Items tagged with Hacking

Microsoft has patched a vulnerability in its Teams software that could have allowed an attacker to infiltrate compromised systems, steal data, and even take control of an entire organization's accounts. What makes the security flaw somewhat unique is that all of the dastardly deeds could have been accomplished with a just an animated GIF. Users within the organization wouldn't even need to share the infected GIF—just viewing it would be enough for it to work its malicious mojo. The attack itself was leveraged in a subdomain takeover vulnerability in Teams, and prior to being patched, would have affected every user who users the Teams desktop or web browser version. "Without getting into... Read more...
For what feels like the umpteenth time this has happened, a string of specific text is causing iOS devices to crash when received, including iPhones, iPads, and Apple Watches. The malicious text is going viral, and as of this writing, has not been addressed with an iOS update (we imagine one will arrive soon). Even worse, it doesn't have to be sent as a direct text message like past incidents. The string of text that is causing problems on iOS devices consists of certain characters in the Sindhi language. It was originally thought that emojis of the Italian flag needed to accompany the text as well, but was later discovered that the Sindhi text string is all that is needed to freeze and/or crash... Read more...
Hackers recently targeted Nintendo Switch owners, leading to the recommendation that users enable two-factor authentication (2FA), which is generally solid advice anyway. In the aftermath of the hacking campaign, Nintendo is no longer allowing Switch owners to log into their Nintendo accounts through a Nintendo Network ID (NNID). Nintendo also confirmed how many accounts were compromised. According to Nintendo, around 160,000 accounts were hacked. On those accounts, hackers were able to see nicknames, genders, dates of birth, country/region information, and email addresses. Nintendo also acknowledged that hackers may have illegally made purchases on affected accounts using existing balances,... Read more...
There is some more bad news for Zoom and some of its users. Security researchers recently discovered that the dark web and hacker forums are host to over 500,000 compromised Zoom accounts being offered up for sale at dirt cheap prices. Some of them are being sold for a fraction of a penny, while others are being given away for free. It almost feels like we are picking on Zoom at this point with so many headlines highlighting the company's security and privacy lapses in recent weeks. However, that is not the case. Zoom CEO Eric Yuan recently admitted that his video conferencing startup "moved too fast" in light of the COVID-19 outbreak and "had some missteps" along the way. Part of the problem,... Read more...
These are tough times for sure, and to make matters worse, a hacking group managed to infiltrate an email service in Italy and swipe the personal data of more than 600,000 users. The data, which is said to include plaintext passwords and contents of email messages, is for sale on the dark web for between 0.5 and 3 Bitcoin (around $3,500 to $22,000). The culprits go by the name of NN (No Name) Hacking Group. They swiped the data from Email.it, then promoted it on Twitter. The group claims it breached the email service's data center two years ago, in January 2018, and asked for a bug bounty. "They refused to talk with us and continued to trick their users/customers. They didn't contacted (sic)... Read more...
Last week, a semi-anonymous hacker made headlines when they brazenly posted supposed source code to GitHub outlining chunks of AMD's next-generation Radeon DNA 2 (RDNA 2) GPU architecture, as found in the upcoming Xbox Series X game console. The hacker valued the stolen data at $100 million, but can it really be classified as source code? And is it truly that valuable? Maybe not. The hacker claimed to have gotten their mitts on various source files pertaining to different versions of AMD's graphics technology, the most interesting of which is Arden, the codename of the GPU inside the Xbox Series X. AMD managed to get the code removed from GitHub by filing a DMCA take down request. The hacker... Read more...
Major data breaches have unfortunately become rather common occurrences (they seem to happen in waves), and even if you are practice common sense computing habits, you can still fall victim to these types of things. Serving as a sobering reminder of this reality, security researchers say they have discovered an unprotected database hosting a massive 800 gigabytes of personal data. The database holds records for over 200 million Americans. In terms of scale, that's more people than were affected by the Equifax breach, which ultimately resulted in the Federal Trade Commission issuing a weaksauce fine. In this case, it is not clear if the exposed records have been viewed by malicious actors or spilled... Read more...
