Items tagged with Hacking

Last week, a semi-anonymous hacker made headlines when they brazenly posted supposed source code to GitHub outlining chunks of AMD's next-generation Radeon DNA 2 (RDNA 2) GPU architecture, as found in the upcoming Xbox Series X game console. The hacker valued the stolen data at $100 million, but can it really be classified as source code? And is it truly that valuable? Maybe not. The hacker claimed to have gotten their mitts on various source files pertaining to different versions of AMD's graphics technology, the most interesting of which is Arden, the codename of the GPU inside the Xbox Series X. AMD managed to get the code removed from GitHub by filing a DMCA take down request. The hacker... Read more...
Major data breaches have unfortunately become rather common occurrences (they seem to happen in waves), and even if you are practice common sense computing habits, you can still fall victim to these types of things. Serving as a sobering reminder of this reality, security researchers say they have discovered an unprotected database hosting a massive 800 gigabytes of personal data. The database holds records for over 200 million Americans. In terms of scale, that's more people than were affected by the Equifax breach, which ultimately resulted in the Federal Trade Commission issuing a weaksauce fine. In this case, it is not clear if the exposed records have been viewed by malicious actors or spilled... Read more...
Malicious actors who make it their business to spread malware obviously have no scruples about preying on on people in any manner possible, but sometimes they fall to new lows. We saw when it when hackers attempted to assault epilepsy patients by posting flashing animations to the Epilepsy Foundation's support forum in hopes of causing seizures, and now they are leveraging the coronavirus pandemic to spread malware, via a live map. Security researcher Brian Krebs of KrebsOnSecurity found that in one such scheme, hackers are using an interactive dashboard of coronavirus infections and deaths produced by Johns Hopkins University on malicious websites, and possibly spam emails as well, to spread... Read more...
The United States National Security Agency (NSA from here on out) is warning of a vulnerability in Microsoft Exchange Server that could allow an attacker with email credentials to launch a remote attack on a target system, enabling them to execute commands. It affects multiple versions of Microsoft Exchange Server. "A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM. The security update addresses the vulnerability by correcting how Microsoft... Read more...
Make no mistake, if the apocalypse comes to be, we are all going to be left in a cutthroat world where anything goes. Fallout 76 plays on that theme, to an extent, though an annoying hack is taking things to the extreme and ruining the game on PC. The hack allows players to steal items from another person's inventory, including weapons and armor. This is not done through person-to-person trading, but is accomplished by way of a remote hack. What's particularly frustrating is it only requires the hacker to be in the vicinity of another player. As long as the victim can be seen on screen, that person can be stripped of their items (save for caps, scrip, access to various locations, and stash box/scrap... Read more...
A company that develops digital forensics tools for businesses and law enforcement specialists has found a way to hack into locked Apple iPhone devices running the latest version of iOS. The method is said to work on most iPhone models, from the iPhone 5s through the iPhone X, and is effective on iOS 12 through iOS 13.3. The company is called Elcomsoft, and the newly expanded ability comes by way of an update to its iOS Forensic Toolkit. Specifically, the update allows the software to extract select keychain records in the BFU (Before First Unlock). That means it can pluck sensitive data from affected iPhone devices that have been powered off or rebooted, without having to enter in a passcode.... Read more...
We already know about that hackers are able to steal credit and debit card details at gas pumps by using skimmers, which are devices that slip over the payment slot and, for the most part, look legitimate (they're found on ATMs as well). However, skimmers are not the only threats. Visa's Payment Fraud Disruption (PFD) division warns that cybercriminals are targeting gas station point of sale (POS) systems in North America. This is a concerning threat, because even though skimmers look like they are part of the pump, there are subtle ways to detect that something is amiss. When a hacker infiltrates a computer network, however, customers are left to the security of the company being attacked. In... Read more...
Several white hat hackers in China spent the weekend infiltrating some of the top web browsers and other applications, as part of the Tianfu Cup. Similar to Pwn2Own, hackers attempt to exploit various software in ways that have not been discovered before, with prizes and bragging rights on the line (as well as better security for us all). The rules between Tianfu Cup and Pwn2Own are pretty much the same. During the two-day event, hackers racked up points by exposing zero-day vulnerabilities in Microsoft's Edge, Apple's Safari, and Google's Chrome browsers, as well as other applications. Here's how it broke down on the first day of the competition... Microsoft Edge (old version, not Chromium):... Read more...
