Items tagged with Hack
The culprits of the high-profile Twitter hack that occurred just over two weeks ago have been apprehended, and the ringleader is actually 17-year-old Graham Clark from Tampa, Florida. The teenager also had two accomplices: 22-year-old Nima Fazeli from Orlando, Florida and 19-year-old Mason Sheppard from the United Kingdom. On July 15th, the Twitter accounts of some big-name celebrities and companies were hacked including Elon Musk, Kanye West, Joe Biden, Bill Gates and Apple. It was later reported by Twitter that 130 total accounts were targeted, and tweets were sent out from 45 of those accounts in connection with a Bitcoin scam that garnered the culprits around $120,000....
Read more...
Security researchers from China have outlined a new attack dubbed BadPower that can alter the firmware of fast chargers to cause damage to power systems of connected devices. Using the technique, the researchers say they can melt components or potentially set devices on fire. BadPower was detailed last week in a report published by Xuanwu Lab, which is a research unit of Chinese tech giant Tencent. BadPower works by corrupting the firmware of fast chargers, which are a newer type charger developed in the last few years that enables battery of smartphones and laptops to be topped off in rapid fashion. One key difference between regular chargers and a fast charger is the firmware inside the...
Read more...
Following a massive data breach earlier this week, Twitter now finds itself in the precarious position of balancing transparency with security. That's to say, Twitter has divulged some additional details about what happened and what steps it is taking in the aftermath, but is also keeping certain information close to the vest. The incident took place last Wednesday, when several hacked, high profile accounts perpetuated a Bitcoin scam—tweets from accounts belonging to Elon Musk, Joe Biden, Barack Obama, Kanye West, Bill Gates, and other notable figures solicited Bitcoin with the promising of sending back double whatever amount they received. It was a nonsense promise, of course, but reports...
Read more...
A major Twitter hack was perpetrated yesterday that resulted in multiple high-profile Twitter accounts being compromised. Among the hacked accounts were those of Apple, Elon Musk, and U.S. presidential candidate Joe Biden. All of the compromised accounts displayed similar messages that promised to double the amount of Bitcoin sent to a specific wallet address. The Bitcoin scam is a common one, but the fact that it was being broadcast from major verified Twitter accounts made it more likely that users would click on it. Also among the compromised accounts were those belonging to Kim Kardashian West, Jeff Bezos, Bill Gates, Barack Obama, Wiz Khalifa, Warren Buffett, and Michael Bloomberg. Multiple...
Read more...
A number of supercomputers across Europe have been targeted by malware that focuses on mining for cryptocurrency (Monero). The malware has forced supercomputers in the UK, Germany, and Switzerland to be shutdown as operators investigate the security incidents. The high-performance computing center in Spain was also reportedly targeted by a malware attack. The first reported attack surfaced last Monday and came from the University of Edinburg, home of the ARCHER supercomputer. The university reported that there was a "security exploitation on the ARCHER login nodes." ARCHER operators shutdown the system for an investigation, and all SSH passwords were reset to prevent further intrusions. In Germany,...
Read more...
A hacker group called ShinyHunters claims to have breached the databases of ten companies operating around the world, and stolen user data on millions of people. Currently, the databases for the ten companies are being offered for sale on the dark web with a total of 73.2 million user records. The same group of hackers breached an Indonesian online store called Tokopedia last week selling the entire database of 91 million user records for $5,000 on the dark web. In the latest hacks, the largest company that has allegedly had its database stolen is online dating service Zoosk, with the hackers allegedly obtaining 30 million user records. The complete list of businesses that have allegedly...
Read more...
It looks as a large number of Nintendo Switch users are under attack. And no, we're talking about verbal barbs from gamers asserting PC dominance, but from hackers trying to infiltrate Nintendo accounts. The primary target for the hackers appears to be saved credit card details attached to these accounts, which they then use to make actual game purchases or in-game purchases. Compromised accounts have had payment details stolen with both saved credit cards and linked PayPal accounts. The hackers have been particularly interested in using the ill-gotten funds to purchase VBucks in-game currency for the ever-popular battle royale game Fortnite. The problem has been growing in the...
Read more...
