Items tagged with Hacking

Security breaches that expose sensitive customer data are becoming uncomfortably common these days. The newest firm to fess up to falling prey to a hacker attack is AT&T, which has begun sending letters out to customers letting them know about a breach that occurred between April 9 and April 21 of this year. According to a report in Dallas News, the attack resulted in an undisclosed number of wireless customers having their personal data exposed, including Social Security numbers and dates of birth -- handy information if you're trying to steal and/or sell someone's identity. Image Source: Flickr (Alexandre Dulaunoy) Luckily, it doesn't appear that identity theft was on the radar of the cybercriminals... Read more...
Australian authorities are advising Apple device owners who have iCloud accounts to change their passwords due to a recent hacking/hijacking outbreak, and now it appears to be spreading to the U.S. as well. The attacks involve a hacker logging into an iCloud account and using the lost device feature to lock users out. Once the device is locked, the hacker sends a message to the device owner demanding a ransom, typically between $50 and $100, to unlock the device. The attacks seemed to initially only affect Apple device owners living in Australia, though Apple users living in the U.S. have started posting similar complaints in the company's support thread. "I'm in the U.S. Never been to Australia,... Read more...
The United States Justice Department has brought forth criminal charges against several members of Unit 61398 of the Chinese military, alleging that these members hacked into computer systems of six American businesses, including Alcoa Inc., United States Steel Crop, Allegheny Technologies Inc, Westinghouse Electric Co, and SolarWorld AG. What makes this especially significant is that it's the first time the U.S. has gone public with cyber spying charges. "In the past, when we brought concerns such as these to Chinese government officials, they responded by publicly challenging us to provide hard evidence of their hacking that could stand up in court. Well today, we are," the U.S. Justice Department... Read more...
Wondering why it's still a good idea to run security software on your system even if you practice safe computing habits? One reason is because even legitimate websites get hacked, and depending on the extent of the attack, visiting what you thought was a benign domain could open up a can of worms. It doesn't matter how large the site is either -- just ask Facebook, latest victim of the Syrian Electronic Army (SEA). Hackers representing the SEA tried to take control of the Facebook.com domain by hacking into the social networking site's registrar, MarkMonitor, which has a number of high profile clients and "strong security practices" in place, according to a SecurityWeek report. The hackers were... Read more...
Google is putting up a ton of cash for the taking as part of this year's Pwnium hacking competition at the CanSecWest security conference in Vancouver in March. More than $2.7 million is up for grabs, which will be doled out in chunks to hackers who discover security vulnerabilities in Google's Chrome operating system. The sultan of search will award $110,000 to hackers who discover a browser or system-level compromise in guest mode or as a logged-in user, delivered via web page. An even bigger reward -- $150,000 -- is being offered for discovering compromises with device persistence: guest to guest with interim reboot, also delivered via web page. "New this year, we will also consider significant... Read more...
Don't you miss the days when teenagers used to get in trouble for crossing over old man Jenkin's lawn on the way to school? It's a different a era we live in, one where the landscape is connected through cyberspace and ripe for mischief of a totally different kind. Hence it shouldn't be all that shocking to find out that a Russian teen is believed to be responsible for the malware that was used to infiltrate Target and make off with personal data for up to 110 million customers. The same malware was also used in an attack against Neiman Marcus and could show up in other attacks against retailers, according to security firm IntelCrawler, which called it an "off-the-shelf" product called BlackPOS.... Read more...
The data breach at Target that resulted in millions of customer credit and debit card data being compromised is much worse than initially thought. Target had revealed last month that as many as 40 million payment card accounts may have been impacted between November 27 and December 15, 2013, but the retail giant has since discovered that a second batch of data was also stolen. That batch includes names, mailing addresses, phone numbers, or email addresses for up to 70 million additional customers, bringing the tally to 110 million. The additional data is not part of a new breach, but was uncovered as part of an ongoing investigation into the original incident that occurred right in the midst... Read more...
