Fighting all the things that threaten privacy, security and our Internet
See all
Members (3,330)
Darren Kitchen's profile photo
Robb Dunphy's profile photo
Shannon Morse's profile photo
! "(AB" A! " (A NATURE)"'s profile photo
abubeker nasir's profile photo
abtin afshar's profile photo
0x NULL's profile photo
100001091057100001 1's profile photo
52timizhuo's profile photo
666c6176696f 73696c7661's profile photo
Adam Compton's profile photo
A. Scholnick's profile photo
Abel Wike's profile photo
Aaron Bay's profile photo
Abhishek Solanki's profile photo
Aaron Gersztoff's profile photo
Achille “EgoCogito” Talon's profile photo
Aaron King's profile photo
Aaron Ledbetter's profile photo
Aaron Sparling's profile photo
Aaron Merhoff's profile photo
Aaron Muccino (PrescRx)'s profile photo
Aaron eustich's profile photo
Abdul 007's profile photo

Stream

Join this community to post or comment

rami ram

Privacy  - 
 
Facial recognition will soon be used by MasterCard to approve your online shopping.
1
1
Jon Gorrono's profile photo
Add a comment...

Alan Char

Privacy  - 
 
Sigh.

Can't say I'm surprised.
 
Snowden-uncovered surveillance programs got a two-week vacation apparently
Thought Congress put a halt to the snooping program Snowden exposed? Think again.
20 comments on original post
3
Joshua “Wizdum” Burgess's profile photo
 
At this point we need to start treating the NSA as an enemy of the state.
Add a comment...

rami ram

Privacy  - 
 
Privacy advocates claim always-listening component was involuntarily activated within Chromium, potentially exposing private conversations
1
Add a comment...

rami ram

Security  - 
 
Weekly Infosec Snipper June 22, 2015

1)Mac OS X and iOS faced Cross-app resource access (XARA) attacks
Four unpatched vulnerabilities in Mac OS X and iOS permits malevolent apps to bypass security settings and steal credentials. Researchers at the University of Indiana have notified Apple about these vulnerabilities in late October 2014 and the company assured that the flaws would roll out patches within six months. Researchers named these vulnerabilities as cross-app resource access (XARA) attacks because they get unauthorized access to the device. These vulnerabilities can steal password, gain access to secure container, intercept data between IPC (inter process communication) and URL scheme hijacking.
2)Password Recovery Scam trick users to hand over their Email Accounts
With the help of social engineering and a tricky text message attackers can make email users victim of password recovery fraud. Attackers are targeting Gmail, hotmail, and yahoo email users; they just need email address and mobile number of users. The motto behind this fake email is not to steal money of users but only to gather information by approaching to individual user. For example in Gmail service, attackers utilize user’s mobile number and email address and try to login on email services. At the time of entering password, they click on Need Help link and choose “Get a verification code on my phone” option. Once the user receives the verification code, the attacker resends the message “Google has detected unusual activity on your account. Please respond with the code sent to your mobile device to stop unauthorized activity.” The user ultimately sends the code to attacker and surrender details of account to attackers.
3) 600M Samsung Devices are at risk of Remote code Execution Vulnerability
Remote code execution vulnerability (CVE-2015-2865) has affected 600 million Samsung mobile devices. A Samsung keyboard that is a pre-installed app in mobile device build on SDK allows attackers to gain access of GPS, microphone, images, text messages, and device sensors. Besides, attackers can install malicious app without requiring user’s permission and can change the functionality of existing app. However, Samsung has released a patch in 2015, but it is not certain that how many devices have been updated until now.
4)Attackers have hacked Last Pass
The users of Last Pass are recommended to change their master password as attackers have hacked Last Pass service. However, no encrypted data was theft. The authority also urged to users that they would soon receive an email asking for changing their master password. For that, users must have trusted IP address or device. Besides encrypted data, hackers have successfully captured other non-encrypted data like email address, password reminders, and authentication hashes.
5)WhatsApp seems failure in protecting user’s privacy
Electronic frontier foundation published a report named “Who Has Your Back? 2015: Protecting Your Data From Government Requests“. The report says that WhatsApp seems most unsecured service offered over the web. Major Findings in the report says that there are nine companies received 5 stars while AT&T, Verizon and WhatsApp found lacking in following industry accepted best practice. Companies like Adobe, Apple, CREDO, Dropbox, Sonic, WICKR, Wikimedia, WordPress.com, and Yahoo remained on the top position as per user’s privacy and industry standards.
6)Finally Google launched Android Bug Bounty Program
Google has commenced Android Security Reward Program for finding any vulnerability in Nexus phones and tablets. Google is ready to pay for each bug, including patches. The program will cover Nexus line of products, Samsung Galaxy line, and gadgets. Thus, Nexus phone will become ongoing vulnerability reward program. Google also run bug bounty program for chrome and other Google products. They have rewarded $1.5 million to security researchers last year.


