hacking   61591

« earlier    

A smart fish tank left a casino vulnerable to hackers • CNN
Selena Larson:
<p>Hackers attempted to steal data from a North American casino through a fish tank connected to the internet, according to a report from security firm Darktrace.

Despite extra security precautions set up on the fish tank, hackers still managed to compromise the tank to send data to a device in Finland before the threat was discovered and stopped.
"Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network," Justin Fier, director for cyber intelligence and analysis at Darktrace, explained to CNN Tech.

As internet-connected gadgets and appliances become more common, there are more ways for bad guys to gain access to networks and take advantage of insecure devices. The fish tank, for instance, was connected to the internet to automatically feed the fish and keep their environment comfortable -- but it became a weak link in a the casino's security.

The unnamed casino's rogue fish tank is one of nine unusual threats that Darktrace identified on corporate networks published in a report Thursday.</p>

security  iot  fishtank  hacking 
2 days ago by charlesarthur
Putin’s hackers now under attack—from Microsoft • Daily Beast
Kevin Poulsen:
<p>Last year attorneys for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft’s trademarks.  The action, though, is not about dragging the hackers into court. The lawsuit is a tool for Microsoft to target what it calls “the most vulnerable point” in Fancy Bear’s espionage operations: the command-and-control servers the hackers use to covertly direct malware on victim computers.  These servers can be thought of as the spymasters in Russia’s cyber espionage, waiting patiently for contact from their malware agents in the field, then issuing encrypted instructions and accepting stolen documents.

Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear. The company’s approach is indirect, but effective. Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them. These are addresses like “livemicrosoft[.]net” or “rsshotmail[.]com” that Fancy Bear registers under aliases for about $10 each.  Once under Microsoft’s control, the domains get redirected from Russia’s servers to the company’s, cutting off the hackers from their victims, and giving Microsoft a omniscient view of that servers’ network of automated spies.

“In other words,” Microsoft outside counsel Sten Jenson explained in a court filing last year,  “any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server.”</p>
microsoft  security  fancybear  hacking 
2 days ago by charlesarthur

« earlier    

related tags

201  a/b  administrator  adversary  amazon  analytics  android  apple  arcade  arduino  arrest  artificial  assembly  backdoor  battery  biohacking  black.hat  blockchain  bluetooth  body  branding  breach  breaking  bufferoverflow  bugbounty  bypass  chris  comp3911  comparison  compsci  computer  computervision  cracking  crypto  cryptocurrency  css  ctf  currency  cybercrime  cyberlaw  cybernetics  cybersecurity  cyberwar  dao  data  democracy  design  developer  development  devops  digital  disclosure  diy  dns  donaldtrump  doom  e-commerce  election  election2016  email  engineering  english  eternalblue  eternalsynergy  ethereum  ethics  exploit  facebook  fancy.bear  fancybear  firmware  fishtank  forensics  free  fruitfly  future  games  gaming  github  go  golang  gps  growth  hack  hacker  hardware  hdd  hide  history  hp  humblebundle  hunt  icmp  infosec  intelligence  internet  ios  iot  it_sicherheit  javascript  kernel  key  kubernetes  laptop  laszlomarai  law  lcd  leak  learning  linux  liste  lock  m68k  machinelearning  makers  makerspaces  malware  manual  marketing  media  microsoft  midi  mod  model  momentum  mongodb  netcat  netsec  network  news  nieuwsbrief  nintendo  node  obfuscation  oscilloscope  osx  owasp  paper  payload  pentest  pentesting  php  pinout  poc  politics  powershell  presentation  product  producthunt  products  programming  protocol  qatar  radio  rce  read  registry  remote-control  remote  repair  retro  retrocomputing  reverse-engineering  reverse  rf  rom  russia  saas  sales  scanning  security  shell  sigint  social  socialmedia  socket  software  spy  ssl  stack  sysadmin  talk  tcp  tech  test  testing  thermostat  threat  tobuy  tool  tools  totwitter  training  trump  trumpadministration  tty  tunnel  tutorial  twitter  uac  uae  udp  unnamed_official  upgrade  usb  verizon  vickery  video  virus  vulnerability  wargame  wargames  washingtonpost  webdesign  website  weird  wifi  wii  wiiu  windows  wink  wishlist  wtf 

Copy this bookmark: