Just how trusting are you when it comes to your computer? Sure, you probably delete suspicious emails and avoid sketchy website downloads, but what if you found a random USB drive in your mailbox? Hackers are betting that you’ll be more curious than suspicious, and if they’re right, your computer could be toast.
Source: dailydot.com
In 2014, UK authorities warned that criminals were taking over victim’s cell phone numbers and using them to get into the victim’s bank accounts. Now, a social engineering expert is warning that taking control of someone’s phone number is easier than previously thought, thanks to a code normally made of three letters and six numbers called the Porting Authorisation Code, or PAC.
All a criminal needs to know for this fraud is the victim’s phone number, name, some other information that can usually be found online, such as their date of birth, and some simple social engineering skills to trick cell phone carriers’ support agents into giving out the code.
NSA Hacker Chief Explains How to Keep Him Out of Your System:
“Don’t assume a crack is too small to be noticed, or too small to be exploited,” he said. If you do a penetration test of your network and 97 things pass the test but three esoteric things fail, don’t think they don’t matter. Those are the ones the NSA, and other nation-state attackers will seize on, he explained. “We need that first crack, that first seam. And we’re going to look and look and look for that esoteric kind of edge case to break open and crack in.”
Even temporary cracks—vulnerabilities that exist on a system for mere hours or days—are sweet spots for the NSA.
Source: Wired
Hacker Leaks Customer Data After a United Arab Emirates Bank Fails to Pay Ransom:
A hacker who broke into a large bank in the United Arab Emirates made good on his threat to release customer data after the bank refused to pay a bitcoin ransom worth about $3 million.
The hacker, who calls himself Hacker Buba, breached the network of a bank in Sharjah last month reportedly identified as Invest Bank, and began releasing customer account and transaction records via Twitter.
Source: Wired
A $10 Tool Can Guess (And Steal) Your Next Credit Card Number:
When Samy Kamkar lost his American Express card last August and received its replacement in the mail, something about the final digits on the new card set off an alert in the hacker lobe of his brain. He compared the numbers with those of his previous three American Express cards—as a universally curious security researcher and serial troublemaker, he’d naturally recorded them all—and a pattern emerged.
So Kamkar sent out a message to his friends on Facebook, asking them to send him the final digits of all of their current and most recently canceled AmEx cards. Ten friends responded, and the same disturbing pattern applied to every number he checked: With any given card, Kamkar found he could apply his trick and predict the full number of the next card they’d received.
Tor Says Feds Paid Carnegie Mellon $1M to Help Unmask Users:
Ever since a Carnegie Mellon talk on cracking the anonymity software Tor was abruptly pulled from the schedule of the Black Hat hacker conference last year, the security community has been left to wonder whether the research was silently handed over to law enforcement agencies seeking to uncloak the internet’s anonymous users. Now the non-profit Tor Project itself says that it believes the FBI did use Carnegie Mellon’s attack technique—and paid them handsomely for the privilege.
Source: Wired