Two security researchers, Charlie Miller and Chris Valasek, have found a way to hack a car and control it remotely. From the Internet, they were able to track cars by location, see how fast they were going, turn the blinkers and lights on and off, and mess with the windshield wipers, radios, navigation and, sometimes, brakes and steering. In one test, they bought a Jeep that connected to the Internet through a hardware chip. They found vulnerability in a chip, then connected to another chip that controlled several functions in the vehicle. Source: The New York Times
Pump up the volume on JPMorgan hack
Authorities arrested four people in Israel and Florida and revealed a complex securities fraud scheme tied to the computer hacks of JPMorgan Chase and other financial institutions. Officials in Israel picked up two men charged in the United States with running a multimillion-dollar stock-manipulation scheme known as a pump and dump. In Florida, officials arrested two men for operating an unlicensed money-transfer business using Bitcoin. Though these are separate cases, a principal in the alleged securities-fraud scheme is a business associate of one of those charged in the Bitcoin operation. The two also are identified in a previously unreported FBI memo that connects them to the investigation of the hack of JPMorgan, as well as to incidents at Fidelity Investments and E-Trade Financial. A person familiar with the investigation said data stolen from JPMorgan, including tens of millions of emails and names of customers, may have been sought for promoting stocks through a spam campaign. Source: Bloomberg
It’s an emergency! Pay now!
A new phone scam invokes the emergency 911 system. Operators say the call looks like 911 is calling you, then someone says you’ll be arrested if you don’t send money. If you call back, it calls the real 911. “You’re going to put me in jail for what? What did I do?” Tammy Scroggins said. “They said it was a warrant they had, and I needed to call the district attorney in five minutes. If I didn’t, somebody was going to be picking me up and putting me in jail for six months.” The caller ID told her it was coming from 911. When she hit redial, it called the real 911 dispatch center. “We would never ask for personal information over the phone,” said Cris DeVore of the Multnomah County, Ore., Bureau of Emergency Communications. “We would never leave a voicemail that somebody has a warrant out for their arrest.” Source: KGW, Portland, Ore.
Patch me up
Microsoft is urging computer users to install an emergency security update for all supported versions of Windows to fix a remote-code execution vulnerability. Details of the vulnerability were found and reported to Microsoft by security researchers poring over memos leaked online from spyware-maker Hacking Team. This follows an elevation-of-privilege hole in Windows and a remote-code execution bug in Internet Explorer 11 that also were uncovered from the Hacking Team files, and patched last week by Microsoft. This latest security flaw is in the Windows Adobe Type Manager Library, and can be exploited by attackers to hijack PCs and infect them with malware. A victim who opens a document or even a webpage that contains a malicious embedded OpenType font file can be attacked. Source: The (U.K.) Register
Be on your guard
Illinois consumers should be wary of callers posing as National Guard members or workers asking for money, say officials with the Illinois National Guard. The group says that it’s learned some individuals claiming to be with the Illinois National Guard are soliciting donations by telephone. It is against Department of Defense regulations for the National Guard and all other such forces to ask for donations of any kind. Source: The Associated Press via The Chicago Tribune
Getting security schooled
Florida’s Hodges University has established the Identity Fraud Institute, which will serve as the central hub for all identity theft and fraud-related information throughout the state, as well as provide victim-assistance programs. The Institute includes a research center that will involve a network of local banks and members of the retail, medical and other industries who will learn, share and collaborate on key topics. Participants will report tips, trends and other related information. Notices will be shared through the institute with local law enforcement and businesses, benefiting the local market and its residents. Source: The Naples (Fla.) News
Still feeling unsettled
Identity theft protection company LifeLock is misleading consumers about the level of protection and timeliness of the warnings they’ll get, the federal government said, alleging that LifeLock isn’t living up to a $12 million settlement with regulators. The Federal Trade Commission says LifeLock did not set up a program to protect sensitive data such as credit card, Social Security and bank account numbers, which the company agreed to do. The agency also says LifeLock didn’t keep records it agreed to maintain and has falsely advertised that consumers’ data get the same level of protection as financial institutions and that consumers would be alerted as soon as the company discovered a potential problem. LifeLock says the FTC’s statements are related to past practices and that it is prepared to defend itself in court. The company says it has been cooperating and talking to the agency for a year and a half. Source: NBC News
A read on readers
While news organizations might keep sources secret, they don’t necessarily worry about keeping the identity of their readers secret. People who go to a website looking for news can unwittingly endanger themselves just by clicking on a story or video. Governments that know who is accessing specific information can intrude in a variety of ways—by blocking or censoring the story or by targeting individuals who access prohibited information for harassment or even legal action. As elemental as it is to keep Web-based communication secure, it’s been a largely overlooked subject by many news outlets. That’s beginning to change, thanks to efforts by advocacy groups to strengthen and reinforce safety barriers around the Web. The Let’s Encrypt the Web project, part of an effort by a coalition of tech companies and Internet advocacy groups, seeks to ensure that all Web communication is both reliable and secure. Source: Columbia Journalism Review