DEF CON 2020 – WindowsTechs.com

Election interference efforts have shifted, NSA and Cyber Command election threats leads say

Posted on August 7, 2020 by Shannon Vavra

With Election Day less than 100 days away, the National Security Agency and U.S. Cyber Command are carefully monitoring threats to the 2020 U.S. presidential election from Russia, China, Iran, and groups of criminal actors, two officials said Friday. And while Russian government operatives have probed state IT systems and run hack-and-leak operations to influence U.S. elections in the past, the playbook is not necessarily the same this year, the NSA election threats lead, David Imbordino, and Brig. Gen. William Hartman, the Cyber Command election threats lead, said. While Russia depended on the Internet Research Agency (IRA) to run influence operations in 2016, they have been outsourcing operations to other actors, Imbordino and Hartman said, confirming that the IRA recently set up an offshoot of its troll farm in Ghana and Nigeria. “In terms of 2020 [in the IRA] we’ve seen a shift towards more use of proxies…intermediaries…laundering information through […]

The post Election interference efforts have shifted, NSA and Cyber Command election threats leads say appeared first on CyberScoop.

Continue reading Election interference efforts have shifted, NSA and Cyber Command election threats leads say→

Flaws in Qualcomm chips could allow snooping, Check Point finds

Posted on August 7, 2020 by Shannon Vavra

Software flaws in millions of smartphones used throughout the world could give hackers a gateway into users’ personal data. More than 400 vulnerabilities in chips used in approximately 40% of the world’s cellphones and devices could allow hackers to spy on users’ GPS location and microphones in real-time, according to new Check Point research. The vulnerable units, Digital Signal Processor units or DSP chips made by Qualcomm Technologies, specifically Qualcomm Snapdragon DSP chips, impact popular cellphones and devices from Samsung, LG, Xiaomi, and Google are vulnerable, according to researchers. DSP chips, made up of software and hardware, are designed to enhance charging, audio features, and multimedia activities. But these flaws are a reminder that as ubiquitous as chips are in popular devices, vulnerabilities abound. The Spectre and Meltdown vulnerabilities, discovered by Google’s Project Zero two years ago, affected nearly every modern computer chip, for instance. In a statement shared with CyberScoop, Qualcomm said it has seen […]

The post Flaws in Qualcomm chips could allow snooping, Check Point finds appeared first on CyberScoop.

Continue reading Flaws in Qualcomm chips could allow snooping, Check Point finds→

Hackers can still steal wads of cash from ATMs. Here’s the vulnerabilities that could let them in.

Posted on August 6, 2020 by Shannon Vavra

Thanks to a pair of zero-day vulnerabilities in a popular ATM, hackers could be pilfering off customers’ sensitive banking information or withdrawing hefty wads of cash, according to research from New York-based Red Balloon Security. If exploited properly, one of the vulnerabilities the researchers found in Nautilus Hyosung America ATMs would allow attackers to essentially empty the machines of cash, the researchers, Brenda So and Trey Keown, told CyberScoop. The root of the vulnerability lies in the way Nautilus implemented eXtensions for Financial Services, the software used to dispense money. The other vulnerability would allow attackers to execute malicious code in the the ATM’s remote administration interface, which normally allows ATM owners to check the amount of cash available in their machines. In experimenting with the flaw, So and Keown wrote shell code and sent a malicious payload to the ATM. Hackers that are able to do the same could point […]

The post Hackers can still steal wads of cash from ATMs. Here’s the vulnerabilities that could let them in. appeared first on CyberScoop.

Continue reading Hackers can still steal wads of cash from ATMs. Here’s the vulnerabilities that could let them in.→

DEF CON’s aerospace village looks to satellite hacking to improve security in space

Posted on August 6, 2020 by Shannon Vavra

Next time your GPS app functions without interruption, or a credit card transaction is approved on the first try, consider thanking a hacker. Both of those everyday activities, along with many others, are made possible in part because of satellites, those orbiting chunks of metal that only a fraction of the population thinks about on a regular basis. Now, though, security-minded officials in the Pentagon’s Defense Digital Service (DDS), the Air Force and New York-based vendor Red Balloon Security are trying to improve satellite security by sending computer researchers the technology they would need to hack them. It’s part of an effort to ensure that those big satellites orbiting the Earth remain reliable, and keep the GPS navigation running. One research challenge, called Nyan-Sat, is broken up into three parts. Hackers are building their own satellite tracking antennae, exploiting a ground station modem, and then participating in a live-streamed ground station event. […]

The post DEF CON’s aerospace village looks to satellite hacking to improve security in space appeared first on CyberScoop.

Continue reading DEF CON’s aerospace village looks to satellite hacking to improve security in space→

There’s a new open-source project to detect cellphone-snooping technology

Posted on August 5, 2020 by Sean Lyngaas

In October 2016, during popular protests against the Dakota Access Pipeline, a technologist named Cooper Quintin took a red-eye flight from San Francisco to North Dakota and made his way to the Standing Rock Reservation. There had been reports of police surveillance of the protesters, and Quintin suspected that involved a device known as an IMSI catcher or cell-site simulator. The technology, sometimes referred to as a Stingray, spoofs a cellular tower, tricking your phone into revealing its location. From there, data-stealing attacks on the phone are possible. Police and spies use the gear for surveillance. At Standing Rock, Quintin took out his software-defined radio, scanning for abnormal signals, and opened up an Android app known for spotting IMSI catchers. He didn’t get any hits. “I had no idea what I was doing,” said Quintin, a security researcher at the nonprofit Electronic Frontier Foundation. He was using technology designed for […]

The post There’s a new open-source project to detect cellphone-snooping technology appeared first on CyberScoop.

Continue reading There’s a new open-source project to detect cellphone-snooping technology→