Source: ClickSSL.
1
Add a comment...
 
York Regional Police in Canada this week announced the arrest of nine men who allegedly targeted women on dating websites, and conned seven victims out of a total of $1.5 million. The romance sc...
1
Add a comment...

Hak5

Discussion  - 
 
China Cracks Tor & VPN?!? IRS Adds Security, Cyber-Espionage Nightmare, OPM Breach Timeline 
Threat Wire!
https://youtu.be/pKCOIWNUXs4
10
Add a comment...

Shannon Morse
moderator

Discussion  - 
 
Army Website Hacked, Apple’s WWDC Security Notes, and Letters to the President - Threat Wire
https://www.youtube.com/watch?v=80bXHwGY88Y
6
Add a comment...

Alan Hacker

Privacy  - 
5
Add a comment...

Alan Char

Security  - 
 
Be careful when you're using Apple Pay...
The iPhone's auto-connection to WiFi could be used to social engineer users.
3
Add a comment...

About this community

ThreatWire by Hak5 is a YouTube show covering the security and privacy issues threatening our Internet. From breaches and policies to social networks and censorship, ThreatWire takes the practical and tinfoil hat angles to dispel fear, uncertainty and doubt.

Alan Char

Privacy  - 
 
Maybe this will help people understand how data collection is bad for privacy.
3
1
Jon Mason's profile photoLeonerd Kirk's profile photo
 
But I have nothing to hide!
Add a comment...

rami ram

Discussion  - 
 
Documents leaked by Snowden reveal Britain’s hand in aiding US targeted killing program outside recognized war zones.
1
Add a comment...

rami ram

Discussion  - 
 
Australia's senate has passed a controversial bill allowing sites hosted overseas that distribute pirated material to be blocked at the ISP level. But wh
1
Add a comment...

rami ram

Discussion  - 
 
The Obama administration fought a three-month legal battle against Google to secretly obtain the email records of Jacob Appelbaum, a security researcher and journalist associated with WikiLeaks.
3
3
Matt Downs's profile photoShawn Borden's profile photo
Add a comment...

rami ram

Discussion  - 
 
RUSSIA and China have cracked the top-secret cache of files stolen by the fugitive US whistleblower Edward Snowden, forcing MI6 to pull agents out of live operations in hostile countries, according to senior officials in Downing Street, the Home Office and the security services.
1
Add a comment...

rami ram

Discussion  - 
 
Arrested on the border of Thailand and extradited to Sweden in November 2014, Fredrik Neij, the third and the last founder of the Pirate Bay was released on June 1 from a Swedish prison after serving two-thirds of a 10-month prison sentence for his involvement …
5
Add a comment...

rami ram

Privacy  - 
 
Searching for evidence of computer hacking originating abroad, the Obama administration has stepped up warrantless monitoring, documents show.
3
Harvey Smith's profile photo
 
Wow.. that headline is just so misleading. 1) "Secretly Expands" implies that this expansion is current when the article is about 2 year old information. 2) "Internet Spying at U.S. Border"  does anyone even know how the internet works, there are no borders in that sense on the internet.
Add a comment...

Hak5

Discussion  - 
 
FBI Aerial Surveillance, Facebook Adds OpenPGP Encryption, Dark Web Coupon Fraud! - Threat Wire: http://youtu.be/DjsrD9mbeO8?a  
7
Necromancy's profile photo
 
I already have keepass I can't wait to link it to Facebook. Thanks for letting us know
Add a comment...