Items tagged with Hacking

The hacker who gained unauthorized access to CD Projekt Red's servers and seemingly stole the source code for several games has already reportedly leaked one of them, after the developer publicly declared it had no intention of paying a ransom or negotiating. In addition, the hacker appears to be trying to start a bidding war for the remaining data. To be clear, CD Projekt Red never outright acknowledged that the hacker stole actual source code, but said the person responsible "collected certain data" belonging to the developer, as well as encrypted some devices on its network. However, reading between the lines of the developer's broader statement on the intrusion, it sure sounds like the hacker... Read more...
FireEye, a prominent cybersecurity firm, says it is working with the US Federal Bureau of Investigation and several key partners, including Microsoft (which recently warned of a rise in cyberattacks), into a highly sophisticated and targeted hack that it believes was perpetrated by a state-sponsored actor "with top-tier offensive capabilities." It is unlike anything FireEye CEO Kevin Mandia has seen in his two and a half decades in cybersecurity. That is saying something, given that FireEye deals with security incidents of the highest order. However, Mandia says this particular attack is different from the tens of thousands of incidents his company has dealt with over the years. "The attackers... Read more...
In the days of old, a car thief might stick a hanger in car window to unlock the door (or simply smash the glass), hop in, and hot wire the vehicle. Hollywood loves to show this kind of thing, sometimes with wires dangling beneath the steering column, and other times with a screwdriver jammed into the ignition. Trying to steel a Tesla Model X takes more effort, though perhaps not as much as you think, as a security researcher recently demonstrated. Today's vehicles are more reliant than ever on computer systems, and Tesla is at the front of the pack, with its advanced self-driving and other technologies. And like many modern vehicles, keyless entry is a common feature. That is also where the... Read more...
Some people may say, “Don't talk to me until I have had my coffee,” but what if they could not have coffee because of a ransomware attack? According to a researcher at Avast, IoT devices, such as smart coffee makers, can be vulnerable to attacks. Security researcher Martin Hron remarks “firmware is a new software,” and that software can be exploited. Typically, smart IoT devices have firmware onboard that is used with an API, while users expect that not too much harm can come from the API and firmware. This is not the case, as Hron states “We used to trust that hardware, such as a common kitchen appliance, could be trusted and could not be easily altered without... Read more...
Towards the end of April, Nintendo issued a notice saying login details for as many as 160,000 Nintendo accounts had been compromised as a result of a data breach. In actuality, the number of affected accounts is nearly twice as high—Nintendo this week provided an update on the matter, saying it has identified an additional 140,000 users accounts that "may have been accessed maliciously." The new figure is not part of a separate hack, but the result of Nintendo's ongoing investigation into the matter. As discovered in April, hackers were able to exploit Nintendo Network IDs (NNIDs). These were mainly relevant back in the days of the Wii U and Nintendo 3DS, but could be linked to a Nintendo... Read more...
A hacker group called ShinyHunters claims to have breached the databases of ten companies operating around the world, and stolen user data on millions of people. Currently, the databases for the ten companies are being offered for sale on the dark web with a total of 73.2 million user records. The same group of hackers breached an Indonesian online store called Tokopedia last week selling the entire database of 91 million user records for $5,000 on the dark web. In the latest hacks, the largest company that has allegedly had its database stolen is online dating service Zoosk, with the hackers allegedly obtaining 30 million user records. The complete list of businesses that have allegedly... Read more...
Microsoft has patched a vulnerability in its Teams software that could have allowed an attacker to infiltrate compromised systems, steal data, and even take control of an entire organization's accounts. What makes the security flaw somewhat unique is that all of the dastardly deeds could have been accomplished with a just an animated GIF. Users within the organization wouldn't even need to share the infected GIF—just viewing it would be enough for it to work its malicious mojo. The attack itself was leveraged in a subdomain takeover vulnerability in Teams, and prior to being patched, would have affected every user who users the Teams desktop or web browser version. "Without getting into... Read more...
