Items tagged with Hack

This morning we talked about a researcher from KU Leuven University in Belgium who had discovered a major security vulnerability in the WiFi Protected Access II (WPA2) protocol that is used to secure wireless internet traffic. That vulnerability could be used to allow a nefarious attacker to glean confidential details sent over WiFi such as usernames and passwords for secure websites. At least one software company didn't waste any time with an update, with Microsoft confirming that it released an update on October 10th that addressed the exploit. Microsoft has released a patch that will fix the vulnerability on all supported versions of Windows (i.e. Windows 8.1 and later). “We have released... Read more...
The SNES Classic Edition game console launched to much fanfare and so far the system has proved so popular that many people still can't find one. Reviews for the SNES Classic have been very positive with lots of praise for its retro gaming prowess. The console came from Nintendo with 21 games preinstalled, but some hackers have found a way to add even more games to the system. As of now the process is rather long requiring about 20 steps according to a video outlining the hack using a tool called HakChi2. You will also need some other software to load your own games to the SNES Classic Edition including Python 3.60, Notepad++, and the sfc2sfrom.py script. All of those required software programs... Read more...
Back in 2013, Yahoo's database was breached by hackers and it wasn't discovered or reported until 2016. When that reporting happened last year, Yahoo thought that detials on 1 billion of its user accounts had been stolen. As it turns out, things are much worse than Yahoo (now owned by Verizon and part of Oath) originally thought. Yahoo reports that after its acquisition by Verizon and during the integration of the two companies, new intelligence on the breach was found and that it now believes all 3 billion accounts existing in 2013 were stolen in the hack. Yahoo reminds users that this isn't a new security breach and notes that it will be sending out emails to all additional users affected.... Read more...
It looks like another major hack has been perpetrated against a major company, this time the hack was of pay TV network Showtime's streaming platform, ShowtimeAnytime.com. The platform allows users with a subscription via a cable network to stream shows via a browser from anywhere. People with no TV subscription can also pay for the streaming service alone making it appealing to cord cutters. Word is that last week the ShowtimeAnytime platform was hacked and code created by Coin Hive that runs on JavaScript was inserted into the platform. Interestingly, this is the same Coin Hive code that was put into The Pirate Bay (TPB) recently (and on purpose) to harness the browsers of TPB users to mine... Read more...
Researchers have still been working their way through the hack that resulted in the very popular CCleaner security app being used as a host for malware. The initial attack was thought by many to have caused minimal harm to computer systems that were infected, but it looks like there was a secondary attack that may be more nefarious. According to the researchers, the hackers were able to piggyback on that initial malware wave and install a second piece of malicious software on the computers working daily in some of the biggest tech firms around the world. The real target of this attack is now thought to have been major tech firms like Microsoft, Google, Samsung, Sony, Intel and others according... Read more...
Companies the world over give IT admins access to some of their most sensitive information. This is the kind of information that if lost, damaged, or stolen would lead to lost money and business for the company. An Arizona man name Tavis Tso has entered into a plea deal resulting from his actions where he took the domain name of a company and redirected it to a teen porn site. The incident went something like this. Tso was a contract IT admin for an unnamed company and had done some work for the company at some point. The client company asked Tso for their GoDaddy login information so that it could make some updates to the contact details. Apparently, Tso wasn't too thrilled with the request... Read more...
A security company called Armis is spilling the beans on a collection of eight different exploits that it is collectively calling BlueBorne. These exploits can allow a hacker access to your phone in seconds without having physical access to the device. Perhaps the scariest part of the exploit is that BlueBorne isn't limited to your phone alone; the hack can allow access to phones, computers, and IoT devices. Armis notes that it believes more vulnerabilities lie waiting to be discovered in various platforms that use the Bluetooth wireless communications standard. The firm says that its research proves these vulnerabilities exist and that they can be exploited. BlueBorne can be used to... Read more...
Unless you’ve been living under a rock, you know that Equifax was hacked surfaced and 143 million Americans have potentially had their personal information stolen. What many have been wondering is what exactly do the hackers plan to do with all that stolen data. A report making the rounds claims that the hackers want a massive ransom from Equifax to return the data. Hackers made the ransom demand on an unnamed Darkweb site stating that they would delete the data if they receive a ransom payment of 600 BTC, which would be worth about $2.6 million at current valuation. The value of Bitcoin is at one of its highest points ever right now, having jumped past $4,000 for the first time in mid-August... Read more...
