Man-in-the-Middle Attack against Electronic Car-Door Openers

This is an interesting tactic, and there’s a video of it being used: The theft took just one minute and the Mercedes car, stolen from the Elmdon area of Solihull on 24 September, has not been recovered. In the footage, one of the men can be seen waving… Continue reading Man-in-the-Middle Attack against Electronic Car-Door Openers

Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments

There’s a new criminal tactic involving hacking an e-mail account of a company that handles high-value transactions and diverting payments. Here it is in real estate: The scam generally works like this: Hackers find an opening into a title company’s or… Continue reading Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments

Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments

There’s a new criminal tactic involving hacking an e-mail account of a company that handles high-value transactions and diverting payments. Here it is in real estate: The scam generally works like this: Hackers find an opening into a title company’s or realty agent’s email account, track upcoming home purchases scheduled for settlements — the pricier the better — then assume… Continue reading Cybercriminals Infiltrating E-Mail Networks to Divert Large Customer Payments

A Man-in-the-Middle Attack against a Password Reset System

This is nice work: "The Password Reset MitM Attack," by Nethanel Gelerntor, Senia Kalma, Bar Magnezi, and Hen Porcilan: Abstract: We present the password reset MitM (PRMitM) attack and show how it can be used to take over user accounts. The PRMitM attack exploits the similarity of the registration and password reset processes to launch a man in the middle… Continue reading A Man-in-the-Middle Attack against a Password Reset System

Separating the Paranoid from the Hacked

Sad story of someone whose computer became owned by a griefer: The trouble began last year when he noticed strange things happening: files went missing from his computer; his Facebook picture was changed; and texts from his daughter didn’t reach him or arrived changed. "Nobody believed me," says Gary. "My wife and my brother thought I had lost my mind…. Continue reading Separating the Paranoid from the Hacked

Is WhatsApp Hacked?

Forbes is reporting that the Israeli cyberweapons arms manufacturer Wintego has a man-in-the-middle exploit against WhatsApp. It’s a weird story. I’m not sure how they do it, but something doesn’t sound right. Another possibility is that CatchApp is malware thrust onto a device over Wi-Fi that specifically targets WhatsApp. But it’s almost certain the product cannot crack the latest standard… Continue reading Is WhatsApp Hacked?

Leaked Product Demo from RCS Labs

We have leak from yet another cyberweapons arms manufacturer: the Italian company RCS Labs. Vice Motherboard reports on a surveillance video demo: The video shows an RCS Lab employee performing a live demo of the company’s spyware to an unidentified man, including a tutorial on how to use the spyware’s control software to perform a man-in-the-middle attack and infect a… Continue reading Leaked Product Demo from RCS Labs

Credential Stealing as an Attack Vector

Traditional computer security concerns itself with vulnerabilities. We employ antivirus software to detect malware that exploits vulnerabilities. We have automatic patching systems to fix vulnerabilities. We debate whether the FBI should be permitted to introduce vulnerabilities in our software so it can get access to systems with a warrant. This is all important, but what’s missing is a recognition that… Continue reading Credential Stealing as an Attack Vector