FTC Releases Alert on Securing Personal Information When Using Rental Vehicles

Original release date: August 30, 2016

The Federal Trade Commission (FTC) has released recommendations for consumers to protect their personal data when using rental vehicles. Rental vehicles may contain infotainment systems that can connect with personal devices to stream music, allow hands-free calls and texts, or guide navigation. However, using connected vehicles can increase the risks of having personal data compromised. By taking precautions, users can protect themselves and their personal information.

US-CERT encourages users to review the FTC Alert and US-CERT's Tip on Cybersecurity for Electronic Devices for more information.


This product is provided subject to this Notification and this Privacy & Use policy.


Officials blame “sophisticated” Russian hackers for voter system attacks

Sophisticated hackers use the command line with their pinkies raised and wear cashmere balaclavas.

The profile of attacks on two US state voter registration systems this summer presented in an FBI "Flash" memo suggests that the states were hit by a fairly typical sort of intrusion. But an Arizona official said that the Federal Bureau of Investigation had attributed an attack that succeeded only in capturing a single user's login credentials to Russian hackers and rated the threat from the attack as an "eight on a scale of ten" in severity. An Illinois state official characterized the more successful attack on that state's system as "highly sophisticated" based on information from the FBI.

Arizona Secretary of State Office Communications Director Matt Roberts told the Post's Ellen Nakashima that the FBI had alerted Arizona officials in June of an attack by Russians, though the FBI did not state whether they were state-sponsored or criminal hackers. The attack did not gain access to any state or county voter registration system, but the username and password of a single election official was stolen. Roberts did not respond to requests from Ars for clarification on the timeline and other details of the attack.

Based on the details provided by Roberts to the Post, it's not clear if the Arizona incident was one of the two referred to in the FBI "Flash" published this month. The FBI has not responded to questions about the memorandum on the attacks first published publicly by Yahoo News' Michael Isikoff, but a SQL injection attack wouldn't seem to be the likely culprit for stealing a single username and password. It's more likely that the Gila County election official whose credentials were stolen was the victim of a phishing attack or malware.

Read 5 remaining paragraphs | Comments

Adobe Releases Security Updates for ColdFusion

Original release date: August 30, 2016

Adobe has released security updates to address a vulnerability in ColdFusion. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB16-30 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Emerging Threats ETOpen – Anti-malware IDS/IPS Ruleset

The ETOpen Ruleset is an excellent anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection. The ETOpen Ruleset is not a full coverage ruleset, and may not be sufficient for many regulated environments and should not be used as a standalone ruleset. The ET Open...

Read the full post at darknet.org.uk