In most instances, if someone gains unauthorized access to your bank account, it is not a good thing. The best case scenario is your bank flags and blocks suspicious transactions and transfers. Or is that the best possible outcome? For Tim Cameron, a 30-year-old UK resident who lost his wallet, having his bank account subsequently hacked was a clever and kind gesture by the person who found it. How can that be? This was not a typical hack in any sense of the word. The good Samaritan who found the wallet made a series of unauthorized £0.01 deposits into Cameron's account, each with a message attached. Deposits at Cameron's bank can contain up to 18 characters, and the person who found the... Read more...
At the CS3sthlm security conference in Stockholm, Sweden later this month, security researcher Monta Elkins, the "Hacker-in-Chief" at FoxGuard Solutions, will demonstrate a proof-of-concept hardware hack involving spy chips implanted onto enterprise IT equipment, with a budget of less than $200. The idea of implanting spy chips onto hardware is not new. Back in 2018, an explosive Bloomberg Businessweek article claimed Chinese spies had installed malicious microchips the size of a grain of rice on Supermicro hardware at the supply chain level, creating a "stealth doorway into any network that included the altered machines." This was concerning because (A) of how difficult it would be to detect... Read more...
The 2020 United States presidential election is over a year away, but there have already been several cyberattack attempts against presidential campaigns. Microsoft recently reported that a hacker group attacked nearly 250 accounts related to campaign workers, government officials, and reporters. The affected users have been notified and Microsoft has published information about the attack as a warning for others. The Microsoft Threat Intelligence Center (MSTIC) noted that an Iranian hacker group referred to as “Phosphorus” attempted to identify the owners of more than 2,700 accounts. The hackers then attacked 241 of these accounts and successfully compromised four of them. The accounts... Read more...
An Israeli company that managed to hack WhatsApp earlier this year is now claiming it has developed new software that can stealthily swipe cloud data from Amazon, Apple, Facebook, Google, and Microsoft. It can even bypass two-factor authentication and warning emails on target devices. Developed by NSO Group, the software is called Pegasus. Apparently it has been used for several years by various governments and spy agencies to gather data from smartphones, presumably from people of interest for one reason or another. The latest iteration, however, extends past smartphones and can pluck data from the cloud. People who are supposedly familiar with NSO Group's sales pitch told Financial Times that... Read more...
It appears that no one is safe from the hacking capabilities of Israeli security firm Cellebrite. Cellebrite is well-known in law enforcement circles for its lineup of hardware devices that are able to use brute force methods to hack smartphones and tablets. The company recently announced that it has the capability to "perform a full file system extraction on any iOS device" with its latest Universal Forensic Extraction Device (UFED). This newest product, dubbed UFED Premium, can chew through any and all passcodes on an iOS device to unlock them. What's even more critical, which Apple has attempted to thwart in the past with USB Restricted Mode, is that UFED Premium can perform... Read more...
Biometric security measures are improving all the time, though they are not infallible. This is demonstrated on the recently launched OnePlus 7 Pro. It has a fingerprint sensor that is embedded in the full-front display, and with a little bit of glue and a few minutes of time, it can be easily thwarted. Well, sort of. The process itself is rather simple. It basically entails creating a rudimentary mold of a fingerprint using aluminum foil, a dab of hot glue, and a little bit of Elmer's glue. It's a cheap hack, in other words, albeit an effective one on the OnePlus 7 Pro. Incidentally, the same method was proven to work on the previous generation OnePlus 6T. YouTube channel Max Tech demonstrated... Read more...
Tesla builds one of the most tech-infused cars on the roads today. Not only are Tesla vehicles packed with features but they also offer over-the-air updates with new features, fixes and optimizations. Tesla was able to get the price of the Model 3 down to the long-anticipated $35,000 late last month, but a team of security researchers have taken advantage of the open nature of the Tesla Model 3 and were able to hack the car on the last day of the Pwn2Own 2019 hacking contest that was held in Vancouver, Canada. The team that successfully hacked the Model 3 was called Fluoroacetate and includes two members, Amat Cama, and Richard Zhu. The duo was able to hack the Tesla via its integrated browser... Read more...
