Articles about Hacking

Another week, another cyberattack. This time around, it's the Dixons Carphone group which says it has fallen victim to not one but two major breaches.

The bank card details of 5.9 million customers have been accessed by hackers in the first breach. In the second, the personal records of 1.2 million people have been exposed.

Continue reading →

Bitcoin has once again demonstrated its volatility, dropping in value by 10 percent following news of an attack and theft from the South Korean exchange Coinrail.

Coinrail has confirmed that it suffered a "cyber intrusion" and while it did not specify the value of the coins stolen, local news outlet Yonhap News estimated it to be $37.28 million based on a loss of about 30 percent of the coins traded on the exchange.

Continue reading →

Last week event ticketing company Ticketfly suffered a cyberattack which saw the site taken offline for a number of days. The site is now back up and running, and Ticketfly has revealed the extent and impact of the hack.

The company says that data from 27 million Ticketfly accounts was accessed, including names, addresses, email addresses and phone numbers. Customers are assured that passwords and credit card details remain safe.

Continue reading →

Using one of four common attack vectors, 71 percent of surveyed IT professionals believe they could successfully hack any organization.

Based on a survey carried out among attendees to the RSA Conference in April 2018 by vulnerability management specialist Outpost24, 34 percent say that they would use social engineering, 23 percent say they would enter via insecure web applications, 21 percent via mobile devices, while a further 21 percent say they would enter via a public cloud.

Continue reading →

MyHeritage -- a website that helps people research their family tree and also offers a DNA testing service -- has suffered a "cybersecurity incident". A file containing the usernames and hashed passwords of more than 92 million users was discovered on an external server by a security researcher.

The file was found to be genuine and MyHeritage is now undertaking an investigation to determine what happened. The security breach affects all users who signed up to the site up to October 26, 2017. The company says that it is taking steps to inform the relevant authorities in line with GDPR.

Continue reading →

Event ticketing service Ticketfly -- owned by Eventbrite -- has fallen victim to what it describes as a "cyber incident". The company took down its website late on Thursday, and it remains inaccessible two days later.

The full extent of the security breach is not yet known, but Ticketfly says that "some client and customer information" was compromised. The attack saw the site defaced with an Anonymous-style masked figure from the movie V for Vendetta, and the hacker threatened to provide download links to customer databases. A hacker by the name of IShAkDz has claimed responsibility.

Continue reading →

Over the weekend, the Bank of Montreal and Simplii Financial both issued statements indicating that they had fallen victim to hackers. In the case of Simplii Financial, around 40,000 customer accounts have been affected, but numbers have not been revealed for the Bank of Montreal.

Both banks' statements indicate that they were contacted by "fraudsters" on Sunday, May 27, but it is not clear whether the two incidents relate to the same group.

Continue reading →

Security researchers have discovered a bug in the Comcast website that makes it possible to gather information about Xfinity users. As well as customer data such as home addresses, it is also possible to access wireless network details including passwords.

The bug was reported by Karan Saini and Ryan Stevenson after they found it was possible to use the Xfinity activation website to access customer data using nothing more than a customer account ID and that customer's house or apartment number.

Continue reading →

The number of data breaches disclosed in the first three months of this year fell to 686 compared to 1,444 breaches reported in the same period of 2017, according to a new report.

This still represents the exposure of some 1.4 billion records, although this figure too is down from 3.4 billion in the same quarter last year.

Continue reading →

For Microsoft, the patches it produced for the Meltdown chip vulnerability proved to be just about as problematic as the original issue, further reducing the security of systems. Following the emergence of an exploit for the Windows-maker's first patch, users are advised to hurry up and install the patch-for-a-patch that was later released.

Last month, Ulf Frisk from Sweden revealed that Microsoft's Meltdown patches were making things worse for Windows 7 and Windows Server 2008, making it possible to read and write kernel memory and gain total control over the system. Now code has been posted online that can be used to exploit the "Total Meltdown" vulnerability.

Continue reading →

Most hotel chains these days rely on some sort of electronic key card mechanism rather than more traditional locks.

Researchers at F-Secure have found that hotels worldwide are using an electronic lock system with a flaw that could be exploited by an attacker to gain access to any room in the building.

Continue reading →

The CEO of TaskRabbit has informed users that "certain personally identifiable information may have been compromised" in a security incident that saw the website and app taken offline earlier in the week.

TaskRabbit -- a service that puts "taskers" in touch with people who need help with jobs around the home -- is now back online, and the company is now on a damage limitation exercise, issuing a statement in the name of "trust, openness, and transparency". Stacy Brown-Philpot says that an investigation is still underway to determine what happened, but explains that "preliminary evidence shows that an unauthorized user gained access to our systems".

Continue reading →

Most businesses are seeking to automate the more tedious aspects of their operations and some new research from security analytics platform Cybereason reveals that hackers are no exception.

The company set up a honeypot system masquerading as a financial services company and introduced security flaws in several stages.

Continue reading →

IKEA-owned TaskRabbit is offline while the company investigates a "cybersecurity incident". Very little information has been given about the incident, but the company says that it is working with "an outside cybersecurity firm and law enforcement to determine specifics" of what happened.

While even vague details are unavailable, the fact that the TaskRabbit website and app have been taken offline could well be indicative of the severity. The company is advising its customers to change their passwords elsewhere if they have reused their TaskRabbit credentials for other sites and services.

Continue reading →

Global fears about cyberattacks by Russia are not calming down, and the US and UK have just issued a joint alert warning of state-sponsored attacks on network infrastructure devices, including residential routers.

The west is accusing Russia of an espionage-driven malicious cyberoffensive, and the Technical Alert -- which comes following a joint effort between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the UK's National Cyber Security Centre (NCSC) -- warns that both governmental and residential hardware is being targeted to "potentially lay a foundation for future offensive operations".

Continue reading →