Instagram users have something to worry about after hackers breached the database of the social network and photo sharing websites. The hackers were able to gain access to the phone numbers and email addresses of six million Instagram account using a bug that Instagram CTO Mike Krieger has now confirmed exists. Krieger wrote, "We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people’s email address and phone number even if they were not public. No passwords or other Instagram activity was revealed." While Krieger says that no passwords or activity was lost in the... Read more...
Hacker group OurMine claims to have hacked the official PlayStation Twitter and Facebook pages Sunday night. The group took credit for the hack and posted several messages to the social media accounts, which have now all now been deleted. Before the messages were deleted, they were copied for posterity. Playstationlifestyle.net reports that one of the messages read: PlayStation Network Databases leaked #OurMine Subscribe to #DramaAlert No, we aren’t going to share it, we are a security group, if you works at Playstation then please go to our website ourmine . org – > Contact If you aren't familiar with OurMine, it is a security hacker group based in Saudi Arabia that has hijacked high-profile... Read more...
MWR Labs has been able to demonstrate a hack on older Amazon Echo speakers that turns the device into an always-on spy sitting right in your home. Detractors of the way Amazon crafted it's speakers to always listen for your voice will use this as an "I told you so" moment. According to the researchers, the Echo is vulnerable to a physical attack that lets the attacker gain root shell access to the Linux operating system the Echo speaker runs. The scary part is that the root access and installation of the malware could grant the attacker persistent remote access to the device's microphone among other things, without leaving a trace of evidence to tip off the physical tampering of the device. In... Read more...
Researchers from Exodus Intelligence discovered a zero-day attack that threatens most of the popular smartphones on the market today. The hack is called Broadpwn and it affects devices running iOS and Android. Specifically all Samsung Galaxy S3 through Galaxy S8 devices are susceptible as are the Note 3, 6, 6X, and 6P, and the Apple iPhone 5 and up. The vector for the attack is the Broadcom BCM43xx family of Wi-Fi chips used in all of those smartphones. Exodus writes in its research, "Broadpwn is a fully remote attack against Broadcom’s BCM43xx family of WiFi chipsets, which allows for code execution on the main application processor in both Android and iOS. It is based on an unusually powerful... Read more...
We took part in an interesting demo this week that was both eye-opening and somewhat alarming. We met with representatives from Synaptics to discuss what we thought would be its latest sensor technology or HCI device, but were treated to a real-world hacking display that would leave most people slack-jawed. Why, you ask? Because in only a few minutes, an image of my fingerprint had been stolen and duplicated, and it was used to gain access to my smartphone (and a demo notebook), but it could have just as easily been a personal / corporate laptop or any other device with a fingerprint sensor.It turns out, Synaptics was in the area to promote its SentryPoint technology, which offers end-to-end... Read more...
  Just yesterday, we posted a story concerning printer security and how we should take it more seriously given IoT botnets that are swooping across the globe (namely Mirai), along with the sensitive data and documents these machines are custodians of. Today’s printers have relatively potent processors, complex operating systems and of course connect to the internet, to enable remote printing and firmware updates (among other things). Unsurprisingly, though the timing is impeccable, a hacker by the name of Stackoverflowin’ just made the case for increased security with it comes to printers. Stackoverflowin’ revealed to Bleeping Computer that he has gone on a tirade for the past 24 hours via... Read more...
The FBI is currently investigating a series of cyberattacks on the Federal Deposit Insurance Corporation (FDIC), that they believe the Chinese military to be responsible for. The attacks on high-level employees' computers started in 2010 and resurfaced again in 2011 and 2013. Victims included former FDIC Chairwoman Sheila Bair. The FDIC is one of three institutions responsible for regulating commercial banks in the United States. They manage confidential plans regarding how big banks would deal with bankruptcy. They also have access to the information of millions of individual American deposits. The FDIC allowed congressional staff last month to look at communications between high-level FDIC... Read more...
