Items tagged with Hack

Malware is a huge problem for computer users today as the threat posed by malicious software continues to increase. A new botnet was recently detected in a live environment for an unnamed client of Deep Instinct, a security firm. The security firm says that the botnet, dubbed Mylobot, uses three different layers of evasion techniques. The evasion techniques that the botnet uses contact command and control servers that download the final payload, Deep Instinct says that the combination and complexity of the evasion techniques that the botnet deploys have never been seen in the wild before. Mylobot also uses several malicious techniques including anti-VM, anti-sandbox, anti-debugging, wrapping... Read more...
Things aren't exactly rosy in the cryptocurrency world; particularly when it comes to Bitcoin. Over the weekend, South Korean cryptocurrency exchange Coinrail confirmed that it had been hacked. The site says that it was the victim of a "cyber intrusion" and that roughly 30 percent of the coins trades on the exchange were stolen. Coinrail said the remaining 70 percent of coins were safeguarded and have been moved to a "cold wallet". At this moment, it is believed that hackers got away with 40 billion won in Bitcoin, which amounts to $37.2 million.  Not surprisingly, this latest hack sent the price of Bitcoin tumbling, even though such hacks have become commonplace in the cryptocurrency realm.... Read more...
For the privileged Americans that can get fiber internet to their home with blazing fast upload/download speeds, there might be more to worry about than blowing through their data allotment in a couple days. Reports are surfacing that various GPON home routers have flaws that could allow nefarious hackers to bypass all authentication on the devices. The method of bypassing authentication is as simple as attaching an image suffix to the URL of a GPON HTTP server. VpnMentor says that after the initial authentication is bypassed, a command injection vulnerability (CVE-2018-10562) to run commands on the device can be executed. These two critical vulnerabilities, when combined, can allow complete... Read more...
Under Armor is a big name in the athletic clothing world. In addition to clothing, the company also has an app that is meant to allow people to track their food intake and nutrition to help get fit (and stay) fit. The app is very popular with users on iOS and Android, but it has suffered a major data breach. Under Armour has notified users that the MyFitnessPal app team became aware that an unauthorized third party had acquired data associated with user accounts for the app and website. That unauthorized access happened in late February 2018 and Under Armor states "The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the... Read more...
PC gamers are very angry at Rockstar right now after what they claim are unfair bannings that the publisher is handing out left and right. The wide-spanning bans began on March 23 and complaints from a myriad of PC gamers were posted on Reddit, Twitter, Rockstar support forums, and other GTA communities. The gamers are saying that their accounts had been falsely banned for 30 days with no opportunity for an appeal. Rockstar has been very quiet on the subject so far with speculation suggesting that the bans are an issue with the latest tunables update or some sort of issue when participating in the Hotring series races. Rockstar recently updated GTA tunables with code changes for Hotring... Read more...
Microsoft's Windows Defender was working hard this week, and according to Microsoft, just before noon on March 6 the AV suite put the brakes on 80,000 instances of several sophisticated trojans. These trojans were especially dastardly because they had advanced cross-process injection techniques, persistence mechanisms, and evasion methods. All the trojans are new versions of Dofoil (also known as Smoke Loader) and they carry a coin miner payload. Microsoft wrote, "Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters." Microsoft notes that Windows Defender AV flagged the "unusual persistence... Read more...
Spotify is handing out some harsh warnings to Android users that are using hacked apps, bypassing its paywall to access premium content without paying. Spotify's premium tier allows listeners to skip the commercials and download tunes directly to their devices. Spotify has sent out warning emails to an unknown number of users warning them against using the hacked apps. The emails warn that the use of these hacked apps violates the terms of using Spotify and could result in account termination. One of these hacks is called "Dogfood" and Spotify recently had it removed from GitHub after having an official DMCA notice issued. Reports indicate that the email that Spotify sent out reads in part: We... Read more...