One of the many apps that has gained a plethora of new users while everyone is locked down due to the coronavirus is Houseparty. The app was designed to let people make friends, and then drop into chat rooms with those friends to play games and hangout. The way the app works is by allowing a user to drop into any room and chat as long as one person they are friends with is in the room. Rumors and allegations have recently started making the rounds claiming that Houseparty had been hacked. The people behind Houseparty have come out and stated that they weren't hacked, and claim that allegations of a hack were a "paid commercial smear campaign" that was executed against it. Hoping the perpetrators...
Read more...
Hackers need physical access to a computer or need to trick a user into installing malware to steal data from an air-gapped PC (one that is not physically connected to a network). Air-gapped computers can have malware installed to steal data, but getting the data out is harder. That may not be the case with new research shared by The Hacker News that claims hackers can exfiltrate sensitive data from a PC by changing the brightness of the screen. This hack allegedly works on air-gapped computers. The hack is said to play an important role in stealing sensitive data from an infected, but an air-gapped computer. Details of the process come from Mordechai Guri, head of cybersecurity research center...
Read more...
Sources who claim to be close to the investigation are reporting that the FBI is currently probing an Israeli firm called NSO Group Technologies for its role in possible hacks on American residents and companies. The probe is allegedly looking at suspected intelligence gathering on governments according to the sources. The probe has been ongoing since 2017, when the FBI was trying to ascertain whether NSO had obtained code from hackers that was needed to infect smartphones. NSO has said that it sells spy software and technical support exclusively to governments and that the tools are meant to be used in pursuing terrorists and other criminals. The company claims that its software can't be used...
Read more...
A group of UN human rights experts are calling for an investigation into the Crown Prince of the Kingdom of Saudi Arabia, who they allege in 2018 deployed digital spyware enabling surveillance of Jeff Bezos. Bezos is known as the CEO of Amazon, but he's also the owner of The Washington Post. According to the UN human rights experts, the Crown Prince was possibly involved in the surveillance of Bezos in what they claim was an effort to influence, if not silence, The Washington Post's reporting on Saudi Arabia. The experts say that the allegations are relevant due to the ongoing evaluation of claims about the Crown Prince's involvement in the 2018 murder of Saudi national and Washington Post journalist...
Read more...
Researchers have sounded a warning bell at BlackBerry Cylance about a new trojan malware called PyXie RAT. The malware can perform all sorts of nefarious deeds, including keylogging, stealing login credentials, and recording videos. PyXie RAT can also distribute other attacks, including ransomware. The newly discovered PyXie RAT campaign is being run by a sophisticated cyber-criminal operation that is targeting healthcare and education organizations. The malware is custom-built and Python-based. When a machine is infected with the software, it can control most Windows systems and allows the hacker to monitor data and steal sensitive data. Other functions that the software can perform include...
Read more...
The thought of a stranger hijacking your camera and being able to see what you are doing without your knowledge is the stuff of nightmares for most people. Our phones tend to follow us into every area of our lives. Checkmarx decided to see if the cameras that are built into Android phones might be vulnerable to hacking. For their testing, the team took a Pixel 2 XL and Pixel 3 smartphone and began to probe the Google Camera app. The team found that there were a number of "concerning vulnerabilities" in the Google Camera app. They also found that the same vulnerabilities impact the camera apps of other smartphone vendors in the Android ecosystem. They specifically cited Samsung's camera app as...
Read more...
It would seem like common sense if you are among the people attending a hacking conference to secure your devices against attacks. After all, you and your tech gear are walking into the proverbial lion's den. If you were ever going to have your fitness tracker, smartphone, laptop, or other tech device hacked, DEFCON is where it will likely happen. Security Boulevard has issued some steps that attendees to the conference will want to follow to protect their devices before turning up at the convention, but the same steps could be used for protecting your devices every day. Some suggest using burner mobile phones or laptops, but there are other things that attendees can do to prepare themselves...
Read more...
Researchers from Check Point Software Technologies Ltd. have discovered a flaw in one of the most widely deployed pieces of software in the world, which also happens to be the backend for the contacts list on Apple devices like the iPhone and iPad. The software resource that Check Point found the flaw in is called SQLite, a database engine that is used in computer operating systems, desktops, mobile phones, and lots more. SQLite is used in Windows, MacOS, iOS, Google Chrome, and Android, among many others. The fact that the SQLite database engine is so widely deployed has made it a rich target for would-be hackers. Hackers could exploit SQLite and gain administrative control of an iPhone,...