Maybe he’s the hero the United States “deserves, but not the one it needs right now”. It looks like the United States has its own hacking Dark Knight. American vigilante hacker “The Jester” gained unauthorized access to the Russian Ministry of Foreign Affairs website and left a very interesting message for the Russian government. This past Friday, the Jester hacked into MID.ru, the official website of the Russian Ministry of Foreign Affairs. He found a vulnerability in the website’s code and injected his own code into it. He inserted the shriek of the American civil alert sound (aka "The Emergency Broadcast System" or EBS) and the following message: “Comrades! We interrupt regular scheduled... Read more...
Are you nostalgic for the days of POGs, Beanie Babies, and Surge? Are you the type of person who constantly pounds out in all caps, “ONLY 90S KIDS WILL REMEMBER THIS”? Then Windows 95 must be the smartwatch operating system for you. It lives! (Credit: Nick Lee) Developer Nick Lee managed to get Windows 95 working on his Apple Watch. And Apple Watch definitely has the specs (check our full review). The watch packs in a 520 MHz processor, 512 MB of RAM, and 8GB of internal storage. Compared with Nick's original $3,000, 300 MHz Pentium II powered PC with 256MB of RAM, the Apple Watch is practically the Computeress from Dexter's Laboratory. There were quite a few hurdles to overcome, however, before... Read more...
Toy maker VTech initially informed the public of a security breach this past Friday, right when millions of Americans were in the midst of Black Friday shopping. VTech disclosed that its customer database was compromised, exposing names, email addresses, mailing addresses, download histories and encrypted passwords for users. Even more troubling is that in addition to 4.8 million adult accounts that were affected by the breach, 200,000 children were also caught up in the mess. Earlier this morning, VTech gave a status update, describing that the initial breach occurred on November 14th. However, it wasn’t until ten days later — November 24th — that VTech noticed that its servers had been compromised.... Read more...
The parade of banks, insurance companies and retailers that have suffered data breaches has caused many people to store their passwords with sites like LastPass. The security company creates a unique password for each of the user’s logins and provides access to those passwords via a single, master password.Now, LastPass is admitting that at least some of its data has been comprised. The company believes that its customers are not vulnerable, but it concedes that email addresses and authentication hashes are among the data affected. Password reminders and server per user salts were also comprised. “In our investigation, we have found no evidence that encrypted uer vault data was taken, nor that... Read more...
These days, you can’t seem to escape reports of major corporations being “taken down” by phishing schemes (“Hello, Sony”) or ordinary spam. Valve doesn’t want its hugely popular Steam digital distribution service (or its users) to fall victim to such attacks, so it’s taking a rather unusual step to help weed out accounts that could possibly be used for nefarious purposes. Valve has adopted a new policy that requires users to spend at least $5 before they are able to access a wealth of features that Steam users normally take for granted. Thankfully the threshold is rather low and it is pretty easy to surpass if you’re a heavy Steam user. In fact, if you’re a Steam user that hasn’t already spent... Read more...
As we discovered late last week, Lenovo has been serving up some tainted Superfish via its consumer PCs. Once Lenovo was called out for its heinous actions, the company offered an apology and vowed to remove Superfish from shipping systems (it provided removal instructions and later an automatic removal tool for machines already affected by Superfish). However, the apology apparently wasn’t enough as Lenovo is already facing a lawsuit stemming from Superfish. Now it looks a though hacker group Lizard Squad is retaliating in its own, childish way. At around 4 PM EST, Lenovo.com was showing a slideshow of what appears to be rebellious teenagers as the song... Read more...
The war of words between the United States and North Korea is escalating. Following the Sony breach that took place in late November (all because of a comedy film called The Interview), the FBI and the Obama Administration pointed fingers at North Korea for orchestrating the attack. North Korea has claimed innocence throughout the aftermath, but indicated in early December that it condoned the “righteous deed.” The Obama administration stated that it would “respond proportionately” to the hack, and not long after, North Korea was the on the receiving end of an “unprecedented” Internet takedown which sent the country even further into the stone ages — if only for a few hours.The U.S. didn't claim... Read more...
First ... Prev 2 3 4 5 6 Next ... Last