Items tagged with Hacking

Bitcoin seems to be the currency of choice when it comes to demanding ransoms, and that is because culprits demanding payment can hide behind a pseudonym (Bitcoin itself is not actually anonymous). So it is no surprise that a hacking organization has instructed Apple to fork over a Bitcoin ransom in exchange for not leaking a cache of iCloud and other Apple email accounts belonging to hundreds of millions of iPhone owners.The hackers call themselves the "Turkish Crime Family." In addition to accepting Bitcoin, the group has told Apple it would also be fine with being paid in Ethereum, which is another form of crypto-currency that is gaining in popularity. Either way, the group wants the equivalent... Read more...
There are many different methods of hacking. Most of them involve some sort of software code, whether it is installing malware on a system or hacking a vulnerability to gain unauthorized access to a system or device. The Internet of Things (IoT) category is especially susceptible to hacking due to a surprising lack of basic security practices. However, researchers at the University of Michigan discovered a different way of wreaking havoc, and it involves sound waves. What the group of researchers found is that accelerometers can be manipulated through sound. This is called an analog acoustic injection attack. While that may sound trivial, consider that millions of devices are equipped with accelerometers,... Read more...
Just a couple of weeks ago, we wrote about the Israeli security firm Cellebrite, and how it suffered a major data breach. After the information began to trickle out, it seemed like no real damage was done. Cellebrite itself said that what leaked was an old, irrelevant backup. A new discovery, however, questions that answer. If you're not familiar with Cellebrite, it was the firm that the U.S. government hired to break into an iPhone 5c to aide with investigation of the December 2015 San Bernardino terror attack. Apple at the time refused to help crack the phone, so Cellebrite was brought in, and succeeded. Not long after, the firm boasted about its ability to crack nearly any smartphone - be... Read more...
There seems to be no limit to the number of ways that exist to trip up an iPhone or other iOS device. The latest method involves a rather simple text message consisting of just three characters, and unfortunately for the recipient, just receiving the text message is enough to freeze an iPhone running iOS 10 or later. The good news is that it will only cause the phone to crash rather than brick it or otherwise result in more permanent damage. What's scary about this particular exploit is that it works instantly and does not require any interaction by the recipient. All it involves is sending an iPhone user a text message with the white flag emoji, the digit 0, and the rainbow emoji. Fortunately... Read more...
One of the biggest fears of companies that say they can hack virtually anything is to be found out that they've been hacked themselves. Case-in-point: Israeli firm Cellebrite. We've reported on the company multiple times in the past, notably after it aided the FBI in cracking open a terrorist's iPhone 5c. Since then, the company has boasted lots, even going as far to say that it can crack "nearly any smartphone". Fast-forward to the present time, and we learn that Cellebrite itself wasn't just hacked; it had a staggering 900GB worth of data stolen. The firm says in a statement: Cellebrite recently experienced unauthorized access to an external web server. The company is conducting an investigation... Read more...
If you were super good last year (and super lucky), you might have scored an NES Classic Edition console on Christmas morning. The retro game system was one of the hottest and most in-demand items this past holiday season, commanding more than three times its value from second-hand sellers on eBay and Craigslist. Though in short supply, hackers have already managed to mod the console to accept more games in the form of ROM files. The NES Classic Edition comes with 30 games already included, among them classics such as Super Mario Bros. (1-3), The Legend of Zelda, Donkey Kong, Metroid, Castlevania, Tecmo Bowl, Ghosts'N Goblins, and many more. It's a fine collection, though as one of the best selling... Read more...
The Supreme Court approved a series of changes to Rule 41 of the Federal Rules of Criminal Procedure by the United States Department of Justice that go into effect today. Those changes, which the DoJ proposed earlier this year and that were never discussed by Congress, gives the FBI permission to hack into multiple computer systems here and abroad with a just a single warrant in cases where they're part of a botnet or otherwise can't be traced to a precise location.Any U.S. judge can authorize such a warrant, including magistrate judges who typically only issue warrants within their own jurisdiction. The rule changes effectively make it far easier for agencies like the FBI to carry out international... Read more...
