Items tagged with Hacker

When cryptocurrency is stolen, it tends to vanish into thin air without no obvious means for recourse. It would typically involve moving the currency across many accounts and disbursing it, so it is slowly spread out. It seems that the hackers that stole over $1 billion in Bitcoin from Silk Road creator Ross Ulbricht were not wise enough, however. The U.S. Justice Department recently announced that they had seized the cryptocurrency from the unnamed hacker. Before 2013, the Silk Road was the underground market on the dark web. Illegal drugs, weapons, and other illicit things were sold using Bitcoin as the main currency. It was optimal as it was hard to track due to its decentralized design.... Read more...
The sheer number of malware campaigns operating online targeting users, in an attempt to steal information or extort money, is staggering. One of the recently revived botnets targeting users is called Emotet, which typically loads various types of malware and spreads via Wi-Fi networks. A vigilante hacker, however, has now stepped in to replace the nefarious payloads sent by these botnets with glorious animated GIFs. The identity of the vigilante hacker or hackers is unknown, but their actions are essentially preventing victims from being compromised by malware. The sabotage of the Emotet botnet is reportedly severely impacting a large portion of Emotet's operation. Currently, about 25% of all... Read more...
A hacker group called ShinyHunters claims to have breached the databases of ten companies operating around the world, and stolen user data on millions of people. Currently, the databases for the ten companies are being offered for sale on the dark web with a total of 73.2 million user records. The same group of hackers breached an Indonesian online store called Tokopedia last week selling the entire database of 91 million user records for $5,000 on the dark web. In the latest hacks, the largest company that has allegedly had its database stolen is online dating service Zoosk, with the hackers allegedly obtaining 30 million user records. The complete list of businesses that have allegedly... Read more...
Researchers at Bitdefender announced the discovery of a new attack that is targeting home routers. In the attack, the DNS settings in the router are changed to redirect the victim to a website that delivers the Oski infostealer malware as the final payload. The most interesting aspect of the malware is that it stores the malicious payload using Bitbucket, which is a popular web-based control repository hosting service. The sneaky malware takes steps to avoid alerting the victim that their router has been compromised, including abusing TinyURL to hide the link to the Bitbucket payload. The page that users are redirected to talks about the coronavirus pandemic and offers a download to give users... Read more...
In the United Arab Emirates (UAE), popular messaging services that might be used in other parts of the world, like Skype and WhatsApp, are restricted. A homegrown alternative called ToTok was designed and released to the public. It was heavily downloaded in the Middle East and eventually by people all around the world in Europe, Asia, Africa, and North America. The catch with ToTok is that while it was a messaging app, it was also a tool used by the UAE government to spy on all who used it. ToTok became one of the most downloaded social apps in the U.S. last week, according to research firm App Annie. The app was developed by a company called Breej Holding, which is most likely a front company... Read more...
Nearly two years ago, OnePlus announced that it had experienced a security breach that resulted in the credit card details of roughly 40,000 customers being stolen. "We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit," wrote the company at the time. "All these measures will help us prevent such incidents from happening in the future." Now, OnePlus is reporting that it has experienced yet another security incident, and this time the company says that personal information from some of its users was accessed by an "unauthorized party". OnePlus is not naming this third-party company/vendor,... Read more...
From security officers to guest sign-ins, schools employ several tools to keep their physical campuses safe. However, is student data also secure? A teen hacker recently uncovered vulnerabilities in two education software programs that could have affected over five million students. Bill Demirkapi is a high school senior in Lexington, Massachusetts and began hacking when he was a freshman. He soon discovered that the education software used by his school, Aspen and Blackboard, contained major security vulnerabilities. Unfortunately, the flaws in the two programs could have affected over 5,000 schools and 5 million students. This would have been more severe than the recent San Diego Unified School... Read more...
Back in 2017, the National Security Agency (NSA) lost control of one of its hacking tools called EternalBlue. Since the hacking tool slipped into the world, it has been picked up by hackers in North Korea, Russia, and China, among other places. The tool has been used to allegedly create billions of dollars in damage around the world. Unfortunately, the hacking tool has now been deployed against cities and states in America as well. For the last three weeks, the city of Baltimore has fought a cyber attack by digital extortionists that has resulted in thousands of computers being frozen, broken email services, and interruptions to real estate sales, water bills, health alert services, and more.... Read more...
