Items tagged with Hack
Earlier in the week, hackers gained access to over 150,000 Verkada customer camera feeds that allowed them to grab screenshots and video clips. This breach happened because of a “Super Admin” account that was able to view any camera feed. Now, former Verkada employees are coming forward to explain that any employee could view the camera feeds, and security was lackadaisical at best. On Monday, hackers gained access to the “Super Admin” account, which allowed them to view and capture video from schools, hospitals along with companies such as Tesla, Cloudflare, and Verkada itself. Now, three former employees have come forward to explain this “Super Admin” account...
Read more...
Over the last couple of weeks, hackers have been out in force, breaking into Microsoft Exchange and other services. Now, a group of international hackers who view themselves as vigilantes have breached Silicon Valley-startup Verkada Inc. This gave the hackers access to the live feeds of 150,000 surveillance cameras installed in numerous businesses and organizations. Today, the hacker group went public, explaining that they had footage from Tesla, Cloudflare Inc., and many other high-profile organizations. Moreover, the hackers accessed footage from “inside women’s health clinics, psychiatric hospitals and the offices of Verkada itself.” One video even showed footage from...
Read more...
Since December, a breach at I.T. administration and monitoring software company SolarWinds has been unfurling to reveal several serious security issues. Many companies and government organizations had data accessed and perhaps even stolen. Now, in an interview that gave an interesting insight into the situation, Microsoft's president Brad Smith called the hack the "largest and most sophisticated attack the world has ever seen." SolarWinds Orion, as CBS's 60 Minutes explains, is "one of the most ubiquitous software products you probably never heard of, but to thousands of I.T. departments worldwide, it's indispensable." The software, which simplified I.T. administration and management, touted...
Read more...
Some of the United State’s most critical infrastructure are incredibly vulnerable to attack, as we are now finding out. Last Friday, a plant operator at a water treatment facility in Oldsmar, Florida, noticed his mouse dashing around on the screen. The operator did not think much of it then, but when it happened a second time, security alarm bells were raised after the hacker attempted to raise the level of sodium hydroxide, or lye, 100-fold in the water supply. According to the press conference with Pinellas County Sheriff Bob Gualtieri, the system was regularly accessed remotely, so the operator didn't think much of it. Upon the second attack and attempted change of sodium hydroxide through...
Read more...
Game developer CD Projekt Red announced on Twitter that it has fallen prey to a "targeted cyber attack," in which an unidentified actor (or actors, as the case might be) gained unauthorized access to its internal network and are demanding a ransom. In a ransom note left by the attacker(s), it is claimed they managed to steal the source code for a few prominent titles, including Cyberpunk 2077, The Witcher 3, Gwent, and an unreleased version of Witcher 3. It's not clear if the hack did actually result in stolen source as claimed, though CD Projekt Red did acknowledge that the responsible party "collected certain data" belonging to the developer, and also encrypted some devices on the network....
Read more...
If you give some kids restricted access to technology, they are bound to find a loophole or bug that lets them do what they want regardless. After being asked by his kids to “hack” his Linux desktop, one Dad let the kids play with the keyboard. This button-mashing actually crashed the machine's screensaver by sheer luck, allowing them onto the desktop, ultimately leading to the discovery of a high priority security vulnerability for the Linux Mint team. The bug report, posted to GitHub by user Robo2Bobo, states that it became possible to crash the screensaver and unlock the desktop via the virtual keyboard. Robo2Bobo then explained that this was found because “A few weeks ago,...
Read more...
Watch Dogs: Legion is a recently released Ubisoft game set in London that is all about hacking. In an ironic turn of events, it appears that the source code for Watch Dogs: Legion was unfortunately leaked to the internet. Originally, only snippets of the hacked data were released, but it appears that the whole Watch Dogs: Legion game and source code was released to the internet. In October, ZDNet reported that both Ubisoft and Crytek, maker of Cryengine, were hacked by a ransomware gang named Egregor. At that time, only a small part of data in a cybercrime “proof-of-life” sort of situation was posted. It was unknown how much additional date was available at the time, however, and...
Read more...
