Posted on

Gang exploits both physical and system security during bank robbery

The Metropolitan Police Central e-Crime Unit (PCeU) arrested eight men, aged between 24 and 27, on Thursday, in connection to a robbery from the Swiss Cottage branch of Barclays Bank in April. According to police statements, the theft resulted in the loss of 1.3 million pounds ($2 million), but the bank managed to recover most of the stolen funds.

In an unusual twist, one rarely mentioned or seen when it comes to financially motivated cybercrime, the men allegedly mixed physical penetration and social engineering with system compromise in order to carry out their crimes.

Read the full article at Network World

Posted on

ENISA report on top cyber threats

ENISA presented its list of top cyber threats, as a first “taste” of its interim Threat Landscape 2013 report.

 

The study analyses 50 reports, and identifies an increase in threats to: infrastructure through targeted attacks; mobile devices; and social media identity thefts carried out by cyber-criminals over cloud services.

 

Read the full article at Help Net Security

Posted on

Android WebView vulnerability allows hacker to install malicious apps

WebView is an essential component in Android and iOS. It enables applications to display content from online resources and simplifies task of performing a network request, parsing the data and rendering it.

AVG Security expert reported a critical vulnerability in Android’s WebView feature that allows an attacker to install malicious software, send SMSs and performing more tasks.

Read the full article at The Hacker News

Posted on

Error on United Airlines Web site results in free fares

For fifteen tense minutes on 12th September afternoon, United Airlines’ fare booking engine was operating at full steam. Someone, likely a Flyertalk user, noticed that fares between Washington DC and Minneapolis were pricing at $10 and posted his finding onto the forum. Attention grew rapidly, with over 100 replies in just an hour, and the news spread to Twitter.

 

The glitch in the system appeared to offer $0 fares plus $5 in tax for many domestic flights, and was apparently caused by human error. Some forum readers reported finding $10 flights between Washington DC and Hawaii, while others scooped up over a dozen tickets to destinations all over the country.

 

Read the full article at Cnet

Posted on

The Windows Flaw That Cracks Amazon Web Services

Nerval’s Lobster writes “Developer and editor Jeff Cogswell decided to poke around the security of Amazon Web Services, and found a potential loophole that could theoretically allow anyone — a developer, an unscrupulous Amazon employee, the NSA — to access and copy data volumes stored on the system, using a slightly modified version of the popular ‘chntwp’ password tool. In this article, he breaks down how he did it, and suggests some ways for those who use cloud-hosting services to keep their data a little more secure in the future. ‘The key here, of course, is that an unscrupulous employee might be able to make a copy of any existing Windows volume, and go to work on it without the customer ever knowing that it happened,’ he writes. ‘Now let’s be clear: I’m not accusing anyone of having done this; in fact, I doubt anybody has, considering I was unable to find a working copy of chntpw until I modified it.’ It’s a security concern, and one that’s particularly insidious to patch.”

Original article at Slashdot

Posted on

PPL Connect is a virtualized smartphone that lets you make and take calls from a web browser

Sure, you’ve heard of virtualized computing environments before, but a start-up here at TechCrunch Disrupt called PPL Connect is a platform that virtualizes your phone’s capabilities in real-time. That means you can make and receive calls and texts and access the photos and videos on your phone from any device with a web browser. It’s kind of like AirDroid, only you don’t need to have your phone with you or even have it turned on to make calls or receive texts once you’ve signed up. It’s a platform agnostic solution for a fragmented mobile world.

The magic happens via a localized app on your phone and Amazon cloud service to dish out your data where you need it. That cloud component both serves as cloud storage for your data and as a back-end VoIP relay station for calls and texts. Currently, photos, videos, contacts, calls and texts are what’s handled by the service, but the plan is to eventually fully replicate your phone’s capabilities. For folks who are concerned about putting your digital life in the hands of PPL connect, all transmissions to and from its servers are encrypted. And, the company is currently devising a fully encrypted system whereby the data’s only accessible with a single, user-owned key.

Read more at Engadget