Articles about Hacking

Flipboard is resetting the passwords of millions of users after suffering a data breach. Hackers were able to access databases containing usernames and passwords, as well as access tokens for some third-party services.

The company has not revealed how many users are affected by the security incident, but says that hackers had access to its systems for a nine months.

Continue reading →

Google is recalling the Bluetooth Low Energy (BLE) version of its Titan Security Key, and is offering free replacements to owners.

The recall comes after the company became aware of a security issue which could allow a nearby hacker to hijack the security device. Google says that the security issue only affects the Bluetooth versions of the 2FA device sold in the US.

Continue reading →

Cryptocurrency exchange Binance has been struck by hackers who were able to make off with $40 million worth of Bitcoin.

The exchange suffered what it describes as a "large scale security breach" in which attackers were able to obtain "a large number of user API keys, 2FA codes, and potentially other info". CEO Zhao Changpeng says that 7,000 BTC were withdrawn in a single transaction and the attack which was perpetrated using a variety of methods.

Continue reading →

According to the latest Data Breach Report from Risk Based Security the number of reported data breaches was up 56.4 percent in the first quarter of 2019 compared to the same period last year.

The increase in reporting could be a result of new legislation like GDPR that obliges businesses to be more open about security issues. The number of exposed records was also up by 28.9 percent. Already in 2019, there have been three breaches exposing 100 million or more records.

Continue reading →

As owners of Dell computers will be only too aware, the company is no stranger to stuffing systems with bloatware. This is in itself is irritating, but when this bloatware includes a security vulnerability that could be exploited by hackers, the irritation becomes rather more serious.

The SupportAssist tool is supposed to provide an easy way to update drivers on Dell computers and laptops, as well as deleting unnecessary files and the like. However, it poses a security risk if you don't install the latest update from Dell to plug a vulnerability. The flaw (CVE-2019-3719) has been assigned a high severity rating of 8.0, and could enabled an attacker to take control of your computer.

Continue reading →

We tend to think of hacking communities as being concentrated in the Far East or the former Soviet bloc, but of course there hackers elsewhere that we don't hear so much about.

Researchers at Recorded Future have been investigating hacking communities around the world, and their latest report covers Brazil.

Continue reading →

Over the weekend we reported that hackers gained access to Microsoft's web-based email services for a period of three months. Microsoft tried to calm users' concerns by saying that only "your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with" had been accessed. But for some people, things were rather worse.

It transpires that some users have been sent a notification from Microsoft informing them that hackers were able to access the content of emails.

Continue reading →

Microsoft has confirmed that hackers were able to access customers' web-based email accounts for a period of three months at the beginning of the year. Between January 1 and March 28, unknown hackers hit the accounts of various Microsoft email services.

The company is in the process of sending notifications to those who have been affected by the issue and it recommends users change their account passwords. (Update: it's worse than first thought!)

Continue reading →

Kaspersky Lab reports that the software update system used by ASUS was hijacked by hackers and used to deliver a backdoor-laden piece of malware to users. The company estimates that around a million users may have been affected by what it describes as "one of the biggest supply-chain incidents ever".

Back in January, the security firm discovered that a threat actor interfered with the ASUS Live Update Utility, adding a backdoor to it. Signed with an official ASUS certificate and carefully crafted to be precisely the same size as the official tool, the malware -- dubbed ShadowHammer -- went unnoticed for some time.

Continue reading →

Towards the end of last month, security researchers revealed details of a critical bug in that stalwart of the compression world, WinRAR. The bug is many years old and although it relates to the rarely-used ACE format and has since been patched, it has been discovered hackers are actively exploiting it since it was made public.

The 19-year-old bug in the file UNACEV2.DLL (CVE-2018-20250) allows for an attacker to execute malicious files hidden in compressed archives. Over 100 exploits have been found that take advantage of people who are yet to update to a secure version of the software... and that number is growing. McAfee reports attackers using Ariana Grande's album "Thank U, Next" as a lure to encourage victims to extract dangerous archives, but other security researchers report the use of images.

Continue reading →

With every passing year, cybercrime gets worse. It makes sense: it’s lucrative. Cybercrime is estimated to be a $1.5 trillion industry, with some countries now basing their economy around cybercrime. As a result, cybercriminals are now emboldened with new technology that makes data breach attacks easier and more accessible.

With all of that in mind, you may be wondering whether your business, in particular, is likely to suffer an attack. And even though you may have seen some statistics, the answer is a little more complicated than it seems. Here are some important cybersecurity statistics that can shed some light on what you can expect in 2019.

Continue reading →

iPhones are renown for their security -- to the point that even law enforcement agencies have trouble accessing their contents. An Israeli firm, Cellebrite, became well-known when it transpired that hacking tools it made were used by the US government to crack locked iPhones… and now its hacking tools are available to buy on eBay.

For as little as $100-$1000, you can get your hands on a second-hand piece of Cellebrite equipment (a fraction of its usual selling price). For just a few Benjamins, you could get a Cellebrite UFED (Universal Forensic Extraction Device) and use it for whatever you might fancy.

Continue reading →

Security researchers from Dojo by Bullguard have discovered a vulnerability in Amazon's Ring doorbell that leaves it prone to man-in-the-middle attacks.

As well as enabling a hacker to access audio and video feeds in a severe violation of both privacy and security, the vulnerability also means that an attacker could replace a feed with footage of their own. Revealing the security flaw at Mobile World Congress, Yossi Atias from Dojo, demonstrated how a feed could be hijacked and injected with counterfeit video.

Continue reading →

Microsoft has revealed that it detected various attacks by Russian hackers targeting democratic groups in Europe. The company says that numerous attacks carried out between September and December 2018 can be linked to a group known as Strontium.

Also known as Fancy Bear, the group is a cyber espionage outfit with ties to Russian intelligence agencies. At the same time as revealing some details of the attacks, Microsoft also announced the expansion of its AccountGuard security program to more European countries ahead of European Parliament elections.

Continue reading →

Australia's three main political parties -- Liberals, Labor and Nationals -- as well as the country's parliament have all been hit by a security breach which Prime Minister Scott Morrison says was carried out by a "sophisticated state actor".

Although the country is due to hold elections in the coming months, Morrison says there is "no evidence of any electoral interference". While it is not currently known who is responsible for the attack, various potential culprits have been suggested, including China, the US, Israel and Russia.

Continue reading →