Items tagged with Hacker

Cell phones are a necessity in day-to-day life, allowing communications and access to numerous websites and accounts. Thus, losing access to a phone or text messages could be as bad, if not worse, than losing a credit card. Even more concerning would be if a hacker could intercept texts without the phone's owner even knowing, and it was entirely possible with $16 and some knowledge of a target. Now, cell carriers must shake things up to prevent this problematic issue from happening again. Earlier this month, Vice's Joseph Cox reported that a hacker had "swiftly, stealthily, and largely effortlessly redirected [Cox's] text messages to themselves," gaining access to apps such as Bumble, Postmates,... Read more...
In January, Google warned security researchers about sneaky social engineering and hacking attempts coming from North Korea. Originally, the Google Threat Analysis Group (TAG), and other researchers found that the North Korean hacker’s blog compromised anyone who visited the website. Now, Microsoft has patched the critical vulnerability that affected the researchers through Internet Explorer and Microsoft Edge. When TAG announced the researcher attacks earlier this year, several people came forward, explaining that fake researchers reached out to them to “collaborate” on a project. After some time of building trust, the malicious hackers asked the researchers to use Internet... Read more...
Over the last couple of weeks, hackers have been out in force, breaking into Microsoft Exchange and other services. Now, a group of international hackers who view themselves as vigilantes have breached Silicon Valley-startup Verkada Inc. This gave the hackers access to the live feeds of 150,000 surveillance cameras installed in numerous businesses and organizations. Today, the hacker group went public, explaining that they had footage from Tesla, Cloudflare Inc., and many other high-profile organizations. Moreover, the hackers accessed footage from “inside women’s health clinics, psychiatric hospitals and the offices of Verkada itself.” One video even showed footage from... Read more...
When someone resets a password, a code is typically sent to an account holder's email, which is then input into a website (or app) for verification purposes. Moreover, protections should prevent that code from being brute-forced by a hacker, but this isn't always the case. Laxman Muthiyah, a security researcher, recently reported that he could have hacked any Microsoft or Instagram account due to flaws in how the password changing mechanism was implemented. Last year, Muthiyah collected around $80,000 between two bug bounty programs from Facebook and Microsoft after finding similar issues with both companies' password change processes. In the Instagram vulnerability, a password recovery system... Read more...
The Solorigate hack, which ensnared Microsoft, is finally coming to a close for the Redmond, Washington-based company. The Microsoft Security Response Center (MSRC) team wrote a blog post explaining what they had found in the now-completed investigation following the SolarWinds ordeal. It seems that while hackers stole some files, it was not a big deal for Microsoft as this only reinforced the policies the company has in place. In December of last year, cybersecurity company FireEye discovered hackers had breached SolarWinds Orion, an IT administration and management software package. The hack was found to date back to Spring of 2020, meaning any Orion customer could have been infiltrated. This... Read more...
Some of the United State’s most critical infrastructure are incredibly vulnerable to attack, as we are now finding out. Last Friday, a plant operator at a water treatment facility in Oldsmar, Florida, noticed his mouse dashing around on the screen. The operator did not think much of it then, but when it happened a second time, security alarm bells were raised after the hacker attempted to raise the level of sodium hydroxide, or lye, 100-fold in the water supply. According to the press conference with Pinellas County Sheriff Bob Gualtieri, the system was regularly accessed remotely, so the operator didn't think much of it. Upon the second attack and attempted change of sodium hydroxide through... Read more...
When cryptocurrency is stolen, it tends to vanish into thin air without no obvious means for recourse. It would typically involve moving the currency across many accounts and disbursing it, so it is slowly spread out. It seems that the hackers that stole over $1 billion in Bitcoin from Silk Road creator Ross Ulbricht were not wise enough, however. The U.S. Justice Department recently announced that they had seized the cryptocurrency from the unnamed hacker. Before 2013, the Silk Road was the underground market on the dark web. Illegal drugs, weapons, and other illicit things were sold using Bitcoin as the main currency. It was optimal as it was hard to track due to its decentralized design.... Read more...