Last November a hacker going by the name "DevOps199" found and exploited a flaw in the code for a subset of Ethereum wallets. That user was able to exploit teh vulnerability and take ownership of an Ethereum code library known as a smart contact. Once the hacker owned that smart contract, it was destroyed leaving about $150 million of Ethereum sitting in users' wallets inaccessible. Researchers have now found a new approach that will find vulnerabilities in smart contracts such as the one exploited last year and patch it before a nefarious user could take advantage of the situation. The researchers claim that they found 3,000 vulnerable contracts with a total worth of about $6 million. "We’re... Read more...
Just over a week ago we talked about an exploit that took advantage of an unpatchable flaw in existing Switch consoles to run Linux on Nintendo's latest. At the time, there were a lot of folks out there wondering what the point of that hack was. However, the value comes in this second hack that fail0verflow has been able to pull off. Getting Linux on the Switch was the just first step in turning the Switch console into a Linux tablet that is able to surf the web. Fail0verflow has been able to run Linux and implement a full web browser with touchscreen support. You can see in the video that the Switch screen supports all the pinch-to-zoom gestures that are used on other tablets. Code execution... Read more...
Microsoft has confirmed a nasty flaw in Skype that could allow nefarious individuals to gain complete access the OS with system-level privileges on affected machines. To make the issue even worse, Microsoft knows the flaw is there and exploitable, but has no plans for an immediate fix because it would require too much work. The hack was discovered by security researcher Stefan Kanthak and according to him, the Skype update installer can be exploited with a DLL hijacking technique allowing the application to be fooled into drawing malicious code rather than the correct library the app wants. The exploit would allow the hacker to download the malicious DLL and place it into a user-accessible... Read more...
Last year, a hacker group was able to penetrate credit reporting agency Equifax and make off with information, including the social security numbers, of 143 million Americans. Only a few days after the hack, a ransom demand for the return of the information was made to the tune of $2.6 million in bitcoin via the dark web. Now it is believed that the hackers are also believed to have made off with other personal data about Americans including tax ID numbers and driver's license details. Other data leaked in the hack that we already knew about included names, birthdates, social security numbers, home addresses and driver's license numbers. Reports are now indicating that the hack exposed more data... Read more...
The Nintendo Switch has been incredibly popular and is the fastest selling game console in U.S. history. Late last year, word surfaced of a band of hackers working on a homebrew hack that could allow users to put their own content on the Switch, but that hasn’t come to fruition just yet. Another group of hackers has now been able to install and run Debian Linux on the Switch by taking advantage of what the hackers call an unpatchable exploit. The hackers say that the backdoor that allowed them to install Linux on the Switch can’t be shut with a future firmware update, however, the hackers don’t go into great details on how exactly the hack was pulled off. What we do know from... Read more...
Consumer Reports has found that millions of smart TVs are vulnerable to hacking, and according to the publication, the exploits are often easy to find and execute. TVs vulnerable to these hacks include Samsung and TCL smart TVs along with other brands that use the Roku platform. Streaming devices are also vulnerable with the example cited being the Roku Ultra. Consumer Reports (CR) wrote, "We found that a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening. This could be done over the web, from thousands of miles away." Consumer Reports Smart TV... Read more...
A cryptocurrency exchange in Asia called Coincheck has announced that it was the victim of a massive hack that saw hundreds of millions of dollars worth of cryptocurrency stolen in what is the largest heist of its kind in history. Coincheck doesn't call the heist a hack, it says that the coins were sent illicitly outside of the service. The cryptocurrency stolen is called NEM, which is the tenth largest cryptocurrency in market value. In total there were 500 million NEM tokens taken in the heist worth about $400 million, according to Bloomberg. However, Cointelegrpah reports a much higher number, claiming that 523 million NEM coins were taken with a market value of approximately $534 million.... Read more...
