Articles about Hacking

A new era of internet security is upon us. As browsers, security tools, and service providers move to support the new encryption standard, are you prepared to follow suit? In August of this year, the Internet Engineering Task Force (IETF) released the Transport Layer Security (TLS) Protocol Version 1.3. The new version, designed for the "modern internet," offers major improvements from previous encryption protocols in the areas of security, performance, and privacy. Most notably, the previous optional use of perfect forward secrecy (PFS) in 1.2 is now a requirement for all sessions in TLS 1.3.

PFS requires the use of ephemeral key cryptography, which generates a new encryption key for each client/server interaction. Previous and future sessions maintain secrecy, because the same key is never used twice. This means that even if a hacker manages to compromise one session, it will be difficult for him/her to decrypt all of the sensitive traffic on your network. That is, if your network can support TLS 1.2 and 1.3 ephemeral ciphers. Below are 6 tips for monitoring and processing encrypted data on your network as PFS becomes the norm.

Continue reading →

A security researcher has not only discovered a vulnerability in the virtualization tool VirtualBox, but has released details of the exploit and a step-by-step guide to the zero-day vulnerability.

Russian exploit developer Sergey Zelenyuk found a way to break out of VirtualBox's virtual environment and he chose to go public with the vulnerability because of his displeasure at the "contemporary state of infosec, especially of security research and bug bounty". Having told Oracle about the problem, he also tired of the "delusion of grandeur and marketing bullshit" he experienced in the infosec community.

Continue reading →

It’s that time of year where we look for cookies outside of stores. The prices of those sold by Girl Scouts have gone up over the years, but we all continue to buy them. Regardless of whether you like Thin Mints, Samoas or any of the several other brands available, there’s something for you.

Right now, however, the Girl Scouts have more problems to worry about beyond their fundraising campaign. The Orange County, California branch of the organization has warned 2,800 members that their personal data could have been compromised. You can view the letter here.

Continue reading →

A new report from AlienVault, based on findings from vendors' threat reports in its Open Threat Exchange (OTX) platform, reveals more non-Microsoft exploits are in the top 10 list this year.

This is largely due to a rise of server attacks, particularly cryptocurrency-mining botnets that use remote exploits, such as Drupal. The report also sees an IoT exploit make the list for the first time.

Continue reading →

Implanted brain stimulation devices are used by scientists to explore how memories are created in the brain. New research shows that vulnerabilities mean they could be be targeted in future to steal personal information, alter or erase memories or cause physical harm.

Sound like science fiction? Researchers from Kaspersky Lab and the University of Oxford Functional Neurosurgery Group have used practical and theoretical analysis to explore the very real vulnerabilities that could exist in implanted devices used for deep brain stimulation.

Continue reading →

We often hear the term 'ethical hacker', but what exactly does this involve and is it something you can actually make a career out of?

We spoke to Jim O'Gorman president of online penetration testing training provider Offensive Security to find out what being an ethical hacker is all about and what skills you need if you want to become one.

Continue reading →

The most recent Facebook security issue is one of the most serious yet for users of the social network. Depending on which numbers you are look at, the hackers who exploited a security flaw have impacted on anything between 14 and 30 million people.

Facebook is still -- with the help of law enforcement agencies -- investigating the incident, and in the meantime many people feel as those they are being left in the dark. If you want to find out if your account has been affected, here's what you need to do.

Continue reading →

In a news release with the bizarrely vague title of "An Update on the Security Issue", Facebook has revealed that the "View As" security breach it opened up about recently gave hackers access to the personal details of 15  million users.

Having previously advised that the access tokens stolen by hackers had not been used to infiltrate other apps and services, the social networking giant now says 15 million people have had their names and contact details exposed. 14 million users had significantly more details revealed, including username, relationship status, religion, hometown,  birthdate, places they have checked into, and recent searches.

Continue reading →

Around two-thirds of executives and IT professionals responding to a new survey believe that hackers would be able to penetrate their networks.

The study from security and application delivery company Radware focused on global companies and reveals that at least 89 percent of respondents have experienced attacks against web applications or web servers of the past year.

Continue reading →

Since the revelation that a "security issue" allowed hackers to steal access tokens to view people's Facebook accounts, the company has provided a further update about the incident. Facebook has already provided one update about the attack, but now the investigation has progressed and the social network is trying to offer reassurances to those who have understandable concerns about security.

The company says that the attackers did not access any apps that make use of Facebook Login, the system that makes it possible to sign into other accounts and services with Facebook credentials.

Continue reading →

The Guardian was among many outlets to write about the huge Facebook vulnerability and attack reported yesterday, and people were understandably keen to share the story on the social network. However, many people found that they were unable to do.

Large numbers of Facebook users who tried to share the Guardian's story -- as well as one published by the Associated Press -- were greeted by a message informing them that the messages was spam and could not be posted. The matter has been addressed, but it led to complaints that Facebook was trying to hush up the story, and renewed calls to #DeleteFacebook. On its blog, Facebook's security team has also given more details about the "security issue" that happened earlier this week,

Continue reading →

Facebook has revealed that it discovered a security issue which could have exposed the accounts of 50 million people.

A vulnerability was discovered in Facebook's View As feature on Tuesday, September 25, but the company has not given too many details about how the flaw was exploited or by whom, but it has said that attackers were able to steal access tokens and access other people's accounts. Law enforcement agencies have been informed, and an investigation is under way.

Continue reading →

Just 15 lines of code was all it took for hackers to hijack the checkout of online retailer Newegg. The month-long attack took the form of a huge card skimming operation and is believed to have been carried out by the same group that was responsible for hacking both British Airways and Ticketmaster recently -- Magecart.

The hackers inserted car-skimming code into Newegg's payment page, and this script remained in place between August 14 and September 18. It is not known how many people may have been affected by the incident, but with millions of visitors each month, the numbers are potentially huge.

Continue reading →

A new report from cloud delivery company Akamai reveals that the financial services industry has become a prime target for credential stuffing botnets.

Between May and June 2018, Akamai detected more than 8.3 billion malicious login attempts. However, many botnets attempt to remain in stealth mode for as long as possible.

Continue reading →

British Airways has fallen victim to what it describes as a "very sophisticated" attack in which hackers stole financial data relating to hundreds of thousands of customers.

The airline revealed that hackers gained access to its systems and managed to remain undetected for two weeks. The theft of data took place between August 21 and September 5 and the attackers managed to compromise both the ba.com web site and the airline's mobile app.

Continue reading →