U.S imposes new sanctions on Russia over election hacking

The U.S. government has sanctioned Russia’s main two intelligence agencies, four military intelligence officers and is kicking out 35 Russian diplomats over what it says was aggressive harassment of U.S. officials and cyber operations around the 2016 presidential election.

The move follows up on a pledge made by President Obama to retaliate against Russia for hacks of the Democratic National Committee and other political targets.

The U.S. also released a detailed assessment by the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) of the cyber attacks.

To read this article in full or to leave a comment, please click here

from Computerworld News http://www.computerworld.com/article/3153716/election-hacking/us-imposes-new-sanctions-on-russia-over-election-hacking.html#tk.rss_news

New year’s resolution for IoT vendors: Treat LANs as hostile

In November, researchers from cybersecurity firm Invincea reported a vulnerability that could have allowed hackers to infect Belkin WeMo smart plugs with malware. The flaw was located in a configuration protocol that worked over the local area network and didn’t require any authentication.

In 2015, when researchers from vulnerability intelligence firm Rapid7 analyzed nine Internet-connected baby monitors, they found hardcoded credentials in four of them. Those backdoor accounts provided administrative access to the devices over the local network.

To read this article in full or to leave a comment, please click here

from Computerworld News http://www.computerworld.com/article/3152723/security/new-years-resolution-for-iot-vendors-treat-lans-as-hostile.html#tk.rss_news

Changing other people’s flight bookings is too easy

The travel booking systems used by millions of people every day are woefully insecure and lack modern authentication methods. This allows attackers to easily modify other people’s reservations, cancel their flights and even use the refunds to book tickets for themselves, according a team of researchers who analyzed this online ecosystem.

Karsten Nohl and Nemanja Nikodijevic from Berlin-based consultancy Security Research Labs have spent months investigating the security employed by the Global Distribution Systems (GDSs) that are used by travel agencies, airlines, hotels and car rental companies. They presented their findings Tuesday at the 33rd Chaos Communications Congress in Hamburg.

To read this article in full or to leave a comment, please click here

from Computerworld News http://www.computerworld.com/article/3153694/security/changing-other-peoples-flight-bookings-is-too-easy.html#tk.rss_news