TOPIC: FAN-SUBMITTED


 

 

SOURCE:  news.siteintelgroup.com courtesy of FAN Steve Jones!

ISIS fighters in Afghanistan claimed to have recently seized a trove of sensitive U.S. military equipment – including communications gear, a rocket launcher and the ID card of a U.S. soldier –but it remains unclear how the items came into the terror group’s possession.

There was no immediate information on when the pictures, posted to social media on Saturday, were taken, though the U.S. soldier’s ID expires in 2017, a possible sign the photos are relatively fresh. There was also no information on how the extremists captured the gear.

The American soldier whose identification was pictured, U.S. Army Specialist Ryan Jay Larson, was not captured by ISIS, Brigadier General Charlie Cleveland told Fox News on Sunday.

“Obviously, SPC Larson is not captured – he is accounted for and with his unit despite having lost his ID card and possibly some of his equipment during recent operations,” Cleveland said in an email. “Beyond that, there is a lot of equipment in those pictures. 

“At this point, we don't know if all of the equipment in the pictures was lost during recent operations or at some other time in the past.”

TOPIC: CYBERSECURITY

 

 

 

SOURCE: fortune.com

Companies still use outdated technology, and hackers are using abandoned websites for their schemes.

Companies are still using outdated technology leaving them prone to cyber attacks, security researchers are losing their confidence, and hackers are making millions of dollars through so-called ransomware attacks.

These are some of the findings detailed in Cisco’s annual report on the state of cybersecurity based on research the company obtained from customers, outside security analysts, and its networking devices connected to the Internet.

Here’s five interesting takeaways from the big report:

1. Hackers love ransomware

Cisco’s  CSCO 0.79%  latest security report confirms that recent ransomware attacks on hospitalsuniversities, and even some utility services, are on the rise. Using a type of malware known as ransomware, hackers can cut access to computer networks and systems and encrypt documents from victims until they receive payment. The report said that 9,515 people end up paying ransoms each month. The average ransom is $300 and hackers could make $34 million a year on ransomware attacks.

One way criminals pull off ransomware attacks is to create a fake website that contains a so-called Angler exploit kit. The Angler exploit kit essentially scans a person’s web browser to find security holes, and then transmits malware like the popular Cryptowall 3.0 and Bedep software that then locks down a person’s computer.

 

2. Adobe Flash is still bad for cybersecurity

Hackers continue to love using the Adobe Flash media player as a convenient way to penetrate computers because of its buggy nature and security holes. The report’s authors said that for 2016, “criminals are most likely to focus their exploits and attacks on Adobe Flash users,” and they expect hackers to continue exploiting Flash’s vulnerabilities for some time.

The good news is that with companies like Google  GOOG 3.07%  and Amazon  AMZN 0.82%  phasing outsupport for the media player in favor of newer technologies like the HTML5 coding language, attacks will likely decline over time.

TOPIC: CYBERSECURITY

 

 

 

SOURCE:  darkreading.com

KeySniffer attack shows two-thirds of low-cost wireless keyboards prone to keystroke capture and malicious keystroke injection.

 

The same researchers who earlier this year uncovered glaring vulnerabilities in many wireless mice today announced a new major flaw in the majority of the market's low-cost wireless keyboards that puts users at risk of having attackers remotely sniff all of their keystrokes and even inject their own malicious keystroke commands from distances of up to 250 feet away.

Dubbed KeySniffer by the Bastille Research Team who found it, the vulnerability puts any password, credential, security secret, or intellectual property byproduct that is typed, at risk of eavesdropping and capture by attackers. The affected manufacturers' products do not encrypt data transmitting between their keyboards and the USB dongle that wirelessly connects it to a computer.

According to Marc Newlin, the member of Bastille Research Team who made the discovery, eight of the 12 manufacturers tested for KeySniffer were vulnerable, including Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec.

Whereas previous wireless keyboard attack discoveries such as 2010's KeyKeriki and 2015's KeySweeper exploited weaknesses in Microsoft's encryption for its keyboards, this one is different because it shows that the affected manufacturers didn't encrypt transmissions at all. Even worse, attackers can sniff out KeySniffer-prone victims without them actively typing at their workstation.

TOPIC: CYBERSECURITY

 

 

 

SOURCE: cnet.com

The Democratic Party suffered another hack, according to two reports Friday, heightening concerns Russia might be trying to influence the US presidential election.

The Democratic Congressional Campaign Committee, a group that raises funds for the party's candidates for the House of Representatives, confirmed its computers had been breached, according to Reuters. It's unclear what data, if any, was taken.

The attack might be related to a breach of the Democratic National Committee's computer network, which was revealed earlier this month. The code used in the DCCC attack resembled that used by a Russian government-linked hacking group suspected in the DNC breach, according to Reuters.

The FBI is addressing both hacks in a single investigation, The Washington Post reported.

The Kremlin has denied involvement in both attacks, Reuters said.

Neither the DCCC nor the Russian Embassy immediately responded to a request for comment, and the FBI didn't immediately provide comment.

The DCCC attack, which took place between roughly June 19 and June 27, may have been designed to get hackers access to donors' computers, Reuters reported.

On Wednesday, Republican presidential nominee Donald Trump took heat for seeming to encourage Russia to crack into US systems. Democratic nominee Hillary Clinton's campaign manager has accused Russian hackers of releasing DNC emails to WikiLeaks to help Trump win the upcoming election. Trump's campaign didn't immediately respond to an email seeking comment.