It's been proven that some tech companies have been willing to cater to the government's every need, but others -- namely Google -- remain adamant about transparency regarding shady practices. Earlier this year, we reported on Google's new feature that informs users if they've become the target of state-sponsored attackers, so as to help you better protect yourself via whatever means you have available. We can't imagine what it's like to receive a notification like this, but it can't be a great feeling. Now, we're reminded that this functionality exists, as a slew of journalists and professors have been warmed that "Government-backed attackers" have tried to steal their passwords. The full... Read more...
2016 is going to be remembered for a number of fortunate and unfortunate things, with one topic that falls into the latter category being the debacle of U.S. law enforcement vs. Apple. The FBI and other US federal agencies have made it no secret that they would like to be able to gain access to any smartphone if the need arises - something that anyone who cares even remotely about their privacy shouldn't be okay with. In the months that followed, the FBI somehow managed to break into an iPhone 5C without any help from Apple. And while it's not clear if the agency is able to pull that off on more recent iPhones, it looks like the FBI is not willing to divulge how it cracked the device to any other... Read more...
Yahoo is again catching fire over a security breach dating back to 2014 that compromised the accounts of 500 million users, though this time the criticism is aimed at Yahoo's lack of timely disclosure. The company fessed up earlier this week that at least some of its employees had knowledge that a cyberattacker backed by a foreign government had hacked into its systems. The disclosure is contained in a filing Yahoo made this week with the United States Securities and Exchange Commission (SEC). In it, Yahoo says it "had identified that a state-sponsored actor had access to the company’s network in late 2014," adding that its prior knowledge is under review as part of a broader internal investigation.... Read more...
So here we go again, another "massive and sustained Internet attack" made possible by a large collection of hacked Internet of Things (IoT) devices, things such as CCTV video cameras, digital video records, all sorts of smart home gadgets with a connection to the Internet, KrebsOnSecurity has determined. This is not the first time it has happened and it won't be the last. The recent attack, an apparent retaliation by WikiLeak supporters after the Obama administration allegedly used its influence to push the Ecuadorian government to cut off Internet access to whistleblower Julian Assange, focused its artillery of hacked IoT devices on DNS provider Dyn. It was another large scale DDoS attack,... Read more...
Police in the Czech Republic have arrested a Russian hacker for his suspected involvement in a massive 2012 cyber attack against LinkedIn. LinkedIn had been working with the FBI to track down the individuals responsible for the data breach, which exposed hashed passwords from over 100 million user accounts that were later offered for sale on the "dark web." LinkedIn initially acknowledged the security breach four years ago, though at the time it didn't say how many people were affected by it. Then this past May, a hacker was found attempting to sell LinkedIn account credentials belonging to 117 million users for 5 bitcoins. Those were the accounts that were compromised back in 2012. "We are thankful... Read more...
First there was “Thanks, Obama!” Perhaps we should move on to “Thanks, Russia!”, because the country is getting blamed for the lion’s share of the recent major hacks against government entities. In fact, just this past week, the U.S. Department of Homeland Security and Office of the Director of National Intelligence officially accused Russia of hacking the Democratic National Committee’s computer network in an effort to sway the November presidential election. Now, Russia has drawn the ire of the United Kingdom, and mobile devices are caught up in the crossfire. British prime minister Theresa May has already banned smartphones from being brought into cabinet meetings, but now that ban has been... Read more...
As if relations between US and Russia governments weren't sensitive enough, both the Department of Homeland Security and Office of the Director of National Intelligence have officially accused Russia of being responsible for breaking into official government servers and stealing more than 19,000 emails relating to the DNC this past summer. While some US government officials, including Hillary Clinton, have already made their own accusations towards the Kremlin, this is the first time the US government as a whole has directed blame specifically. It's unclear at this time whether or not this accusation will result in new sanctions between the two countries. Meanwhile, Russia is sticking to its... Read more...
It's come to light that a former contractor for the National Security Agency (NSA) was arrested back in August by the Federal Bureau of Investigation (FBI). The agency suspects the contractor might have stolen and disclosed classified computer code developed by the NSA to hack into networks of governments around the world. And no, his name is not Edward Snowden, though he comes from the same consulting firm (Booz Allen Hamilton). The former contractor's name is Harold T. Martin III, a 51-year-old out of Glen Burnie, Maryland. He had already left the NSA and was working as a contractor for the Defense Department at the time of his arrest on August 27. According to The New York Times, some two... Read more...