It'd be a little crazy to imagine ending 2013 without another breach-of-security story, so fortunate for us, BBC has come to the last-minute rescue. On December 25th, a Russian hacker is said to have listed a sale on a black market website that offered information about accessing a BBC server, something that US firm Hold Security picked up on and notified the British broadcaster about. Unlike many of the security breaches we unfortunately have to write about, it seems that no sensitive information had been taken from BBC's servers - no credit card numbers, and no user accounts. That's kind of refreshing, isn't it? The compromised machine was a simple file-transfer server (FTP), one that merely... Read more...
Target on Thursday confirmed reports that hackers gained access to credit and debit card data during the holiday shopping season. According to Target, around 40 million payment card accounts may have been impacted between November 27 and December 15, 2013. That time frame falls right in the midst of the some of the busiest shopping days of the year, starting with the day before Thanksgiving and on through the middle of December. "Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause," said Gregg Steinhafel, chairman, president and chief executive officer,... Read more...
Breaching the security of a website or Web service should be one of the most difficult tasks on earth, but given the fact that not a week can go by where we don't learn of some security issue at a major firm, it's clear that most of the Web is seriously lacking in setting up proper barriers. In recent months, Adobe was hit particularly hard, what with "millions" of customers affected due to a breach that saw lots of credentials milked from its servers. This past July, Ubuntu's official forums also made headlines, thanks to a leak of data that affected nearly 2 million accounts. That issue ties indirectly into the latest breach, affecting tech site MacRumors. Late this week, MacRumors posted... Read more...
In enterprise environments, it's long been accepted that keeping a particular machine "100%" safe requires little more than keeping it off of an external or internal network, making sure to disable its network devices - wired or otherwise - and of course, disabling its optical drives and USB ports. A machine can't get infected when all of its data transmission lines are closed, right? Wrong, according to security consultant Dragos Ruiu and the league of colleagues that side by his research. Three years ago, Ruiu's MacBook Air was acting strange. The oddities began with an auto-updated EFI firmware, and later moved on to the disabling of the ODD and removal of some data. Typical trojan behavior... Read more...
Looking for a career change? Consider becoming a professional bug hunter. Don't worry, it's not as gross as it sounds. We're talking about software bugs, such as pieces of code with unintended consequences or underlying security vulnerabilities. Turns out you can make a lot of money doing this kind of thing. For example, Microsoft rewarded James Forshaw, a well known hacking guru, a $100,000 check for identifying an exploitation technique in Windows. Forshaw heads vulnerability research at Context Information Security, a security consulting firm in London. He's also six digits richer for finding a bug in Windows, a price Microsoft is more than willing to pay in order to make its operating system... Read more...
Adobe is trying to downplay a recent security breach by saying that "cyber attacks are one of the unfortunate realities of doing business today," and even though that might be true, it's unlikely to provide comfort to the 2.9 million customers whose data was compromised. Hackers made off with Adobe customer IDs, encrypted passwords, customer names, encrypted credit and debit card numbers, expiration dates, and other information relating to customer orders, Adobe said. In a separate incident, Adobe said hackers gained illegal access to source code of numerous Adobe products. The company believes the attacks are related. With source code in hand, cyber criminals can more easily identify potential... Read more...
The train carrying a vast amount of NSA confidential information continues to trek along today, with a revelation that the government agency conducted man-in-the-middle (MITM) attacks involving a couple of the Web's largest companies. Falling under the guise of "FLYING PIG", one of the main traffic sources to intercept was Google, and the simple drawing below explains how such an attack was structured. Due to the quality of the original image, I re-created it above, and hopefully it gets the point across. From the time the server requests were made from a router, the NSA effectively intercepted the request before Google could reply, and with faked security certificates, acted as a proxy to gather... Read more...
The game's acronym may inspire laughter, but a recent hacking targeting it is as serious as a heart-attack (alright, maybe not that serious). Riot Games, LoL's developer, posted on its website this week that 120,000 transaction records from 2011 have been exposed (to someone, or some group), although thanks to the fact that credit card numbers were both hashed and salted, the actual risk of someone being able to take advantage of your financial data is extremely low. However, the fact that that many transactions have been affected is a bit alarming. In addition to these hashed credit card numbers, email addresses, usernames, real names and hashed passwords have also been exposed. For what it's... Read more...
