‘Smart’ Male Chastity Device Vulnerable To Locking By Hackers: Researchers

A security flaw in an internet-connected male chastity device could allow hackers to remotely lock it — leaving users trapped, researchers have warned.

The Cellmate, produced by Chinese firm Qiui, is a cover that clamps on the base of the male genitals with a hardened steel ring, and does not have a physical key or manual override.

The locking mechanism is controlled with a smartphone app via Bluetooth — marketed as both an anti-cheating and a submission sex play device — but security researchers have found multiple flaws that leave it vulnerable to hacking.

“We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device. There is no physical unlock,” British security firm Pen Test Partners said Tuesday.

“An angle grinder or other suitable heavy tool would be required to cut the wearer free.”

The firm also found other security flaws

Read More
Read More

Russian state hackers appear to have breached a federal agency



a laptop computer sitting on top of a table: BERLIN, GERMANY - MARCH 01: In this photo illustration artwork found on the Internet showing Fancy Bear is seen on the computer of the photographer during a session in the plenary hall of the Bundestag, the German parliament, on March 1, 2018 in Berlin, Germany. German authorities announced yesterday that administrative computers of the German government, including those of government ministries and parliament, had been infiltrated with malware. Authorities said they suspect the Russian hacker group APT28, also known as Fancy Bear. (Photo by Sean Gallup/Getty Images)


BERLIN, GERMANY – MARCH 01: In this photo illustration artwork found on the Internet showing Fancy Bear is seen on the computer of the photographer during a session in the plenary hall of the Bundestag, the German parliament, on March 1, 2018 in Berlin, Germany. German authorities announced yesterday that administrative computers of the German government, including those of government ministries and parliament, had been infiltrated with malware. Authorities said they suspect the Russian hacker group APT28, also known as Fancy Bear. (Photo by Sean Gallup/Getty Images)

Russia’s 2020 hacking campaigns might have included a successful data breach at the US government. In the wake of a CISA notice warning of a cyberattack on an unnamed federal agency’s network, Wired and security company Dragos have obtained evidence suggesting Russia’s state-backed APT28 group, better known as Fancy Bear, was behind the hack.

Loading...

Load Error

The FBI reportedly sent alerts to some

Read More
Read More

Russia’s Fancy Bear hackers likely penetrated a federal agency

SONY DSC

Boris SV | Getty Images

A warning that unidentified hackers broke into an agency of the US federal government and stole its data is troubling enough. But it becomes all the more disturbing when those unidentified intruders are identified—and appear likely to be part of a notorious team of cyberspies working in the service of Russia’s military intelligence agency, the GRU.

Last week the Cybersecurity and Infrastructure Security Agency published an advisory that hackers had penetrated a US federal agency. It identified neither the attackers nor the agency, but it did detail the hackers’ methods and their use of a new and unique form of malware in an operation that successfully stole target data. Now, clues uncovered by a researcher at cybersecurity firm Dragos and an FBI notification to hacking victims obtained by WIRED in July suggest a likely answer to the mystery of who was behind the intrusion: They

Read More
Read More

Grindr fixes issue that let hackers easily hijack accounts

Illustration for article titled Serious Grindr Vulnerability Let Hackers Hijack User Accounts With Just an Email Address

Photo: Leon Neal (Getty Images)

The popular LGBT+ hook-up app Grindr has fixed a glaring security flaw that allowed hackers to take over any account if they knew the user’s registered email address, TechCrunch reports.

Wassime Bouimadaghene, a French security researcher, originally uncovered the vulnerability in September. But after he shared his discovery with Grindr and was met with radio silence, he decided to team up with Australian security expert Troy Hunt, a regional director at Microsoft and the creator of the world’s largest database of stolen usernames and passwords, Have I Been Pwned?, to draw attention to an issue that put Grindr’s more than 3 million daily active users at risk.

Hunt shared these findings with the outlet and on his website Friday, explaining that the problem stemmed from Grindr’s process for letting users reset their passwords. Like many social media sites,

Read More
Read More

Confidential information released after school district refused to pay hackers’ ransom demand, report says

Hackers may have gained access to confidential information about current and former staff and students of the fifth largest school district in the United States, according to a statement posted on the district’s website.



a school bus is parked on the side of a road: Hackers compromised confidential information from past and present staff and students of Clark County School District (CCSD), according to a statement posted on the school's website.


© Shutterstock
Hackers compromised confidential information from past and present staff and students of Clark County School District (CCSD), according to a statement posted on the school’s website.

The Clark County School District (CCSD) in Las Vegas reopened for in-person learning on August 24. It was attacked by hackers three days later in an incident first reported by the Wall Street Journal.

On the morning of August 27, according to the statement, certain computer systems from CCSD became infected with a virus that prohibited access to certain files. The Wall Street Journal reports that hackers published documents containing Social Security numbers, student grades and other private information from CCSD students and staff after officials refused

Read More
Read More

Microsoft boots apps out of Azure used by China-sponsored hackers

A motherboard has been photoshopped to include a Chinese flag.
Enlarge / Computer chip with Chinese flag, 3d conceptual illustration.

Fortune 500 companies aren’t the only ones flocking to cloud services like Microsoft Azure. Increasingly, hackers working on behalf of the Chinese government are also hosting their tools in the cloud, and that’s keeping people in Redmond busy.

Earlier this year, members of the Microsoft Threat Intelligence Center suspended 18 Azure Active Directory applications after determining they were part of a sprawling command-and-control network. Besides the cloud-hosted applications, the members of the hacking group Microsoft calls Gadolinium also stored ill-gotten data in a Microsoft OneDrive account and used the account to execute various parts of the campaign.

Microsoft, Amazon, and other cloud providers have long touted the speed, flexibility, and scale that comes from renting computing resources as needed rather than using dedicated servers in-house. Hackers seem to be realizing the same benefits. The shift to the cloud can be

Read More
Read More

Instagram bug opened a path for hackers to hijack app, turn smartphones into spies

Facebook has patched a critical vulnerability in Instagram that could lead to remote code execution and the hijack of smartphone cameras, microphones, and more. 

Privately disclosed to Facebook, the owner of Instagram, by Check Point, the security flaw is described as “a critical vulnerability in Instagram’s image processing.”

Tracked as CVE-2020-1895 and issued a CVSS score of 7.8, Facebook’s security advisory says the vulnerability is a heap overflow problem.

See also: Adobe out-of-band patch released to tackle Media Encoder vulnerabilities

“A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 128.0.0.26.128,” the advisory says. 

In a blog post on Thursday, Check Point cybersecurity researchers said sending a single malicious image was enough to take over Instagram. An attack can be triggered once a crafted image is sent — via email, WhatsApp, SMS, or any other

Read More
Read More

Hackers Keep Hitting Financial Services Despite Hefty Cyber Spend

Rod Holmes, vCISO, The Crypsis Group.

Financial services organizations consistently outspend most of their vertical sector peers in cybersecurity staff, tools and associated investments, but the cyber hits just keep coming. According to our recent report, the financial services industry received the highest number of business email compromise (BEC) attacks in 2019 and the second-most cyber incidents across all types, following the healthcare sector.

For years, financial services has led the pack in cybersecurity spending. In 2015, for example, a Homeland Security Research study concluded the U.S. financial services cybersecurity market was the largest and fastest-growing nongovernmental market in cybersecurity.

In 2019, financial services companies dedicated between 6% and 14% of their annual IT budgets to cybersecurity (an average of 10%), according to a Deloitte study. (Current recommendations are between 4% and 10%; however, most companies fall short). In light of increasing Covid-19-related threats, these institutions plan to

Read More
Read More