“On the first day of the Pwn2Own event, HP awarded $317,500 for exploits against Adobe Flash, Adobe Reader, Microsoft IE 11 and Firefox. The second day saw no new Adobe exploits, as researchers turned their attention back to the browsers, with new exploits reported against Firefox, IE, Chrome and Safari.
A security researcher identified by HP only as ilxu1a delivered the first exploit of the day with an out-of-bounds memory vulnerability in Firefox that took less than one second to execute. For his efforts, ilxu1a was awarded $15,000.
All told, Mozilla Firefox was exploited twice at the Pwn2own 2015 event, with exploits demonstrated on both days of the event, for a total payout of $70,000. Mozilla is no stranger to Pwn2Own and is often the first vendor to patch issues that are first disclosed at a Pwn2own event.”
HP Awards $240K for Firefox, IE, Chrome and Safari Exploits.
It’s all about the uptime…woohoo!
“One reason to love Linux on your servers or in your data-center is that you so seldom needed to reboot it. True, critical patches require a reboot, but you could go months without rebooting. Now, with the latest changes to the Linux kernel you may be able to go years between reboots.”
No reboot patching comes to Linux 4.0 | ZDNet.
Interesting claims made by both sides:
“A Southern District of Texas judge sentenced Salinas earlier this month to six months in prison and a $10,600 fine after he pleaded guilty to a misdemeanor count of computer fraud and abuse. The charge stemmed from his repeatedly scanning the local Hidalgo County website for vulnerabilities in early 2012. But just months before he took that plea, the 28-year-old with ties to the hacktivist group Anonymous instead faced 44 felony hacking and cyberstalking charges, all of which were later dismissed. And now that his case is over, Salinas is willing to say why he believes he faced that overwhelming list of empty charges. As he tells it, two FBI agents asked him to hack targets on the bureau’s behalf, and he refused.”
Hacker Claims Feds Hit Him With 44 Felonies When He Refused to Be an FBI Spy | WIRED.
In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.
The majority of the targets were in Russia, but many were in Japan, the United States and Europe.
No bank has come forward acknowledging the theft, a common problem that President Obama alluded to on Friday when he attended the first White House summit meeting on cybersecurity and consumer protection at Stanford University. He urged passage of a law that would require public disclosure of any breach that compromised personal or financial information.
Bank Hackers Steal Millions via Malware – NYTimes.com.
Privacy advocates have criticized the wireless operators for using this technology, charging that its use is a violation of personal privacy since supercookies collect and analyze data about online activities and are hard to do away with. Privacy advocates also warn this information could be used by hackers to track users’ activities.
Via Lawmakers push feds to investigate Verizon’s use of ‘supercookies’ – CNET.
Health insurer Anthem Inc (ANTM.N), which has nearly 40 million U.S. customers, said late on Wednesday that hackers had breached one of its IT systems and stolen personal information relating to current and former consumers and employees.
The information accessed during the “very sophisticated attack” did include names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data, the company said.
Health insurer Anthem hit by massive cybersecurity breach | Reuters.
The words “free trial” still appear in the URL, but as you’ll see when you click through to the sign-up page, “Sign up is no longer required for Google Earth Pro.” All you have to do is download the installer, run it, then sign in using your e-mail address (as your username) and license code GEPFREE.
Via Get Google Earth Pro for free – CNET.
Download here: http://www.google.com/intl/en/earth/download/gep/agree.html
“The fallout from the Home Depot data breach is starting to be felt by financial institutions. Credit unions have spent nearly $60 million to reissue cards, deal with fraud and cover other costs as a result of the breach.”
This Week In Credit Card News: The Costly Home Depot Breach, Are Chip-And-PIN Cards Safe?.
Russia has long been known as a hotbed for black hat hackers due to their “untouchable” status within the Russian government. There are essentially three rules when it comes to being a Russian hacker that gives you this “untouchable” status:
1) You are not allowed to hack anything within the sovereign boundary.
2) If you find anything of interest to the regime, you share it.
3) When called upon for “Patriotic Activities”, you answer the call.
Hackers breach some White House computers – The Washington Post.
“The Federal Trade Commission filed a federal court complaint against AT&T Mobility, LLC, charging that the company has misled millions of its smartphone customers by charging them for “unlimited” data plans while reducing their data speeds, in some cases by nearly 90 percent.”
“”AT&T promised its customers ‘unlimited’ data, and in many instances, it has failed to deliver on that promise,” said FTC Chairwoman Edith Ramirez. “The issue here is simple: ‘unlimited’ means unlimited.”
According to the FTC’s complaint, AT&T’s marketing materials emphasized the “unlimited” amount of data that would be available to consumers who signed up for its unlimited plans. The complaint alleges that, even as unlimited plan consumers renewed their contracts, the company still failed to inform them of the throttling program. When customers canceled their contracts after being throttled, AT&T charged those customers early termination fees, which typically amount to hundreds of dollars.”
FTC Says AT&T Has Misled Millions of Consumers with ‘Unlimited’ Data Promises | Federal Trade Commission.