Citrix Systems said it is cooperating with the Federal Bureau of Investigation (FBI) to investigate a major data breach by international cyber criminals into the company's internal network. Based on what Citrix knows so far, the hackers may have accessed and downloaded business documents, though the full extent is not yet known. "In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information," Citrix said in a statement. Resecurity, a provider of cybersecurity and intelligence solutions, alerted the FBI in December of the data breach at Citrix. According to Resecurity, an Iranian-linked... Read more...
We have all heard of the dark web: a lawless digital world, uncharted and unstructured, full of data -- much of it illegally acquired and illegally for sale -- that cannot be viewed without special tools: proxy servers, TOR browsers, and the like. It's a murky and mysterious place, a place where much information resides, but is difficult to unearth for the uninitiated. Until now. Canada's Echosec Systems Ltd. recently released Beacon, a security tool that's designed to shed some light on the dark web.  Karl Swannie is the CEO of Echosec, the company behind Beacon. "Beacon is a dark web search engine that allows users to search anonymously, without the need for a TOR browser," says Echosec... Read more...
Traditional passwords have started to yield ground to biometric security options, like fingerprint scanning and even retina scans. Going even deeper (literally), there's yet another method that involves authenticating a person's identity by scanning his or her veins. It sounds secure, except that researchers have already found a way to thwart it using wax. The process of authenticating a user's veins involves scanning the shape, size, and position of veins that are underneath a person's hand, and then comparing the scan with a record that is already on file. It's believed that German's Federal Intelligence Agency (Bundesnachrichtendienst, or BND) employs this type of security. In theory, it should... Read more...
In what could pass for a scene in a movie, a hacker managed to breach a school district's database and steal 10 years worth of personal data belonging to half a million students and staff. Only this wasn't a movie, it happened in real life. Had it been a movie, the hacker would likely have been revealed to be a student or former employee. It's not clear who the actual culprit is, though, only that it was a pretty serious security breach. The mystery hacker infiltrated the San Diego Unified School District, which contained a wealth of personal data—first and last names, dates of birth, mailing addresses, home addresses, telephone numbers, and in some cases, social security numbers and/or... Read more...
In a groundbreaking move, the Library of Congress and US Copyright Office have proposed new rules that will give consumers the ability to legally hack the DRM of electronic devices to repair or maintain those devices. The devices these proposed rules would cover and legalize the hacking of include smartphones, voice assistants, tractors, cars, smart home appliances, and other devices. These proposed rules will be a major win for the right to repair movement. Devices that can be legally hacked would have to be "lawfully acquired" meaning that the proposed rules wouldn't make it legal to hack the DRM of stolen devices. Rules would also stipulate that the hacking of DRM is legal only for "maintenance"... Read more...
Implanted ID devices certainly aren’t new; they have been used to help lost pets return home for many years now. These little chips are embedded under the skin of the dog or cat, and if picked up by animal control, the chip can be scanned, and the pets returned home. They are rather like tags that can’t be lost and both the injection and presence of the device under the skin goes unnoticed by most animals. These implanted chips are now going mainstream for people, according to a man called Patrick Kramer of Digiwell, who has implanted about 2,000 similar chips into humans but this is also just part of an overall trend in human augmentation. These implants inside people aren’t... Read more...
Let's start with the good news. Cryptocurrency mining on GPUs has waned considerably, and the shortage of graphics cards that made it nearly impossible to score a mid-range or high-end GPU at or near MSRP is over (for the most part). Are you ready for the bad news? Be that as it may, cryptocurrency mining hacks are on the rise, and a leaked tool by the US National Security Agency (NSA) may be partially to blame. That's the takeaway from a new report by Cyber Threat Alliance (CTA), a cybersecurity association with some major names among its members, including Cisco, Juniper Networks, McAfee, Sophos, Symantec, and others. The tool in question is "EternalBlue," developed by the NSA and leaked last... Read more...
Prev 1 2 3 4 5 Next ... Last