Items tagged with Hacker

In the United Arab Emirates (UAE), popular messaging services that might be used in other parts of the world, like Skype and WhatsApp, are restricted. A homegrown alternative called ToTok was designed and released to the public. It was heavily downloaded in the Middle East and eventually by people all around the world in Europe, Asia, Africa, and North America. The catch with ToTok is that while it was a messaging app, it was also a tool used by the UAE government to spy on all who used it. ToTok became one of the most downloaded social apps in the U.S. last week, according to research firm App Annie. The app was developed by a company called Breej Holding, which is most likely a front company... Read more...
Nearly two years ago, OnePlus announced that it had experienced a security breach that resulted in the credit card details of roughly 40,000 customers being stolen. "We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit," wrote the company at the time. "All these measures will help us prevent such incidents from happening in the future." Now, OnePlus is reporting that it has experienced yet another security incident, and this time the company says that personal information from some of its users was accessed by an "unauthorized party". OnePlus is not naming this third-party company/vendor,... Read more...
From security officers to guest sign-ins, schools employ several tools to keep their physical campuses safe. However, is student data also secure? A teen hacker recently uncovered vulnerabilities in two education software programs that could have affected over five million students. Bill Demirkapi is a high school senior in Lexington, Massachusetts and began hacking when he was a freshman. He soon discovered that the education software used by his school, Aspen and Blackboard, contained major security vulnerabilities. Unfortunately, the flaws in the two programs could have affected over 5,000 schools and 5 million students. This would have been more severe than the recent San Diego Unified School... Read more...
Back in 2017, the National Security Agency (NSA) lost control of one of its hacking tools called EternalBlue. Since the hacking tool slipped into the world, it has been picked up by hackers in North Korea, Russia, and China, among other places. The tool has been used to allegedly create billions of dollars in damage around the world. Unfortunately, the hacking tool has now been deployed against cities and states in America as well. For the last three weeks, the city of Baltimore has fought a cyber attack by digital extortionists that has resulted in thousands of computers being frozen, broken email services, and interruptions to real estate sales, water bills, health alert services, and more.... Read more...
A hacker is making the rounds and attacking Git hosting services like GitHub, Bitbucket, and GitLab. The attacks reportedly started on May 3, and as of now, it is unclear how the hacker is gaining access to these repositories. What is known, however, is that the hacker is removing all source code and recent commits from the victim Git repository. In the place of the code that was located in the repositories, the hacker leaves a note that asks for a payment of 0.1 Bitcoin, which is worth about $570 right now. The hacker claims that all of the source code is downloaded and stored on their own personal server. The note gives the victim ten days to pay the ransom and if it isn't paid, the code is... Read more...
Mark Zuckerberg is about to get “Zucc’d”. White-hat hackers usually help to plug security holes, but one hacker has promised to thrust Facebook into chaos. Taiwanese bug bounty hunter Chang Chi-yuan recently announced that he will livestream an attempt to hack into Zuckerberg's Facebook account. The 24 year-old hacker announced to his 26,000 Facebook followers that he will broadcast “the deletion of FB founder Zuck’s account”. The deletion is scheduled for Sunday, September 30th at 6pm NST (6am EST). Chang will stream the event on his own Facebook page. Chang is a minor celebrity in Taiwan and has appeared on a number of talk shows. He was recently sued by... Read more...
When Epic Games announced that it wouldn't be putting its world-dominating Fortnite Android game on the Google Play store, everyone knew Google wouldn’t be happy. Epic didn't want to pay Google 30% of every purchase via the app, a move that could potentially cost Google $50 million. In fact, Google decided to take a very hard look at the installer Epic Games was using for Fortnite and it found a massive security flaw. Google disclosed via the Google Issue Tracker that the first Fortnite Installer was vulnerable to hijacking by hackers. This vulnerability potentially allowed the installation of any app on a user's phone and allowed the hacker to install anything in the background including... Read more...
