Items tagged with Hack

Last November a hacker going by the name "DevOps199" found and exploited a flaw in the code for a subset of Ethereum wallets. That user was able to exploit teh vulnerability and take ownership of an Ethereum code library known as a smart contact. Once the hacker owned that smart contract, it was destroyed leaving about $150 million of Ethereum sitting in users' wallets inaccessible. Researchers have now found a new approach that will find vulnerabilities in smart contracts such as the one exploited last year and patch it before a nefarious user could take advantage of the situation. The researchers... Read more...
Just over a week ago we talked about an exploit that took advantage of an unpatchable flaw in existing Switch consoles to run Linux on Nintendo's latest. At the time, there were a lot of folks out there wondering what the point of that hack was. However, the value comes in this second hack that fail0verflow has been able to pull off. Getting Linux on the Switch was the just first step in turning the Switch console into a Linux tablet that is able to surf the web. Fail0verflow has been able to run Linux and implement a full web browser with touchscreen support. You can see in the video that... Read more...
Microsoft has confirmed a nasty flaw in Skype that could allow nefarious individuals to gain complete access the OS with system-level privileges on affected machines. To make the issue even worse, Microsoft knows the flaw is there and exploitable, but has no plans for an immediate fix because it would require too much work. The hack was discovered by security researcher Stefan Kanthak and according to him, the Skype update installer can be exploited with a DLL hijacking technique allowing the application to be fooled into drawing malicious code rather than the correct library the app wants.... Read more...
Last year, a hacker group was able to penetrate credit reporting agency Equifax and make off with information, including the social security numbers, of 143 million Americans. Only a few days after the hack, a ransom demand for the return of the information was made to the tune of $2.6 million in bitcoin via the dark web. Now it is believed that the hackers are also believed to have made off with other personal data about Americans including tax ID numbers and driver's license details. Other data leaked in the hack that we already knew about included names, birthdates, social security numbers,... Read more...
The Nintendo Switch has been incredibly popular and is the fastest selling game console in U.S. history. Late last year, word surfaced of a band of hackers working on a homebrew hack that could allow users to put their own content on the Switch, but that hasn’t come to fruition just yet. Another group of hackers has now been able to install and run Debian Linux on the Switch by taking advantage of what the hackers call an unpatchable exploit. The hackers say that the backdoor that allowed them to install Linux on the Switch can’t be shut with a future firmware update, however, the hackers... Read more...
Consumer Reports has found that millions of smart TVs are vulnerable to hacking, and according to the publication, the exploits are often easy to find and execute. TVs vulnerable to these hacks include Samsung and TCL smart TVs along with other brands that use the Roku platform. Streaming devices are also vulnerable with the example cited being the Roku Ultra. Consumer Reports (CR) wrote, "We found that a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening.... Read more...
A cryptocurrency exchange in Asia called Coincheck has announced that it was the victim of a massive hack that saw hundreds of millions of dollars worth of cryptocurrency stolen in what is the largest heist of its kind in history. Coincheck doesn't call the heist a hack, it says that the coins were sent illicitly outside of the service. The cryptocurrency stolen is called NEM, which is the tenth largest cryptocurrency in market value. In total there were 500 million NEM tokens taken in the heist worth about $400 million, according to Bloomberg. However, Cointelegrpah reports a much higher number,... Read more...
Tinder is a popular dating app that matches people up using swipes. If you thought that all the people you were swiping left or right on were private and only you and the people you swiped knew about them, you might be wrong. Security researchers have found a flaw that could allow those swipes to be captured and exposed. The crux of the issue is that Tinder doesn't use HTTPS encryption for fetching images reports a security firm called Checkmarx. This lack of encryption means that your Tinder activity could be exposed over a local Wi-Fi network, allowing a nefarious or nosey character to see your... Read more...
The big news in security (or lack thereof) recently has been the Meltdown and Spectre issues that have plagued Intel, AMD, and Apple. Those aren’t the only security issues that computer users are facing. Security research firm F-Secure has found a new security flaw that it says affects Intel Active Management Technology or AMT. AMT is an Intel proprietary solution that allows remote access or monitoring and management of personal computers in a corporate setting. The tech was meant to allow IT departments in these large organizations or managed service providers to control fleets of computers.... Read more...
WhatsApp is a communications tool that is used by people all around the world to stay connected for personal and business use. The big draw to the app for many is that it has an encrypted group chat feature, so you don’t need to worry that someone is listening in on what you are saying. However, security researchers have recently found a flaw with the app that could leave those encrypted group chats vulnerable to eavesdroppers. The security researchers do point out that the risk associated with the flaw is limited, because the hackers need to have access to WhatsApp servers to insert themselves... Read more...
PlayStation 4 fans looking to set their console free from the clutches of Sony will soon have a new jailbreak to try out. The PS4 4.05 Kernel Exploit from Developer Specter has been published on GitHub for download. The jailbreak devs are specific in noting that the exploit doesn't contain any code that will defeat anti-piracy measures or allow the users to run homebrew apps. The exploit summary reads in part, "In this project you will find a full implementation of the 'namedobj' kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow... Read more...
Updated November 29th at 11:52am Apple has issued a patch for the macOS High Sierra security exploit, less than 24 hours after it was made public. It is addressed in Security Update 2017-001, which Apple encourages all macOS High Sierra users to download immediately. Apple describes the security incident, writing: Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation. The original story continues below:... Read more...
Imgur has discovered what it calls a "potential security breach" that happened three years ago. The breach allowed the attackers to make off with the emails and passwords of 1.7 million user accounts. Imgur says that it is still investigating the breach, but that it wanted to warn its users of the intrusion and tell people what it is doing as a result. Imgur writes that last week it received an email from security researcher Troy Hunt about the breach. Imgur wrote, "Our Chief Operating Officer received the email late night on November 23rd and immediately corresponded with the researcher to... Read more...
Google has been paying out some significant money to get security researchers and hackers to tear apart its Chrome browser and Chrome OS. In March of 2015, Google offered up $100,000 for anyone who could find an exploit chain that would allow for a persistent compromise of a Chromebox or Chromebook using guest mode via a webpage. That $100,000 offer was an increase from the original $50,000 bounty.That bounty went unclaimed for many months until a researcher that uses the moniker Gzob Qq notified Google on September 18 that he had identified a set of vulnerabilities in Chrome OS. The hacker was... Read more...
1 2 3 4 5 Next ... Last