Items tagged with Hacking

Citrix Systems said it is cooperating with the Federal Bureau of Investigation (FBI) to investigate a major data breach by international cyber criminals into the company's internal network. Based on what Citrix knows so far, the hackers may have accessed and downloaded business documents, though the full extent is not yet known. "In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information," Citrix said in a statement. Resecurity, a provider of cybersecurity and intelligence solutions, alerted the FBI in December of the data breach at Citrix. According to Resecurity, an Iranian-linked... Read more...
We have all heard of the dark web: a lawless digital world, uncharted and unstructured, full of data -- much of it illegally acquired and illegally for sale -- that cannot be viewed without special tools: proxy servers, TOR browsers, and the like. It's a murky and mysterious place, a place where much information resides, but is difficult to unearth for the uninitiated. Until now. Canada's Echosec Systems Ltd. recently released Beacon, a security tool that's designed to shed some light on the dark web.  Karl Swannie is the CEO of Echosec, the company behind Beacon. "Beacon is a dark web search engine that allows users to search anonymously, without the need for a TOR browser," says Echosec... Read more...
Traditional passwords have started to yield ground to biometric security options, like fingerprint scanning and even retina scans. Going even deeper (literally), there's yet another method that involves authenticating a person's identity by scanning his or her veins. It sounds secure, except that researchers have already found a way to thwart it using wax. The process of authenticating a user's veins involves scanning the shape, size, and position of veins that are underneath a person's hand, and then comparing the scan with a record that is already on file. It's believed that German's Federal Intelligence Agency (Bundesnachrichtendienst, or BND) employs this type of security. In theory, it should... Read more...
In what could pass for a scene in a movie, a hacker managed to breach a school district's database and steal 10 years worth of personal data belonging to half a million students and staff. Only this wasn't a movie, it happened in real life. Had it been a movie, the hacker would likely have been revealed to be a student or former employee. It's not clear who the actual culprit is, though, only that it was a pretty serious security breach. The mystery hacker infiltrated the San Diego Unified School District, which contained a wealth of personal data—first and last names, dates of birth, mailing addresses, home addresses, telephone numbers, and in some cases, social security numbers and/or... Read more...
In a groundbreaking move, the Library of Congress and US Copyright Office have proposed new rules that will give consumers the ability to legally hack the DRM of electronic devices to repair or maintain those devices. The devices these proposed rules would cover and legalize the hacking of include smartphones, voice assistants, tractors, cars, smart home appliances, and other devices. These proposed rules will be a major win for the right to repair movement. Devices that can be legally hacked would have to be "lawfully acquired" meaning that the proposed rules wouldn't make it legal to hack the DRM of stolen devices. Rules would also stipulate that the hacking of DRM is legal only for "maintenance"... Read more...
Implanted ID devices certainly aren’t new; they have been used to help lost pets return home for many years now. These little chips are embedded under the skin of the dog or cat, and if picked up by animal control, the chip can be scanned, and the pets returned home. They are rather like tags that can’t be lost and both the injection and presence of the device under the skin goes unnoticed by most animals. These implanted chips are now going mainstream for people, according to a man called Patrick Kramer of Digiwell, who has implanted about 2,000 similar chips into humans but this is also just part of an overall trend in human augmentation. These implants inside people aren’t... Read more...
Let's start with the good news. Cryptocurrency mining on GPUs has waned considerably, and the shortage of graphics cards that made it nearly impossible to score a mid-range or high-end GPU at or near MSRP is over (for the most part). Are you ready for the bad news? Be that as it may, cryptocurrency mining hacks are on the rise, and a leaked tool by the US National Security Agency (NSA) may be partially to blame. That's the takeaway from a new report by Cyber Threat Alliance (CTA), a cybersecurity association with some major names among its members, including Cisco, Juniper Networks, McAfee, Sophos, Symantec, and others. The tool in question is "EternalBlue," developed by the NSA and leaked last... Read more...
