Items tagged with Hacking

For the past several months, WikiLeaks has been publishing information related to exploits and hacking tools that had been used by the United States government at some point. The project is known as Vault 7 and seems to contain mostly older exploits, though it is not clear if some of the malware has been updated for modern platforms. Not all of it is aimed at Windows. In fact, the latest documents reference macOS and Linux hacks that were part of the US Central Intelligence Agency's Imperial program.Image Source: Flickr (Tony Webster)The first of these is called Achilles. According to the documentation, it is a capability that gives an operator the ability to infect a target's OS X disk image... Read more...
Many technology companies have in place bug bounty programs that reward security researchers who submit discovered vulnerabilities in the products and services they offer. It is a win-win proposition in which technology companies are alerted to potentially crippling security holes, and hackers are compensated for their efforts. Apple is among the companies with a bug bounty program, though some researchers are choosing to hold onto discovered vulnerabilities, or worse yet, sell them on the underground market. Apple's is relatively new to the bug bounty scene. Ivan Krstic, head of Apple's security division, surprised attendees at last year's Black Hat conference by announcing the program, which... Read more...
Most wireless routers are equipped with a series of LEDs to indicate things like network connectivity and activity, though if a router has been compromised with malware, those blinking lights could reveal more than the owner bargained for. Using specially crafted malware, an attacker could instruct those LEDs to transmit data in a binary format.Image Source: TP-Link The attack was outlined in a paper by a team of researches from the Cyber Security Research Center at the Ben-Gurion University of the Negev in Israel. It is the same team of security researchers that previously wrote about data exfiltration schemes involving hard drive LEDs, coil whine, headphones, and other unique methods. A proof-of-concept... Read more...
New and used games retailer GameStop has found itself in a bit of a rough patch these days. The company recently reported less-than-stellar fourth quarter results and is planning to close at least 150 brick-and-mortar locations, and perhaps as many as 225. That is on top of the store locations it closed just a few years ago. While it deals with ways to increase revenue and profits, it now finds itself investigating a potential security breach that may have compromised credit card and customer data. Security hound KrebsOnSecurity heard from two unnamed sources in the financial industry that they received alerts from a credit card processor indicating that GameStop was likely hacked sometime between... Read more...
The latest bombshell to come out of WikiLeaks’ Vault7 series of leaks from the CIA, exposes a tool codenamed “Grasshopper”, which allows operatives to deploy persistent surveillance and hacking payloads on target Windows-based computer systems and remain undetected from popular anti-malware and anti-virus tools.WikiLeaks has an array of documentation on-line, including an in-depth user’s guide for Grasshopper. The user’s guide explains that Grasshopper is “a software tool used to build custom installers for target computers running Microsoft Windows operating systems”, which seems straightforward enough, and quite frankly the kind of thing you’d expect an intelligence agency to have... Read more...
Apple is not going to play ball with a group of hackers that is threatening to remotely wipe hundreds of millions of iPhone devices if the Cupertino outfit refuses to pay a ransom. While the hackers claim to have a large cache of iCloud and other Apple email account data at their disposal, Apple insists that its systems and servers remain secure and have not been infiltrated."There have not been any breaches in any of Apple's systems including iCloud and Apple ID," an Apple spokesperson told multiple media outlets. "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services."Apple added that it's "actively monitoring" its systems... Read more...
Security researchers at Cybellum, a PC security firm in Tel Aviv, Israel, have discovered a rather nasty new zero-day attack that allows remote attackers to hijack popular antivirus programs and turn them into malicious agents. The technique is called DoubleAgent, named after the fact that a compromised antivirus agent might give the illusion that it's protecting a PC when it's actually installing malware. "DoubleAgent exploits a 15 year old vulnerability which works on all versions of Microsoft Windows, starting from Windows XP right up to the latest release of Windows 10. The sad, but plain fact is that the vulnerability is yet to be patched by most of the antivirus vendors and could be used... Read more...