The sheer number of malware campaigns operating online targeting users, in an attempt to steal information or extort money, is staggering. One of the recently revived botnets targeting users is called Emotet, which typically loads various types of malware and spreads via Wi-Fi networks. A vigilante hacker, however, has now stepped in to replace the nefarious payloads sent by these botnets with glorious animated GIFs. The identity of the vigilante hacker or hackers is unknown, but their actions are essentially preventing victims from being compromised by malware. The sabotage of the Emotet botnet is reportedly severely impacting a large portion of Emotet's operation. Currently, about 25% of all... Read more...
A hacker group called ShinyHunters claims to have breached the databases of ten companies operating around the world, and stolen user data on millions of people. Currently, the databases for the ten companies are being offered for sale on the dark web with a total of 73.2 million user records. The same group of hackers breached an Indonesian online store called Tokopedia last week selling the entire database of 91 million user records for $5,000 on the dark web. In the latest hacks, the largest company that has allegedly had its database stolen is online dating service Zoosk, with the hackers allegedly obtaining 30 million user records. The complete list of businesses that have allegedly... Read more...
Researchers at Bitdefender announced the discovery of a new attack that is targeting home routers. In the attack, the DNS settings in the router are changed to redirect the victim to a website that delivers the Oski infostealer malware as the final payload. The most interesting aspect of the malware is that it stores the malicious payload using Bitbucket, which is a popular web-based control repository hosting service. The sneaky malware takes steps to avoid alerting the victim that their router has been compromised, including abusing TinyURL to hide the link to the Bitbucket payload. The page that users are redirected to talks about the coronavirus pandemic and offers a download to give users... Read more...
In the United Arab Emirates (UAE), popular messaging services that might be used in other parts of the world, like Skype and WhatsApp, are restricted. A homegrown alternative called ToTok was designed and released to the public. It was heavily downloaded in the Middle East and eventually by people all around the world in Europe, Asia, Africa, and North America. The catch with ToTok is that while it was a messaging app, it was also a tool used by the UAE government to spy on all who used it. ToTok became one of the most downloaded social apps in the U.S. last week, according to research firm App Annie. The app was developed by a company called Breej Holding, which is most likely a front company... Read more...
Nearly two years ago, OnePlus announced that it had experienced a security breach that resulted in the credit card details of roughly 40,000 customers being stolen. "We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit," wrote the company at the time. "All these measures will help us prevent such incidents from happening in the future." Now, OnePlus is reporting that it has experienced yet another security incident, and this time the company says that personal information from some of its users was accessed by an "unauthorized party". OnePlus is not naming this third-party company/vendor,... Read more...
From security officers to guest sign-ins, schools employ several tools to keep their physical campuses safe. However, is student data also secure? A teen hacker recently uncovered vulnerabilities in two education software programs that could have affected over five million students. Bill Demirkapi is a high school senior in Lexington, Massachusetts and began hacking when he was a freshman. He soon discovered that the education software used by his school, Aspen and Blackboard, contained major security vulnerabilities. Unfortunately, the flaws in the two programs could have affected over 5,000 schools and 5 million students. This would have been more severe than the recent San Diego Unified School... Read more...
Back in 2017, the National Security Agency (NSA) lost control of one of its hacking tools called EternalBlue. Since the hacking tool slipped into the world, it has been picked up by hackers in North Korea, Russia, and China, among other places. The tool has been used to allegedly create billions of dollars in damage around the world. Unfortunately, the hacking tool has now been deployed against cities and states in America as well. For the last three weeks, the city of Baltimore has fought a cyber attack by digital extortionists that has resulted in thousands of computers being frozen, broken email services, and interruptions to real estate sales, water bills, health alert services, and more.... Read more...
A hacker is making the rounds and attacking Git hosting services like GitHub, Bitbucket, and GitLab. The attacks reportedly started on May 3, and as of now, it is unclear how the hacker is gaining access to these repositories. What is known, however, is that the hacker is removing all source code and recent commits from the victim Git repository. In the place of the code that was located in the repositories, the hacker leaves a note that asks for a payment of 0.1 Bitcoin, which is worth about $570 right now. The hacker claims that all of the source code is downloaded and stored on their own personal server. The note gives the victim ten days to pay the ransom and if it isn't paid, the code is... Read more...
