Articles about Hacking

While the US and UK governments continue to eye China with suspicion, blocking the use of some Chinese hardware because of national security concerns, it has come to light that Google's Titan Security Key is produced in China.

The keys are supposed to boost security through the use of two-step verification, but security experts are calling for transparency about the supply chain for the hardware after it was revealed it is produced by Chinese company Feitian. There are concerns that the devices could be compromised by Chinese hackers (state or otherwise) to spy on users.

Continue reading →

T-Mobile has revealed that it fell victim to a security incident earlier in the week, and details of around 2.3 million accounts were accessed.

The hack attack took place on Monday, August 20, and while T-Mobile stresses that no financial data was taken, it concedes that it detected "unauthorized capture of some information". The exposed data includes names, billing zip code, phone number, email address, account number and account type, which would be enough for hackers to launch successful phishing attacks.

Continue reading →

Unless you are in regular touch with the 1980s it's probably a while since you gave much thought to using fax machines.

Even then you might think your biggest worry would be a paper jam. But new research from Check Point released at Def Con in Las Vegas reveals organizations and individuals could be hacked via their fax machines, using newly discovered vulnerabilities in the communication protocols used in tens of millions of fax devices globally.

Continue reading →

Increasingly cybercriminals are using their initial attacks to probe systems and look for other vulnerabilities or network resources that they can later exploit.

Threat detection platform Preempt is launching new capabilities that allow enterprises to prevent lateral movement and unauthorized domain access due to the misuse of network credentials in reconnaissance tools.

Continue reading →

Reddit has revealed details of a security breach that enabled a hacker to gain access to private messages, usernames and encrypted passwords. The self-proclaimed "front page of the internet" is undertaking an investigation and taking steps to improve security.

The attack took place between June 14 and June 18 this year, and the perpetrator was able to access "all Reddit data from 2007 and before including account credentials and email addresses", the site said in an announcement. The breach was made possible after the attacker beat SMS-based two-factor authentication and compromised several employee accounts.

Continue reading →

The security breach suffered by Timehop on July 4 was much more serious than the company first thought. In an update to its original announcement, the company has revealed that while the number of account affected by the breach -- 21 million -- has not changed, the range of personal data accessed by hackers is much broader.

Timehop has released an updated timeline of events, having initially felt forced by new GDPR rules to publish some details of the breach before all information had been gathered. The company says that it is also unsure of where it stands with GDPR, and is working with specialists and EU authorities to ensure compliance.

Continue reading →

Timehop -- the social network for those who like to reminisce -- has revealed that it fell victim to a security breach on Independence Day. The attacker managed to access an internal database stole the personal data of 21 million users from Timehop's Cloud Computing Environment.

The vast majority of those affected by the "security incident" (as Timehop refers to it) had their names and usernames exposed, but for nearly a quarter of them -- 4.7 million -- phone numbers were also exposed. The hacker also took access tokens which could be used to view users' posts.

Continue reading →

The team behind Gentoo Linux has revealed the reasons for the recent hack of its GitHub organization account. The short version: shoddy security.

It seems that the hackers were able to gain access to the GitHub organization account by using the password of one of the organization administrators. By the team's own admission, poor security meant that the password was easy to guess. As the Register points out, "only luck limited the damage", but the Gentoo Linux team is keen to let it be known that it has learned a lot from the incident.

Continue reading →

Vulnerabilities have been discovered in LTE that would make it possible for an attacker to tap into 4G networks for the purposes of spying on and hijacking 4G browsing sessions.

Security researchers from Ruhr-Universität, Bochum and New York University, Abu Dhabi show how three different attacks can be launched on the second layer of LTE -- also known as the data link layer. Two passive attacks allow for identity mapping and website fingerprinting, while the active cryptographic aLTEr attack allows for DNS spoofing and network connection redirection.

Continue reading →

Sportswear company Adidas has warned US customers about a security breach that took place earlier this week.

The firm says that on Tuesday it was made aware that "an unauthorized party claims to have acquired limited data associated with certain Adidas consumers". Two days later, the company started to notify its customers that personal data -- including contact information and usernames -- may have been compromised.

Continue reading →

A hacker managed to take control of the Github account for Gentoo Linux, going as far as inserting malicious code into the distros. The malware was designed to delete user data.

Although the situation is now under control, an investigation is underway to determine what happened. Anyone who has downloaded a Gentoo distro or other files recently, is warned to "refrain from using code from the Gentoo Github Organization" for the time being.

Continue reading →

Enter the wrong passcode into an iPhone and you'll not only be denied access to it, but also run the risk of wiping its contents if you enter an incorrect code too many times. This is a problem faced by law enforcement agencies when they encounter iPhones in the cases they're working on -- as well as people trying to hack into phones for nefarious purposes -- so it's little wonder that hackers are constantly trying to find a way to earn unlimited guesses at passcodes.

One hacker thought he had cracked it. Security researcher Matthew Hickey proudly boasted at having discovered a delightfully simple method for brute-forcing entry into an iPhone -- he even posted a video of his hack in action. But there's no need to panic. Apple explains that "incorrect testing" renders Hickey's method worthless.

Continue reading →

Global financial services organizations are targeted by sophisticated cyber attackers in an attempt to steal critical data, according to a new report.

The study from threat hunting company Vectra says attackers build 'hidden tunnels' masquerading as other web traffic to break into networks and access critical data and personal information. These tunnels are used to remotely control an attack and steal data while remaining largely undetected.

Continue reading →

Kaspersky Lab has published a report in which it reveals that a Chinese hacking group has attacked the national data center of an unnamed Central Asian country.

The cyberattacks are said to have been carried out by a group known as LuckyMouse -- but also goes by the names Iron Tiger, Threat Group-3390, EmissaryPanda and APT27. The attacks started in 2017, and Kaspersky says that malicious scrips were injected into official website to conduct country-level waterholing campaign.

Continue reading →

Apple says that it is planning to release an iOS update that will block a loophole used by police to access iPhones.

Law enforcement agencies and hackers have been able to exploit a handset's Lightning port to get around passcode limits and brute force their way into a phone. But with the upcoming update, Apple will shut down data access via the Lightning port after an hour if the correct passcode is not entered.

Continue reading →