Items tagged with security breach
The never-ending parade of security vulnerabilities continues. Just as quickly as software vendors can tackle and resolve one set of exploitable issues -- i.e. the troubles at SolarWinds -- attackers find other vectors to break into networks and steal data. This time, it appears that tens of thousands of firms have been ransacked by Chinese cyberspies thanks to some gaping holes in Microsoft's Exchange e-mail and calendar server software. These problems have been ongoing for at least two months. On Tuesday, March 2, Microsoft pushed out emergency updates for Exchange Server versions 2013, 2016, and 2019. The company points to a previously unknown group of Chinese state-sponsored...
Read more...
Facebook must once again deal with the repercussions of a major security blunder. An exposed server recently published more than 419 million phone numbers and Facebook IDs. At least 133 million of those phone numbers were based in the United States. Anyone could have accessed the information before the server was finally taken down. Security researcher Sanyam Jain was the first to find the exposed server. The server was not owned by Facebook, but still contained users’ Facebook IDs and phone numbers. A Facebook ID is a public number that is associated with an account. The number often contains portions of a person’s Facebook name and it is not difficult to determine the owner of the...
Read more...
Did you attend E3 this past June? Your data may have been leaked. The data of over 2,000 journalists and content creators was at risk thanks to a website security breach. The Electronic Software Association (ESA) grants E3 press badges to thousands of journalists, content creators, and other industry experts each year. The ESA then compiles a list of attendee’s contact information and hands that out to companies. This data typically includes an attendee’s home or office address, phone number, and other relevant information. The companies will then invite attendees to various special events. The data is not meant to be shared with the public and is only intended to connect companies...
Read more...
Another day, another report on vulnerabilities in the software that many of us use on a daily basis. This time around, researchers from Check Point and CyberInt rallied together to detail a number of exploits that they discovered in the Origin client used to deliver games to consumers. Origin is an Electronic Arts property. What makes the latest Origin exploit rather dangerous is the fact that it does not require intervention from the user with respect to handing over their logins or passcode information. In this case, the exploit allows an attacker to steal tokens associated with oAuth Single Sign-On (SSO) and TRUST routines in place with the EA Games user login process. As a result, Check...
Read more...
Facebook just can’t seem to keep its nose clean with respect to security and user privacy. The latest blunder was first reported on by KrebsonSecurity, which discovered that the social networking giant was storing user account passwords in plain text instead of hashing them. What’s more troubling about this discovery is that the passwords were readably accessible by Facebook employees, affecting accounts dating back to 2012. In total, over 20,000 Facebook employees had searchable access to the passwords, and the plain text folly affected between 200 million to 600 million users in total. Brian Krebs also dropped this interesting nugget in his blog post on the latest...
Read more...
Rumor has it that the new Google Home Hub may have a few security vulnerabilities. A hacker recently demonstrated that a Google Home Hub could potentially be forced to reveal information about its owner, but Google has now refuted this claim and contends that user information is not at risk. Security researcher Jerry Gamblin noticed that his own Google Home Hub appeared to be using several open ports. He used the command prompt on his computer to reboot his device, disable notifications, erase various settings, and delete the Google Home Hub WiFi network. Gamblin was not able to access user information, but he is concerned that those are the implications of his recent discovery. Google quickly...
Read more...
A cryptocurrency exchange in Asia called Coincheck has announced that it was the victim of a massive hack that saw hundreds of millions of dollars worth of cryptocurrency stolen in what is the largest heist of its kind in history. Coincheck doesn't call the heist a hack, it says that the coins were sent illicitly outside of the service. The cryptocurrency stolen is called NEM, which is the tenth largest cryptocurrency in market value. In total there were 500 million NEM tokens taken in the heist worth about $400 million, according to Bloomberg. However, Cointelegrpah reports a much higher number, claiming that 523 million NEM coins were taken with a market value of approximately $534 million....
Read more...
It seems as though hackers are having a field day when it comes to infiltrating both private and government computer networks. The latest victim is Carphone Warehouse, which just so happens to be the United Kingdom’s largest independent phone retailer. According to various reports, Carphone Warehouse has revealed that as many as 2.4 million customer accounts have been compromised by sophisticated hackers. In addition, another 90,000 customers have possibly had their encrypted credit card details stolen.Image Source: Martin Pettitt/Flickr Dixon Carphone, the parent company of Carphone Warehouse, has been very apologetic about information breach and is contacting affected customers. The retailer...
