Silensec Newsletter

Thursday, 23 July 2015

600TB MongoDB Database 'accidentally' exposed on the Internet

Hackers Remotely Kill a Jeep on the Highway—With Me in It!

Carjacking has gone wireless. It’s the latest in a series of revelations from two hackers, Miller and Valasek who plan to publish a portion of their exploit on the Internet, that have spooked the automotive industry.

"Miller and Valasek’s full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch" says Andy Greenberg of WIRED.com Read more...

Windows 10 updates to be automatic and mandatory for Home users

Windows Update can't be readily disabled in Windows 10 Home, and the license terms that all users must agree to allow Microsoft to install updates automatically. The Insider Preview releases of Windows 10 didn't include any way to prevent Windows Update from downloading and installing updates, but it wasn't clear if this was just some quirk of the previews, or the long-term plan; Microsoft's previews often have special rules for things like providing automated feedback and hooking up online services, and so this could have been part of that. Read more...

Flash. Must. Die.

Adobe Flash—that insecure, ubiquitous resource hog everyone hates to need—is under siege, again, and hopefully for the last time. The latest calls for its retirement come from some of the Internet’s most powerful players, in the combined clattering of Facebook, Firefox, and a legion of unsatisfied users. Flash is a closed, proprietary system on a web that deserves open standards. It’s a popular punching bag for hackers, which puts users at risk over and over again. Read more...

The Massive OPM Hack Actually Hit 21 Million People!

The massive hack that struck the US Office of Personnel Management affected some 21.5 million people, all of them people who had information stolen about them from a backgrounds investigation database used for evaluating people who sought classified clearances from the government. The stolen information includes about 1.1 million fingerprints as well as findings that investigators obtained from interviews conducted with neighbors, friends and family members for background checks. Read more...

Pwned Hacking Team tells cops, govts to shut down software

Flayed surveillance outfit Hacking Team is telling customers to suspend running instances of its software after 400GB of its source code and internal data was stolen and posted online.
The company has now asked customers to temporarily suspend use of its software while it investigates if their spying operations have been exposed among the huge cache of released emails and source code. Read more...

Silensec Newsletter