by Tom Warren, The Verge
Cortana on the lock screen has some security exploits.
Microsoft has issued a Windows 10 security update to prevent hackers from breaking into PCs using Cortana. Microsoft’s digital assistant is built into every version of Windows 10, McAfee security researchers discovered it could be summoned from a lock screen to execute malicious software. Any potential hacker would need physical access to a PC, and McAfee details methods to get the digital assistant to index files from a USB drive and execute them.
Continue reading Hackers can summon Cortana to break into Windows 10 PCs
by Andy Meek, BGR
In yet another sign of the mobile-first world we live in, even muggings and robberies are starting to take on a tech-savvy flair. As was the case during one 2017 incident in Washington DC, for example, when a woman was leaving a metro station and a teenager got the drop on her, grabbing her around the neck. He instructed her to keep quiet. And to delete her iCloud. Then he grabbed her iPhone 6S and took off.
Continue reading Thieves and hackers are getting better at bypassing iCloud to unlock iPhones
by Catalin Cimpanu, ZDNet
The two hacker groups suspected of stealing around $1 billion worth of cryptocurrency.
Two hacker groups are behind 60% of all publicly reported cryptocurrency exchange hacks and are believed to have stolen around $1 billion worth of cryptocurrency, according to a report published last week by blockchain analysis firm Chainalysis.
Continue reading Two hacker groups responsible for 60 percent of all publicly reported hacks
by Zack Whittaker, TechCrunch
There’s a lot you can make with a 3D printer: prosthetics, corneas, firearms — even an Olympic-standard luge.
You can even 3D-print a life-size replica of a human head — and not just for Hollywood. Forbes reporter Thomas Brewster commissioned a 3D-printed model of his own head to test the face unlocking systemson a range of phones — four Android models and an iPhone X.
Continue reading 3D-printed heads let hackers – and cops – unlock your phone
by Sead Fadilpasic, betanews
Carbanak, a powerful cyber-crime group, is using certain Google services as command and control for its malware and other malicious elements. The news was released by cybersecurity firm Forcepoint this week.
Forcepoint uncovered a trojanized RTF document, which, once ran, will “send and receive commands to and from Google Apps Script, Google Sheets, and Google Forms services.” Continue reading Hacking group uses Google services to control malware
by Peter Sayer, ComputerWorld
Armed with a card number, researchers tricked websites into helping them guess the expiry date and CVV
Add credit card fraud to the list of things that distributed processing can speed up.
An e-commerce site will typically block a credit card number after 10 or 20 failed attempts to enter the corresponding expiry date and CVV (card verification value), making life difficult for fraudsters who don’t have a full set of credentials. Continue reading ‘Distributed guessing’ attack lets hackers verify Visa card details
by Jennings Brown, vocativ
The company wants to protect drones from hackers
The largest telecommunications company in the world wants to serve as a watchdog for all drones in the United States — and in the process, play a major role in supervising the national airspace.
On Nov. 10, AT&T announced that it was collaborating with NASA to develop an Unmanned Aircraft System Traffic Management program to allow agencies to monitor drones. An AT&T release states this program will make it safer for drone operators to plan and monitor flight paths, navigate drones, and use drones for surveillance. The company stated that its main focus is to lower the risk of drone-related cyber-attacks. Continue reading AT&T And NASA To Build National Drone Tracking System
by Lucian Constantin, ComputerWorld
Attacks on the global mobile interconnection network are still possible even with the new LTE Diameter protocol, researchers say
When you travel between countries, the mobile operators that temporarily provide service to your phone need to communicate with your operator back home. This is done over a global interconnection network where most traffic still uses an aging protocol, called SS7, that’s known to be vulnerable to location tracking, eavesdropping, fraud, denial of service, SMS interception and other attacks. Continue reading Hackers can abuse LTE protocols to knock phones off networks
by Jeremy Wagstaff and J.R. Wu, Reuters
Recent cyber attacks harnessing everyday devices such as cameras, video recorders, printers, routers and speakers are a wake-up call to the hidden dangers of the Internet of Things.
The problem for the device makers, though, is that few are well equipped to tackle the unfamiliar task of foiling hackers.
For a sense of that challenge, take AV Tech Corp, a once proud giant among CCTV camera makers whose 1990s building in a Taipei suburb hints at the gap it must overcome between hardware factories of a decade ago and those of today. Continue reading After cyber attacks, Internet of Things wrestles with making smart devices safer