A hacker is making the rounds and attacking Git hosting services like GitHub, Bitbucket, and GitLab. The attacks reportedly started on May 3, and as of now, it is unclear how the hacker is gaining access to these repositories. What is known, however, is that the hacker is removing all source code and recent commits from the victim Git repository. In the place of the code that was located in the repositories, the hacker leaves a note that asks for a payment of 0.1 Bitcoin, which is worth about $570 right now. The hacker claims that all of the source code is downloaded and stored on their own personal server. The note gives the victim ten days to pay the ransom and if it isn't paid, the code is... Read more...
Mark Zuckerberg is about to get “Zucc’d”. White-hat hackers usually help to plug security holes, but one hacker has promised to thrust Facebook into chaos. Taiwanese bug bounty hunter Chang Chi-yuan recently announced that he will livestream an attempt to hack into Zuckerberg's Facebook account. The 24 year-old hacker announced to his 26,000 Facebook followers that he will broadcast “the deletion of FB founder Zuck’s account”. The deletion is scheduled for Sunday, September 30th at 6pm NST (6am EST). Chang will stream the event on his own Facebook page. Chang is a minor celebrity in Taiwan and has appeared on a number of talk shows. He was recently sued by... Read more...
When Epic Games announced that it wouldn't be putting its world-dominating Fortnite Android game on the Google Play store, everyone knew Google wouldn’t be happy. Epic didn't want to pay Google 30% of every purchase via the app, a move that could potentially cost Google $50 million. In fact, Google decided to take a very hard look at the installer Epic Games was using for Fortnite and it found a massive security flaw. Google disclosed via the Google Issue Tracker that the first Fortnite Installer was vulnerable to hijacking by hackers. This vulnerability potentially allowed the installation of any app on a user's phone and allowed the hacker to install anything in the background including... Read more...
A new attack that takes advantage of flaws that are inherent to LTE technology has surfaced called aLTEr. The exploit was discovered by an international team of security researchers and is able to redirect users to hostile websites. The exploit works in part by taking advantage of the fact that there is no integrity checking built into the lower layers of LTE. That lack of integrity checking allows nefarious hackers to use DNS packets directing traffic to website addresses to steer user requests to malicious DNS servers. Attackers could then take the user to whatever website the attacker wants. These websites could be used to launch attacks of other types on unsuspecting LTE users. A passive... Read more...
It appears that T-Mobile has only recently squashed a rather serious bug that affected one of the company's subdomains used by staff. In this case, promotool.t-mobile.com was not password protected, allowing anyone that stumbled across it to access stored data. According to ZDNet, which first reported on the website bug, anyone could add a T-Mobile customer’s phone number to the end or the website address after which they would gain access to a treasure trove of information. Personal customer details such as full name, address, account number, account PIN and tax identification number (in certain instances) were all made visible. Most wireless carriers allow you set a PIN for your... Read more...
For the privileged Americans that can get fiber internet to their home with blazing fast upload/download speeds, there might be more to worry about than blowing through their data allotment in a couple days. Reports are surfacing that various GPON home routers have flaws that could allow nefarious hackers to bypass all authentication on the devices. The method of bypassing authentication is as simple as attaching an image suffix to the URL of a GPON HTTP server. VpnMentor says that after the initial authentication is bypassed, a command injection vulnerability (CVE-2018-10562) to run commands on the device can be executed. These two critical vulnerabilities, when combined, can allow complete... Read more...
Intel has been operating its Bug Bounty Program for nearly a year now, with the program originally launching back in March 2017. Initially, the only way that hackers or security researchers could participate was to receive an invite from Intel. Without that invite, you could find all the bugs you wanted, but Intel wouldn't pay you for them. Intel this week announced that it has made changes to that program and one of the biggest is that anyone can now get paid for finding bugs if they follow the program rules. Those rules revolve around using coordinated disclosure practices. What that really means is that Intel must know about the flaw and be given time to address the flaw before any public... Read more...
