Items tagged with Hacking

Have you ever seen a dog chase its own tail? That pretty much describes what's going on at BBC News this morning. The site suffered a pretty large distributed denial of service (DDoS) attack earlier today, one that knocked out the company's entire network and iPlayer streaming service, causing grief for web visitors who grew impatient with how long it took to restore service. As for the image of a dog chasing its own tail, it's based on BBC's reporting of the situation. The site posted a statement on Twitter in the early morning hours saying it was "aware of a technical issue" affecting its website, but declined to elaborate. A BBC News journalist for the site's Technology section posted an article... Read more...
Want to feel like the ultimate hacker, like those in the 1995 cinema classic Hackers? Quick: find the nearest Linux PC, boot to the GRUB2 bootloader, and hit Backspace 28 - and only 28 - times. Yes, really. Hector Marco & Ismael Ripoll, who are researchers for the Cybersecurity Group at the Polytechnic University of Valencia, recently discovered a flaw within the GRUB2 bootloader software that gets triggered when the Backspace key is hit a very specific number of times. At 28 presses, a memory error gets triggered that lets someone access the entire PC via GRUB's rescue shell. From there, data could be copied to an external device, or deleted, if the attacker is malicious. GRUB's main job... Read more...
Late last month, toy maker VTech was hit with a debilitating attack that resulted in an incredible amount of customer data winding up in the wrong hands. Given VTech's abysmal security measures, it's hard to consider it being a "victim" in this attack. Rather, its millions of customers are the ones at risk. This morning, UK police issued a press release to say that they arrested someone who they believe was behind this attack. A name is not provided, but we are told it was a 21-year-old male from Bracknell, in southeast England. The official charges include using a computer to commit an offense, and gaining unauthorized access to data. The release reads: "We are still at the early stages of the... Read more...
In yet another security breach affecting the healthcare industry, personal information belonging to more than 10 million individuals may have been compromised by hackers, according to Excellus BlueCross BlueShield. The healthcare provider said it learned of the "sophisticated attack" on August 5, 2015. The insurer's own investigation revealed that the initial attack occurred on December 23, 2013. Excellus also notified the Federal Bureau of Investigation (FBI) and is working closely with Mandiant, an American cybersecurity firm owned by FireEye. Mandiant provides incident response and security assessment service to help organizations detect, prevent ,and respond to these kinds of cyberattacks.... Read more...
If we may impart some words of wisdom to our younger readers out there, it's to choose your role models carefully. It's a piece of advice that comes too late for half a dozen teenagers living in the U.K. who were arrested as part of a sting operation targeting users of hacking group Lizard Squad's Lizard Stresser tool. The Lizard Stresser tool is a piece of software that aids with Distributed Denial of Service (DDoS) attacks. These attacks typically consist of numerous infected systems pinging a single target with the intent of overwhelming the victim's server. Those arrested for using the tool range in age from 15 to 18 years old. They're suspected of using it to target several different organizations,... Read more...
Karma's a dirty little devil, a fact that as many as 37 million unfaithful online users may find that out the hard way. That's because the hackers who infiltrated Ashely Madison, a dating website for married folk to practice infidelity under the tagline "Life is short. Have an affair," published a cache of personal details about its members, including names, email addresses, phone numbers, and credit card information. In total, the data dump was 9.7 gigabytes in size. it was posted to the dark web using a Tor browser and what's called onion routing, which is encryption in the application layer of a communication protocol stack, nested like the layers of an onion. The hacking group taking credit... Read more...
There are a lot of positive uses for drones and other unmanned aircraft. Amazon envisions a day when packages will be dropped off on your doorstep courtesy of a drone, and Facebook wants to use them to bring wireless broadband to remote regions. Good stuff, though as it goes with just about all technology, somebody's going to find a nefarious use for it. In this case, there may be a day when drones are used to drop malware from the sky. The foundation is already being laid, though not specifically for that purpose. There's a company called Aerial Assault that modded a quadcopter with a Raspberry Pi computer running the Kali Linux penetration tester software. It's also equipped with alpha radio... Read more...
