Items tagged with hacked
The never-ending parade of security vulnerabilities continues. Just as quickly as software vendors can tackle and resolve one set of exploitable issues -- i.e. the troubles at SolarWinds -- attackers find other vectors to break into networks and steal data. This time, it appears that tens of thousands of firms have been ransacked by Chinese cyberspies thanks to some gaping holes in Microsoft's Exchange e-mail and calendar server software. These problems have been ongoing for at least two months. On Tuesday, March 2, Microsoft pushed out emergency updates for Exchange Server versions 2013, 2016, and 2019. The company points to a previously unknown group of Chinese state-sponsored...
Read more...
It seems getting hacked has become a near-daily occurrence that people should expect will happen at some point. Yesterday, people reported that Ubiquiti, a major vendor of internet of things (IoT) devices such as routers, security cameras, access points, and more, suffered a breach through a third-party cloud provider. The New York City-based company has now urged customers to change their passwords and enable multi-factor authentication as account information and credentials could be at risk. Both in an email and a forum post, Ubiquiti reported that they had “recently became aware of unauthorized access to certain of our information technology systems hosted by a third-party cloud provider.”...
Read more...
Microsoft’s Tay chatbot made quite the splash last week when it was set loose on an unsuspecting Twitter audience, only to have her AI brain filled with bouts of racism, Nazi sympathizing, and a penchant for propositioning her followers for kinky sex. Microsoft took Tay offline roughly a day after her debut, and followed up with an apology for her vile behavior. Well, Tay came back online this morning around 3:00am EST and while she didn’t proclaim her love for Donald Trump or Adolf Hitler — as she did previously — she instead went on a spamming spree after an apparent “mental breakdown.” Not long after her return, Tay entered into some sort of loop in which she repeatedly retweeted herself,...
Read more...
On Thursday, some people visiting a selection of major news websites were surprised by a rogue popup saying that they have been hacked by the Syrian Electronic Army. The attacks seemed to have been focused on North American and British media organizations by the hacker group that is linked to the Assad regime. According to reports from various users on Twitter, some of the affected sites include CNBC, Forbes, PCWorld, The Daily Telegraph, The Independent, and the Chicago Tribune. Visitors are being greeted by a random popup that reads, “You’ve been hacked by the Syrian Electronic Army (SEA)” which is then followed by a picture. The popup message along with the picture that follows it Despite...
Read more...
Community Health Systems Inc revealed on Monday that personal had been stolen by hackers from its computer network. According to the U.S. Hospital operator, 4.5 million accounts were stolen that included patient names and addresses sometime in April and June. The 4.5 million people who were either referred to or received services from doctors affiliated with the service in the last five years were the ones affected by the attack. The attackers, according to Community Health, used malware and other technology to acquire the data from its system. The company, one of the largest hospital operators in the U.S. with 206 hospitals in 29 states, went on to say that the data stolen also included birth...
Read more...
Another day, another hack. This time it was the Forbes website that was compromised, and once again it’s the Syrian Electronic Army (SEA) that claimed responsibility for the hack. Forbes posted a message on Facebook announcing the hack and said that anyone who’s registered with the site should change their passwords. The thieves made off with passwords, too, although those were encrypted and should be safe. However, portions of the Forbes site are down, including the blog section. (Click to enlarge) The SEA took credit for the breach on Twitter, posting both a screenshot of the admin panel and a users table with a database of some 16,000 names. “We didn't publish the user table...
Read more...
If you’ve ever used Kickstarter, you should change your password immediately, as the site reports that it has been hacked. “On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data,” reads a Kickstarter email. “Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.” The company stated that no credit card information was stolen, although user information including usernames, passwords, email addresses--and even physical mailing addresses, phone numbers, and encrypted passwords....
Read more...
It’s becoming more tedious to be a Yahoo! Mail user these days. The Gmail-ish redesign a few months ago was supposed to bring many attractive changes to the email service, but it launched with an annoying auto-forward bug, and anecdotally, performance has been slow and buggy from what I’ve experienced. Then, there was that outage last month that left some users without service for as much as a week. And now, Yahoo Mail has been hacked. “Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts,” wrote Yahoo’s...
