Items tagged with Hack

The big news in security (or lack thereof) recently has been the Meltdown and Spectre issues that have plagued Intel, AMD, and Apple. Those aren’t the only security issues that computer users are facing. Security research firm F-Secure has found a new security flaw that it says affects Intel Active Management Technology or AMT. AMT is an Intel proprietary solution that allows remote access or monitoring and management of personal computers in a corporate setting. The tech was meant to allow IT departments in these large organizations or managed service providers to control fleets of computers.... Read more...
WhatsApp is a communications tool that is used by people all around the world to stay connected for personal and business use. The big draw to the app for many is that it has an encrypted group chat feature, so you don’t need to worry that someone is listening in on what you are saying. However, security researchers have recently found a flaw with the app that could leave those encrypted group chats vulnerable to eavesdroppers. The security researchers do point out that the risk associated with the flaw is limited, because the hackers need to have access to WhatsApp servers to insert themselves... Read more...
PlayStation 4 fans looking to set their console free from the clutches of Sony will soon have a new jailbreak to try out. The PS4 4.05 Kernel Exploit from Developer Specter has been published on GitHub for download. The jailbreak devs are specific in noting that the exploit doesn't contain any code that will defeat anti-piracy measures or allow the users to run homebrew apps. The exploit summary reads in part, "In this project you will find a full implementation of the 'namedobj' kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow... Read more...
Updated November 29th at 11:52am Apple has issued a patch for the macOS High Sierra security exploit, less than 24 hours after it was made public. It is addressed in Security Update 2017-001, which Apple encourages all macOS High Sierra users to download immediately. Apple describes the security incident, writing: Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation. The original story continues below:... Read more...
Imgur has discovered what it calls a "potential security breach" that happened three years ago. The breach allowed the attackers to make off with the emails and passwords of 1.7 million user accounts. Imgur says that it is still investigating the breach, but that it wanted to warn its users of the intrusion and tell people what it is doing as a result. Imgur writes that last week it received an email from security researcher Troy Hunt about the breach. Imgur wrote, "Our Chief Operating Officer received the email late night on November 23rd and immediately corresponded with the researcher to... Read more...
Google has been paying out some significant money to get security researchers and hackers to tear apart its Chrome browser and Chrome OS. In March of 2015, Google offered up $100,000 for anyone who could find an exploit chain that would allow for a persistent compromise of a Chromebox or Chromebook using guest mode via a webpage. That $100,000 offer was an increase from the original $50,000 bounty.That bounty went unclaimed for many months until a researcher that uses the moniker Gzob Qq notified Google on September 18 that he had identified a set of vulnerabilities in Chrome OS. The hacker was... Read more...
You might think that the massive number of security breaches that have happened in recent years would push corporate giants and medical facilities out there to take a look at their own security and ensure that their networks are protected. We are only a few months removed from the massive attack that breached Equifax and leaked the information on 143 million Americans into the wild. Now the UK's National Audit Office (NAO) is giving a postmortem following the WannaCry ransomware attacks that hit several hospitals in the country.The ensuing investigation found incredibly lax security protecting... Read more...
This morning we talked about a researcher from KU Leuven University in Belgium who had discovered a major security vulnerability in the WiFi Protected Access II (WPA2) protocol that is used to secure wireless internet traffic. That vulnerability could be used to allow a nefarious attacker to glean confidential details sent over WiFi such as usernames and passwords for secure websites. At least one software company didn't waste any time with an update, with Microsoft confirming that it released an update on October 10th that addressed the exploit. Microsoft has released a patch that will fix the... Read more...
The SNES Classic Edition game console launched to much fanfare and so far the system has proved so popular that many people still can't find one. Reviews for the SNES Classic have been very positive with lots of praise for its retro gaming prowess. The console came from Nintendo with 21 games preinstalled, but some hackers have found a way to add even more games to the system. As of now the process is rather long requiring about 20 steps according to a video outlining the hack using a tool called HakChi2. You will also need some other software to load your own games to the SNES Classic Edition... Read more...
Back in 2013, Yahoo's database was breached by hackers and it wasn't discovered or reported until 2016. When that reporting happened last year, Yahoo thought that detials on 1 billion of its user accounts had been stolen. As it turns out, things are much worse than Yahoo (now owned by Verizon and part of Oath) originally thought. Yahoo reports that after its acquisition by Verizon and during the integration of the two companies, new intelligence on the breach was found and that it now believes all 3 billion accounts existing in 2013 were stolen in the hack. Yahoo reminds users that this isn't a... Read more...
It looks like another major hack has been perpetrated against a major company, this time the hack was of pay TV network Showtime's streaming platform, ShowtimeAnytime.com. The platform allows users with a subscription via a cable network to stream shows via a browser from anywhere. People with no TV subscription can also pay for the streaming service alone making it appealing to cord cutters. Word is that last week the ShowtimeAnytime platform was hacked and code created by Coin Hive that runs on JavaScript was inserted into the platform. Interestingly, this is the same Coin Hive code that was... Read more...
Researchers have still been working their way through the hack that resulted in the very popular CCleaner security app being used as a host for malware. The initial attack was thought by many to have caused minimal harm to computer systems that were infected, but it looks like there was a secondary attack that may be more nefarious. According to the researchers, the hackers were able to piggyback on that initial malware wave and install a second piece of malicious software on the computers working daily in some of the biggest tech firms around the world. The real target of this attack is now thought... Read more...
Companies the world over give IT admins access to some of their most sensitive information. This is the kind of information that if lost, damaged, or stolen would lead to lost money and business for the company. An Arizona man name Tavis Tso has entered into a plea deal resulting from his actions where he took the domain name of a company and redirected it to a teen porn site. The incident went something like this. Tso was a contract IT admin for an unnamed company and had done some work for the company at some point. The client company asked Tso for their GoDaddy login information so that it could... Read more...
A security company called Armis is spilling the beans on a collection of eight different exploits that it is collectively calling BlueBorne. These exploits can allow a hacker access to your phone in seconds without having physical access to the device. Perhaps the scariest part of the exploit is that BlueBorne isn't limited to your phone alone; the hack can allow access to phones, computers, and IoT devices. Armis notes that it believes more vulnerabilities lie waiting to be discovered in various platforms that use the Bluetooth wireless communications standard. The firm says that its... Read more...
1 2 3 4 5 Next ... Last