There is a rash of complaints on Twitter over a recent Instagram hack that has left numerous users unable to access their accounts. Preliminary data suggests that the shenanigans originate from Russia, though nothing has been confirmed. Instagram is investigation the issue, and in the meantime, it has some advice for users. "If you received an email from us notifying you of a change in your email address, and you did not initiate this change— please click the link marked ‘revert this change’ in the email, and then change your password," Instagram advised in blog post. My instagram has been hacked! User name, password and email all been changed from some email address in Russia.... Read more...
If your laptop contains sensitive data, it is best not to leave it unattended. That is sound advice even it does not have any work secrets or other potentially compromising data, and you want to avoid falling prey to malware. In case you need a reason why, a security firm recently posted a video showing how quickly a hacker with physical access to someone's laptop can install malicious firmware onto the device. These types of security intrusions are called "evil maid" attacks, named after the scenario of someone breaking into a hotel room to physically access a target's notebook. Normally only the hotel's maid would go in and out of the hotel room, hence the clever "evil maid" designation. Of... Read more...
Every so often, WikiLeaks publishes top-secret documents outlining various hacking tools and malware used by the United States Central Intelligence Agency (CIA). Most of the documents we have seen are presumably outdated, but for obvious reasons, the CIA would still like to keep them under lock and key. The agency would also like to arrest the person responsible for providing the documents to Wikileaks, and has identified a possible suspect. That person is Joshua Adam Schulte, a former employee of a CIA group tasked with programming code to spy on foreign threats, The Washington Post reports. Federal prosecutors identified Schulte as a suspect during a hearing in January, noting that he provided... Read more...
MyEtherWallet confirmed on Twitter that hackers hijacked its Domain Name System (DNS) servers and redirected users to a phishing site in Russia. By obtaining private keys from affected users, the hackers reportedly were able to swipe around 215 Ethereum coins (ETH) worth somewhere in the neighborhood of $150,000. The attack lasted for several hours, and one user in particular lost more than 85 ETH worth almost $60,000. In the Twitter post, MyEtherWallet emphasized that the security breach did not take place on its side of the equation, and that it's currently in the process of verifying exactly which servers were hit so it can resolve the issue. In the meantime, MyEtherWallet is advising users... Read more...
Uber suffered a data breach back in October 2016 that affected tens of millions of people, and it is just now letting the public know about it, as 2018 rolls into view. This latest incident is yet another black eye for a company that has been beat up in the media over questionable decision making in the past, such as using special software to evade detection from authorities, but better late than never, right? To be fair, this is not th fault of Uber CEO Dara Khosrowshahi, who recently replace Travis Kalanick as the ridesharing company's boss. And to Khosrowshahi's credit, he responded to knowledge of the security breach with the fury of someone who wants to make it clear that this kind of thing... Read more...
Hacking happens all the time, and when it affects a large number of people, companies typically disclose the breach. Not always, of course, sometimes not even in a timely manner. As it pertains to Microsoft, something a little different occurred several years ago. Several former employees say a sophisticated hacking group busted into a secret internal database, which Microsoft never made public. Five ex-employees each told Rueters the same thing in separate interviews. All of them claim the breach happened in 2013, with Microsoft responding in private rather than disclosing the extent of the attack to the public or its customers. The database in question is said to have contained descriptions... Read more...
A security expert at Belgian university KU Leuven has discovered a major vulnerability in the Wi-Fi Protected Access II (WPA2) protocol that could a expose a user's wireless Internet traffic, including usernames and passwords that are entered into secure websites. The vulnerability affects most devices and several operating systems, including Android, iOS, Windows, Linux, and OpenBSD. "Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted," Marthy Vanhoef, a security expert at Belgian university KU Leuven, wrote in a detailed report (PDF) outlining the vulnerability. "This can be abused to steal sensitive information such as credit... Read more...
