Pro-Russian Hackers Take Down German Govt. Websites: A group of pro-Russian hackers is claiming responsibility for recent attacks that brought down German government websites including the page for Chancellor Angela Merkel, the foreign ministry and the lower parliament. The group calls itself CyberBerkut and claims it launched those cyber-attacks over Germany’s supporting stance towards the […]

Thunderstrike 31c3: This is an annotated version of my 31C3 talk on Thunderstrike, a significant firmware vulnerability in Apple’s EFI firmware that allows untrusted code to be written to the boot ROM and can resist attempts to remove it. There is also an hour long video of the talk if you prefer to watch instead […]

vBulletin Warns of vBSEO Vulnerability: An alert from the vBulletin developer team informs customers of a security vulnerability in vBSEO, a solution for search engine optimization for the content available on forums running vBulletin. Admins expecting the release of an update to fix the issue should be aware that development on the vBSEO project stopped […]

It’s 2015 and ATMs don’t know when a daughterboard is breaking them: Carders have jackpotted an ATM by inserting a circuit board into the USB ports of an ATM, tricking it into spitting out cash. The technique was thought to have emulated the cash dispenser of the ATM so the brains of the machine thought […]

Sony CEO: We were the victim of a vicious and malicious hack: LAS VEGAS — Sony CEO Kazuo Hirai noted his dismay at being the target of a notorious hack that sparked an international controversy between the US and North Korea. The cyberattack, revealed in November, exposed a trove of e-mails and documents that detail […]

Phase Bot: I’ve been withholding this article for a while, due to the fact that the minute I post it all the vulnerabilities will be patched, thus becoming useless to us; however, it turns out hacking all of the phase C&C panels has generated a bit of noise, resulting in the vulnerabilities being found and […]

Data suggests we should be more worried about medical breaches: In 2014 medical institutions and healthcare providers made up nearly a third of all data breaches, according to records from the Privacy Rights Clearinghouse. While attacks on financial services are slightly more prevalent, consumers should be much more concerned with getting their medical insurance or health […]

Former Microsoft privacy head had warned of cloud spying: Two years before Snowden in 2011, Microsoft’s then Chief Privacy Officer Caspar Bowden tried to warn his company that any cloud computing solutions sold to foreign governments would mean unlimited mass surveillance on their clients by the NSA. Two months later Bowden was fired from Redmond. Speaking […]

State Courts Strike Blows to Criminal DNA Collection Laws in 2014—What to Look for in 2015: DNA can reveal an extraordinary amount of private information about you, including familial relationships, medical history, predisposition for disease, and possibly even behavioral tendencies and sexual orientation. While DNA testing in a criminal context has some benefits—such as supporting innocence […]

THREE MILLION Moonpig accounts exposed by flaw: Custom mugs and tat outfit Moonpig has a signficant flaw that exposes personal records and partial credit card details for some three million customer, almost 18 months after it was reported. The failure, discovered and privately reported by developer Paul Price, meant every account and the names, birth […]