Items tagged with Hack
Even though Newegg is one of the most popular destinations for enthusiasts looking to score the latest and greatest hardware for the gaming rigs, the retail giant is not immune to the nefarious actions of the hacker community. To that end, Newegg's website was hacked, and the parties responsible were able to inject 15 lines of credit card skimming code into the retailer's payments page. That code hid there, undetected, from August 14 through September 18 meaning if you made a purchase there between those dates, you need to be concerned. News of the attack comes from Yonathan Klijnsma, a threat...
Read more...
Macs used to have a persona of "no viruses or hacks" with many feeling like the MacBook and other Apple computers were more secure and therefore better than Windows counterparts. This was a long-running argument in PC enthusiast circles and despite ample evidence that Macs are vulnerable to attacks, some still feel that the Mac is immune to most of the hazards posed to a Windows user. Apple's latest 2018 MacBook models certainly aren’t immune from significant issues and flaws right out of the box. The high-end Core i9 version was hampered by thermal throttling out of the box that Apple blamed...
Read more...
Reddit has announced that it suffered a security breach between June 14 and June 18 of this year. The website learned of the hack on June 19 and says that an attacker was able to compromise the accounts of a few Reddit employees along with Reddit's cloud and source code hosting providers. The main attack was apparently via an SMS intercept, as Reddit was using two-factor authentication. The site notes that the attacker didn’t gain write access to its systems and had read-only access to some systems that contained backup data, source code, and other logs. After the attack, additional steps...
Read more...
Bug Bounty programs are very common today with most of the big tech firms hosing them. The goal is to get hackers to report any bugs they find for a payday rather than turning to the black market to sell their hacks. HP has announced a new Bug Bounty program to lure researchers in to hack its printer software. The program offers up to $10,000 to hackers who can find these vulnerabilities. HP’s opened its Bug Bounty program in May and had 34 security researchers signed up at the start. One of those researchers was already paid out $10,000 for what was identified as a serious flaw with HP's...
Read more...
The gang from Failoverflow guaranteed that the Nintendo Switch would be hacked to run all sorts of content not originally targeted for Nintendo's latest console, once the elite hacker group figured out how to get Linux to run on the device. That hack takes advantage of an unpatchable exploit as it turns out. And now, fans of retro GameCube games can now run some titles on their Switch using an emulator and Linux. The hack was shown off by a YouTube user called Mizumi using a Dolphin GameCube emulator program running on Lakka. Lakka is a Linux distribution specifically made for game...
Read more...
A new attack that takes advantage of flaws that are inherent to LTE technology has surfaced called aLTEr. The exploit was discovered by an international team of security researchers and is able to redirect users to hostile websites. The exploit works in part by taking advantage of the fact that there is no integrity checking built into the lower layers of LTE. That lack of integrity checking allows nefarious hackers to use DNS packets directing traffic to website addresses to steer user requests to malicious DNS servers. Attackers could then take the user to whatever website the attacker wants....
Read more...
Malware is a huge problem for computer users today as the threat posed by malicious software continues to increase. A new botnet was recently detected in a live environment for an unnamed client of Deep Instinct, a security firm. The security firm says that the botnet, dubbed Mylobot, uses three different layers of evasion techniques. The evasion techniques that the botnet uses contact command and control servers that download the final payload, Deep Instinct says that the combination and complexity of the evasion techniques that the botnet deploys have never been seen in the wild before....
Read more...
Things aren't exactly rosy in the cryptocurrency world; particularly when it comes to Bitcoin. Over the weekend, South Korean cryptocurrency exchange Coinrail confirmed that it had been hacked. The site says that it was the victim of a "cyber intrusion" and that roughly 30 percent of the coins trades on the exchange were stolen. Coinrail said the remaining 70 percent of coins were safeguarded and have been moved to a "cold wallet". At this moment, it is believed that hackers got away with 40 billion won in Bitcoin, which amounts to $37.2 million. Not surprisingly, this latest hack sent the...
Read more...
For the privileged Americans that can get fiber internet to their home with blazing fast upload/download speeds, there might be more to worry about than blowing through their data allotment in a couple days. Reports are surfacing that various GPON home routers have flaws that could allow nefarious hackers to bypass all authentication on the devices. The method of bypassing authentication is as simple as attaching an image suffix to the URL of a GPON HTTP server. VpnMentor says that after the initial authentication is bypassed, a command injection vulnerability (CVE-2018-10562) to run commands on...
Read more...
Under Armor is a big name in the athletic clothing world. In addition to clothing, the company also has an app that is meant to allow people to track their food intake and nutrition to help get fit (and stay) fit. The app is very popular with users on iOS and Android, but it has suffered a major data breach. Under Armour has notified users that the MyFitnessPal app team became aware that an unauthorized third party had acquired data associated with user accounts for the app and website. That unauthorized access happened in late February 2018 and Under Armor states "The company quickly took...
Read more...
PC gamers are very angry at Rockstar right now after what they claim are unfair bannings that the publisher is handing out left and right. The wide-spanning bans began on March 23 and complaints from a myriad of PC gamers were posted on Reddit, Twitter, Rockstar support forums, and other GTA communities. The gamers are saying that their accounts had been falsely banned for 30 days with no opportunity for an appeal. Rockstar has been very quiet on the subject so far with speculation suggesting that the bans are an issue with the latest tunables update or some sort of issue when participating in...
Read more...
Microsoft's Windows Defender was working hard this week, and according to Microsoft, just before noon on March 6 the AV suite put the brakes on 80,000 instances of several sophisticated trojans. These trojans were especially dastardly because they had advanced cross-process injection techniques, persistence mechanisms, and evasion methods. All the trojans are new versions of Dofoil (also known as Smoke Loader) and they carry a coin miner payload. Microsoft wrote, "Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine...
Read more...
Spotify is handing out some harsh warnings to Android users that are using hacked apps, bypassing its paywall to access premium content without paying. Spotify's premium tier allows listeners to skip the commercials and download tunes directly to their devices. Spotify has sent out warning emails to an unknown number of users warning them against using the hacked apps. The emails warn that the use of these hacked apps violates the terms of using Spotify and could result in account termination. One of these hacks is called "Dogfood" and Spotify recently had it removed from GitHub after having an...
Read more...
Last November a hacker going by the name "DevOps199" found and exploited a flaw in the code for a subset of Ethereum wallets. That user was able to exploit teh vulnerability and take ownership of an Ethereum code library known as a smart contact. Once the hacker owned that smart contract, it was destroyed leaving about $150 million of Ethereum sitting in users' wallets inaccessible. Researchers have now found a new approach that will find vulnerabilities in smart contracts such as the one exploited last year and patch it before a nefarious user could take advantage of the situation. The researchers...
Read more...