Take a look at your printer. Give it a good stare. Do you trust it? Probably not, considering it jammed the last time you had to print an important paper right up against a deadline. However, what if we told you that your printer just has to sit there on your network to be a very serious security problem? HP Inc. recently hosted a tech field day for us, and several other security-focused journalists, at their headquarters in Palo Alto. We will speak to some of the panels we listened in on as we go, but the goal for HP at this event was to raise awareness around security - particularly where printers are concerned - and it's an important topic regardless of the brand of printing device you're... Read more...
Bitcoin investors, beware! $72 million USD worth of bitcoin was recently stolen from Hong Kong’s Bitfenix exchange. All trading within the company, including all digital token deposits to and withdrawals from Bitfinex, have been stopped until the culprits are caught. Bitfenix is a trading platform for bitcoin, Litecoin and Ether that includes margin trading along with exchange and margin funding. Bitfinex is the world's largest dollar-based exchange for bitcoin and is known for having deep liquidity in the U.S. dollar/bitcoin currency pair. The Hong Kong-based company is also a popular site for margin trading, process in which traders can borrow a certain number of bitcoin and close their account... Read more...
When I woke up this morning I opened my Pokémon GO app, eager to start hunting for the Pidgey’s, Eevee’s, and the elusive Rhyhorn that have been running amok in my neighborhood. The only thing I could see however, was a shadowy figure walking straight toward a Gyrados. This continuous loading page could only mean one thing- the Pokémon GO servers were down. Hacker group PoodleCorp announced on Twitter today that they were responsible for this Tangela tragedy via a DDoS attack. The hacker group tweeted, “PokemonGo #Offline #PoodleCorp”. Pokémon trainers around the world demanded to know why PoodleCorp would be so cruel. Even YouTube star Felix Kjellberg aka “PewDiePie” begged, “Poodle... Read more...
The Clinton Foundation and the Democratic National Committee (DNC) were a few of the organizations breached by suspected Russian hacker group Guccifer 2.0. The hackers siphoned data for about seven month from at least 4,000 individuals associated with U.S. politics such as party aides, advisers, lawyers and foundations.  This latest hack was detected as early as last week. Guccifer 2.0 posted a number of documents on Tuesday that were supposedly from the DNC. These documents included a list of donors who had made large contributions to the Clinton Foundation. The hackers want to publish inflammatory and incriminating documents in order to shame all of the current presidential candidates. A... Read more...
It may be time to update your Twitter password. A Russian hacker under the alias “Tessa88” claims to hold 32 million stolen Twitter account credentials and is selling the database for 10 bitcoins, or roughly $5,810 USD. The hacker supposedly also has links to the recent breaches of LinkedIn and Myspace. Another Russian hacker claimed to have stolen passwords from Gmail and Yahoo in May. LeakedSource argues that this was not a leak and that the supposed “hacker” is blowing smoke. LeakedSource claimed that out of the fifteen users they asked, all fifteen were able to verify their passwords. They insist that instead, “millions of people have become infected by malware, and the malware sent... Read more...
To nobody's real surprise, the jailbreak community upon learning that the Apple Watch was freewheelin' it on wrists everywhere without a browser onboard set out to fill that gap. And in somewhat short order the celebrated Comex — the developer behind JailBreakMe, and a former Apple intern — has weighed in first, posting a video to Twitter over the weekend that features an Apple Watch running a Google web page via a web browser.  Comex's video makes a good case for why Apple hasn't (yet) included a version of its Safari browser in Watch OS, illustrating the need to scroll over and across vast screen real estate — relatively speaking, of course... Read more...
Here's a story that just keeps getting stranger. Lizard Group, a hacker group that claimed responsibility for Sony's PSN downtime over the weekend, has created a stir that'll no doubt have the FBI involved. As if claiming that it took PSN down wasn't enough, it tweeted earlier today to American Airlines that it had been "receiving reports" that a plane carrying Sony Online Entertainment (SOE) president John Smedley also had explosives onboard. Importantly, the group did not claim that it had anything to do with said explosives, only that it knew of them onboard. Twitter threats are taken just as seriously as those via phone or any other means of communication, and the flight was diverted to Arizona... Read more...
1 2 3 Next