Items tagged with Hack
Last week saw its share of data breaches and leaks, and Twitch was by no means spared from it all. Today, however, Twitch downplayed the massive security breach it was hit with, insisting on its blog that the damage only affected a small fraction of its users, with not much compromised. The Twitch data breach left content creators and viewers scrambling to reset their passwords and stream keys. It was not clear how much data had actually been accessed at that time, so users were also encouraged to enable two-factor authentication (2FA). Many people had legitimate cause for concern as not only was their personal information at risk, but also their credit card and/or ACH/bank information. Not too...
Read more...
Ransomware attacks are on the rise, and it may feel like there is no recourse for many victims. A new law has been proposed in the United States by Senator Elizabeth Warren and Congresswoman Deborah Ross to attempt to address that, but with an added dilemma. The new law, the Ransomware Disclosure Act, would require businesses to disclose any ransom payments within 48 hours of the payment to the Department of Homeland Security (DHS). If the bill passes, victims who decide to pay the ransom will be required to report the payment sum, the currency, and any information they have about those who are demanding payment. The Ransomware Disclosure Act would not require everyone who is a victim of ransomware...
Read more...
Yesterday, criminal hackers stole approximately $600 million in varying cryptocurrencies from the PolyNetwork, a blockchain interoperability company. Now, in an interesting turn of events, the hackers have begun returning the stolen funds in what was to be one of the biggest cryptocurrency thefts ever. As it stands, cryptocurrencies all have their standalone networks, which means that going between them would be difficult at best. However, PolyNetwork aims to interconnect Bitcoin, Ethereum, and others through smart contracts and interconnections between other crypto chains. Interestingly, malicious hackers were reportedly able to exploit a vulnerability in the EthCrossChainManager contract and...
Read more...
Over the holiday weekend, the popular battle royale game Apex Legends was hacked, but not in the way you may expect. Rather than stealing data, encrypting files, or being generally destructive, the hackers broadcasted a message stating that Respawn Entertainment has not done enough to fight hackers in its first game, Titanfall. Early on July 4th, Apex Legends players of PC began to report that the hackers replaced in-game playlists as well as notifications with complaints about the state of Titanfall. These messages also included a link to SaveTitanfall.com, which further explains that the game, which is still for sale, is “currently unplayable on PC due to hacker(s) using exploits.”...
Read more...
Earlier this year, one of the largest insurance providers in the U.S. was hit by a ransomware attack that managed to cripple its network and exfiltrate data. According to people familiar with the situation, CNA Financial Corp. out of Chicago, Illinois, paid $40 million to wrest control of its network back in March. The people familiar with the situation, who were not authorized to publicly speak on the matter, discussed the hack with Bloomberg. It is reported that the company paid hackers “about two weeks after a trove of company data was stolen, and CNA officials were locked out of their network.” When asked specifically about the ransom payment, CNA declined to comment specifically...
Read more...
Earlier in the week, hackers gained access to over 150,000 Verkada customer camera feeds that allowed them to grab screenshots and video clips. This breach happened because of a “Super Admin” account that was able to view any camera feed. Now, former Verkada employees are coming forward to explain that any employee could view the camera feeds, and security was lackadaisical at best. On Monday, hackers gained access to the “Super Admin” account, which allowed them to view and capture video from schools, hospitals along with companies such as Tesla, Cloudflare, and Verkada itself. Now, three former employees have come forward to explain this “Super Admin” account...
Read more...
Over the last couple of weeks, hackers have been out in force, breaking into Microsoft Exchange and other services. Now, a group of international hackers who view themselves as vigilantes have breached Silicon Valley-startup Verkada Inc. This gave the hackers access to the live feeds of 150,000 surveillance cameras installed in numerous businesses and organizations. Today, the hacker group went public, explaining that they had footage from Tesla, Cloudflare Inc., and many other high-profile organizations. Moreover, the hackers accessed footage from “inside women’s health clinics, psychiatric hospitals and the offices of Verkada itself.” One video even showed footage from...
Read more...