Remember when getting hacked meant loss of control of your PC and/or stolen data? It could be embarrassing, sure, and you could even be fired if a weak password contributed to the theft of sensitive company information. However, more recent hacks of shown a frightening trend towards causing physical harm. Earlier this month, security researchers demonstrated the ability to remotely hijack virtually all controls in a Jeep Cherokee, including steering and braking. And now we're finding out that hackers can disable or change the target of a computer-aided sniper rifle. Scary times we live in, folks. Security researchers Runa Sandvik and Michael Auger developed techniques to hack TrackingPoint's... Read more...
We reported earlier this week that a Jeep Cherokee could be remotely accessed and controlled, and I wouldn't blame anyone for being a skeptic. After all, what are the chances of someone remote being able to disable the transmission? Well, with Fiat Chrysler's response, I think that question has been answered. In a press statement issued today, the company has announced that it's recalling 1.4 million cars that are equipped with certain UConnect radios. Dodges, Jeeps, Rams, and Chrysler's are affected. Ultimately, it seems like this recall isn't going to be that painful for owners of the affected vehicles, as FCA US said a software update would be made available via a USB drive that plugs... Read more...
Is there anything scarier than the thought of a hacker remotely taking control of your vehicle's steering and braking functions as you barrel down the highway? Well sure, being eaten alive by flesh eating zombies like an episode of The Walking Dead would cause most people to soil their undergarments, but losing control of your vehicle certainly ranks right up there. And unlike the zombie scenario, these remote vehicle hacks are really happening. The newest threat is an exploit that exists in car infotainment systems that could allow an attacker to take complete control of a vehicle's brakes and other functions. It was discovered by NCC Group, a U.K.-based firm that demonstrated part of its scary... Read more...
To quote Ron Burgundy in Anchorman, "Boy, that escalated quickly. I mean that really got out of hand fast." He was referring to a deadly and chaotic showdown between various news stations, but he could have just as easily been talking about a recent security breach at the U.S. Office of Personnel Management (OPM) that's much worse than originally thought. It was initially reported that over 4.2 million current and former federal employees had their personnel data stolen as a result of the massive cybersecurity breach, but the Obama administration has now revealed that an additional 21.5 million individuals had their personal info compromised in the breach as well. That includes... Read more...
A teenage member of the notorious hacking group Lizard Squad has received a two-year suspended sentence for numerous cyber crimes. All tallied, he was convicted of 50,700 charges related to computer crimes, and in addition to his two-year suspended sentence, he must also undergo monitoring of his online activities. He will not serve any time behind bars.His name is Julius Kivimaki, or "Zeekill" if going by his online handle. The 17-year-old played a role in the distributed-denial-of-service (DDoS) attacks on Microsoft's Xbox Live and Sony's PlayStation Network in December of last year. Ironically enough, it was Kim Dotcom who convinced Lizard Squad to call off the attacks, which he did by offering... Read more...
Maybe someday the Chinese government will take a page from O.J. Simpson and write a book titled, "If I Did It: Confessions of a Hacker." After all, China is clinging to the innocence card just as adamantly as Simpson, never mind any evidence to the contrary. In fact, not only is the Chinese government saying it's not responsible for a massive security breach that compromised the personal information of millions of U.S. federal employees, but it claims that the accusations are the result of "absurd logic."The security breach was discovered in April, but actually began back in December of last year. Having gone unnoticed for four months, the hackers responsible were able to sift through personal... Read more...
Major League Baseball has worked hard to improve its image and move on from the so-called steroids era, a period in baseball where many records were broken by players who were later found to have been doping up and using human growth hormones. But the latest scandal takes an unexpected and perhaps unprecedented twist into the field of cyber espionage. The Federal Bureau of Investigation (FBI) and Justice Department are currently investigating the St. Louis Cardinals for allegedly hacking internal networks belonging to the Houston Astros. Law enforcement officials are said to have uncovered evidence that certain Cardinals employees infiltrated a network of the Astros that contained special databases... Read more...
Leading antivirus firm Kaspersky Lab said that it recently suffered a security breach involving at least three techniques that it had never seen before. The AV company described the attack as "one of the most sophisticated campaigns ever seen," though it believes it was able to detect the intrusion at an early stage, thereby mitigating the damage."This highly sophisticated attack used up to three zero-day exploits, which is very impressive -- the costs must have been very high," Costin Raiu, director of Kaspersky's global research and analysis team, said in a statement.The sneaky malware used to spy on Kasperky's systems sits patiently in a computer's memory bank and never writes any... Read more...