Mark Zuckerberg is about to get “Zucc’d”. White-hat hackers usually help to plug security holes, but one hacker has promised to thrust Facebook into chaos. Taiwanese bug bounty hunter Chang Chi-yuan recently announced that he will livestream an attempt to hack into Zuckerberg's Facebook account. The 24 year-old hacker announced to his 26,000 Facebook followers that he will broadcast “the deletion of FB founder Zuck’s account”. The deletion is scheduled for Sunday, September 30th at 6pm NST (6am EST). Chang will stream the event on his own Facebook page. Chang is a minor celebrity in Taiwan and has appeared on a number of talk shows. He was recently sued by... Read more...
When Epic Games announced that it wouldn't be putting its world-dominating Fortnite Android game on the Google Play store, everyone knew Google wouldn’t be happy. Epic didn't want to pay Google 30% of every purchase via the app, a move that could potentially cost Google $50 million. In fact, Google decided to take a very hard look at the installer Epic Games was using for Fortnite and it found a massive security flaw. Google disclosed via the Google Issue Tracker that the first Fortnite Installer was vulnerable to hijacking by hackers. This vulnerability potentially allowed the installation of any app on a user's phone and allowed the hacker to install anything in the background including... Read more...
A new attack that takes advantage of flaws that are inherent to LTE technology has surfaced called aLTEr. The exploit was discovered by an international team of security researchers and is able to redirect users to hostile websites. The exploit works in part by taking advantage of the fact that there is no integrity checking built into the lower layers of LTE. That lack of integrity checking allows nefarious hackers to use DNS packets directing traffic to website addresses to steer user requests to malicious DNS servers. Attackers could then take the user to whatever website the attacker wants. These websites could be used to launch attacks of other types on unsuspecting LTE users. A passive... Read more...
It appears that T-Mobile has only recently squashed a rather serious bug that affected one of the company's subdomains used by staff. In this case, promotool.t-mobile.com was not password protected, allowing anyone that stumbled across it to access stored data. According to ZDNet, which first reported on the website bug, anyone could add a T-Mobile customer’s phone number to the end or the website address after which they would gain access to a treasure trove of information. Personal customer details such as full name, address, account number, account PIN and tax identification number (in certain instances) were all made visible. Most wireless carriers allow you set a PIN for your... Read more...
For the privileged Americans that can get fiber internet to their home with blazing fast upload/download speeds, there might be more to worry about than blowing through their data allotment in a couple days. Reports are surfacing that various GPON home routers have flaws that could allow nefarious hackers to bypass all authentication on the devices. The method of bypassing authentication is as simple as attaching an image suffix to the URL of a GPON HTTP server. VpnMentor says that after the initial authentication is bypassed, a command injection vulnerability (CVE-2018-10562) to run commands on the device can be executed. These two critical vulnerabilities, when combined, can allow complete... Read more...
Intel has been operating its Bug Bounty Program for nearly a year now, with the program originally launching back in March 2017. Initially, the only way that hackers or security researchers could participate was to receive an invite from Intel. Without that invite, you could find all the bugs you wanted, but Intel wouldn't pay you for them. Intel this week announced that it has made changes to that program and one of the biggest is that anyone can now get paid for finding bugs if they follow the program rules. Those rules revolve around using coordinated disclosure practices. What that really means is that Intel must know about the flaw and be given time to address the flaw before any public... Read more...
Take a look at your printer. Give it a good stare. Do you trust it? Probably not, considering it jammed the last time you had to print an important paper right up against a deadline. However, what if we told you that your printer just has to sit there on your network to be a very serious security problem? HP Inc. recently hosted a tech field day for us, and several other security-focused journalists, at their headquarters in Palo Alto. We will speak to some of the panels we listened in on as we go, but the goal for HP at this event was to raise awareness around security - particularly where printers are concerned - and it's an important topic regardless of the brand of printing device you're... Read more...
1 2 3 Next