For what feels like the umpteenth time this has happened, a string of specific text is causing iOS devices to crash when received, including iPhones, iPads, and Apple Watches. The malicious text is going viral, and as of this writing, has not been addressed with an iOS update (we imagine one will arrive soon). Even worse, it doesn't have to be sent as a direct text message like past incidents. The string of text that is causing problems on iOS devices consists of certain characters in the Sindhi language. It was originally thought that emojis of the Italian flag needed to accompany the text as well, but was later discovered that the Sindhi text string is all that is needed to freeze and/or crash... Read more...
Hackers recently targeted Nintendo Switch owners, leading to the recommendation that users enable two-factor authentication (2FA), which is generally solid advice anyway. In the aftermath of the hacking campaign, Nintendo is no longer allowing Switch owners to log into their Nintendo accounts through a Nintendo Network ID (NNID). Nintendo also confirmed how many accounts were compromised. According to Nintendo, around 160,000 accounts were hacked. On those accounts, hackers were able to see nicknames, genders, dates of birth, country/region information, and email addresses. Nintendo also acknowledged that hackers may have illegally made purchases on affected accounts using existing balances,... Read more...
There is some more bad news for Zoom and some of its users. Security researchers recently discovered that the dark web and hacker forums are host to over 500,000 compromised Zoom accounts being offered up for sale at dirt cheap prices. Some of them are being sold for a fraction of a penny, while others are being given away for free. It almost feels like we are picking on Zoom at this point with so many headlines highlighting the company's security and privacy lapses in recent weeks. However, that is not the case. Zoom CEO Eric Yuan recently admitted that his video conferencing startup "moved too fast" in light of the COVID-19 outbreak and "had some missteps" along the way. Part of the problem,... Read more...
These are tough times for sure, and to make matters worse, a hacking group managed to infiltrate an email service in Italy and swipe the personal data of more than 600,000 users. The data, which is said to include plaintext passwords and contents of email messages, is for sale on the dark web for between 0.5 and 3 Bitcoin (around $3,500 to $22,000). The culprits go by the name of NN (No Name) Hacking Group. They swiped the data from Email.it, then promoted it on Twitter. The group claims it breached the email service's data center two years ago, in January 2018, and asked for a bug bounty. "They refused to talk with us and continued to trick their users/customers. They didn't contacted (sic)... Read more...
Last week, a semi-anonymous hacker made headlines when they brazenly posted supposed source code to GitHub outlining chunks of AMD's next-generation Radeon DNA 2 (RDNA 2) GPU architecture, as found in the upcoming Xbox Series X game console. The hacker valued the stolen data at $100 million, but can it really be classified as source code? And is it truly that valuable? Maybe not. The hacker claimed to have gotten their mitts on various source files pertaining to different versions of AMD's graphics technology, the most interesting of which is Arden, the codename of the GPU inside the Xbox Series X. AMD managed to get the code removed from GitHub by filing a DMCA take down request. The hacker... Read more...
Major data breaches have unfortunately become rather common occurrences (they seem to happen in waves), and even if you are practice common sense computing habits, you can still fall victim to these types of things. Serving as a sobering reminder of this reality, security researchers say they have discovered an unprotected database hosting a massive 800 gigabytes of personal data. The database holds records for over 200 million Americans. In terms of scale, that's more people than were affected by the Equifax breach, which ultimately resulted in the Federal Trade Commission issuing a weaksauce fine. In this case, it is not clear if the exposed records have been viewed by malicious actors or spilled... Read more...
Malicious actors who make it their business to spread malware obviously have no scruples about preying on on people in any manner possible, but sometimes they fall to new lows. We saw when it when hackers attempted to assault epilepsy patients by posting flashing animations to the Epilepsy Foundation's support forum in hopes of causing seizures, and now they are leveraging the coronavirus pandemic to spread malware, via a live map. Security researcher Brian Krebs of KrebsOnSecurity found that in one such scheme, hackers are using an interactive dashboard of coronavirus infections and deaths produced by Johns Hopkins University on malicious websites, and possibly spam emails as well, to spread... Read more...
The United States National Security Agency (NSA from here on out) is warning of a vulnerability in Microsoft Exchange Server that could allow an attacker with email credentials to launch a remote attack on a target system, enabling them to execute commands. It affects multiple versions of Microsoft Exchange Server. "A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM. The security update addresses the vulnerability by correcting how Microsoft... Read more...
