- America uses stealthy submarines to hack other countries’ systems. From Washington Post. When Donald Trump effectively called for Russia to hack into Hillary Clinton’s emails Wednesday, the GOP nominee’s remarks touched off a (predictable) media firestorm. Here was a presidential candidate from a major U.S. party encouraging a foreign government to target American interests with cyberspying — an act that could not only expose national security information but also potentially undermine the actual security infrastructure of the United States.
MEET DANGER DRONE – A FLYING COMPUTER DESIGNED TO HACK INTO ALL YOUR UNPROTECTED DEVICES. From Digital Trends. For Fran Brown, one of the managing partners at renowned security firm Bishop Fox, it all started with Top Gun. “I was watching [the movie] as I often do, and Kenny Loggins’ song came on, and I suddenly thought ‘Danger Drone‘ — that would be an awesome name for a project,” he told Digital Trends. “It went from there.” Feeling inspired, Brown went on to co-create Danger Drone — or, as he puts, “a hacker’s laptop that can fly.” In essence, the concept is a $500 Raspberry Pi-based quadcopter drone, kitted out with all the regular hacking software security firms deal with on a regular basis.
- South Korea Says North Korea Is Blackmailing One of Its Top Online Retailers. From Softpedia. According to reports from South Korean media, on Monday, authorities announced they were investigating a data breach at Interpark Corp, a company that runs the interpark.com online shopping portal, one of South Korea’s biggest online stores. Two days later, on Wednesday, June 27, South Korean authorities made the first public statements regarding this incident after conducting a basic investigation surrounding the IP addresses involved in the Interpark hack.
- Chrome, Firefox Vulnerable to Crashes via Search Suggestions. From Softpedia.
Security researchers from Nightwatch Cybersecurity have discovered a way of crashing Chromium and Firefox browsers on mobile and desktop devices. Their method relies on using the search suggestions feature that these browsers support. The issue is not a software bug, but a design implementation that allows their attack to be executed. Most of today’s browsers have a search field or allow users to search via the URL address bar. Based on the search engines supported inside the browser, search suggestions can be shown as the user types their query.
How the Chinese Government Became the World’s Hacking Superpower. From Motherboard. In January of 2010, Google made a shocking announcement: The Chinese government had broken into its systems to steal sensitive data. This was the first time an American company had the guts to publicly stand up and point the finger at the government of China. “We detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google,” the company wrote in a boringly titled blog post.
- US Government to Pay $2 Million for Automatic Hacking and Patching System. From Softpedia. At this year’s DEF CON security conference scheduled to be held in Las Vegas at the start of August, the Defense Advanced Research Projects Agency (DARPA) will be giving away a total of $4 million to seven teams participating in the Cyber Grand Challenge (CGC). Started in 2014, the Cyber Grand Challenge is a classic CTF (Capture The Flag) competition, but with a kink. Instead of pinning two teams of security researchers against each other in an attempt to hack and/or protect a network or device, the CGC will have the seven teams battle using automated computer programs that are built to hack other systems and to automatically detect and fix weaknesses on their own.
Canadian Man Behind Popular ‘Orcus RAT’. From Krebs On Security. Far too many otherwise intelligent and talented software developers these days apparently think they can get away with writing, selling and supporting malicious software and then couching their commerce as a purely legitimate enterprise. Here’s the story of how I learned the real-life identity of Canadian man who’s laboring under that same illusion as proprietor of one of the most popular and affordable tools for hacking into someone else’s computer.
- Flaws in Oracle file processing SDKs affect major third-party products. From CSO Online. Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors, including Microsoft. The vulnerabilities were found by researchers from Cisco’s Talos team and are located in the Oracle Outside In Technology (OIT), a collection of software development kits (SDKs) that can be used to extract, normalize, scrub, convert and view some 600 unstructured file formats.
- Cicis Restaurant Chain Data Breach. From Cicics.com. While this matter is still under investigation, we wish to report what we currently know. In early March of 2016, we received notice from several of our restaurant locations that their Point of Sale (POS) systems were not working properly. Our POS Vendor began an investigation to assess the problem and initiated heightened security measures. When the POS Vendor found malware on the POS software at some Cicis restaurants, we immediately began a restaurant by restaurant data security review and remediation.