Articles about Hacking

Data breach checking website Have I Been Pwned (HIBP) -- used by governments and individuals around the world -- has announced a new partnership with 1Password.

The arrangement is a first for Troy Hunt's site, but it comes just over a month after 1Password started using a password-checker he developed. Hunt says that he has turned down numerous offers to sponsor Have I Been Pwned, but feels that teaming up with 1Password makes sense.

Continue reading →

A slip-up by notorious hacker Guccifer 2.0 -- famous for attacking the DNC servers -- appears to have confirmed what has been believed for some time: that the hacker is based in Russia.

It was long-believed that Guccifer had links to Russia, but use of VPNs and other techniques made it difficult to confirm this. Now a single incident when the "lone wolf" apparently forgot to use a VPN shows the hacker using an IP address based in Moscow and linked to Russian intelligence agency -- the GRU.

Continue reading →

The foundations of the digital world are set to be shaken in the next two years according to the findings of a new report from the Information Security Forum (ISF).

The Threat Horizon 2020 report highlights nine major threats, broken down into three themes, that organizations can expect to face by 2020 as a result of  developments in technology.

Continue reading →

If you're a Firefox user, it's highly possible that you use the browser to store your login usernames and passwords for the sake of ease. Supposing you're a little security conscious, you may well have enabled the 'master password' function to prevent unauthorized access to your password database.

Well, there's a little bad news. It's nowhere near as secure as you may have thought. Wladimir Palant -- the guy behind the AdBlock Plus extension -- found that the system, which is used by both Firefox and Thunderbird, can be very easily brute-forced, leaving passwords vulnerable to malware and hackers.

Continue reading →

The US has introduced new sanctions against Russia after accusing the country not only of interfering in the 2016 election, but also launching a cyberattack on its energy grid.

Officials say that malware traced back to Moscow had been found to have infected operating systems on computers belonging to companies in the energy sector. The Department of Homeland Security is in no doubt that the Russian government is responsible.

Continue reading →

Off-the-shelf smart devices that include baby monitors, home security cameras, doorbells, and thermostats can be easily hacked according researchers at Israel's Ben-Gurion University of the Negev (BGU).

As part of their ongoing research into detecting vulnerabilities in devices and networks expanding in the smart home and Internet of Things (IoT), the BGU researchers disassembled and reverse engineered many common devices and quickly uncovered serious security issues.

Continue reading →

A week ago, cryptocurrency exchange Binance was the victim of a hacking attempt. While the attempt on March 7 is described as "not successful," Binance is still eager to track down the perpetrators.

So keen is the exchange, in fact, that it is offering up a $250,000 bounty to "the first person to supply substantial information and evidence that leads to the legal arrest of the hackers."

Continue reading →

Locking your PC is fundamental to preventing others from accessing it when you leave it unattended. But now security researchers have shown that it is possible to use none other than Windows 10's Cortana to bypass a password-protected lock screen.

A pair of Israeli researchers found that it is possible to use voice commands to access a locked computer and install malware.

Continue reading →

Over the last few years, the website Have I Been Pwned (HIBP) has given people the chance to check whether their personal data was compromised in any data breaches. Now the site reveals that the UK and Australian governments are using its services to monitor official domains.

That governments should check the site's database for the presence of their own email addresses is perhaps not surprising -- it's used by just about every type of body imaginable. But now the mechanics have been opened up for these two governments.

Continue reading →

2017 saw a sudden increase in code signing certificates being used as a layered obfuscation technique to deliver malicious payloads.

Recorded Future's Insikt Group has been investigating the criminal underground and has identified a number of vendors currently offering both code signing certificates and domain name registration with accompanying SSL certificates.

Continue reading →

We hear a lot about cyber attacks and the latest threats, but it can sometimes be hard to comprehend the scale of the problem.

Network security company Bricata has produced an infographic that sets out some of the statistics to put things into context.

Continue reading →

Thousands of government websites around the world have been hijacked to mine the cryptocurrency Monero. A commonly-used accessibility script was hacked to inject the Coinhive miner into official sites in the US, UK and Australia. One security researcher described it as the biggest attack of its type that he'd seen.

In the UK, websites for the NHS and Information Commissioner's Office were affected; in the US, the United States Courts' site was hit; in Australia, government sites including that of the Victorian parliament were hit by the cryptojacking code. What all of the sites had in common was the fact that they included the text-to-speech accessibility script Browsealoud from Texthelp.

Continue reading →

The source code for the iOS bootloader iBoot has been leaked to GitHub, prompting Apple to issue a DMCA takedown notice.

Although the source code is for iOS 9.3 and a couple of years old, it appears to be the real deal and would still cause something of a headache for Apple. Copies of the code have been circulating online despite the takedown notice, and the concern is that it could be used to exploit iOS with malware.

Continue reading →

A trio of NSA exploits leaked by hacking group TheShadowBrokers has been ported to work on all versions of Windows since Windows 2000.

The EternalChampion, EternalRomance and EternalSynergy exploits were made public by the group last year, and now a security researcher has tweaked the source code so they will run on nearly two decades' worth of Microsoft operating systems -- both 32- and 64-bit variants.

Continue reading →

A hacker has won his appeal against extradition to the US where he faced charges of compromising various American systems including NASA and the FBI. Lauri Love, won his case in the High Court of England and Wales after his lawyers argued there was a serious risk that he would kill himself.

The court also took into account the fact that the alleged hacking offenses were committed in the UK. The appeals win does not mean, however, that Love's legal battles are over.

Continue reading →