When one thinks of hacking and digital espionage, Wargames, Snowden, or even the Matrix may come up. Sometimes, the absurd plots from those sorts of movies may come to life. In this case, a Tesla employee turned down a Russian man who offered him $1 million in a scheme to upload malware to Tesla’s network. The employee then went to the FBI to foil the scheme and bring the Russian perpetrator to justice. Let us start with the many facts at hand. Around July 16th, the perpetrator, Egor Igorevich Kruichkov, contacted an employee at Tesla’s Gigafactory via WhatsApp, where they agreed to visit in person. Mr. Kriuchkov then entered the United States with his Russian passport and tourist...
Read more...
The culprits of the high-profile Twitter hack that occurred just over two weeks ago have been apprehended, and the ringleader is actually 17-year-old Graham Clark from Tampa, Florida. The teenager also had two accomplices: 22-year-old Nima Fazeli from Orlando, Florida and 19-year-old Mason Sheppard from the United Kingdom. On July 15th, the Twitter accounts of some big-name celebrities and companies were hacked including Elon Musk, Kanye West, Joe Biden, Bill Gates and Apple. It was later reported by Twitter that 130 total accounts were targeted, and tweets were sent out from 45 of those accounts in connection with a Bitcoin scam that garnered the culprits around $120,000....
Read more...
Security researchers from China have outlined a new attack dubbed BadPower that can alter the firmware of fast chargers to cause damage to power systems of connected devices. Using the technique, the researchers say they can melt components or potentially set devices on fire. BadPower was detailed last week in a report published by Xuanwu Lab, which is a research unit of Chinese tech giant Tencent. BadPower works by corrupting the firmware of fast chargers, which are a newer type charger developed in the last few years that enables battery of smartphones and laptops to be topped off in rapid fashion. One key difference between regular chargers and a fast charger is the firmware inside the...
Read more...
Following a massive data breach earlier this week, Twitter now finds itself in the precarious position of balancing transparency with security. That's to say, Twitter has divulged some additional details about what happened and what steps it is taking in the aftermath, but is also keeping certain information close to the vest. The incident took place last Wednesday, when several hacked, high profile accounts perpetuated a Bitcoin scam—tweets from accounts belonging to Elon Musk, Joe Biden, Barack Obama, Kanye West, Bill Gates, and other notable figures solicited Bitcoin with the promising of sending back double whatever amount they received. It was a nonsense promise, of course, but reports...
Read more...
A major Twitter hack was perpetrated yesterday that resulted in multiple high-profile Twitter accounts being compromised. Among the hacked accounts were those of Apple, Elon Musk, and U.S. presidential candidate Joe Biden. All of the compromised accounts displayed similar messages that promised to double the amount of Bitcoin sent to a specific wallet address. The Bitcoin scam is a common one, but the fact that it was being broadcast from major verified Twitter accounts made it more likely that users would click on it. Also among the compromised accounts were those belonging to Kim Kardashian West, Jeff Bezos, Bill Gates, Barack Obama, Wiz Khalifa, Warren Buffett, and Michael Bloomberg. Multiple...
Read more...
A number of supercomputers across Europe have been targeted by malware that focuses on mining for cryptocurrency (Monero). The malware has forced supercomputers in the UK, Germany, and Switzerland to be shutdown as operators investigate the security incidents. The high-performance computing center in Spain was also reportedly targeted by a malware attack. The first reported attack surfaced last Monday and came from the University of Edinburg, home of the ARCHER supercomputer. The university reported that there was a "security exploitation on the ARCHER login nodes." ARCHER operators shutdown the system for an investigation, and all SSH passwords were reset to prevent further intrusions. In Germany,...
Read more...
A hacker group called ShinyHunters claims to have breached the databases of ten companies operating around the world, and stolen user data on millions of people. Currently, the databases for the ten companies are being offered for sale on the dark web with a total of 73.2 million user records. The same group of hackers breached an Indonesian online store called Tokopedia last week selling the entire database of 91 million user records for $5,000 on the dark web. In the latest hacks, the largest company that has allegedly had its database stolen is online dating service Zoosk, with the hackers allegedly obtaining 30 million user records. The complete list of businesses that have allegedly...
Read more...