Since December, a breach at I.T. administration and monitoring software company SolarWinds has been unfurling to reveal several serious security issues. Many companies and government organizations had data accessed and perhaps even stolen. Now, in an interview that gave an interesting insight into the situation, Microsoft's president Brad Smith called the hack the "largest and most sophisticated attack the world has ever seen." SolarWinds Orion, as CBS's 60 Minutes explains, is "one of the most ubiquitous software products you probably never heard of, but to thousands of I.T. departments worldwide, it's indispensable." The software, which simplified I.T. administration and management, touted...
Read more...
Some of the United State’s most critical infrastructure are incredibly vulnerable to attack, as we are now finding out. Last Friday, a plant operator at a water treatment facility in Oldsmar, Florida, noticed his mouse dashing around on the screen. The operator did not think much of it then, but when it happened a second time, security alarm bells were raised after the hacker attempted to raise the level of sodium hydroxide, or lye, 100-fold in the water supply. According to the press conference with Pinellas County Sheriff Bob Gualtieri, the system was regularly accessed remotely, so the operator didn't think much of it. Upon the second attack and attempted change of sodium hydroxide through...
Read more...
Game developer CD Projekt Red announced on Twitter that it has fallen prey to a "targeted cyber attack," in which an unidentified actor (or actors, as the case might be) gained unauthorized access to its internal network and are demanding a ransom. In a ransom note left by the attacker(s), it is claimed they managed to steal the source code for a few prominent titles, including Cyberpunk 2077, The Witcher 3, Gwent, and an unreleased version of Witcher 3. It's not clear if the hack did actually result in stolen source as claimed, though CD Projekt Red did acknowledge that the responsible party "collected certain data" belonging to the developer, and also encrypted some devices on the network....
Read more...
If you give some kids restricted access to technology, they are bound to find a loophole or bug that lets them do what they want regardless. After being asked by his kids to “hack” his Linux desktop, one Dad let the kids play with the keyboard. This button-mashing actually crashed the machine's screensaver by sheer luck, allowing them onto the desktop, ultimately leading to the discovery of a high priority security vulnerability for the Linux Mint team. The bug report, posted to GitHub by user Robo2Bobo, states that it became possible to crash the screensaver and unlock the desktop via the virtual keyboard. Robo2Bobo then explained that this was found because “A few weeks ago,...
Read more...
Watch Dogs: Legion is a recently released Ubisoft game set in London that is all about hacking. In an ironic turn of events, it appears that the source code for Watch Dogs: Legion was unfortunately leaked to the internet. Originally, only snippets of the hacked data were released, but it appears that the whole Watch Dogs: Legion game and source code was released to the internet. In October, ZDNet reported that both Ubisoft and Crytek, maker of Cryengine, were hacked by a ransomware gang named Egregor. At that time, only a small part of data in a cybercrime “proof-of-life” sort of situation was posted. It was unknown how much additional date was available at the time, however, and...
Read more...
When one thinks of hacking and digital espionage, Wargames, Snowden, or even the Matrix may come up. Sometimes, the absurd plots from those sorts of movies may come to life. In this case, a Tesla employee turned down a Russian man who offered him $1 million in a scheme to upload malware to Tesla’s network. The employee then went to the FBI to foil the scheme and bring the Russian perpetrator to justice. Let us start with the many facts at hand. Around July 16th, the perpetrator, Egor Igorevich Kruichkov, contacted an employee at Tesla’s Gigafactory via WhatsApp, where they agreed to visit in person. Mr. Kriuchkov then entered the United States with his Russian passport and tourist...
Read more...
The culprits of the high-profile Twitter hack that occurred just over two weeks ago have been apprehended, and the ringleader is actually 17-year-old Graham Clark from Tampa, Florida. The teenager also had two accomplices: 22-year-old Nima Fazeli from Orlando, Florida and 19-year-old Mason Sheppard from the United Kingdom. On July 15th, the Twitter accounts of some big-name celebrities and companies were hacked including Elon Musk, Kanye West, Joe Biden, Bill Gates and Apple. It was later reported by Twitter that 130 total accounts were targeted, and tweets were sent out from 45 of those accounts in connection with a Bitcoin scam that garnered the culprits around $120,000....
Read more...
Security researchers from China have outlined a new attack dubbed BadPower that can alter the firmware of fast chargers to cause damage to power systems of connected devices. Using the technique, the researchers say they can melt components or potentially set devices on fire. BadPower was detailed last week in a report published by Xuanwu Lab, which is a research unit of Chinese tech giant Tencent. BadPower works by corrupting the firmware of fast chargers, which are a newer type charger developed in the last few years that enables battery of smartphones and laptops to be topped off in rapid fashion. One key difference between regular chargers and a fast charger is the firmware inside the...
