Items tagged with Hacker

Back in 2017, the National Security Agency (NSA) lost control of one of its hacking tools called EternalBlue. Since the hacking tool slipped into the world, it has been picked up by hackers in North Korea, Russia, and China, among other places. The tool has been used to allegedly create billions of dollars in damage around the world. Unfortunately, the hacking tool has now been deployed against cities and states in America as well. For the last three weeks, the city of Baltimore has fought a cyber attack by digital extortionists that has resulted in thousands of computers being frozen, broken email services, and interruptions to real estate sales, water bills, health alert services, and more.... Read more...
A hacker is making the rounds and attacking Git hosting services like GitHub, Bitbucket, and GitLab. The attacks reportedly started on May 3, and as of now, it is unclear how the hacker is gaining access to these repositories. What is known, however, is that the hacker is removing all source code and recent commits from the victim Git repository. In the place of the code that was located in the repositories, the hacker leaves a note that asks for a payment of 0.1 Bitcoin, which is worth about $570 right now. The hacker claims that all of the source code is downloaded and stored on their own personal server. The note gives the victim ten days to pay the ransom and if it isn't paid, the code is... Read more...
Mark Zuckerberg is about to get “Zucc’d”. White-hat hackers usually help to plug security holes, but one hacker has promised to thrust Facebook into chaos. Taiwanese bug bounty hunter Chang Chi-yuan recently announced that he will livestream an attempt to hack into Zuckerberg's Facebook account. The 24 year-old hacker announced to his 26,000 Facebook followers that he will broadcast “the deletion of FB founder Zuck’s account”. The deletion is scheduled for Sunday, September 30th at 6pm NST (6am EST). Chang will stream the event on his own Facebook page. Chang is a minor celebrity in Taiwan and has appeared on a number of talk shows. He was recently sued by... Read more...
When Epic Games announced that it wouldn't be putting its world-dominating Fortnite Android game on the Google Play store, everyone knew Google wouldn’t be happy. Epic didn't want to pay Google 30% of every purchase via the app, a move that could potentially cost Google $50 million. In fact, Google decided to take a very hard look at the installer Epic Games was using for Fortnite and it found a massive security flaw. Google disclosed via the Google Issue Tracker that the first Fortnite Installer was vulnerable to hijacking by hackers. This vulnerability potentially allowed the installation of any app on a user's phone and allowed the hacker to install anything in the background including... Read more...
A new attack that takes advantage of flaws that are inherent to LTE technology has surfaced called aLTEr. The exploit was discovered by an international team of security researchers and is able to redirect users to hostile websites. The exploit works in part by taking advantage of the fact that there is no integrity checking built into the lower layers of LTE. That lack of integrity checking allows nefarious hackers to use DNS packets directing traffic to website addresses to steer user requests to malicious DNS servers. Attackers could then take the user to whatever website the attacker wants. These websites could be used to launch attacks of other types on unsuspecting LTE users. A passive... Read more...
It appears that T-Mobile has only recently squashed a rather serious bug that affected one of the company's subdomains used by staff. In this case, promotool.t-mobile.com was not password protected, allowing anyone that stumbled across it to access stored data. According to ZDNet, which first reported on the website bug, anyone could add a T-Mobile customer’s phone number to the end or the website address after which they would gain access to a treasure trove of information. Personal customer details such as full name, address, account number, account PIN and tax identification number (in certain instances) were all made visible. Most wireless carriers allow you set a PIN for your... Read more...
For the privileged Americans that can get fiber internet to their home with blazing fast upload/download speeds, there might be more to worry about than blowing through their data allotment in a couple days. Reports are surfacing that various GPON home routers have flaws that could allow nefarious hackers to bypass all authentication on the devices. The method of bypassing authentication is as simple as attaching an image suffix to the URL of a GPON HTTP server. VpnMentor says that after the initial authentication is bypassed, a command injection vulnerability (CVE-2018-10562) to run commands on the device can be executed. These two critical vulnerabilities, when combined, can allow complete... Read more...