Read more...
Earlier this month the Syrian Electronic Army hacked Microsoft’s Twitter account (twice), posting messages telling users not to use Microsoft’s email systems, ostensibly because the company was “monitoring your accounts and selling the data to the governments”. The SEA is back at it, defacing Microsoft’s Office Blog by adding a “hacked by the Syrian Electronic Army” line after some articles. The newly-redesigned Office Blog was hacked just hours after its launch, but Microsoft told The Verge that everything was back under control. A Microsoft spokesperson said, "A targeted cyberattack temporarily affected the Microsoft Office blog. The account was quickly...
Read more...
There sure has been a lot of hacking going on in recent weeks. Even major news outlets like The New York Times have joined the U.S. government in suspecting the Chinese military of attempting to solicit digital information, and this week, Facebook announced that it too has been the target of an attack. In a post erected to the company's Security portal, it confessed that while it invests heavily in protecting users and proactively preventing such attacks, one managed to slip by last month. In Jan. 2013, Facebook Security noticed that its systems had been targeted in a sophisticated attack. Reportedly, it occurred when a handful of employees visited a mobile developer website that was compromised....
Read more...
Google’s Chrome Browser has historically been relatively bullet-proof, standing up to hacker challenges with impressive resilience. On Wednesday, however, hacker Sergey Glazunov successfully broaches Chrome’s defenses at CanSecWest’s Pwnium challenge, for which he received a prize of $60,000. To Google’s credit, the vulnerability that Glazunov exploited was patched within 24 hours. In a post on the Chrome Blog, Jason Kersey stated that the hole was patched, and that the Chrome team also delivered some updates to fix issues with Flash games and videos. Photo credit: ZDNet However, Glazunov wasn’t the only one to bypass Chrome’s sandbox; French hacking group...
Read more...
The Large Hadron Collider (LHC) has been collecting lots of headlines this week as it finally ramped up to full speed. It has garnered attention for the massively sized experiments it will undertake (simulating conditions of the Big Bang), the questions its experiments will seek to answer (find the "God" particle), the cost of the project ($7.9 Billion), and even the fear that the LHC itself could create a black hole that would swallow up the Earth (it didn't... at least not yet). So it's understandable that a project of this magnitude would receive lots of attention--especially one of the more public of the experiments, the Compact Muon Solenoid (CMS) Experiment, which is "one of the four 'eyes'...
Read more...
Nothing is so hilarious as when a security vendor gets its site hacked. All right, we will admit that when ICANN was hacked that was also funny. In this case, Kaspersky, who many say (arguably) has the best security software around, had their Malaysian website hacked (yes, we probably could cut them some slack for the fact it was only their Malaysian site - nah).“The official Malaysian Kaspersky Antivirus’s website has been hacked yesterday by a Turkish cracker going by the handle of “m0sted”. Along with it, the same cracker hacked also the official Kaspersky S.E.S. online shop and its several other subdomains. The attacker reported “patriotism” as the reason behind the attack and...
Read more...
Move over Microsoft; Comcast is taking over the role as being perceived as the next "evil empire." Just ask hackers, Defiant and EBK, who managed to take over Comcast's Web portal for over five hours Wednesday night and into Thursday morning: Thursday, the pair were dealing with their newfound fame, laughing over the press coverage with a mix of glee and nervous excitement. Some reports have speculated that the hackers were retaliating for Comcast's recent sabotage of BitTorrent traffic; Defiant and EBK say that's false: they just hate Comcast in general. "I'm sure they hate us too," says Defiant."Comcast is just a huge corporation, and we wanted to take them out, and we did," he says.The pair...
Read more...
What is a hacker to do? The general computer using population is becoming more educated about security, and modern browsers are taking the bite out of phishing scams. Why not kill 2 birds with one stone and find a way to infect legitimate sites?That is exactly what hackers are now doing, with alarming success. Thus far estimates range from the high 200 thousands to half a million infected websites, most of which seem to be legitimate:"On Wednesday, several security companies, including San Diego-based Websense Inc., said large numbers of legitimate sites, including ones with URLs belong to the U.N., had been hacked and were serving up malware. Those latest compromises were only the most recent...