It's now believed that a crime syndicate in Russia is responsible for a security breach resulting in the theft of IRS records containing personally identifiable information for over 100,000 taxpayers. The sole purpose of the theft was to engage in identity theft for the purposes of tax fraud, a scheme that was used to file some $50 million in fraudulent tax returns. Peter Roskam, an Illinois Republican and chairman of a House subcommittee with IRS oversight, told CNN that he heard from IRS Commissioner John Koskinen via telephone that the hack originated from Russia. It's concerning in part because it was recently disclosed that Russian hackers also breached the White House and State Department... Read more...
Consider it an unfortunate sign of the times we live in that companies have to set aside enormous funds to contend with the cost of cyber related crimes. We're not talking chump change here -- according to a study by security firm Ponemon Institute that was funded by International Business Machines, the average cost of a data breach is now $3.8 million. That's up from $3.5 million a year ago and includes fees for investigating the breach, hiring experts to fix whatever security issue the hackers exploited, offering credit monitoring services for affected customers, and so forth. It adds up fast and shows why cyber crimes aren't just annoying, but a financial burden in many cases. What's not included... Read more...
Show of hands, who actually likes paying taxes? Anyone? It's not one of our favorite tasks either, and to add insult to injury, a band of advanced hackers reportedly infiltrated the Internal Revenue Service's records to collect personally identifiable information from over 100,000 taxpayers. It's believed that the cyber crooks involved weren't looking to send a message, but wanted to steal identities and intercept tax refunds.IRS Commissioner John Koskinen said in a statement that "these are not amateurs" and instead described them as "organized crime syndicates" that have been attacking numerous players in the financial industry, not just the IRS.Image Source: www.seniorliving.orgIn this case,... Read more...
Is it possible to take control of an airplane using an infotainment system as a gateway? Chris Roberts, a well-known hacker and security researcher with One World Labs, claims that it is. The FBI, who is investigating Roberts' claims, is taking no chances that he's incorrect. On April 15, Roberts posted this tweet: Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)— Chris Roberts (@Sidragon1) April 15, 2015 It's as if Roberts was looking for trouble. And if that's the case, he certainly got it. Upon landing, he was greeted by two FBI agents and two police officers, and was then interrogated for a couple of hours. Before... Read more...
To nobody's real surprise, the jailbreak community upon learning that the Apple Watch was freewheelin' it on wrists everywhere without a browser onboard set out to fill that gap. And in somewhat short order the celebrated Comex — the developer behind JailBreakMe, and a former Apple intern — has weighed in first, posting a video to Twitter over the weekend that features an Apple Watch running a Google web page via a web browser.  Comex's video makes a good case for why Apple hasn't (yet) included a version of its Safari browser in Watch OS, illustrating the need to scroll over and across vast screen real estate — relatively speaking, of course... Read more...
Lenovo said it's currently investigating a cyberattack that took the company's website down for several hours earlier this week, though it may not have to look very far. The ornery hacking group known as Lizard Squad is claiming responsibility for the security breach, purportedly as punishment for the recent Superfish scandal. Let's backtrack a quick moment. Lenovo came under fire earlier this month when it was discovered that a piece of bundled software on consumer laptops and desktops was duping security certificates in order to display ads. Called Superfish, the software is a visual search program that would otherwise be a benign, if not annoying piece of adware, except that it's method of... Read more...
Earlier this month, it was discovered that China was using man-in-the-middle (MITM) attacks against Microsoft Outlook and Mozilla Thunderbird email clients, as well as smartphone apps that use IMAP and SMTP protocols. Or did it? A spokesman for the Cyberspace Administration of China (CAC) claims the allegations that Chinese authorities hacked into Outlook are just "groundless slander." "The Chinese government is a staunch defender of the Internet's security, and resolutely opposes any form of cyberattack," the CAC said. Image Source: Flickr (Robert Scoble) Online censorship watchdog GreatFire.org pegged China's government as most likely being responsible, noting that "If our... Read more...
First ... Prev 3 4 5 6 7 Next ... Last