Make no mistake, if the apocalypse comes to be, we are all going to be left in a cutthroat world where anything goes. Fallout 76 plays on that theme, to an extent, though an annoying hack is taking things to the extreme and ruining the game on PC. The hack allows players to steal items from another person's inventory, including weapons and armor. This is not done through person-to-person trading, but is accomplished by way of a remote hack. What's particularly frustrating is it only requires the hacker to be in the vicinity of another player. As long as the victim can be seen on screen, that person can be stripped of their items (save for caps, scrip, access to various locations, and stash box/scrap... Read more...
A company that develops digital forensics tools for businesses and law enforcement specialists has found a way to hack into locked Apple iPhone devices running the latest version of iOS. The method is said to work on most iPhone models, from the iPhone 5s through the iPhone X, and is effective on iOS 12 through iOS 13.3. The company is called Elcomsoft, and the newly expanded ability comes by way of an update to its iOS Forensic Toolkit. Specifically, the update allows the software to extract select keychain records in the BFU (Before First Unlock). That means it can pluck sensitive data from affected iPhone devices that have been powered off or rebooted, without having to enter in a passcode.... Read more...
We already know about that hackers are able to steal credit and debit card details at gas pumps by using skimmers, which are devices that slip over the payment slot and, for the most part, look legitimate (they're found on ATMs as well). However, skimmers are not the only threats. Visa's Payment Fraud Disruption (PFD) division warns that cybercriminals are targeting gas station point of sale (POS) systems in North America. This is a concerning threat, because even though skimmers look like they are part of the pump, there are subtle ways to detect that something is amiss. When a hacker infiltrates a computer network, however, customers are left to the security of the company being attacked. In... Read more...
Several white hat hackers in China spent the weekend infiltrating some of the top web browsers and other applications, as part of the Tianfu Cup. Similar to Pwn2Own, hackers attempt to exploit various software in ways that have not been discovered before, with prizes and bragging rights on the line (as well as better security for us all). The rules between Tianfu Cup and Pwn2Own are pretty much the same. During the two-day event, hackers racked up points by exposing zero-day vulnerabilities in Microsoft's Edge, Apple's Safari, and Google's Chrome browsers, as well as other applications. Here's how it broke down on the first day of the competition... Microsoft Edge (old version, not Chromium):... Read more...
In most instances, if someone gains unauthorized access to your bank account, it is not a good thing. The best case scenario is your bank flags and blocks suspicious transactions and transfers. Or is that the best possible outcome? For Tim Cameron, a 30-year-old UK resident who lost his wallet, having his bank account subsequently hacked was a clever and kind gesture by the person who found it. How can that be? This was not a typical hack in any sense of the word. The good Samaritan who found the wallet made a series of unauthorized £0.01 deposits into Cameron's account, each with a message attached. Deposits at Cameron's bank can contain up to 18 characters, and the person who found the... Read more...
At the CS3sthlm security conference in Stockholm, Sweden later this month, security researcher Monta Elkins, the "Hacker-in-Chief" at FoxGuard Solutions, will demonstrate a proof-of-concept hardware hack involving spy chips implanted onto enterprise IT equipment, with a budget of less than $200. The idea of implanting spy chips onto hardware is not new. Back in 2018, an explosive Bloomberg Businessweek article claimed Chinese spies had installed malicious microchips the size of a grain of rice on Supermicro hardware at the supply chain level, creating a "stealth doorway into any network that included the altered machines." This was concerning because (A) of how difficult it would be to detect... Read more...
The 2020 United States presidential election is over a year away, but there have already been several cyberattack attempts against presidential campaigns. Microsoft recently reported that a hacker group attacked nearly 250 accounts related to campaign workers, government officials, and reporters. The affected users have been notified and Microsoft has published information about the attack as a warning for others. The Microsoft Threat Intelligence Center (MSTIC) noted that an Iranian hacker group referred to as “Phosphorus” attempted to identify the owners of more than 2,700 accounts. The hackers then attacked 241 of these accounts and successfully compromised four of them. The accounts... Read more...
1 2 3 4 5 Next ... Last