Articles about Hacking

As owners of Dell computers will be only too aware, the company is no stranger to stuffing systems with bloatware. This is in itself is irritating, but when this bloatware includes a security vulnerability that could be exploited by hackers, the irritation becomes rather more serious.

The SupportAssist tool is supposed to provide an easy way to update drivers on Dell computers and laptops, as well as deleting unnecessary files and the like. However, it poses a security risk if you don't install the latest update from Dell to plug a vulnerability. The flaw (CVE-2019-3719) has been assigned a high severity rating of 8.0, and could enabled an attacker to take control of your computer.

Continue reading →

We tend to think of hacking communities as being concentrated in the Far East or the former Soviet bloc, but of course there hackers elsewhere that we don't hear so much about.

Researchers at Recorded Future have been investigating hacking communities around the world, and their latest report covers Brazil.

Continue reading →

Over the weekend we reported that hackers gained access to Microsoft's web-based email services for a period of three months. Microsoft tried to calm users' concerns by saying that only "your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with" had been accessed. But for some people, things were rather worse.

It transpires that some users have been sent a notification from Microsoft informing them that hackers were able to access the content of emails.

Continue reading →

Microsoft has confirmed that hackers were able to access customers' web-based email accounts for a period of three months at the beginning of the year. Between January 1 and March 28, unknown hackers hit the accounts of various Microsoft email services.

The company is in the process of sending notifications to those who have been affected by the issue and it recommends users change their account passwords. (Update: it's worse than first thought!)

Continue reading →

Kaspersky Lab reports that the software update system used by ASUS was hijacked by hackers and used to deliver a backdoor-laden piece of malware to users. The company estimates that around a million users may have been affected by what it describes as "one of the biggest supply-chain incidents ever".

Back in January, the security firm discovered that a threat actor interfered with the ASUS Live Update Utility, adding a backdoor to it. Signed with an official ASUS certificate and carefully crafted to be precisely the same size as the official tool, the malware -- dubbed ShadowHammer -- went unnoticed for some time.

Continue reading →

Towards the end of last month, security researchers revealed details of a critical bug in that stalwart of the compression world, WinRAR. The bug is many years old and although it relates to the rarely-used ACE format and has since been patched, it has been discovered hackers are actively exploiting it since it was made public.

The 19-year-old bug in the file UNACEV2.DLL (CVE-2018-20250) allows for an attacker to execute malicious files hidden in compressed archives. Over 100 exploits have been found that take advantage of people who are yet to update to a secure version of the software... and that number is growing. McAfee reports attackers using Ariana Grande's album "Thank U, Next" as a lure to encourage victims to extract dangerous archives, but other security researchers report the use of images.

Continue reading →

With every passing year, cybercrime gets worse. It makes sense: it’s lucrative. Cybercrime is estimated to be a $1.5 trillion industry, with some countries now basing their economy around cybercrime. As a result, cybercriminals are now emboldened with new technology that makes data breach attacks easier and more accessible.

With all of that in mind, you may be wondering whether your business, in particular, is likely to suffer an attack. And even though you may have seen some statistics, the answer is a little more complicated than it seems. Here are some important cybersecurity statistics that can shed some light on what you can expect in 2019.

Continue reading →

iPhones are renown for their security -- to the point that even law enforcement agencies have trouble accessing their contents. An Israeli firm, Cellebrite, became well-known when it transpired that hacking tools it made were used by the US government to crack locked iPhones… and now its hacking tools are available to buy on eBay.

For as little as $100-$1000, you can get your hands on a second-hand piece of Cellebrite equipment (a fraction of its usual selling price). For just a few Benjamins, you could get a Cellebrite UFED (Universal Forensic Extraction Device) and use it for whatever you might fancy.

Continue reading →

Security researchers from Dojo by Bullguard have discovered a vulnerability in Amazon's Ring doorbell that leaves it prone to man-in-the-middle attacks.

As well as enabling a hacker to access audio and video feeds in a severe violation of both privacy and security, the vulnerability also means that an attacker could replace a feed with footage of their own. Revealing the security flaw at Mobile World Congress, Yossi Atias from Dojo, demonstrated how a feed could be hijacked and injected with counterfeit video.

Continue reading →

Microsoft has revealed that it detected various attacks by Russian hackers targeting democratic groups in Europe. The company says that numerous attacks carried out between September and December 2018 can be linked to a group known as Strontium.

Also known as Fancy Bear, the group is a cyber espionage outfit with ties to Russian intelligence agencies. At the same time as revealing some details of the attacks, Microsoft also announced the expansion of its AccountGuard security program to more European countries ahead of European Parliament elections.

Continue reading →

Australia's three main political parties -- Liberals, Labor and Nationals -- as well as the country's parliament have all been hit by a security breach which Prime Minister Scott Morrison says was carried out by a "sophisticated state actor".

Although the country is due to hold elections in the coming months, Morrison says there is "no evidence of any electoral interference". While it is not currently known who is responsible for the attack, various potential culprits have been suggested, including China, the US, Israel and Russia.

Continue reading →

When hackers hit Marriott's Starwood Hotel database last year, it was first thought that half a billion customers might be affected. This estimate was later downgraded to 383 million guests, but this is still a very large number, and it is understandable that many people are concerned that their data may have been accessed.

There was particular concern about whether passport numbers had been accessed, and this is what a new checking tool lets you check. Marriott has teamed up with security firm OneTrust to enable customers to check if their data was included in the security breach.

Continue reading →

The photo sharing site 500px has revealed details of a security breach that took place in mid-2018.

The company says that its engineering team only became aware of the breach -- which is thought to have taken place around July 5, 2018 -- a few days ago. 500px launched an investigation in conjunction with a third party and police, and says that "an unauthorized party gained access to our systems and acquired partial user data".

Continue reading →

Email provider VFEmail has been hit by a huge attack that resulted in all of the data it stores in the US being wiped out.

Describing the attack as "catastrophic", VFEmail revealed that a hacker had breached its security and succeeded in deleted not only primary data systems, but also the backups. The attacker was caught in the act, and it was possible to intervene before damage was caused to servers in other countries. But for VFEmail users whose data was stored in the US, the news is far from good.

Continue reading →

Users of Trakt -- a service for "scrobbling", or tracking the movies and TV shows you watch in the likes of Plex and Kodi -- have received emails from the company notifying them of a data breach that took place way back in 2014.

Trakt says that although the security breach took place over four years ago, it only recently discovered it. The company says that an investigation is underway, but that it believes a "PHP exploit was used to capture data", including users' emails, usernames, encrypted passwords, names and locations.

Continue reading →