11 total posts
DuckDuckGo search traffic soars 600% post-Snowden
When Gabriel Weinberg launched a new search engine in 2008 I doubt even he thought it would gain any traction in an online world dominated by Google.
Now, seven years on, Philadelphia-based startup DuckDuckGo - a search engine that launched with a promise to respect user privacy - has seen a massive increase in traffic, thanks largely to ex-NSA contractor Edward Snowden's revelations.
Since Snowden began dumping documents two years ago, DuckDuckGo has seen a 600% increase in traffic (but not in China - just like its larger brethren, its blocked there), thanks largely to its unique selling point of not recording any information about its users or their previous searches.
Continued : https://nakedsecurity.sophos.com/2015/06/18/duckduckgo-search-traffic-soars-600-post-snowden/
[ ⇐ added by me~ ]
86.2 million phone scam calls delivered each month in U.S.
Phone fraud continues to threaten enterprises across industries and borders, with the leading financial institutions’ call centers exposed to more than $9 million to potential fraud each year. [Screenshot]
Pindrop analyzed several million calls for threats. They found a 30 percent rise in enterprise attacks and more than 86.2 million attacks per month on U.S. consumers.
Financial and retail institutions have seen an increase in phone fraud of more than 30 percent since 2013, with one in every 2,200 calls being fraudulent. This rate increases for retailers that sell popular, expensive products with a high resell rate; one major retailer saw phone fraud rates for Apple product orders as high as one in every 300 calls.
Continued : http://www.net-security.org/secworld.php?id=18520
Related : Phone scamming up 30 percent last year: Report
Newly patched Flash Player bug exploited to deliver crypto..
It took less than a week for a functional exploit for a recently patched Adobe Flash Player vulnerability to be added to the Magnitude exploit kit, Trend Micro researchers warn.
"We saw a similar incident in March, where exploits for an Adobe Flash Player vulnerability were added to the Nuclear Exploit Kit just a week after the patch was released," they noted.
Users are urged to update their Flash Player as soon as possible to the latest version (v22.214.171.124) pushed out on June 9, as it solves the vulnerability in question (CVE-2015-3105).
Until they do, they are at risk of getting infected with CryptoWall 3.0, which is the latest malware to be slinged at users via the popular exploit kit.
Continued : http://www.net-security.org/malware_news.php?id=3060
Hacking Drug Pumps
Bruce Schneier @ his "Schneier on Security" blog:
When you connect hospital drug pumps to the Internet, they're hackable -- only surprising people who aren't paying attention.
'Rios says when he first told Hospira a year ago that hackers could update the firmware on its pumps, the company "didn't believe it could be done." Hospira insisted there was "separation" between the communications module and the circuit board that would make this impossible. Rios says technically there is physical separation between the two. But the serial cable provides a bridge to jump from one to the other.
An attacker wouldn't need physical access to the pump because the communication modules are connected to hospital networks, which are in turn connected to the Internet. ...' [...]
One of the biggest conceptual problems we have is that something is believed secure until demonstrated otherwise. We need to reverse that: everything should be believed insecure until demonstrated otherwise.
Continued : https://www.schneier.com/blog/archives/2015/06/hacking_drug_pu.html
The Ever-evolving Cyber Threat to Planes
Hackers and cyber-terrorists present an ever-evolving threat to airlines, with experts constantly testing for new vulnerabilities -- including the fear that drones could be used to throw a plane off course.
Most agree hacking a plane would be a near-impossible feat, but some professional hackers have claimed airline computer systems are riddled with weaknesses that could allow someone to break in, perhaps even through the in-flight entertainment system.
US computer security expert Chris Roberts recently claimed to have hacked into a plane's controls through the entertainment console and to have issued a "climb" command.
Continued : http://www.securityweek.com/ever-evolving-cyber-threat-planes
Major Carriers AT&T, Verizon Continue to Lag in EFF Privacy
While many companies have made strides when it comes to how they handle transparency and government requests post-Snowden, major telecoms such as AT&T and Verizon continue to lag behind.
Despite publishing transparency reports within the last year, the two companies scored the lowest on the Electronic Frontier Foundation’s “Who Has Your Back” report, an annual survey the watchdog produces to keep track of how companies fight for their customers’ privacy.
Now in its fifth year, the report has gone through a bit of a shake-up as far as the categories each company is judged on. The EFF has consolidated all of the industry’s established standards from over the last several years and boiled them down into one category, “industry-accepted best practices.”
Continued : https://threatpost.com/major-carriers-att-verizon-continue-to-lag-in-eff-privacy-report/113387
Related : EFF Data Privacy Report Praises Apple, Slams AT&T
OPM’s Database for Sale? Nope, It Came from Another US .Gov
A database supposedly from a sample of information stolen in the much publicized hack at the Office of Personnel Management (OPM) has been making the rounds in the cybercrime underground, with some ne’er-do-wells even offering to sell it as part of a larger package. But a review of the information made available as a teaser indicates that the database is instead a list of users stolen from a different government agency — Unicor.gov, also known as Federal Prison Industries.
Earlier this week, miscreants who frequent the Hell cybercrime forum (a “Deep Web” site reachable only via the Tor network) began passing around a text file that contained more than 23,000 records which appeared to be a user database populated exclusively by user accounts with dot-gov email addresses. I thought it rather unlikely that the file had anything to do with the OPM hack, which was widely attributed to Chinese hackers who are typically interested in espionage — not selling the data they steal on open-air markets.
Continued : http://krebsonsecurity.com/2015/06/opms-database-for-sale-nope-it-came-from-another-us-gov/
OPM Breach Related:
OPM Breach Exposes Agency's Systemic Security Woes
Encryption “would not have helped” at OPM, says DHS official