News of a security researcher hacking into the in-flight entertainment (IFE) system and crossing over to system that control avionics (all while the plane was in flight) has been making the rounds over the last week. While many in the security industry feel that this story is being blown out of proportion, it is still being actively reported on. This article takes a look at how such an attack could take place. From the article:
It was once believed that the cockpit network that allows the pilot to control the plane was fully insulated and separate from the passenger network running the in-flight entertainment system. This should make it impossible for a hacker in a passenger seat to interfere with the course of the flight.
But the unfolding story of this hacker’s achievement, which has prompted further investigation by authorities and rebuttals from plane manufacturers, means that this assumption needs to be revisited.
It is worth saying that all of this should be taken with a grain of salt until it is proven that the hacker actually did what he claims (he also claimed to hack the international Space Station (ISS) and altered the temperature of the craft.
In this article, a spokesman for Boeing states that IEF and avionic systems are isolated from one another and the claims made by the hacker are false. From the article:
While these systems receive position data and have communication links, the design isolates them from the other systems on airplanes performing critical and essential functions…
This article discusses the recently discovered “Venom” vulnerability that is said to affect millions of systems connected to the Internet. While the flaw was recently discovered, it is said to have been exposed since 2004 and affects virtualization platforms. From the article:
“VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems.”
This article is reporting that United Airlines is offering free air miles in a new bug bounty program that will pay researchers to find flaws in the airlines website. From the article:
United’s bug bounty program, however, offers rewards in the form of air miles – ranging from 50,000 free miles for low-level bugs (cross-site request forgery, bugs in third party software affecting United), to 1 million miles for the highest level kind of bug – remote code execution.
To qualify for a reward, hackers need to be signed up as members of the airline’s MileagePlus reward program – and they need to comply with a strict set of eligibility rules.
This article is reporting on a new Breaking Bad themed ransomware that has been found in the wild. So far the ransomware is targeting Australian computers but will no doubt spread over time. From the article:
The malware authors cooked up their ransom demand message using the ‘Los Pollos Hermanos’ branding image found in the show. Along with this, part of the email address used in the extortion demand is based on a quote by the show’s protagonist Walter White, who declared “I am the one who knocks.”
You would think that the answer to the question “should hacking be legalized” would be common sense but this article examines the question regardless. From the article:
I don’t believe hacking should be legalized. It takes a special kind of mind to express curiosity despite the threat of severe outcomes, and I think that kind of pressure helps mold and mature the hacker mind (and eventually take it out of the realm of *criminal* curiosity).
According to this article, and base on a recently released report by news organization USA Today, the US national power grid is subject to physical or online attacks approximately once every four days. From the article:
Although the repeated security breaches have never resulted in the type of cascading outage that swept across the Northeast in 2003, they have sharpened concerns about vulnerabilities in the electric system. A widespread outage lasting even a few days could disable devices ranging from ATMs to cellphones to traffic lights, and could threaten lives if heating, air conditioning and health care systems exhaust their backup power supplies.
By now most people are familiar with ransomware. This type of malware encrypts your files on your hard drive and forces you to pay money in order to obtain the decryption key. This article is reporting on a new strain of ransomware found in the wild. Fortunately, this strain was coded poorly which can allow victims to unencrypt their data without coughing up cash for the decryption key. From the article:
The Scraper ransomware, originally known as Torlocker, was discovered in October last year and granted the name Trojan-Ransom.Win32.Scrape. The ransomware encrypts a victim’s files — including documents, video, images and database copies — and demands a ransom of at least $300 to unlock and decrypt documents.
However, due to errors in encryption algorithms, in 70 percent of cases files can be unlocked without submitting to the attacker’s demands.
According to this article, President Obama announced an executive order last week that would allow the Treasury Department yo impose financial sanctions against hackers that pose a “significant threat” to national security. From the article:
This Executive Order authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to impose sanctions on individuals or entities that engage in malicious cyber-enabled activities that create a significant threat to the national security, foreign policy, or economic health or financial stability of the United States,” Obama said In a statement announcing Wednesday’s executive order.
So far this year there have been 2 major security breaches affecting healthcare organizations. Last month, Anthem announced 80 million records containing customer information had been breached and this month Premera Blue Cross suffered a breach that affected 11 million customer records. This article examines 4 common tactics that were used by the bad guys to pull these breaches off.
According to this article, Britain’s spy agencies are warning companies to strip employees of smartphones and USB thumb drives in order to better protect themselves from cyber attacks. From the article:
Advice issued by GCHQ, the government’s listening post, and other departments warns firms that staff are the “weakest link in the security chain” and protective action must be taken.
If you recall, there were several high profile data breaches last year that affected consumers of Home Depot, Michael’s Stores, and Target. Based on recently released research by IBM X-Force, this article is reporting that approximately 1 billion records were compromised in data breaches in 2014. From the article:
IBM researchers say cyberattackers are more often applying creative ways and new approaches to fundamental attacks including DDoS and the use of malware in order to steal valuable information, ranging from sensitive data which can be used in identity theft to financial account details. As a result of the evolving threat landscape, 2013 saw a surge in leaked records, with approximately 800,000 stolen. However, there was a rise of 25 percent in leaked records, reaching a staggering one billion.
This article takes a look at the evolution of hackers. Once a hobby for curious teenagers, hacking is now a tool for government spies, thieves, and others. from the article:
Today, it’s all about the money. That’s why Chinese hackers broke into Lockheed Martin and stole the blueprints to the trillion-dollar F-35 fighter jet. It’s also why Russian hackers have sneaked into Western oil and gas companies for years.
This article discusses the recently discovered vulnerability dubbed FREAK (Factoring Attack on RSA-EXPORT Keys) that affects a flaw in SSL/TLS protocols that are used to encrypt sensitive data sent over the Internet. From the article:
When you use the Internet, your computer communicates with your server on how best to protect your data. Due to the FREAK flaw, some software, including Apple’s Secure Transport, can be manipulated into accepting the weaker encryption program, which can then be hacked by a sophisticated hacker to steal your data. This type of hacking is called a “man-in-the middle attack” and is used to steal and unencrypt what the victim believes is protected, encrypted communications.
More and more home solutions (such as surveillance systems, heating, air conditioning, etc.) offer options for control over the Internet. While convenient, these devices can also introduce security risks. This article provides 7 steps to boost the security of these devices. From the article:
According to research architect Brandon Creighton, with application security provider Veracode, “At the end of the day, you’re installing a device that is really just a tiny computer.” Even with something as simple as a smart light socket that you can control remotely with your phone, what makes that possible is the little computer in the switch that can talk to the Internet—which means that Internet users can talk back.
This article examines a new trend where loyalty cards for shopping establishments are now being targeted by those with malicious intent. From the article:
Going forward, consumers could be hearing more about rewards points hacks. Late last year, American Airlines and United Airlines began notifying customers through e-mails that hackers stole usernames and passwords from a third-party source. Some customers lost miles as a result.
This article is reporting that Google ha withdrawn encryption-by-default for Android Lollipop the next update of the operating system for Android devices. The idea of default encryption was dropped due to performance issues.
According to this article, D-Link has released security patches for several of its home router products to correct vulnerabilities discovered by an independent researcher. From the article:
D-Link has now acknowledged the existence of a problem, saying that three new firmware updates have been released for its DIR-820L router.
In an advisory, the company said it will release additional firmware updates over the coming week…
Additionally, the article goes on to list the flowing models of D-Link routers that are vulnerable to the newly discovered flaws: