Tag Archive for: door

Was Sensitive User Data Stolen & Did 2FA Open Door To Hacker?

/in


September 18 update below. This post was originally published on September 15

The New York Times is reporting that Uber has been hacked. Here’s what we know so far concerning this breaking story.

The ride-hailing and food delivery company has suffered a systems breach, according to the report, with employees unable to access internal tools such as Slack. One employee resource page is said to have had a not safe for work image posted to it by the hacker. A bug bounty hunter and security engineer not involved in the alleged hack has posted a comment that is attributed to an Uber employee, who wished to remain anonymous, which claims they were told to stop using Slack and “anytime I request a website, I am taken to a page with a pornographic image” and the message ‘f*** you wankers.’

Another bug bounty hunter has tweeted a screenshot, allegedly from the hacker, where they state, “I announce I am a hacker and Uber has suffered a data breach. Slack has been stolen…” with a hashtag of #uberunderpaisdrives

What has Uber said about the hack?

I reached out to Uber for a comment and was pointed to an official statement posted to Twitter which reads: “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.”

I have seen messages from someone who claims various Uber admin accounts are under their control. A New York Times reporter says that the hacker tells them he is 18 years old and hacked the Uber systems because “they had weak security.” He further claims this was accomplished through the social engineering of an Uber employee to obtain login credentials.

September 18 update

Uber still hasn’t had much to say publicly about the incident which appears to have allowed extensive access to internal systems. This is not all that surprising as investigations are ongoing. Most nearly all the evidence of the hack has come from the alleged hacker themselves, in the form of multiple postings and screenshots. However,…

Source…

Aqara announces fully-automatic smart door lock D100 Zigbee

/in


New York–(ANTARA/Business Wire)- Aqara, a leading provider for smart home products, expanded its smart door lock portfolio by releasing a new mortise-style lock, the D100 Zigbee, which is the brand’s third smart lock for the global market. Unlike the previous N100 Zigbee and A100 Zigbee which are more traditional handle locks, the new D100 Zigbee is a fully-automatic mortise lock allowing users to open the door without pushing a handle or turning a knob. The new model is designed to work with HomeKit including the latest home key feature, and it also supports unlocking via Google Assistant. The D100 Zigbee has landed in Singapore, Kuwait, Saudi Arabia and United Arab Emirates (UAE), and the availability is expected to expand in the following months to other countries/regions including Malaysia, Thailand, Vietnam, Hong Kong, Taiwan, Kazakhstan, Nigeria, etc.

Compared to the previous models, the D100 Zigbee lock is compatible with a wider range of doors, fitting those with a thickness between 40 to 120 millimeters and even the stylish pull handle doors. It also features a more sustainable lithium-ion (Li-ion) battery pack. The detachable 2480mAh battery pack can be recharged via the USB-C port, and provides 12-month of battery life between each charge. A low battery alarm is supported, and even if the battery runs out, the lock can also be charged from outside via a USB-C power bank. And similar to the other Aqara locks, mechanical keys are provided, which allow users to open the lock even when the electronics fails.

The D100 Zigbee features a 3D fingerprint scanner with liveness detection, and the scanner has a sapphire coating to ensure better durability. The lock is equipped with an invisible keypad, and allows permanent, one-time as well as periodic passwords (6-10 digits) which help users to grant and manage home access for family members and visitors with ease. One-time and periodic passwords can be created and managed remotely*, which makes this lock an ideal choice for rental homes. The NFC cards are also provided with the lock, which is convenient for younger and elder family members to unlock.

Moreover, the D100 Zigbee is designed to work with HomeKit…

Source…

NSA Opens Door to Domestic Internet Spying, Privacy Advocates Say

/in


ANDREW HARNIK/Getty

ANDREW HARNIK/Getty

The latest king-sized, disastrous hack into U.S. government and corporate data servers is prompting the head of the National Security Agency to suggest that a surveillance giant built to look at foreign threats might need even greater powers to spy on internet usage domestically.

Doing so, privacy advocates say, jeopardizes an already weakened four-decade old compromise of national-security surveillance. NSA access to the digital trails of U.S. persons and foreigners transiting domestic communications infrastructure is supposed to require a warrant from a secret court specifying specific suspected worrisome activity. But it’s unclear how early detection of foreign-borne digital threats, particularly at scale, could operate within the same legal paradigm.

“Like clockwork,” said Sen. Ron Wyden (D-OR), a member of the intelligence committee, “advocates of expanded surveillance are trying to exploit an intelligence failure.”

Gen. Paul Nakasone, the director of the National Security Agency and its conjoined military twin Cyber Command (CYBERCOM), did not offer any such answers in recent congressional testimony about the devastating SolarWinds hack, in which malware inserted into IT software used by several U.S. government agencies resulted in data exfiltration that Microsoft’s Brad Smith has called “the largest and most sophisticated” cybertheft yet. Instead, Nakasone highlighted to legislators what he described as a dangerous blindness in cyberspace created by holding the domestic internet off-limits to him.

“We truly need to look at the ability for us to see ourselves and right now it’s difficult for us to see ourselves,” Nakasone testified on Thursday to the Senate Armed Services Committee. Adversaries like China and Russia “are operating with increased sophistication, scope [and] scale, including operations that can end “before a warrant can be issued,” he warned.

“If we have a problem where we only see our adversaries when they operate outside of their country and we don’t see them when they operate inside our country it’s very difficult for us to be able to—to, as I say, connect those dots,” Nakasone said. “That’s something…

Source…

Latest Microsoft Hack Opens Door For New OZ Attacks – channelnews

/in


Australian businesses who use Office 365 or Microsoft’s Exchange email service are facing new security threats as hackers and ransomware groups take advantage of a major hack on Microsoft servers that resulted in a free-for-all as hackers hunt down unpatched email servers to attack.

Right round the world Microsoft servers have been exposed with one problem being ransomware groups who are using the flaw to install malicious programs.

Once these programs are installed the perpetrators locks away a user’s data behind strong encryption, making the computer system unusable.

The group then demands payment to unlock it – and if demands are not met, will steal, or delete the data.

Initially, the flaw was being exploited by a hacking group to gain remote access to email servers, from which it could steal sensitive data.

But after Microsoft warned the world it had identified the problem and urged all its users to download a new security updates, other hacking groups quickly became familiar with the flaw.

The UK National Cyber Security Centre said it estimated 7,000 servers had been affected by the flaw and only half had been secured.

The agency said it was “vital” that all affected businesses took action to secure their email servers.

The announcement reveals the scale of the problem among companies for the first time since the global security flaw emerged last week claimed the BBC.

The NCSC is particularly concerned about small and medium-sized businesses that may not have heard about the issue.

“We are working closely with industry and international partners to understand the scale and impact of the exposure, but it is vital that all organisations take immediate steps to protect their networks,” NCSC’s director for operations Paul Chichester warned.

“While this work is ongoing, the most important action is to install the latest Microsoft updates.”

About Post Author

David Richards has been writing about technology for more than 30 years. A former Fleet Street journalist, he wrote the Award Winning Series on the Federated Ships Painters + Dockers Union for the Bulletin that led to a Royal Commission. He is also a Logie Winner for Outstanding Contribution To TV…

Source…