Bitcoin seems to be the currency of choice when it comes to demanding ransoms, and that is because culprits demanding payment can hide behind a pseudonym (Bitcoin itself is not actually anonymous). So it is no surprise that a hacking organization has instructed Apple to fork over a Bitcoin ransom in exchange for not leaking a cache of iCloud and other Apple email accounts belonging to hundreds of millions of iPhone owners.The hackers call themselves the "Turkish Crime Family." In addition to accepting Bitcoin, the group has told Apple it would also be fine with being paid in Ethereum, which is another form of crypto-currency that is gaining in popularity. Either way, the group wants the equivalent... Read more...
There are many different methods of hacking. Most of them involve some sort of software code, whether it is installing malware on a system or hacking a vulnerability to gain unauthorized access to a system or device. The Internet of Things (IoT) category is especially susceptible to hacking due to a surprising lack of basic security practices. However, researchers at the University of Michigan discovered a different way of wreaking havoc, and it involves sound waves. What the group of researchers found is that accelerometers can be manipulated through sound. This is called an analog acoustic injection attack. While that may sound trivial, consider that millions of devices are equipped with accelerometers,... Read more...
Just a couple of weeks ago, we wrote about the Israeli security firm Cellebrite, and how it suffered a major data breach. After the information began to trickle out, it seemed like no real damage was done. Cellebrite itself said that what leaked was an old, irrelevant backup. A new discovery, however, questions that answer. If you're not familiar with Cellebrite, it was the firm that the U.S. government hired to break into an iPhone 5c to aide with investigation of the December 2015 San Bernardino terror attack. Apple at the time refused to help crack the phone, so Cellebrite was brought in, and succeeded. Not long after, the firm boasted about its ability to crack nearly any smartphone - be... Read more...
There seems to be no limit to the number of ways that exist to trip up an iPhone or other iOS device. The latest method involves a rather simple text message consisting of just three characters, and unfortunately for the recipient, just receiving the text message is enough to freeze an iPhone running iOS 10 or later. The good news is that it will only cause the phone to crash rather than brick it or otherwise result in more permanent damage. What's scary about this particular exploit is that it works instantly and does not require any interaction by the recipient. All it involves is sending an iPhone user a text message with the white flag emoji, the digit 0, and the rainbow emoji. Fortunately... Read more...
One of the biggest fears of companies that say they can hack virtually anything is to be found out that they've been hacked themselves. Case-in-point: Israeli firm Cellebrite. We've reported on the company multiple times in the past, notably after it aided the FBI in cracking open a terrorist's iPhone 5c. Since then, the company has boasted lots, even going as far to say that it can crack "nearly any smartphone". Fast-forward to the present time, and we learn that Cellebrite itself wasn't just hacked; it had a staggering 900GB worth of data stolen. The firm says in a statement: Cellebrite recently experienced unauthorized access to an external web server. The company is conducting an investigation... Read more...
If you were super good last year (and super lucky), you might have scored an NES Classic Edition console on Christmas morning. The retro game system was one of the hottest and most in-demand items this past holiday season, commanding more than three times its value from second-hand sellers on eBay and Craigslist. Though in short supply, hackers have already managed to mod the console to accept more games in the form of ROM files. The NES Classic Edition comes with 30 games already included, among them classics such as Super Mario Bros. (1-3), The Legend of Zelda, Donkey Kong, Metroid, Castlevania, Tecmo Bowl, Ghosts'N Goblins, and many more. It's a fine collection, though as one of the best selling... Read more...
The Supreme Court approved a series of changes to Rule 41 of the Federal Rules of Criminal Procedure by the United States Department of Justice that go into effect today. Those changes, which the DoJ proposed earlier this year and that were never discussed by Congress, gives the FBI permission to hack into multiple computer systems here and abroad with a just a single warrant in cases where they're part of a botnet or otherwise can't be traced to a precise location.Any U.S. judge can authorize such a warrant, including magistrate judges who typically only issue warrants within their own jurisdiction. The rule changes effectively make it far easier for agencies like the FBI to carry out international... Read more...
It's been proven that some tech companies have been willing to cater to the government's every need, but others -- namely Google -- remain adamant about transparency regarding shady practices. Earlier this year, we reported on Google's new feature that informs users if they've become the target of state-sponsored attackers, so as to help you better protect yourself via whatever means you have available. We can't imagine what it's like to receive a notification like this, but it can't be a great feeling. Now, we're reminded that this functionality exists, as a slew of journalists and professors have been warmed that "Government-backed attackers" have tried to steal their passwords. The full... Read more...
