Tag Archive for: places

‘Juice jacking’ hackers can steal your information from USB ports in public places

/in


NORTH TEXAS (CBSNewsTexas.com) — If you’ve charged your phone with USB ports in public places, the FBI is warning you about what they’re calling “juice jacking.”

Juice jacking is when hackers load malware onto charging stations at libraries, hotels and airports, and steal your personal information.

Cyber security experts say it can be hard to detect from just looking at them, and that all it takes is plugging in your phone. In seconds, the malware can steal information from your device while it’s being charged.

A local IT expert told CBS News Texas that this is rare, but if it happens to you, there’s a lot of information they can steal.

“Think about all the data and all the types of information that you keep in your cell phone on a daily basis. You have your personal contacts…your business email is probably on your cell phone,” said Kenny Riley, a technical director for Velocity IT.

Riley also said that you may not even know you’re a victim because your device likely won’t have a pop-up notification saying it’s happening, unlike a computer virus.

CBS News Texas reached out to both DFW International Airport and Dallas Love Field for comment:

DFW International Airport:

“DFW Airport’s USB ports are ‘charge only,’ not part of a network, and are inspected regularly for signs of tampering. Travelers are always encouraged to inspect USB charging ports before using them and look for signs of unusual adapters or anything suspicious, and to report anything unusual to airport staff.”

Dallas Love Field:

“DAL has not had any reported or confirmed cases of malicious software detected in the airport’s USB ports/outlets. We also do not have standalone phone charging stations.

DAL electrical technicians inspect outlets and USB ports nightly and report any unusual devices or evidence of tampering. Passengers are encouraged to do the same before their usage. As always, we urge…

Source…

Are You Being Spied On? This Google Hack Can Access Security Cameras At Airports, Schools And Other Places – Alphabet (NASDAQ:GOOG)

/in


In this article, we will explain how anyone — and not just information technology experts — can find and access security cameras, passwords, system logs and other databases that were meant to be secret. 

Before proceeding further, it is important to consider that performing the actions described in this article may or may not be illegal based on your local legislation. This information is being divulged to convey the importance of network security and educate the readers.

What Happened: Scanning networks, which include the internet itself, is one of the most common ways to find vulnerabilities and access data and services that were not meant to be accessible. 

Traditionally it would be done from a command line with a tool like Nmap, but another well-known way to find this kind of weakness is by leveraging Google, a company that kindly scans the whole internet and indexes its findings doing most of the work for us.

See Also: Why Exchanging Financial Information Via Email Is So Risky – And How It’s Gotten Worse

This kind of usage of Alphabet Inc.‘s GOOG GOOGL search engine is usually called “Google Dorking” — dorks, a word describing “a contemptible, socially inept person” and in this case, referring to whoever managed to misconfigure the services you find with this technique. This approach leverages very specific search queries that use Google modifiers to find data that should have been private, but due to misconfiguration is public.

How To Do It: One example is searching for “allintext:username filetype:.env,” which limits our results to only text files with the .env extension and searches for the word “username” in their content. This kind of search tends to find configuration files that contain usernames and passwords of external services such as emails or databases, often very secure and long alphanumerical passwords that would have been quite safe if they were not broadcasted in plain text for the whole world to see.

A much more unsettling example is the search query “intitle:”webcamXP 5″” which tells Google to only return results that contain exactly “webcamXP 5” in their title — this being the default title of the video feed page of a certain family of security…

Source…

Partha Chatterjee: Parthar’s home security guards mobile ED, a total of 13 places searched! Speculation is rampant

/in


#Kolkata: Shocking twist in SSC corruption case. The Enforcement Directorate (ED) raided the house of former education minister Partha Chatterjee. The central agency launched a morning search operation at Partha Chatterjee’s house in Naktala. Not only that, the ED came and took the mobile phones of all the policemen who were guarding Partha Chatterjee’s house. Central forces have also been deployed outside the house.

Kolkata police team is standing outside. The front of the house has been barricaded. Central forces have barricaded outside to avoid any untoward incident. Meanwhile, it is reported that the ED has also raided the house of Minister of State for Education Paresh Adhikari. ED also launched an investigation operation at the house of Paresh Adhikari in Mekhligonj on Friday morning. A delegation of about 5 people went to Paresh Adhikari’s house. At the same time, it is reported that the ED team has also reached the house of Chandan Mandal in Baghdad. Central forces are also with ED in Mekhliganj and Baghdad. It is reported that the ED’s search operation is going on in several places of the state on Friday.

Also Read: Suddenly ED raids Partha Chatterjee’s house, central forces surround house

According to sources, the ED is conducting searches at a total of 13 places. In the ED SSC case, the state is conducting searches at 13 places including the houses of Partha Chatterjee, Bagda Ranjan, Paresh Adhikari.

Also Read: Draupadi Murmur’s Victory Celebration, Bengal BJP District President’s Surprising Elation

According to the information obtained by the ED after interrogating the petitioners, jobs were given to low marks and failed candidates in exchange of money. A section of the Education Department and those who have taken the lead in providing these jobs at the district level have benefited financially. According to sources, Partha Chattopadhyay is being interrogated as to whether he was aware of these financial transactions as the then minister of the department and whether any of his close officials were involved in these financial transactions.

Besides, the information obtained by CBI regarding financial transactions by interrogating some of those accused…

Source…

Final Rule Places New Cybersecurity Reporting Requirements On Banks – Finance and Banking

/in



United States:

Final Rule Places New Cybersecurity Reporting Requirements On Banks

09 March 2022


Crowe & Dunlevy



To print this article, all you need is to be registered or login on Mondaq.com.

Last month, the Federal Reserve System’s Board of Governors,
the Federal Deposit Insurance Corporation and the Office of the
Comptroller of the Currency approved a final rule that places
reporting requirements on banks and banking service providers.
Under this new rule, banks must report cybersecurity incidents
within 36 hours to federal regulators. In addition, banking service
providers must notify banks as soon as possible after suffering a
computer security incident. This new rule also requires banks to
inform customers of any computer security incident lasting more
than four hours.

This new rule is part of a current trend of requiring critical
infrastructures to report cybersecurity incidents. This rule goes
into effect starting April 1, 2022, and banks are required to be in
compliance by May 1, 2022. While the rule doesn’t go into
effect until next year, there are several ways that banks and
service providers can get prepared.

  1. Determine who will be responsible for reporting the
    incident to the regulators.     Cybersecurity incidents are
    stressful. While the rule provides a more extended deadline than
    the 12-hour reporting requirement for pipelines, 36 hours is still
    a quick turnaround. Taking the time now to identify the person
    responsible will…

Source…