Articles about Hacking

Thousands of government websites around the world have been hijacked to mine the cryptocurrency Monero. A commonly-used accessibility script was hacked to inject the Coinhive miner into official sites in the US, UK and Australia. One security researcher described it as the biggest attack of its type that he'd seen.

In the UK, websites for the NHS and Information Commissioner's Office were affected; in the US, the United States Courts' site was hit; in Australia, government sites including that of the Victorian parliament were hit by the cryptojacking code. What all of the sites had in common was the fact that they included the text-to-speech accessibility script Browsealoud from Texthelp.

Continue reading →

The source code for the iOS bootloader iBoot has been leaked to GitHub, prompting Apple to issue a DMCA takedown notice.

Although the source code is for iOS 9.3 and a couple of years old, it appears to be the real deal and would still cause something of a headache for Apple. Copies of the code have been circulating online despite the takedown notice, and the concern is that it could be used to exploit iOS with malware.

Continue reading →

A trio of NSA exploits leaked by hacking group TheShadowBrokers has been ported to work on all versions of Windows since Windows 2000.

The EternalChampion, EternalRomance and EternalSynergy exploits were made public by the group last year, and now a security researcher has tweaked the source code so they will run on nearly two decades' worth of Microsoft operating systems -- both 32- and 64-bit variants.

Continue reading →

A hacker has won his appeal against extradition to the US where he faced charges of compromising various American systems including NASA and the FBI. Lauri Love, won his case in the High Court of England and Wales after his lawyers argued there was a serious risk that he would kill himself.

The court also took into account the fact that the alleged hacking offenses were committed in the UK. The appeals win does not mean, however, that Love's legal battles are over.

Continue reading →

The clandestine mining of cryptocurrency is something that we have seen in various forms over the last year or so, in website code and Android apps. A new discovery by security firm Trend Micro shows that hackers have found a way to inject Coinhive mining code into ads that appear on YouTube.

The crypto-jacking technique means that hackers have been able to profit by using other people's CPU time to mine the Monero cryptocurrency while they watch videos. Trend Micro reports that there has been a huge increase in Coinhive web miner detections in recent days, with hackers abusing Google's DoubleClick to distribute the code through big sites including YouTube.

Continue reading →

With 1.9 billion records stolen in the first six months, more than in the whole of 2016, 2017 proved a bumper year for cyber crime.

According to cyber security company Venafi, this trend is set to continue into 2018, with state-sponsored attacks to the fore.

Continue reading →

If a hacker were to gain control of a cloud provider for over three days, businesses could face losses up to a whopping $19 billion, with SMBs carrying the largest economic and insurance losses, according to a new report.

In partnership with the American Institutes for Research (AIR), insurance market Lloyd's of London is unveiling a new report detailing the financial impact of a cyberattack on a US cloud provider.

Continue reading →

Last week it emerged that OnePlus was conducting an investigation after a number of customers complained about fraudulent credit card charges. Now the company has given an update on the matter, saying that its website was attacked and a malicious script stealing credit card details was injected, affecting up to 40,000 people.

The company has issued an apology for the incident and says that it has contacted those it feels may have been directly affected. In a statement, OnePlus explains that over a two-month period, customers who entered their credit card details at oneplus.net may be at risk.

Continue reading →

With the 24th Winter Olympics due to start in Pyeongchang, South Korea in a few weeks, athletes are not the only ones preparing for the event.

A report from security analytics platform Cybereason shows that hackers and cyber criminals are gearing up too, the scale and cost of the event making it a prime target.

Continue reading →

With the popularity of Bitcoin and other cryptocurrencies, it's perhaps little surprise that a number of websites have recently been discovered using visitors' computer to do a little mining. The latest site found to be indulging in the activity is BlackBerry Mobile -- but this time it's thanks to the work of a hacker.

As with other sites carrying out surreptitious mining, it was a CoinHive mining tool that was found embedded in the code of the site. The same hacker also placed the same miner on a handful of other sites.

Continue reading →

Barely a week seemed to go by in 2017 without news of a new data breach exposing customer or commercial data.

But just how bad was it? File transfer specialist Ipswitch has put together an infographic looking at the year in breaches.

Continue reading →

Apple has a tendency to pride itself on security, but a researcher has released details of a macOS vulnerability that allows for complete system control by an unprivileged user.

A self-described "hobbyist hacker," Siguza, has published details of the exploit which is thought to have existed, undetected and unpatched for at least a decade. As well as details of the security flaw, Suguza has also published proof-of-concept code for the IOHIDeous vulnerability on GitHub.

Continue reading →

In a cautionary tale for the festive season, unorthodox security guru John McAfee claims to have had his Twitter account hacked.

The account sent out a number of 'coin of the day' Tweets on December 27th encouraging followers to buy some lesser known crypto currencies. Nothing especially strange in that as McAfee has himself sent this type of message in the past.

Continue reading →

While much of the US was celebrating Thanksgiving, social image hosting site Imgur was made aware of a security breach that took place back in 2014. Around 1.7 million user accounts were affected.

This is a relatively small percentage of Imgur users, and COO Roy Sehgal points out that the site has never asked for "personally-identifying information." Nevertheless, the company is contacting the owners of affected accounts, advising them to change their passwords.

Continue reading →

The news that ride hailing service Uber has suffered, and covered up, a major hack means that millions of people could unknowingly have had their data put at risk.

Data security company Egress Software Technologies ran a flash survey of 500 UK adults this morning to find their reactions to the story.

Continue reading →