Read more...
Following a massive data breach earlier this week, Twitter now finds itself in the precarious position of balancing transparency with security. That's to say, Twitter has divulged some additional details about what happened and what steps it is taking in the aftermath, but is also keeping certain information close to the vest. The incident took place last Wednesday, when several hacked, high profile accounts perpetuated a Bitcoin scam—tweets from accounts belonging to Elon Musk, Joe Biden, Barack Obama, Kanye West, Bill Gates, and other notable figures solicited Bitcoin with the promising of sending back double whatever amount they received. It was a nonsense promise, of course, but reports...
Read more...
A major Twitter hack was perpetrated yesterday that resulted in multiple high-profile Twitter accounts being compromised. Among the hacked accounts were those of Apple, Elon Musk, and U.S. presidential candidate Joe Biden. All of the compromised accounts displayed similar messages that promised to double the amount of Bitcoin sent to a specific wallet address. The Bitcoin scam is a common one, but the fact that it was being broadcast from major verified Twitter accounts made it more likely that users would click on it. Also among the compromised accounts were those belonging to Kim Kardashian West, Jeff Bezos, Bill Gates, Barack Obama, Wiz Khalifa, Warren Buffett, and Michael Bloomberg. Multiple...
Read more...
A number of supercomputers across Europe have been targeted by malware that focuses on mining for cryptocurrency (Monero). The malware has forced supercomputers in the UK, Germany, and Switzerland to be shutdown as operators investigate the security incidents. The high-performance computing center in Spain was also reportedly targeted by a malware attack. The first reported attack surfaced last Monday and came from the University of Edinburg, home of the ARCHER supercomputer. The university reported that there was a "security exploitation on the ARCHER login nodes." ARCHER operators shutdown the system for an investigation, and all SSH passwords were reset to prevent further intrusions. In Germany,...
Read more...
A hacker group called ShinyHunters claims to have breached the databases of ten companies operating around the world, and stolen user data on millions of people. Currently, the databases for the ten companies are being offered for sale on the dark web with a total of 73.2 million user records. The same group of hackers breached an Indonesian online store called Tokopedia last week selling the entire database of 91 million user records for $5,000 on the dark web. In the latest hacks, the largest company that has allegedly had its database stolen is online dating service Zoosk, with the hackers allegedly obtaining 30 million user records. The complete list of businesses that have allegedly...
Read more...
It looks as a large number of Nintendo Switch users are under attack. And no, we're talking about verbal barbs from gamers asserting PC dominance, but from hackers trying to infiltrate Nintendo accounts. The primary target for the hackers appears to be saved credit card details attached to these accounts, which they then use to make actual game purchases or in-game purchases. Compromised accounts have had payment details stolen with both saved credit cards and linked PayPal accounts. The hackers have been particularly interested in using the ill-gotten funds to purchase VBucks in-game currency for the ever-popular battle royale game Fortnite. The problem has been growing in the...
Read more...
One of the many apps that has gained a plethora of new users while everyone is locked down due to the coronavirus is Houseparty. The app was designed to let people make friends, and then drop into chat rooms with those friends to play games and hangout. The way the app works is by allowing a user to drop into any room and chat as long as one person they are friends with is in the room. Rumors and allegations have recently started making the rounds claiming that Houseparty had been hacked. The people behind Houseparty have come out and stated that they weren't hacked, and claim that allegations of a hack were a "paid commercial smear campaign" that was executed against it. Hoping the perpetrators...
Read more...
Hackers need physical access to a computer or need to trick a user into installing malware to steal data from an air-gapped PC (one that is not physically connected to a network). Air-gapped computers can have malware installed to steal data, but getting the data out is harder. That may not be the case with new research shared by The Hacker News that claims hackers can exfiltrate sensitive data from a PC by changing the brightness of the screen. This hack allegedly works on air-gapped computers. The hack is said to play an important role in stealing sensitive data from an infected, but an air-gapped computer. Details of the process come from Mordechai Guri, head of cybersecurity research center...
Read more...