A new attack that takes advantage of flaws that are inherent to LTE technology has surfaced called aLTEr. The exploit was discovered by an international team of security researchers and is able to redirect users to hostile websites. The exploit works in part by taking advantage of the fact that there is no integrity checking built into the lower layers of LTE. That lack of integrity checking allows nefarious hackers to use DNS packets directing traffic to website addresses to steer user requests to malicious DNS servers. Attackers could then take the user to whatever website the attacker wants. These websites could be used to launch attacks of other types on unsuspecting LTE users. A passive... Read more...
It appears that T-Mobile has only recently squashed a rather serious bug that affected one of the company's subdomains used by staff. In this case, promotool.t-mobile.com was not password protected, allowing anyone that stumbled across it to access stored data. According to ZDNet, which first reported on the website bug, anyone could add a T-Mobile customer’s phone number to the end or the website address after which they would gain access to a treasure trove of information. Personal customer details such as full name, address, account number, account PIN and tax identification number (in certain instances) were all made visible. Most wireless carriers allow you set a PIN for your... Read more...
For the privileged Americans that can get fiber internet to their home with blazing fast upload/download speeds, there might be more to worry about than blowing through their data allotment in a couple days. Reports are surfacing that various GPON home routers have flaws that could allow nefarious hackers to bypass all authentication on the devices. The method of bypassing authentication is as simple as attaching an image suffix to the URL of a GPON HTTP server. VpnMentor says that after the initial authentication is bypassed, a command injection vulnerability (CVE-2018-10562) to run commands on the device can be executed. These two critical vulnerabilities, when combined, can allow complete... Read more...
Intel has been operating its Bug Bounty Program for nearly a year now, with the program originally launching back in March 2017. Initially, the only way that hackers or security researchers could participate was to receive an invite from Intel. Without that invite, you could find all the bugs you wanted, but Intel wouldn't pay you for them. Intel this week announced that it has made changes to that program and one of the biggest is that anyone can now get paid for finding bugs if they follow the program rules. Those rules revolve around using coordinated disclosure practices. What that really means is that Intel must know about the flaw and be given time to address the flaw before any public... Read more...
Take a look at your printer. Give it a good stare. Do you trust it? Probably not, considering it jammed the last time you had to print an important paper right up against a deadline. However, what if we told you that your printer just has to sit there on your network to be a very serious security problem? HP Inc. recently hosted a tech field day for us, and several other security-focused journalists, at their headquarters in Palo Alto. We will speak to some of the panels we listened in on as we go, but the goal for HP at this event was to raise awareness around security - particularly where printers are concerned - and it's an important topic regardless of the brand of printing device you're... Read more...
Bitcoin investors, beware! $72 million USD worth of bitcoin was recently stolen from Hong Kong’s Bitfenix exchange. All trading within the company, including all digital token deposits to and withdrawals from Bitfinex, have been stopped until the culprits are caught. Bitfenix is a trading platform for bitcoin, Litecoin and Ether that includes margin trading along with exchange and margin funding. Bitfinex is the world's largest dollar-based exchange for bitcoin and is known for having deep liquidity in the U.S. dollar/bitcoin currency pair. The Hong Kong-based company is also a popular site for margin trading, process in which traders can borrow a certain number of bitcoin and close their account... Read more...
When I woke up this morning I opened my Pokémon GO app, eager to start hunting for the Pidgey’s, Eevee’s, and the elusive Rhyhorn that have been running amok in my neighborhood. The only thing I could see however, was a shadowy figure walking straight toward a Gyrados. This continuous loading page could only mean one thing- the Pokémon GO servers were down. Hacker group PoodleCorp announced on Twitter today that they were responsible for this Tangela tragedy via a DDoS attack. The hacker group tweeted, “PokemonGo #Offline #PoodleCorp”. Pokémon trainers around the world demanded to know why PoodleCorp would be so cruel. Even YouTube star Felix Kjellberg aka “PewDiePie” begged, “Poodle... Read more...
1 2 3 4 Next