Read more...
Data security research player CrowdStrike is reporting a security flaw that could allow hackers to exploit and take over data centers from within. Given the nasty moniker "VENOM" (for "Virtualized Environment Neglected Operations Manipulation"), the vulnerability CrowdStrike uncovered is present in a common component — a legacy floppy drive controller — that is widely used in virtualization platforms and appliances. The seriousness of the VENOM vulnerability rests on how it circumvents an essential barrier used by cloud service providers to segregate customer data. Thus, infiltrators who are able to gain access to one virtual environment can subsequently move from there into the cloud entity's...
Read more...
Uber announced that it suffered a database breach at the hands of hackers last year. The company admitted that about 50,000 drivers may have been affected by the breach and announced that a lawsuit has already been filed by Uber against the as-yet unidentified hackers. “A small percentage of current and former Uber driver partner names and driver’s license numbers were contained in the database,” Uber’s managing counsel of data privacy, Katherine Tassi said in a statement. “Immediately upon discovery we changed the access protocols for the database, removing the possibility of unauthorized access. We are notifying impacted drivers, but we have not received any reports of actual misuse of information...
Read more...
Conventional wisdom in years past was that hackers didn’t bother to exploit Apple’s OS X operating system because its relatively insignificant market share didn’t warrant wasting resources to exploit it. The reasoning was, why bother with OS X when Windows was pushing over 90 percent of the worldwide OS market? However, in recent years, Apple has seen an uptick in Mac sales and pretty much dominates the field when it comes to notebooks priced over $1,000. The higher sales profile for Macs running OS X also means more attention from nefarious parties that are ready to strike. The latest report from GFI shows that both of Apple’s major operating systems sat atop the leaderboard when it came to...
Read more...
Since the massive security breach at Sony Pictures has occurred, speculation has been that North Korea was behind it. Sony, with the help of cybersecurity firm Mandiant and the FBI, has been investigating the perpetrators behind the breach. However, a senior FBI official stated has stated that government agency has not confirmed that North Korea is behind the attack, “There is no attribution to North Korea at this point,” said Federal Bureau of Investigation assistant director of its cyber division Joe Demarest on Tuesday at a cybersecurity conference sponsored by Bloomberg Government. This is the first time that a senior FBI official has said anything publicly regarding the...
Read more...
Sony Pictures Entertainment is not getting a break from the security break it experienced last month that resulted in Sony shutting down its computers. In the aftermath of the attack, the hackers, called Guardians of Peace, released a set of documents that included around 47,000 Social Security numbers for actors as well as current and former employees. The Wall Street Journal reviewed the leaked documents and discovered social security numbers for thousands of freelancers as well as current and former employees. SSNs were also found for Hollywood actors who have appeared in movies and TV shows, produced by Sony, which includes Sylvester Stallone, Judd Apatow, and Rebel Wilson.Image Credit: Wikimedia...
Read more...
Government agencies are prime targets for many hackers (particularly those funded by other governments), so it’s not surprising that the State Department was recently attacked. What makes the attack unusual is that it appears to have been successful, with unclassified systems being compromised, including possibly the State Department’s email system. What’s more, the State Department is the fourth government agency to suffer such a breach in recent weeks. The National Oceanic and Atmospheric Administration (NOAA) and United States Postal Service and White House have all been disrupted by recent hacking attempts. So far, only unclassified systems have been compromised in each...
Read more...
After a 10-month cyber espionage investigation, researchers have found 1,295 computers in 103 countries with software that is capable of stealing information from high-profile targets such as the Dalai Lama and government agencies around the world. In the report published today by Information Warfare Monitor, a Toronto-based organization, we learn the affected computers include embassies belonging to Germany, India, Romania, and Thailand as well as the ministries of foreign affairs for Barbados, Iran, and Latvia. The infected computers acted as an illicit information-gathering network. Researchers observed sensitive documents being stolen from a computer network operated by the Dalai Lama’s organization....
Read more...