Malicious actors who make it their business to spread malware obviously have no scruples about preying on on people in any manner possible, but sometimes they fall to new lows. We saw when it when hackers attempted to assault epilepsy patients by posting flashing animations to the Epilepsy Foundation's support forum in hopes of causing seizures, and now they are leveraging the coronavirus pandemic to spread malware, via a live map. Security researcher Brian Krebs of KrebsOnSecurity found that in one such scheme, hackers are using an interactive dashboard of coronavirus infections and deaths produced by Johns Hopkins University on malicious websites, and possibly spam emails as well, to spread... Read more...
The United States National Security Agency (NSA from here on out) is warning of a vulnerability in Microsoft Exchange Server that could allow an attacker with email credentials to launch a remote attack on a target system, enabling them to execute commands. It affects multiple versions of Microsoft Exchange Server. "A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM. The security update addresses the vulnerability by correcting how Microsoft... Read more...
Make no mistake, if the apocalypse comes to be, we are all going to be left in a cutthroat world where anything goes. Fallout 76 plays on that theme, to an extent, though an annoying hack is taking things to the extreme and ruining the game on PC. The hack allows players to steal items from another person's inventory, including weapons and armor. This is not done through person-to-person trading, but is accomplished by way of a remote hack. What's particularly frustrating is it only requires the hacker to be in the vicinity of another player. As long as the victim can be seen on screen, that person can be stripped of their items (save for caps, scrip, access to various locations, and stash box/scrap... Read more...
A company that develops digital forensics tools for businesses and law enforcement specialists has found a way to hack into locked Apple iPhone devices running the latest version of iOS. The method is said to work on most iPhone models, from the iPhone 5s through the iPhone X, and is effective on iOS 12 through iOS 13.3. The company is called Elcomsoft, and the newly expanded ability comes by way of an update to its iOS Forensic Toolkit. Specifically, the update allows the software to extract select keychain records in the BFU (Before First Unlock). That means it can pluck sensitive data from affected iPhone devices that have been powered off or rebooted, without having to enter in a passcode.... Read more...
We already know about that hackers are able to steal credit and debit card details at gas pumps by using skimmers, which are devices that slip over the payment slot and, for the most part, look legitimate (they're found on ATMs as well). However, skimmers are not the only threats. Visa's Payment Fraud Disruption (PFD) division warns that cybercriminals are targeting gas station point of sale (POS) systems in North America. This is a concerning threat, because even though skimmers look like they are part of the pump, there are subtle ways to detect that something is amiss. When a hacker infiltrates a computer network, however, customers are left to the security of the company being attacked. In... Read more...
Several white hat hackers in China spent the weekend infiltrating some of the top web browsers and other applications, as part of the Tianfu Cup. Similar to Pwn2Own, hackers attempt to exploit various software in ways that have not been discovered before, with prizes and bragging rights on the line (as well as better security for us all). The rules between Tianfu Cup and Pwn2Own are pretty much the same. During the two-day event, hackers racked up points by exposing zero-day vulnerabilities in Microsoft's Edge, Apple's Safari, and Google's Chrome browsers, as well as other applications. Here's how it broke down on the first day of the competition... Microsoft Edge (old version, not Chromium):... Read more...
In most instances, if someone gains unauthorized access to your bank account, it is not a good thing. The best case scenario is your bank flags and blocks suspicious transactions and transfers. Or is that the best possible outcome? For Tim Cameron, a 30-year-old UK resident who lost his wallet, having his bank account subsequently hacked was a clever and kind gesture by the person who found it. How can that be? This was not a typical hack in any sense of the word. The good Samaritan who found the wallet made a series of unauthorized £0.01 deposits into Cameron's account, each with a message attached. Deposits at Cameron's bank can contain up to 18 characters, and the person who found the... Read more...
1 2 3 4 5 Next ... Last