Tinder is a popular dating app that matches people up using swipes. If you thought that all the people you were swiping left or right on were private and only you and the people you swiped knew about them, you might be wrong. Security researchers have found a flaw that could allow those swipes to be captured and exposed. The crux of the issue is that Tinder doesn't use HTTPS encryption for fetching images reports a security firm called Checkmarx. This lack of encryption means that your Tinder activity could be exposed over a local Wi-Fi network, allowing a nefarious or nosey character to see your Tinder likes and matches in real time. The researchers offered up a demonstration of the attack via... Read more...
The big news in security (or lack thereof) recently has been the Meltdown and Spectre issues that have plagued Intel, AMD, and Apple. Those aren’t the only security issues that computer users are facing. Security research firm F-Secure has found a new security flaw that it says affects Intel Active Management Technology or AMT. AMT is an Intel proprietary solution that allows remote access or monitoring and management of personal computers in a corporate setting. The tech was meant to allow IT departments in these large organizations or managed service providers to control fleets of computers. F-Secure Senior Security Consultant Harry Sintonen found a flaw in AMT in July of 2017 (it has... Read more...
WhatsApp is a communications tool that is used by people all around the world to stay connected for personal and business use. The big draw to the app for many is that it has an encrypted group chat feature, so you don’t need to worry that someone is listening in on what you are saying. However, security researchers have recently found a flaw with the app that could leave those encrypted group chats vulnerable to eavesdroppers. The security researchers do point out that the risk associated with the flaw is limited, because the hackers need to have access to WhatsApp servers to insert themselves into a group conversation. The fear for some people is that this security flaw will result in... Read more...
PlayStation 4 fans looking to set their console free from the clutches of Sony will soon have a new jailbreak to try out. The PS4 4.05 Kernel Exploit from Developer Specter has been published on GitHub for download. The jailbreak devs are specific in noting that the exploit doesn't contain any code that will defeat anti-piracy measures or allow the users to run homebrew apps. The exploit summary reads in part, "In this project you will find a full implementation of the 'namedobj' kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, does not contain any... Read more...
Updated November 29th at 11:52am Apple has issued a patch for the macOS High Sierra security exploit, less than 24 hours after it was made public. It is addressed in Security Update 2017-001, which Apple encourages all macOS High Sierra users to download immediately. Apple describes the security incident, writing: Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation. The original story continues below: A major bug has been found in macOS High Sierra that could give unauthorized users full admin access... Read more...
Imgur has discovered what it calls a "potential security breach" that happened three years ago. The breach allowed the attackers to make off with the emails and passwords of 1.7 million user accounts. Imgur says that it is still investigating the breach, but that it wanted to warn its users of the intrusion and tell people what it is doing as a result. Imgur writes that last week it received an email from security researcher Troy Hunt about the breach. Imgur wrote, "Our Chief Operating Officer received the email late night on November 23rd and immediately corresponded with the researcher to learn more about the potential breach. He simultaneously notified Imgur’s Founder/CEO and Vice... Read more...
Google has been paying out some significant money to get security researchers and hackers to tear apart its Chrome browser and Chrome OS. In March of 2015, Google offered up $100,000 for anyone who could find an exploit chain that would allow for a persistent compromise of a Chromebox or Chromebook using guest mode via a webpage. That $100,000 offer was an increase from the original $50,000 bounty.That bounty went unclaimed for many months until a researcher that uses the moniker Gzob Qq notified Google on September 18 that he had identified a set of vulnerabilities in Chrome OS. The hacker was able to identify a series of vulnerabilities that could lead to persistent code execution on Chromebooks... Read more...
You might think that the massive number of security breaches that have happened in recent years would push corporate giants and medical facilities out there to take a look at their own security and ensure that their networks are protected. We are only a few months removed from the massive attack that breached Equifax and leaked the information on 143 million Americans into the wild. Now the UK's National Audit Office (NAO) is giving a postmortem following the WannaCry ransomware attacks that hit several hospitals in the country.The ensuing investigation found incredibly lax security protecting the networks and determined that NHS had failed to follow basic IT security practices. The key... Read more...
Prev 1 2 3 4 5 Next ... Last