Syrian Electronic Army returns with Thanksgiving press hack

Some visitors to sites including CBC, CNBC, Forbes, OK magazine, The Chicago Tribune, The Daily Telegraph, The Independent and The New York Times were met with a message saying "You've been hacked by the Syrian Electronic Army (SEA)."

Adobe publishes out-of-band Flash update – provides “booster dose” for October’s patches

Adobe has published a Flash update, dubbed APSB14-26. The new patch offers additional protection against a vulnerability that was originally addressed in October 2014.

Hacker Lexicon: What Is the Computer Fraud and Abuse Act?

Hacker Lexicon: What Is the Computer Fraud and Abuse Act?

The Computer Fraud and Abuse Act, also known as the CFAA, is the federal anti-hacking statute that prohibits unauthorized access to computers and networks. It was passed in 1984, and has been used to convict thousands of people, but critics say it's also been abused by prosecutors in cases that have nothing to do with hacking. They say the law is long overdue for an overhaul to curb misuse.

The post Hacker Lexicon: What Is the Computer Fraud and Abuse Act? appeared first on WIRED.








Should vapers fear malware-laced e-cigarettes?

A humorous and very likely apocryphal online comment has spun itself up into a major news item. It's tempting to simply ignore the whole nonsense and carry on as normal. But maybe there is something to learn here...

This Artist’s Images Integrate Code From Malware Like Stuxnet and Flame

This Artist’s Images Integrate Code From Malware Like Stuxnet and Flame

James Hoff's art glitches music and images with malware like NSA-created Stuxnet and the ILOVEYOU viruses.

The post This Artist’s Images Integrate Code From Malware Like Stuxnet and Flame appeared first on WIRED.








SSCC 175 – “My, what an ENORMOUS malware infection you have!” [PODCAST]

Here's the latest episode of our weekly security podcast. For your listening pleasure - the news you can use!

#1337day Slider Revolution/Showbiz Pro Shell Upload Exploit [webapps #exploits #0day #Exploit]

#1337day Pandora FMS SQL Injection Remote Code Execution Vulnerability [remote #exploits #Vulnerability #0day #Exploit]

#1337day Android Settings Pendingintent Leak Vulnerability CVE-2014-8609 [remote #exploits #Vulnerability #0day #Exploit]

#1337day Android SMS Resend Vulnerability CVE-2014-8610 [remote #exploits #Vulnerability #0day #Exploit]

#1337day Android WAPPushManager SQL Injection Vulnerability CVE-2014-8507 [remote #exploits #Vulnerability #0day #Exploit]

#1337day xEpan 1.0.1 Cross Site Request Forgery Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

#1337day Device42 DCIM Appliance Manager Traceroute Command Injection Exploit [webapps #exploits #0day #Exploit]

#1337day Device42 DCIM Appliance Manager Traceroute Command Injection Exploit [remote #exploits #0day #Exploit]

#1337day Device42 DCIM Appliance Manager Ping Command Injection Exploit [webapps #exploits #0day #Exploit]

#1337day Device42 DCIM Appliance Manager Ping Command Injection Exploit [remote #exploits #0day #Exploit]

Sony Pictures hackers release list of stolen corporate files

On Monday, employees at Sony Pictures Entertainment—the television and movie subsidiary of Sony Corp.—discovered that their internal corporate network had been hijacked. A message from an individual or group claiming responsibility appeared on corporate systems, pledging to release sensitive corporate data taken from the network by 11pm GMT on Monday.

Twitter accounts associated with promoting several movies, including Starship Troopers, were briefly hijacked by the attackers. The attackers posted to at least three Twitter feeds, leaving the same message: “You, the criminals including [Sony Pictures CEO] Michael Lynton will surely go to hell. Nobody can help you.” The image posted with the message shows a digitally edited image of Lynton’s head in a dark, hellish landscape.

As of this morning, the network at many Sony offices still appears to be down. Based on information reportedly shared by employees, it could be down for weeks before being restored. The Twitter accounts appear to be back under Sony Pictures’ control.

Read 5 remaining paragraphs | Comments

#1337day Elipse E3 HTTP Denial of Service Exploit CVE: 2014-8652 [dos #exploits #0day #Exploit]

Home Depot facing 44 lawsuits over data breach as clean-up cost reaches $43m

Home Depot, which revealed a huge data breach in September, said it now faces at least 44 civil lawsuits across the US and Canada after the security slip that left 56 million credit cards and 53 million email addresses exposed.

Dangers Of Shopping Are Evolving

Point-of-sale malware is making brick-and-mortar shopping more dangerous. Online, attackers are beginning to value user accounts with payment information attached more than credit card details themselves.

Custom Malware Sneaks Past Advanced Threat Detection Appliances In Lab Experiment

An independent test of advanced threat detection products demonstrates how they could be bypassed by attackers.

Oops: After Threatening Hacker With 440 Years, Prosecutors Settle for a Misdemeanor

Oops: After Threatening Hacker With 440 Years, Prosecutors Settle for a Misdemeanor

The defense attorney for one young hacker with ties to Anonymous argues prosecutors indicted his client on 44 baseless felony charges as an intimidation and smear tactic.

The post Oops: After Threatening Hacker With 440 Years, Prosecutors Settle for a Misdemeanor appeared first on WIRED.








Sony Pictures breached – or was it?

Sony has been in the computer security spotlight several times before, from rootkits and jailbreaking to industrial-scale data breaches. The company is back in the limelight again after a claimed "megahack"...

#1337day Mozilla Firefox 3.6 mChannel Use-After-Free Vulnerability [remote #exploits #Vulnerability #0day #Exploit]

#1337day All-in-One WP Migration 2.0.2 Remote Code Execution Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

#1337day FluxBB 1.5.6 SQL Injection Exploit [webapps #exploits #0day #Exploit]

#1337day Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406 Exploit [remote #exploits #0day #Exploit]

#1337day crea8social 1.3 – Stored XSS Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

#1337day Arris VAP2500 Authentication Bypass Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

#1337day WordPress Google Document Embedder 2.5.14 SQL Injection Vulnerability [webapps #exploits #Vulnerability #0day #Exploit]

Home Depot hit with “at least 44 civil lawsuits” due to data breach

Home Depot announced that it is facing “at least 44 civil lawsuits” in the United States and Canada stemming from 56 million customers' data being stolen and exposed earlier this year.

According to the disclosure, which was published Tuesday as part of the company’s quarterly earnings report, “We are also facing investigations by a number of state and federal agencies. These claims and investigations may adversely affect how we operate our business, divert the attention of management from the operation of the business, and result in additional costs and fines.”

One of the lawsuits, a proposed class-action suit filed in late September in federal court in San Francisco, alleged that Home Depot “failed to properly encrypt its customers’ data in violation of the [Payment Card Industry Data Security Standard].” That same month, former Home Depot security employees told The New York Times that the company repeatedly ignored warnings and undertook poor security for years.

Read 1 remaining paragraphs | Comments

#1337day phpMyRecipes 1.2.2 SQL Injection Exploit [webapps #exploits #0day #Exploit]

6 Million+ Email Accounts Worldwide Exposed In Past 3 Months

Spike in number of stolen accounts likely due to uptick in major data breaches, researchers say.

Sophos Techknow – Dealing with Ransomware [PODCAST]

No type of malware seems to get people's blood boiling quite as much as ransomware. Learn how to protect yourself in this episode of our Sophos Techknow podcast series...

Underground Carders Abusing Charities To Verify Stolen Payment Data

Charities' weak fraud controls make things easier on donors and criminals alike.