Late last year a hack was perpetrated on what is called a "partner organization" that worked with the Australian Signals Directorate (ASD). The unnamed organization notified the ASD that it was hacked in November of 2016, and that outside parties gained access to its network. The small organization has only 50 employees and is a subcontractor to the Department of Defense, providing aerospace engineering assistance. The data that was stolen in the hack contained information that is protected under the International Traffic in Arms Regulations (ITAR) and included details on the F-35 Lightning II fighter, P-8 Poseidon maritime patrol aircraft, C-130 transport aircraft, Joint Direct Attack Munition... Read more...
Do you know what hackers were doing around this time five years ago? They were breaking into a database at Disqus, the popular blog comment hosting service supported by scores of websites, in many cases in place of traditional web forums (remember those?). Disqus only found out about it this past Thursday and began alerting users a day later, rather than waiting like many companies often do. "On October 5th, we were alerted to a security breach that impacted a database from 2012. While we are still investigating the incident, we believe that it is best to share what we know now," Disqus stated in a blog post. "We know that a snapshot of our user database from 2012, including information dating... Read more...
The hype surrounding the upcoming Call of Duty: WWII is intriguing and very justified. Not much longer than a decade ago, it seemed the world was sick and tired of World War II-themed games, but thankfully, zombie games have since come to our rescue, cleansing our palettes. Today, WWII actually looks like it could give us a fresh experience, and create an interesting online battlefield. Unfortunately, "interesting" is proving true already, but not in a good way. Over the weekend, the beta for WWII went live, and almost immediately, complaints stemming from testers began to hit the web. In almost record time, those who find joy in ruining other persons' online experiences equipped themselves with... Read more...
Equifax is still trying to dig its way out from under the bad press and an angry public after a hack of its database gave access to personal information on 143 million Americans. Equifax offered those affected by the security breach the ability to lock their credit reports to prevent the stolen information leaked in the hack from being used to open new credit in their names. However, things just keep going from bad to worse for Equifax (and everyone in general). Equifax used a PIN that "protected" each user's credit report to prevent the information from being used, but the PINs were reportedly generated in such a way that they were left vulnerable to brute force hacking. Customers have found... Read more...
If you thought putting Homer Simpson in charge of a nuclear power plant seemed like a scary proposition, well, you would be right. But sometimes truth is stranger (and in this case, scarier) than fiction. Such is the case with security outfit Symantec reporting that hackers have been targeting the energy sector in Europe and North America since at least 2011. And if that's not frightening enough, they have kicked up their efforts in the past couple of years and even managed to breach companies that manage nuclear facilities in the United States. The group behind these attacks is known as Dragonfly. As part of the group's Dragonfly 2.0 cyber campaign, the hackers have been zeroing in on energy... Read more...
Would you trust your life to a hacker? No, of course not, and neither does the US Food and Drug Administration. The FDA issued a recall of nearly half a million pacemakers after the organization discovered a vulnerability that makes several models susceptible to hacking. Once exploited, a hacker would be able to control the device's pacing and deplete the batteries. "Many medical devices - including St. Jude Medical's implantable cardiac pacemakers—contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits. As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there... Read more...
Here we go again. WikiLeaks, the international non-profit whistleblower that publishes secret information to the web, has been dumping classified documents outlining various hacking tools and malware used by the United States Central Intelligence Agency. These documents are part of what WikiLeaks calls Vault 7, the latest of which contains information on the CIA's "CouchPotato" tool. According to WikiLeaks, CouchPotato is a remote tool for intercepting video streams as either an AVI video file or capturing still images of frames from the stream as JPEGs, presumably to save space. In the latter case, CouchPotato is able to analyze and detect when a frame of video is significantly different from... Read more...
A team of scientists from the University of Washington have figured out how to infect a computer using malicious code inside DNA. This attack vector isn't aimed at your everyday PC sitting on your desk at home or in the office; this hack aims directly at the infrastructure around the DNA transcription and analysis industry. The team behind the hack was concerned about the security with that infrastructure after finding basic vulnerabilities in some of the open-source software used in labs that analyze DNA all around the world. While the basic issues with the software could be vulnerable to hacks using traditional tools, like malware and viruses, the team of researchers went the extra... Read more...
Prev 1 2 3 4 5 Next ... Last