PINDROP BLOG

Category: Hacking

September 27, 2016
Google Releases Tools to Improve CSP Protection for Web Apps
Google is releasing a pair of new tools to help developers create and implement safer content security policies to protect against cross-site scripting vulnerabilities in their web applications. And the company also is adding CSP adoption efforts to its bug bounty program. Content security policy is a method that enables developers to specify which scripts…
Read More →
September 26, 2016
Rooting Out Sensitive Data in Email With MailSniper
One of the more common ways for sensitive data to leak from an organization is through email. Whether intentionally or through carelessness, employees will often include passwords, financial information, and other important data in emails that wind up in the wrong hands. Depending upon the kind of information, this can either be slightly embarrassing or potentially catastrophic for…
Read More →
September 23, 2016
Researchers Say iOS 10 Backup Passwords Easy to Crack
Apple seems to have made a curious security choice in iOS 10, one that enables attackers to brute force the password for a user’s local backup 2,500 times faster than was possible on iOS 9. Researchers at Elcomsoft, a Russian security company, discovered the issue, which is related to the choice of hashing algorithm in…
Read More →
September 22, 2016
500 Million Users Affected by Yahoo Data Breach
Yahoo today confirmed that state-sponsored attackers compromised the company’s network in 2014, stealing data belonging to 500 million users. The stolen data includes names, email addresses, phone numbers, hashed passwords, dates of birth, and security questions and answers, some of which were unencrypted. Yahoo officials said it doesn’t believe that bank account data, payment card…
Read More →
September 21, 2016
Nearly All Top Global Companies Have Leaked Credentials Online
Many CSOs live in fear of waking up to an email reporting a data breach at their company, but the threat to an enterprise isn’t limited to a compromise of that specific organization. A new report shows that there are leaked employee credentials online for 97 percent of the top 1,000 global companies, many of which…
Read More →
September 20, 2016
Hackers Activate Tesla’s Brakes From Miles Away
The amount of technology packed into modern cars is kind of amazing. Just a few years ago, the most advanced thing in most vehicles was the cell phone in the user’s pocket. Now, many cars have computer-controlled engines, brakes, entertainment systems, and communications. Cool. The downside of this revolution is that some of these systems can…
Read More →
September 19, 2016
Experts Question Legality of Government Hacking
The emergence into the public consciousness of government hacking techniques and activities in recent years has sparked an increasingly loud debate over how and when law enforcement agencies should be allowed to employ these tactics. But that conversation ignores the fact that these techniques may not actually be legal, experts say. Law enforcement agencies, especially the…
Read More →
September 15, 2016
Researcher Bypasses iOS Passcode Limit With NAND Mirroring
Using easily available and inexpensive parts, a security researcher has been able to bypass the passcode retry restrictions on an iPhone 5C through hardware mirroring of the NAND memory. The researcher’s technique involved several steps and quite a bit of patience and work, but eventually Sergei Skorobogatov of the University of Cambridge in the UK was able…
Read More →
September 12, 2016
Malware Infecting Seagate NAS Devices to Mine Monero Cryptocurrency
Attackers are using a nasty piece of malware to infect Seagate storage devices and then jump to the PCs connected to the NAS devices and use the machines to mine the Monero open source cryptocurrency. Researchers at Sophos, taking an in-depth look at the Miner-C malware, discovered that it is infecting large numbers of NAS devices…
Read More →
September 9, 2016
Wyden Calls on Senate to Prevent Expansion of Government Hacking
A proposed change to a little-known criminal procedure “would make us less safe, not more” by allowing law enforcement agencies to hack an unlimited number of computers with a single warrant, Sen. Ron Wyden said Thursday. Wyden (D-Ore.) spoke on the Senate floor about the proposed change to Rule 41 of the Federal Rules of…
Read More →