Hacking

Pwn2Own Contest Places a $75K Bounty to Hack VMware Workstation at CanSecWest Security Conference

Article Written by David Marshall



The annual Pwn2Own hacking contest returns next month to the CanSecWest security conference and researchers are going up against the most popular browsers and operating systems, challenged with finding and exposing exploits.  

For this year's contest, participants will be asked to exploit Microsoft Edge or Google Chrome on fully patched versions of 64-bit Windows 10 and Apple Safari on OS X El Capitan.  

Exploiting Google Chrome or Microsoft Edge will earn hackers a $65,000 prize, while exploiting Apple Safari on Mac will earn a payout of $40,000.  Achieving system-level access on Windows or root access on Mac OS X would bring an additional bonus of $20,000 to the pot.
 

Cloud Computing: Hackers reveal flaws in cyber security framework

Grazed from TheNation.  Author: Asina Pornwasin.

The recent hacking of government websites has called into question the government’s cyber security standards and risked its reputation for management, but a single gateway was not a solution to that problem, cyber security specialists said yesterday.  What the government can do is upgrade cyber security standards and adopt cyber security best practices as well as draft a national policy framework and regulations for cyber security. 
 
Police websites and about 300 Courts of Justice websites were hacked by sympathisers of the Anonymous group in protest against the Koh Tao double-murder verdict.   That led to a suggestion from police to bring back the single gateway plan to tackle the problem...

Search and seizure: Why everyone must fear hackers in the cloud

Grazed from InfoWorld. Author: David Linthicum.

Expect this headline very soon: "Public cloud used to hack government systems." I'm sure aspects of this are happening right now, and I'm sure we will see more widespread use of public clouds as the platforms for hackery. What should we do with the public clouds used as hacking venues? Do we seize the physical servers? Shut down the offending data center? All of the above?

And if criminals use the same cloud infrastructure as enterprises, how do enterprises know that their data won't get seized along with the bad guys' data? Recent developments are not reassuring. Last month, the FBI seized a private cloud server. And we still remember the NSA's digital spying revelations. Ironically, technical issues may make seizures of public cloud servers unappealing to policing agencies...

Why are hackers increasingly targeting cloud?

Grazed from Computing. Author: Danny Palmer.

It seems barely a day goes by without news of a large organisation suffering a data breach as a result of criminal activity. Be it Hilton Hotels, the Office of Personnel Management or Ashley Madison, hackers have been able to break into their networks and steal the private information stored inside.

There has long been an argument over whether data stored in the cloud is more or less secure that that maintained behind the firewalls of the organisation. Cloud vendors unsurprisingly vouch for their services, but CIOs have expressed concerns that cloud computing is reducing their organisation's control over IT and creating long-term security risks...

As Hackers Increasingly Target The Cloud, Rackspace Turns To Military Vet With Cyberwar Experience

Grazed from International Business Times. Author: David Gilbert.

In the dead of night, two Navy SEALs and a veteran military officer glide toward a U.S. military facility, water lapping quietly against the side of their canoe. Suddenly two navy boats gun their motors as they pass the trio, but they fail to spot the group attempting to break into the secure facility. This is the kind of operation Brian Kelly used to handle in special ops for the U.S. government, to identify gaps in security -- in fact, no one spotted him that night, and he was able to penetrate the facility, resulting in the firing of an soldier found asleep on the job.

Today, as chief security officer for cloud computing company Rackspace, the former Air Force lieutenant and then military consultant is using his stealth and smarts to protect the data of the firm's 300,000 customers. And he's facing unprecedented attacks on an entirely new battlefront: the cloud...

Madonna's 'Rebel Heart' Hacker Gets 14 Months for Violating Cloud Server

Grazed from Music Times.  Author: Ryan Book.

Madonna came after her leaker harder than most and now Adi Lederman, the hacker responsible for dropping a significant portion of her Rebel Heart album during late 2014 is now facing a 14-month prison sentence. It took less than a month to track him down, thanks to a joint operation by the FBI and the Israeli Police forces (that's the help you get when you've had eight no. 1 albums). 
 
Lederman was found guilty of computer trespassing, copyright infringement, obstructing investigation and "prohibited secret monitoring." The court documents suggest that the hacker gained access to a cloud computing network and accessed the files of Madonna, manager Guy Oseary and several other affiliates. The investigation also revealed that Lederman had stolen a song from the pop star previously, in 2012, and had sold it rather than leaking it...

Fraudsters Use Amazon’s Cloud to Create Fake Web Traffic

Grazed from WSJ.  Author: Jack Marshall.

Amazon.com’s cloud computing service has become a popular conduit for fraudsters looking to create “bot” traffic and disseminate it over the Web, according to new research from advertising fraud detection firm Fraudlogix.

Fraudsters use computer generated bots to mimic the actions of real consumers and trick marketers into paying for ads displayed on Web pages. A number of techniques are used to generate artificial traffic, such as infecting consumers’ personal computers with software that loads Web pages without their knowledge, or installing similar software on cloud computing services such as Amazon’s to simulate real users...

Cloud Computing: How Secure Is Your Small Business? 5 Tips to Protect Against Modern Cyber Attacks

Grazed from Entrepreneur. Author: John Mason.

Today, technologies like cloud computing, mobility, social, and big data and analytics are enabling small- and midsized businesses (SMBs) to do more with less, reach new markets and focus on creativity and invention instead of IT. But with all this new opportunity comes responsibility. Whether an SMB is moving to the cloud or implementing a bring your own device (BYOD) mobile program, security should be part of the plan.

Each year, cyber crime costs the economy about $445 billion, according to the Center for Strategic and International Studies, and SMBs can be attractive targets for hackers tapping into this profitable black market. SMBs tend to have weaker online security, use cloud services void of strong encryption technology and lack the robust IT and internal policies needed to protect against increasingly sophisticated cyber-crime rings, which operate with an enviable efficiency and effectiveness...

Read more from the source @ http://www.entrepreneur.com/article/246473

Cloud Computing: More Java holes found in Google App Engine

Grazed from ITNews. Author: Juha Saarinen.

A Polish security firm has discovered more vulnerabilities in the Java coding platform used on Google's App Engine (GAE) cloud computing service, which could allow users to get access beyond their own virtual machines. The Security Explorations team, which has made a name for itself by unearthing large numbers of security holes in Oracle's Java framework over the past few years, said it had reported seven vulnerabilities to Google, along with proof of concept code.

Three of the flaws allow complete bypass of the GAE Java security sandbox. Such a bypass could be used by attackers to glean information about the Java Runtime Environment as well as Google's internal services and protocols to spawn further attacks on the GAE platform itself...

Cloud Computing: How to make life difficult for hardware hacker

Grazed from ITProPortal.  Author: Joel Clark.

The “Internet of Things” is a buzzword which is becoming more and more prevalent in today’s society. This is mostly due to the rise of crowd funding schemes and an insurgence of low power, highly capable microcontroller platforms such as Arduino.

The Equity Kicker expects 33 billion devices connected by 2020 with a large portion of them falling under the IoT umbrella term and Forbes are predicting some pretty mind-bending revenue estimates over the next few years.  Many of these devices are greatly enhanced by increased connectivity to the internet where they have access to large amounts of cloud based computing power...