It looks as a large number of Nintendo Switch users are under attack. And no, we're talking about verbal barbs from gamers asserting PC dominance, but from hackers trying to infiltrate Nintendo accounts. The primary target for the hackers appears to be saved credit card details attached to these accounts, which they then use to make actual game purchases or in-game purchases. Compromised accounts have had payment details stolen with both saved credit cards and linked PayPal accounts. The hackers have been particularly interested in using the ill-gotten funds to purchase VBucks in-game currency for the ever-popular battle royale game Fortnite. The problem has been growing in the...
Read more...
One of the many apps that has gained a plethora of new users while everyone is locked down due to the coronavirus is Houseparty. The app was designed to let people make friends, and then drop into chat rooms with those friends to play games and hangout. The way the app works is by allowing a user to drop into any room and chat as long as one person they are friends with is in the room. Rumors and allegations have recently started making the rounds claiming that Houseparty had been hacked. The people behind Houseparty have come out and stated that they weren't hacked, and claim that allegations of a hack were a "paid commercial smear campaign" that was executed against it. Hoping the perpetrators...
Read more...
Hackers need physical access to a computer or need to trick a user into installing malware to steal data from an air-gapped PC (one that is not physically connected to a network). Air-gapped computers can have malware installed to steal data, but getting the data out is harder. That may not be the case with new research shared by The Hacker News that claims hackers can exfiltrate sensitive data from a PC by changing the brightness of the screen. This hack allegedly works on air-gapped computers. The hack is said to play an important role in stealing sensitive data from an infected, but an air-gapped computer. Details of the process come from Mordechai Guri, head of cybersecurity research center...
Read more...
Sources who claim to be close to the investigation are reporting that the FBI is currently probing an Israeli firm called NSO Group Technologies for its role in possible hacks on American residents and companies. The probe is allegedly looking at suspected intelligence gathering on governments according to the sources. The probe has been ongoing since 2017, when the FBI was trying to ascertain whether NSO had obtained code from hackers that was needed to infect smartphones. NSO has said that it sells spy software and technical support exclusively to governments and that the tools are meant to be used in pursuing terrorists and other criminals. The company claims that its software can't be used...
Read more...
A group of UN human rights experts are calling for an investigation into the Crown Prince of the Kingdom of Saudi Arabia, who they allege in 2018 deployed digital spyware enabling surveillance of Jeff Bezos. Bezos is known as the CEO of Amazon, but he's also the owner of The Washington Post. According to the UN human rights experts, the Crown Prince was possibly involved in the surveillance of Bezos in what they claim was an effort to influence, if not silence, The Washington Post's reporting on Saudi Arabia. The experts say that the allegations are relevant due to the ongoing evaluation of claims about the Crown Prince's involvement in the 2018 murder of Saudi national and Washington Post journalist...
Read more...
Researchers have sounded a warning bell at BlackBerry Cylance about a new trojan malware called PyXie RAT. The malware can perform all sorts of nefarious deeds, including keylogging, stealing login credentials, and recording videos. PyXie RAT can also distribute other attacks, including ransomware. The newly discovered PyXie RAT campaign is being run by a sophisticated cyber-criminal operation that is targeting healthcare and education organizations. The malware is custom-built and Python-based. When a machine is infected with the software, it can control most Windows systems and allows the hacker to monitor data and steal sensitive data. Other functions that the software can perform include...
Read more...
The thought of a stranger hijacking your camera and being able to see what you are doing without your knowledge is the stuff of nightmares for most people. Our phones tend to follow us into every area of our lives. Checkmarx decided to see if the cameras that are built into Android phones might be vulnerable to hacking. For their testing, the team took a Pixel 2 XL and Pixel 3 smartphone and began to probe the Google Camera app. The team found that there were a number of "concerning vulnerabilities" in the Google Camera app. They also found that the same vulnerabilities impact the camera apps of other smartphone vendors in the Android ecosystem. They specifically cited Samsung's camera app as...
Read more...
It would seem like common sense if you are among the people attending a hacking conference to secure your devices against attacks. After all, you and your tech gear are walking into the proverbial lion's den. If you were ever going to have your fitness tracker, smartphone, laptop, or other tech device hacked, DEFCON is where it will likely happen. Security Boulevard has issued some steps that attendees to the conference will want to follow to protect their devices before turning up at the convention, but the same steps could be used for protecting your devices every day. Some suggest using burner mobile phones or laptops, but there are other things that attendees can do to prepare themselves...
Read more...