Read more...
There are plenty of vulnerabilities in the biometrics that are commonly used for unlocking devices today, including fingerprint readers and Apple's Face ID. Researchers at the Black Hat USA 2019 conference this week demonstrated a new attack that allowed them to bypass a victim's Face ID and login to the user's phone. However, the method that the hackers had to use is a little disturbing, as they had to use an unconscious victim and place a pair of modified glasses on their face. To pull off the hack, the researchers placed tape carefully over the lenses of a pair of glasses and then put the glasses on the victim's face to show how Face ID could be bypassed in this specific scenario. The exploit...
Read more...
Hacks are happening all the time with some giving information on user accounts like the Flipboard hack we talked about recently. Other hacks are much grander in scale, like the attack against the city of Baltimore that resulted in most of the cities systems being locked out. Another significant hack has happened, and this one is a hack of a hotel management company that backs some of the largest hotel chains in the world. The hotel management company in question is Pyramid Hotel Group, and it manages many Marriott locations. The company had a server that left an unsecured database containing security logs that could give nefarious types an idea about cybersecurity weaknesses of the hotels. The...
Read more...
Flipboard is a news aggregator app, and the company has announced that it fell victim to hacks. The hacks potentially exposed user account information and left that information where it could be copied for nine months. The exposed user details included Flipboard user names, encrypted passwords, and email addresses. Flipboard was clear that no social security numbers, credit card details, or other financial data was lost in the breach because the app doesn't collect any of that information. The company published a FAQ about the hack that noted as a precaution it has reset all user passwords, despite the fact that passwords stored in the database hackers had access to were cryptographically protected....
Read more...
If you try to market a product as “unhackable,” it stands to reason that someone is going to attempt to hack your device to knock you down a peg or two. That is exactly what happened with eyeDisk, which was first brought to light last year with a successful Kickstarter campaign. eyeDisk was able to raise over $21,000 from nearly 250 backers and began shipping the thumb drive in 32GB and 128GB capacities earlier this year. The device uses a combination of AES-256 encryption and iris recognition to lock down the device and keep it safe from harm's way. In fact, eyeDisk was billed as "the world’s first USB flash drive that uses iris recognition technology for unbeatable data security."...
Read more...
In the web browser world, Google Chrome is tops and is offered on multiple platforms including Windows 10, macOS, Linus, iOS and Android. however, web developer named Jim Fisher has found an exploit that nefarious developers can use to trick Chrome on Android users into thinking they are on a legitimate website. Fisher shows on his blog how a website can replace the Chrome for Android address bar and tabs UI using a few tricks. All Chrome for Android users know that when you scroll down a page using the browser, the top of the UI with your address bar and tabs are hidden from view. Fisher found that the scrolling of the page could be "jailed" so when the user scrolls back up the page, the...
Read more...
Yes A lot of gamers were hoping that Nintendo would be rolling out some new Switch hardware at E3 2019 as rumors had suggested. Sadly, Nintendo has now confirmed that there will be no new hardware at that event. However, something else interesting about the Switch has surfaced recently that allows gamers to get more performance out of the existing Switch hardware. With the Switch being a hybrid system, game designers have to design games around docked and undocked performance modes. Inside the Switch is an NVIDIA Tegra processor that changes its clock speed depending on if the Switch is in docked or undocked mode. Hackers have found a way to gain access to change the clock speed of the Tegra...
Read more...
It turns out that a security breach affecting some users of Microsoft's Outlook.com, Hotmail.com, and MSN.com webmail services is worse than originally thought. In an email that was previously sent to users, Microsoft said a hacker managed to swipe a support agent's login credentials, potentially exposing email addresses, subject lines, and other information, but not the actual contents of any emails. As Maury Povich would say, 'That was a lie'. More accurately, that is not the full story. As far as we know, Microsoft did not actually lie to the users who received that specific email, in which the company admitted that email addresses, folder names, subject lines, and email recipient addresses...
Read more...