Intel has been operating its Bug Bounty Program for nearly a year now, with the program originally launching back in March 2017. Initially, the only way that hackers or security researchers could participate was to receive an invite from Intel. Without that invite, you could find all the bugs you wanted, but Intel wouldn't pay you for them. Intel this week announced that it has made changes to that program and one of the biggest is that anyone can now get paid for finding bugs if they follow the program rules. Those rules revolve around using coordinated disclosure practices. What that really means is that Intel must know about the flaw and be given time to address the flaw before any public... Read more...
Take a look at your printer. Give it a good stare. Do you trust it? Probably not, considering it jammed the last time you had to print an important paper right up against a deadline. However, what if we told you that your printer just has to sit there on your network to be a very serious security problem? HP Inc. recently hosted a tech field day for us, and several other security-focused journalists, at their headquarters in Palo Alto. We will speak to some of the panels we listened in on as we go, but the goal for HP at this event was to raise awareness around security - particularly where printers are concerned - and it's an important topic regardless of the brand of printing device you're... Read more...
Bitcoin investors, beware! $72 million USD worth of bitcoin was recently stolen from Hong Kong’s Bitfenix exchange. All trading within the company, including all digital token deposits to and withdrawals from Bitfinex, have been stopped until the culprits are caught. Bitfenix is a trading platform for bitcoin, Litecoin and Ether that includes margin trading along with exchange and margin funding. Bitfinex is the world's largest dollar-based exchange for bitcoin and is known for having deep liquidity in the U.S. dollar/bitcoin currency pair. The Hong Kong-based company is also a popular site for margin trading, process in which traders can borrow a certain number of bitcoin and close their account... Read more...
When I woke up this morning I opened my Pokémon GO app, eager to start hunting for the Pidgey’s, Eevee’s, and the elusive Rhyhorn that have been running amok in my neighborhood. The only thing I could see however, was a shadowy figure walking straight toward a Gyrados. This continuous loading page could only mean one thing- the Pokémon GO servers were down. Hacker group PoodleCorp announced on Twitter today that they were responsible for this Tangela tragedy via a DDoS attack. The hacker group tweeted, “PokemonGo #Offline #PoodleCorp”. Pokémon trainers around the world demanded to know why PoodleCorp would be so cruel. Even YouTube star Felix Kjellberg aka “PewDiePie” begged, “Poodle... Read more...
The Clinton Foundation and the Democratic National Committee (DNC) were a few of the organizations breached by suspected Russian hacker group Guccifer 2.0. The hackers siphoned data for about seven month from at least 4,000 individuals associated with U.S. politics such as party aides, advisers, lawyers and foundations.  This latest hack was detected as early as last week. Guccifer 2.0 posted a number of documents on Tuesday that were supposedly from the DNC. These documents included a list of donors who had made large contributions to the Clinton Foundation. The hackers want to publish inflammatory and incriminating documents in order to shame all of the current presidential candidates. A... Read more...
It may be time to update your Twitter password. A Russian hacker under the alias “Tessa88” claims to hold 32 million stolen Twitter account credentials and is selling the database for 10 bitcoins, or roughly $5,810 USD. The hacker supposedly also has links to the recent breaches of LinkedIn and Myspace. Another Russian hacker claimed to have stolen passwords from Gmail and Yahoo in May. LeakedSource argues that this was not a leak and that the supposed “hacker” is blowing smoke. LeakedSource claimed that out of the fifteen users they asked, all fifteen were able to verify their passwords. They insist that instead, “millions of people have become infected by malware, and the malware sent... Read more...
To nobody's real surprise, the jailbreak community upon learning that the Apple Watch was freewheelin' it on wrists everywhere without a browser onboard set out to fill that gap. And in somewhat short order the celebrated Comex — the developer behind JailBreakMe, and a former Apple intern — has weighed in first, posting a video to Twitter over the weekend that features an Apple Watch running a Google web page via a web browser.  Comex's video makes a good case for why Apple hasn't (yet) included a version of its Safari browser in Watch OS, illustrating the need to scroll over and across vast screen real estate — relatively speaking, of course... Read more...
1 2 3 4 Next