Read more...
With the recent sub-2 minute hack of the Air via a Safari exploit, a running string of iPhone hacks, and numerous people finding ways to put OS X on PCs they built themselves, you'd think Apple would have learned not to make security claims. Of course, if you thought that you don't know a whole lot about Steve Jobs, who has been using every chance he's gotten to tout the new iPhone 2.0's unhackability.Where there's a will, there's a way.Not even 24 hours after the release of the latest update for the iPhone firmware 1.2.0 (or 2.0, as The Steve calls it,) they sent us this picture showing that they have pwned it again, getting it to work completely unlocked, and run all applications. As...
Read more...
Nothing is so humorous as when the web site of a security vendor gets hacked. OK, OK, it was hilarious when the RIAA site was hacked, too. And I'll admit: it's probably not as funny if it's your security vendor.A Trend Micro spokesman confirmed that the company's site had been hacked Thursday, saying that the attack took place earlier in the week. "A portion of our site -- some pages were attacked," said Mike Sweeny, a Trend Micro spokesman. "We took the pages down overnight Tuesday night -- and took corrective action."On Thursday security vendor McAfee reported that more than 20,000 Web pages have been affected by the attack. The pages are infected with malicious code that tries to install password-stealing...
Read more...
Besides ironic, what other words might come to mind over this, eh?The download section of AvSoft's S-cop Web site hosts the malicious code, according to Roger Thompson, chief research officer with security vendor AVG. "They let one of their pages get hit by an iFrame injection," he said. "It shows that anyone can be a victim.... It's hard to protect Web servers properly."The technique used on the site has been seen in thousands of similar hacks over the past few months. The attackers open an invisible iFrame Window within the victim's browser, which redirects the client to another server. That server, in turn, launches attack code that attempts to install malicious software on the victim's computer.The...
Read more...
There are those who still love the Amiga and the AmigaOS, and they've gone and hacked an OLPC to run it!Cloanto Italia srl, Amiga software developers since 1986, were excited to preview details of Amiga Forever 2008 running without modifications on a One Laptop per Child XO laptop.Ironic: the doomed yet still beloved AmigaOS and the not-doing-so-well but too-early-to-call-doomed OLPC....
Read more...
Could anything else possibly fit the word "ironic" better than this?Part of security software vendor CA's Web site was hacked earlier this week and was redirecting visitors to a malicious Web site hosted in China.Although the problem now appears to have been corrected, cached versions of some pages in the press section of CA.com show that earlier this week the site had been redirecting visitors to the uc8010.com domain, which has been serving malicious software since late December, according to Marcus Sachs, director of the SANS Internet Storm Center.No comment from CA in the story, so it's unknown if they were using their own products to protect the site or not....
Read more...
"Can't we all just get along?" as that pundit of peace, Rodney King, once said. Friday the official Blu-ray Disc Association (BDA) website was hacked, such that users were redirected to the HD-DVD Promotion Group's site, thelookandsoundofperfect.com.Beginning at around 4pm ET Friday, and continuing intermittently into the afternoon, visitors to the blu-raydisc.com web site were instead sent to the HD DVD camp's lookandsoundofperfect.com web site.At press time, no one had claimed responsibility for the apparent hack, and there was no official response from either the BDA or the HD DVD Promotions Group.Now, don't assume anything about this being the work of the HD-DVD camp; most likely it was an...
Read more...
iPods, iPhones; those are hacker targets, not (generally) in malicious ways, but to extend functionality or remove (ahem) roadblocks. Now the Zune has had one of its roadblocks bypassed.One of the early complaints about the WiFi sharing ability on the Zune was the rule that limits playback to 3 days or 3 plays on shared tracks. The Zune team eliminated the 3 day rule but left the 3 play rule intact with the latest firmware update. Many musicians who record their own music in the garage would prefer to share it free of this 3 play DRM restriction. Now there is an easy way to do it.During hands on tests performed here at Zune Scene, music files tagged as "podcast" in the genre field have...
Read more...