Security firm Cellebrite made headlines earlier this year when its services were employed by the FBI to help break into the phone of the San Bernardino shooter. Cellebrite recently invited a bunch of UK press to an event to show off what it's capable of.Equipped with an outdated smartphone, BBC reporter Rory Cellan-Jones went off for a half an hour, password-protected the device, and took pictures -- basically using the phone normally. You can see where this is going. Despite the password, Cellebrite plugged the phone into a bulky tablet, and after a few taps, the phone's security was disabled. From that point on, the phone was completely accessible, so any photos that the journalist would... Read more...
Yahoo is the latest major US corporation dealing with the fallout of a data breach that happened two years ago. Some might say that Yahoo's heartburn is well-deserved, though, as the company could have handled things better back in the day, which would have led to a better outcome right now. As we covered on Thursday, Yahoo suffered a major breach back in 2014 that resulted in some 500 million user accounts having their information compromised. However, it's only just recently that users have learned of this, so that's the first major criticism of Yahoo but it goes deeper. Yahoo has said that the attack was caused by a "state-sponsored actor", which means the company could have exercised... Read more...
Yahoo is getting ready to disclose a data breach that exposed account details for at least 200 million users. While nothing is yet official on Yahoo's part, the forthcoming disclosure is likely related to a security breach earlier this summer that Yahoo previously said it was investigating. Since then, a cybercriminal who goes by the name "Peace" has been selling the data on the dark web for $1,800.Peace, who has been linked to other high profile security breaches, claims the data includes usernames, passwords that are easy to decrypt, and personally information such as birth dates, email addresses, and more. Yahoo said back in August that it was "aware of the claim" but stopped short of confirming... Read more...
Two 18-year-olds from Israel find themselves in hot water with the United States Federal Bureau of Investigation (FBI) for their alleged roles in running a lucrative attack service called vDOS. They're said to have earned over $600,000 in the past two years by helping customers coordinate over 150,000 Distributed Denial of Service (DDoS) attacks.Israeli authorities arrested the two teenagers, Itay Huri and Yarden Bidani, on Thursday as part of an investigation by the FBI. They were questioned and released the next day for what amounts to around $10,000 bond each. Authorities also seized their passports and placed them on house arrest—they've been ordered not to use the Internet or any kind of... Read more...
You might think that logging out of your PC before leaving it unattended for a short time is relatively safe, but you'd be wrong. A security engineer at R5 Industries demonstrated how incredibly easy it is to swipe the login credentials of a locked Mac or Windows PC using just a $50 USB device that's available to anyone and everyone online. His name is Rob Fuller and he has an extensive history in information security. He's helped design and build cyber defenses for the U.S. Marine Corps and Pentagon, has worked with Fortune 50 companies to tighten their online defenses, and even served as a technical advisor for HBO's original comedy Silicon Valley. You might also recognize him as the host of... Read more...
In the world of pornography, Brazzers is about as de facto a name as it gets. Even if you don't indulge in what the adult entertainment offers, Brazzers is a recognizable name thanks to the fact that it's become its own meme. But it's hard to tell, just how big is Brazzers? Well, as we now learn, it's big enough to have attracted a staggering 800,000 people to its Web forum. We probably don't need to tell you that traditional forums are less popular than ever, so to have that kind of count in 2016 is quite something. Sadly, we find this out because of yet another breach, with all 800,000 accounts having been leaked. The information included involves email addresses, usernames, and most baffling,... Read more...
More details about a previously disclosed security breach at cloud storage provider Dropbox have come to light. The hack itself is old news—it occurred back in 2012—but what's new is how many users were affected by it. Hackers made off with details belonging to north of 68 million Dropbox users, prompting a mass password reset. The folks at Motherboard got their mitts on a sample of files containing email addresses and hashed passwords of users affected by the Dropbox hack. The information is contained in four files totaling about 5GB, with details of 68,680,741 accounts. Apparently a senior Dropbox employee confirmed with  the site that the info is real. It's a bit sobering to see so many... Read more...
First ... Prev 2 3 4 5 6 Next ... Last