Articles about Hacking

Google has revealed more details about an attack on one of its corporate Salesforce instances. The company now says that the attack exposed user data of Google Ads customers.

The security issue was spotted by Google Threat Intelligence Group (GTIG) back in June. Activity by UNC6040 – described as a financially motivated threat cluster that specializes in voice phishing (vishing) – hit Salesforce and subsequent investigations have revealed the extent and impact of the attacks.

Continue reading →

As part of its Zero Day Initiative (ZDI), Trend Micro is holding its first Pwn2Own event in Berlin. The three day event sees security researchers testing and breaching the security of various systems, including Windows 11 and Linux.

With big money on offer, there is a great incentive for researchers to unearth vulnerabilities and show how they can be exploited. And this is precisely what happened with Widows 11; the operating system was pwned multiple times on the first day of the event, and there will be many more attempts made before it is over.

Continue reading →

New research from hardware authentication security key provider Yubico shows nearly half of Gen Z (47 percent) and Millennials (46 percent) have had their social media account passwords hacked.

It's no surprise then that these generations are keen to adopt hardware security keys, reflecting a growing mistrust of traditional passwords and a shift toward more secure, physical authentication methods.

Continue reading →

In 2024, opposing nation-states have utilized cyberattacks to project power and disruption from within their own borders. This shift has been epitomized by the rise of the “Axis of Upheaval,” dominated by the CRINKs nations -- China, Russia, Iran, North Korea -- who share a common reliance on using cyberattacks to wreak havoc in an affordable manner.

Whether it’s North Korea using ransomware to generate revenue for its isolated regime, or Russia focusing on disrupting and eroding public trust in democratic institutions, each state is finding its niche to cause harm. Despite these varied goals and techniques, it’s the same sectors again and again in the crosshairs. Whether it’s CNI, healthcare, or finance, these organizations now must protect against a wide range of attack styles and techniques.

Continue reading →

A new report from Bugcrowd finds 82 percent of ethical hackers and researchers on the platform believe that the AI threat landscape is evolving too fast to adequately secure.

Based on responses from 1,300 users of the platform, the report also finds that 71 percent say AI adds value to hacking, compared to only 21 percent in 2023. In addition, hackers are increasingly using generative AI solutions, with 77 percent now reporting the adoption of such tools -- a 13 percent increase from 2023.

Continue reading →

The Wayback Machine has suffered a colossal security incident after the Internet Archive fell victim to a huge data breach.

Data breach notification service Have I Been Pwned (HIBP) says that a 6.4GB SQL file containing registered users’ authentication information has been shared. In all, 31 million email addresses have been found to be part of the database, and tests have shown the the data is genuine.

Continue reading →

Including a number in your password doesn't make it much more secure, does it? If that number is a seven then it just might, according to ProxyScrape.

Strange though it may sound, seven is a rare number in terms of people's preference for it. People naturally gravitate towards using predictable patterns in their passwords. Numbers like 0, 1, and 2 are often overused due to their convenience on both keyboards and number pads. The number 7, however, is less predictable and less frequently used, making it a statistically rare choice.

Continue reading →

The Olympic Games begin next week in Paris and cybersecurity company WithSecure is warning that they face a greater risk of cyberattack than ever due to the current state of geopolitical uncertainty.

As the world's biggest sporting event, the Olympics draws potential attacks from both criminal and nation-state threat actors, with various objectives and capabilities.

Continue reading →

Virtual Network Computing (VNC) is the remote desktop tool most targeted by attacks, accounting for 98 percent of the traffic across all remote desktop-specific ports.

This finding comes from Barracuda which has released a new Threat Spotlight report looking at the most common tools, associated ports, and the ways in which attackers can, and do, gain access.

Continue reading →

A survey from Defcon 17 back in 2009 revealed that 81 percent of hackers are more likely to be active in winter.

It's easy to understand why this might be, with the holiday period bringing a spike in online trading as well as businesses closing down or operating on skeleton staffs.

Continue reading →

The cyber extortion threat landscape continues to evolve quickly and the past 12 months have seen the number of victims globally increasing by 46 percent, marking the highest numbers ever recorded.

A new report from Orange Cyberdefense shows large enterprises were the victim in the majority of attacks (40 percent), with those employing more than 10,000 people seeing a steady increase.

Continue reading →

Ethical hacking company HackerOne has announced that its ethical hacker community has surpassed $300 million in total all-time rewards on the HackerOne platform.

The company's 2023 Hacker-Powered Security Report also shows 30 hackers have earned more than a million dollars on the platform, with one hacker surpassing four million dollars in total earnings.

Continue reading →

Cybercriminals have launched approximately 7.9 million DDoS attacks in the first half of 2023, representing a 31 percent year-on-year increase.

A new report from NETSCOUT shows global events like the Russia-Ukraine war and recent NATO bids have driven recent DDoS attack growth.

Continue reading →

Attackers are always looking for routes that will offer them a way into organizations' networks. New research released today by Armis shows the devices that are most likely to pose a threat.

Interestingly the list includes various personal devices as well as business assets, suggesting attackers care more about their potential access to assets rather than the type and reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.

Continue reading →

Swap-unwanted-stuff-for-free site Freecycle has acknowledged a security breach that took place at the end of last month. Hackers were able to access a wealth of data including usernames, User IDs, email addresses and passwords.

The organization says that it has notified the "appropriate US authorities" of the incident, as well as the Information Commissioner's Offier (ICO) in the UK. Few details of what happened have been revealed, but Freecycle is advising all members to change their account passwords as a security measure.  

Continue reading →