The hackers infiltrated the networks of the banks, siphoning off gigabytes of data, including checking and savings account information, in what security experts described as a sophisticated cyberattack. The motivation and origin of the attacks are not yet clear, according to investigators. The F.B.I. is involved in the investigation, and in the past few weeks a number of security firms have been brought in to conduct forensic studies of the penetrated computer networks.

JPMorgan and Other Banks Struck by Hackers - NYTimes.com

More worrying is the ability of an attacker to engage in a type of denial-of-service attack on controlled intersections by triggering each intersection’s malfunction management unit, which would put the lights into a failure mode—like all directions blinking red—until physically reset. This would, according to the paper, let “an adversary… disable traffic lights faster than technicians can be sent to repair them.”

Researchers find it’s terrifyingly easy to hack traffic lights | Ars Technica

The assumption has always been that these apps can’t interfere with each other easily," said Zhiyun Qian, an associate professor at UC Riverside. "We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user.

Researchers find way to hack Gmail with 92 percent success rate - CNET

Building on cutting edge machine-learning and data-mining techniques, a pair of Carnegie Mellon University researchers have built a new tool designed to accurately predict which Web servers will be hacked before any hacking actually takes place. Call it pre-cybercrime. Kyle Soska and Nicolas Christin, the academics behind the new classification algorithm (they call it a “classifier”), say they trained their tool on 444,519 websites archived using the WayBack Machine, which contains over 4.9 million Web pages. The classifier correctly predicted 66 percent of future hacks in a one-year period with a false positive rate of 17 percent.

New cybersecurity tool lets us predict website hacks before they happen

While 52% of respondents stated that security was a top priority when choosing a mobile device, 51% are putting their personal data at risk by sharing usernames and passwords with friends, family and colleagues. The survey of 2,000 consumers also questioned whether these passwords are strong enough to adequately protect consumers’ applications and the data they hold. Half of respondents stated that they try and remember passwords rather than writing them down or using password management solutions, suggesting that consumers are relying on easy to remember combinations and using the same password across multiple sites and devices.

51% of consumers share passwords

In some situations, a complex password can help you. But in others—like when the company holding your password stores it in plain text, without encrypting it—that complexity is meaningless. And some passwords may seem complex, when they’re actually pretty easy to guess. They can trip you up, even if they’re stored using cryptographic techniques, when someone hacks into the machines that they live on. The lesson here is that system administrators—the people who oversee all those password rules you have to follow—need to shoulder a bit more of the work. They need to better understand what makes a secure password—and how passwords should be stored. “Everyone is confused in this space,” says Cormac Herley, a Microsoft researcher who’s been studying passwords for years. System administrators will lay down rules for passwords but often, “we don’t know half of why we’re doing this stuff.,” says Herley. And they may not realize they should be spending their time securing systems in other ways.

Turns Out Your Complex Passwords Aren’t That Much Safer | Enterprise | WIRED

As much as hacking has become a daily irritant, much more of it crosses watch-center monitors out of sight from the public. The Chinese, the French, the Israelis—and many less well known or understood players—all hack in one way or another. They steal missile plans, chemical formulas, power-plant pipeline schematics, and economic data. That’s espionage; attack code is a military strike. There are only a few recorded deployments, the most famous being the Stuxnet worm. Widely believed to be a joint project of the U.S. and Israel, Stuxnet temporarily disabled Iran’s uranium-processing facility at Natanz in 2010. It switched off safety mechanisms, causing the centrifuges at the heart of a refinery to spin out of control. Two years later, Iran destroyed two-thirds of Saudi Aramco’s computer network with a relatively unsophisticated but fast-spreading “wiper” virus. One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., he’s seen it only once—in Nasdaq.

How Russian Hackers Stole the Nasdaq - Businessweek

An ongoing cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to energy supplies in affected countries. Among the targets of Dragonfly were energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers. The majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.

Dragonfly: Western Energy Companies Under Sabotage Threat | Symantec Connect

A ‘threat,’ according to the bill, is anything that makes information unavailable or less available. So, high-bandwidth uses of some types of information make other types of information that go along the same pipe less available," Greg Nojeim, a lawyer with the Center for Democracy and Technology, told me. "A company could, as a cybersecurity countermeasure, slow down Netflix in order to make other data going across its pipes more available to users." That’s a quick and easy way of setting up a two-tiered internet, with built-in Congressional approval, no FCC rules required. Nojeim was one of the authors of a strongly-worded statement of opposition sent to Dianne Feinstein, the bill’s sponsor. In the letter, the CDT, Electronic Frontier Foundation, American Civil Liberties Union, and more than a dozen other civil liberties groups said that the bill "arbitrarily harms average internet users.

Netflix Could Be Classified As a ‘Cybersecurity Threat’ Under New CISPA Rules | Motherboard

Public Wi-Fi has become an integral part of how mobile devices’ apps work. Apple and Google have both configured their mobile services to leverage Wi-Fi networks to improve their location services, and mobile and broadband companies offer public (and unencrypted) Wi-Fi networks to either offload users from their cellular data networks or extend the reach of their wired network services. Comcast, for example, has been expanding its Xfinity broadband networks by turning access points at homes and businesses into public Wi-Fi hotspots for subscriber access. That’s great for customers’ convenience, but it also opens up a potential vector of attack for anyone who wants to get in the middle of broadband users’ Internet conversations. We demonstrated one potential Wi-Fi threat during our testing—using a rogue wireless access point broadcasting the network ID (SSID) “attwifi” prompted AT&T iPhones and Android devices with default settings to automatically connect to them.

Tapped in: How your phone gives you up to companies and criminals | Ars Technica