Getting hacked is a bummer and can leave you feeling violated, but we can only imagine what it's like to get hacked in the most sacred room of the house: the bathroom. For those who own a luxury Satis toilet controlled by an accompanying smartphone application, it's entirely possible to fall prey to a hacker attack while you're doing your business. These toilets cost in the neighborhood of $5,700 and feature automatic flushing, bidet spray, music, and even a fragrance release. Unfortunately, it also features a hardware flaw that could allow remote hackers to activate any of the toilets. Researchers at Trustwave's Spiderlabs first noticed the vulnerability, pointing out that the toilet uses Bluetooth... Read more...
It’s not just criminals (and their direct antagonists in the security industry); the FBI likes to hack, too. According to the Wall Street Journal, the FBI has been using hacking techniques and products to break into Android phones in order to perform surveillance on criminal suspects. Allegedly, the FBI can hack a device and activate the microphone to surreptitiously record conversations; it can supposedly do the same with some laptop microphones, as well, according to the WSJ’s sources. The agency can’t perform the hacks without a court order, but of course, using a court order as a check and/or balance hasn’t been working out very well lately. (NSA,... Read more...
Well now, this is awkward. You may recall a study conducted by McAfee a few years back in which it was revealed that businesses were at risk of losing over $1 trillion from "loss or theft of data and other cybercrime." That figure has been cited on more than one occasion by top government officials, including President Barack Obama, but it turns out the the financial impact of hacking may have been grossly exaggerated. In a report scheduled to be released on Monday by the Center for Strategic and International Studies (CSIS), McAfee admits that its previous figure might be three times the actual impact, Reuters reports. What's unfortunate is that the original study from 2009 has been used by... Read more...
A mere day after Apple confirmed that its developer portal had been broken into, a Turkish man named Ibrahim Balic has (bravely?) fessed-up, claiming all responsibility. Apple has yet to comment on the situation, and we're not even sure it will, at least publicly. If Balic is in fact the source of the attack, Apple might wish to take actions other than simply confirming that he was in fact at the heart of things. To help back up Balic's claims, he uploaded a video to YouTube that proved that he could gain information from Apple's database; at the forefront, user IDs. This video has since been taken down (allegedly not by him), likely as the result of a request by Apple, as the video clearly displayed... Read more...
Last Thursday, members of Apple's developer portal had begun receiving password reset emails en masse, leading us to believe that the service had been breached. In an email sent to members on Sunday, our suspicions have been confirmed. In the email, Apple states that an intruder managed to get into the system, and while it's not certain at this point, it's not ruling out the fact that the perpetrator could have snagged names, mailing addresses, and email addresses. The company is clear to state that all sensitive information is encrypted, so passwords and potential financial information stored should be considered safe. While the investigation continues, the company is completely overhauling... Read more...
Tired of changing passwords yet? Well, if you're a member of the NASDAQ OMX Group forums, your wish is still pending. The forum, where users can discuss stock happenings throughout the day, has been revealed to have been exploited, with an unknown number of usernames and passwords at risk. NASDAQ's OMX Group has said that it's reset all user passwords, and if you're a member of that forum, you're likely to have received a related email already. It hasn't been made clear whether or not user passwords were stored securely or not, and while it'd be easy to assume that they were, history has proven that not all companies take such things as seriously as they should. Hopefully more information regarding... Read more...
Things are getting a little hairy on the wild, wild Internet. With privacy fears at an all-time high and the whole Snowden episode stirring up worries that governments can easily convince companies to hand out just about any digital information in the world, the mere notion of whimsically cruising the Internet is becoming a little frightening for some. Now, a NYT report is shedding light on two Italian hackers who spend their days sifting through code in software used by hundreds of millions of people. Why? Because governments all over the globe are evidently willing to pay top-dollar to know about exploits, in order to attack and sift through databases on enemy soil. Image credit: Flickr / timonoko... Read more...
First ... Prev 6 7 8 9 10 Next ... Last