people who have stored them in gym lockers, and is using the two items in combination to commit fraud:

Phones, of course, can be made inaccessible with the use of passwords and face or fingerprint unlocking. And bank cards can be stopped.
But the thief has a method which circumnavigates those basic safety protocols.
Once they have the phone and the card, they register the card on the relevant bank’s app on their own phone or computer. Since it is the first time that card will have been used on the new device, a one-off security passcode is demanded…

CISA Releases Eight industrial Control Systems Advisories

September 19, 2022 Welcome Ed Gardner 0

Original release date: September 19, 2022 | Last revised: September 20, 2022CISA has released eight (8) Industrial Control Systems (ICS) advisories on September 20, 2022. These advisories provide timely information about current security issues, vulner…

Large-Scale Collection of Cell Phone Data at US Borders

September 19, 2022 Cyber Security Ed Gardner 0

The Washington Post is reporting that the US Customs and Border Protection agency is seizing and copying cell phone, tablet, and computer data from “as many as” 10,000 phones per year, including an unspecified number of American citizens. This is done without a warrant, because “…courts have long granted an exception to border authorities, allowing them to search people’s devices without a warrant or suspicion of a crime.”

CBP’s inspection of people’s phones, laptops, tablets and other electronic devices as they enter the country has long been a controversial practice that the agency has defended as a low-impact way to pursue possible security threats and determine an individual’s “intentions upon entry” into the U.S. But the revelation that thousands of agents have access to a searchable database without public oversight is a new development in what privacy advocates and some lawmakers warn could be an infringement of Americans’ Fourth Amendment rights against unreasonable searches and seizures…

Large-Scale Collection of Cell Phone Data at US Borders

September 19, 2022 Cyber Security Ed Gardner 0

CBP’s inspection of people’s phones, laptops, tablets and other electronic devices as they enter the country has long been a controversial practice that the agency has defended as a low-impact way to pursue possible security threats and determine an individual’s “intentions upon entry” into the U.S. But the revelation that thousands of agents have access to a searchable database without public oversight is a new development in what privacy advocates and some lawmakers warn could be an infringement of Americans’ Fourth Amendment rights against unreasonable searches and seizures…

Friday Squid Blogging: Mayfly Squid

September 16, 2022 Cyber Security Ed Gardner 0

This is surprisingly funny.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.

Botched Crypto Mugging Lands Three U.K. Men in Jail

September 16, 2022 Cyber Security Ed Gardner 0

Three men in the United Kingdom were arrested this month after police responding to an attempted break-in at a residence stopped their car as they fled the scene. The authorities found weapons and a police uniform in the trunk, and say the trio intended to assault a local man and force him to hand over virtual currencies.

Massive Data Breach at Uber

September 16, 2022 Cyber Security Ed Gardner 0

It’s big:

The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times.
“They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. “This is a total compromise, from what it looks like.”

It looks like a pretty basic phishing attack; someone gave the hacker their login credentials. And because Uber has lousy internal security, lots of people have access to everything. So once a hacker gains a foothold, they have access to everything…

CISA Releases Eleven Industrial Control Systems Advisories

September 15, 2022 Welcome Ed Gardner 0

Original release date: September 15, 2022CISA has released eleven (11) Industrial Control Systems (ICS) advisories on September 15, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surroundi…

CISA Adds Six Known Exploited Vulnerabilities to Catalog

September 15, 2022 Ed Gardner 0

Original release date: September 15, 2022CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber ac…

Relay Attack against Teslas

September 15, 2022 Cyber Security Ed Gardner 0

Nice work:

Radio relay attacks are technically complicated to execute, but conceptually easy to understand: attackers simply extend the range of your existing key using what is essentially a high-tech walkie-talkie. One thief stands near you while you’re in the grocery store, intercepting your key’s transmitted signal with a radio transceiver. Another stands near your car, with another transceiver, taking the signal from their friend and passing it on to the car. Since the car and the key can now talk, through the thieves’ range extenders, the car has no reason to suspect the key isn’t inside—and fires right up…

« 1 … 35 36 37 38 39 … 233 »