2016 is going to be remembered for a number of fortunate and unfortunate things, with one topic that falls into the latter category being the debacle of U.S. law enforcement vs. Apple. The FBI and other US federal agencies have made it no secret that they would like to be able to gain access to any smartphone if the need arises - something that anyone who cares even remotely about their privacy shouldn't be okay with. In the months that followed, the FBI somehow managed to break into an iPhone 5C without any help from Apple. And while it's not clear if the agency is able to pull that off on more recent iPhones, it looks like the FBI is not willing to divulge how it cracked the device to any other... Read more...
Yahoo is again catching fire over a security breach dating back to 2014 that compromised the accounts of 500 million users, though this time the criticism is aimed at Yahoo's lack of timely disclosure. The company fessed up earlier this week that at least some of its employees had knowledge that a cyberattacker backed by a foreign government had hacked into its systems. The disclosure is contained in a filing Yahoo made this week with the United States Securities and Exchange Commission (SEC). In it, Yahoo says it "had identified that a state-sponsored actor had access to the company’s network in late 2014," adding that its prior knowledge is under review as part of a broader internal investigation.... Read more...
So here we go again, another "massive and sustained Internet attack" made possible by a large collection of hacked Internet of Things (IoT) devices, things such as CCTV video cameras, digital video records, all sorts of smart home gadgets with a connection to the Internet, KrebsOnSecurity has determined. This is not the first time it has happened and it won't be the last. The recent attack, an apparent retaliation by WikiLeak supporters after the Obama administration allegedly used its influence to push the Ecuadorian government to cut off Internet access to whistleblower Julian Assange, focused its artillery of hacked IoT devices on DNS provider Dyn. It was another large scale DDoS attack,... Read more...
Police in the Czech Republic have arrested a Russian hacker for his suspected involvement in a massive 2012 cyber attack against LinkedIn. LinkedIn had been working with the FBI to track down the individuals responsible for the data breach, which exposed hashed passwords from over 100 million user accounts that were later offered for sale on the "dark web." LinkedIn initially acknowledged the security breach four years ago, though at the time it didn't say how many people were affected by it. Then this past May, a hacker was found attempting to sell LinkedIn account credentials belonging to 117 million users for 5 bitcoins. Those were the accounts that were compromised back in 2012. "We are thankful... Read more...
First there was “Thanks, Obama!” Perhaps we should move on to “Thanks, Russia!”, because the country is getting blamed for the lion’s share of the recent major hacks against government entities. In fact, just this past week, the U.S. Department of Homeland Security and Office of the Director of National Intelligence officially accused Russia of hacking the Democratic National Committee’s computer network in an effort to sway the November presidential election. Now, Russia has drawn the ire of the United Kingdom, and mobile devices are caught up in the crossfire. British prime minister Theresa May has already banned smartphones from being brought into cabinet meetings, but now that ban has been... Read more...
As if relations between US and Russia governments weren't sensitive enough, both the Department of Homeland Security and Office of the Director of National Intelligence have officially accused Russia of being responsible for breaking into official government servers and stealing more than 19,000 emails relating to the DNC this past summer. While some US government officials, including Hillary Clinton, have already made their own accusations towards the Kremlin, this is the first time the US government as a whole has directed blame specifically. It's unclear at this time whether or not this accusation will result in new sanctions between the two countries. Meanwhile, Russia is sticking to its... Read more...
It's come to light that a former contractor for the National Security Agency (NSA) was arrested back in August by the Federal Bureau of Investigation (FBI). The agency suspects the contractor might have stolen and disclosed classified computer code developed by the NSA to hack into networks of governments around the world. And no, his name is not Edward Snowden, though he comes from the same consulting firm (Booz Allen Hamilton). The former contractor's name is Harold T. Martin III, a 51-year-old out of Glen Burnie, Maryland. He had already left the NSA and was working as a contractor for the Defense Department at the time of his arrest on August 27. According to The New York Times, some two... Read more...
Prev 1 2 3 4 5 Next ... Last