Articles about Hacking

Earlier in the month, news emerged that Kaspersky software had been used by Russian hackers to identify and steal sensitive NSA files from a US computer. Following the revelation, Kaspersky Lab started an investigation, and now the company has published its findings.

Kaspersky concedes that its software had indeed identified classified NSA data -- specifically a hacking tool -- but says that it was unintentional. The unearthed source code was attributed to the Equation Group, and company head Eugene Kaspersky ordered the code be destroyed when the matter was reported to him.

Continue reading →

UK consumer group Which? is calling on the government to make an amendment to the Data Protection Bill that's currently being debated in Parliament. The group is looking for a change in the law that would make it easier for organizations to seek redress for groups of people in the event of a data breach.

Research by Which? suggests that there is confusion surrounding who is responsible for safeguarding data, and little knowledge among consumers about how to go about obtaining compensation.

Continue reading →

Google has announced that it is teaming up with HackerOne to bring a bug bounty program to the Play Store. Seeking to weed out problems with Android apps, the Google Play Security Reward Program pays out $1,000 for reported issues that meet certain criteria.

The program is a little different to other bug bounty programs as Google will pay out for problems that are found in third party apps, not just its own. At the moment there are a very small number of apps that are taking part, but Google is inviting developers to opt their apps into the program.

Continue reading →

We Heart It -- the image sharing service used by at least 40 million teenagers -- suffered a "possible security breach" several years ago. The breach affects more than 8 million accounts that were created between 2008 and November 2013.

Although this is a historic data breach, in which information from the user account database was leaked, We Heart It was only notified about it on October 11. The company says that email addresses, usernames, and encrypted passwords were accessed, and it recommends that users now change their passwords as they are not secure.

Continue reading →

Four and a half years ago, an internal bug-tracking database at Microsoft was breached by a "highly sophisticated hacking group," according to five former employees of the company. The hack of the secret database was never made public.

It is believed that this is only the second time such a corporate database has been breached. US officials were alarmed to learn of the hack which could have exposed software vulnerabilities to the attackers, reports Reuters.

Continue reading →

A severe security warning has been issued after Belgium researchers managed to exploit a serious vulnerability in the WPA2 wireless protocol.

Known as KRACK (Key Reinstallation Attacks), the vulnerability makes it possible to eavesdrop on Wi-Fi traffic. Millions and millions of devices are at risk -- Windows, Linux, Android and more -- but it is not known whether there is an active exploit in the wild yet. Details about the vulnerability were due to be released at 8:00AM ET (1:00PM BST), but the research paper has now been published early after someone leaked a draft version.

Continue reading →

Things have not been good for Equifax -- or its customers -- recently. Following a huge data breach earlier in the year, the credit reporting company has now suffered a new blow after it was discovered one of its support pages was redirecting to malware masquerading as Flash updates.

Just last month, Equifax revealed a security breach from May that exposed the personal details of around 145.5 million Americans and 15.2 million people from the UK. Now the company site has been found delivering fake Flash updates, and the offending page has been taken down.

Continue reading →

Cyber-security experts are warning that criminals are hacking into other people's machines to mine cryptocurrencies for them.

According to a Trend Micro report, school, charity and file-sharing websites have been found infected with a particular code that makes the visitor's machine mine cryptocurrency.

Continue reading →

Sales and marketing. ROI. Quarterly performance statements. Reports to investors. And, salaries, bonuses, expense accounts, and petty cash for employee birthday parties. It's all part of the day-to-day running of a business -- any business, including those in the hacking industry. And a big industry it is: Hacking "companies" can be worth many millions, and a good hacker can earn as much as $80,000 a month -- nearly a cool million in a year! -- if they've got the skills.

To pay out that kind of money, a hacker "company" needs financial backing -- it needs investors who will front the cash to pay experts, who in turn will deliver the goods. You could imagine what a "Bad Guy Hackers Inc." board of directors meeting looks like: "Guys, we got a big contract to get the medical records of the clients of X insurance company. The client wants it done by Y date, and they'll pay us a bonus if we deliver early. The project is going to cost Z dollars, do we have that, or do we have to go out and raise it?"

Continue reading →

So, Disqus has been hacked. Yeah, it is what we at BetaNews -- plus many other websites -- use for commenting. Should you be worried? Probably not. You see, this hack happened all the way back in July of 2012. If you joined Disqus after that, you have nothing to worry about. Even if you are using the same login credentials from 5+ years ago, the hackers have only obtained hashed passwords. In other words, they probably haven't decrypted your password.

But OK, even though it is unlikely that your password has been exposed, Disqus is forcing a password reset for all impacted users. Heck, even if you signed up after the hack, it can't hurt to manually change your password, y'all. After all, Disqus didn't even discover the hack on its own, which is worrying. The company was alerted to the breach by the great security researcher Troy Hunt, who found the database floating around the dark web. If you aren't familiar with Hunt, he maintains the excellent haveibeenpwned.com.

Continue reading →

A report by the Wall Street Journal suggests that Russian hackers used Kaspersky software to identify sensitive NSA files -- which they then stole.

The security breach dates back to 2015, and it was made possible when a National Security Agency contractor copied sensitive files to his own computer. Hackers were then able to identify these files because of the contractor's use of Kaspersky software.

Continue reading →

The massive data theft from Yahoo in 2013 is even bigger than first thought. It was big enough when it was believed to have affected around a billion users, but Yahoo has now provided an update indicating that the number is in fact three billion. Or, to put it another way, every single Yahoo user.

Yahoo, now part of Oath, has issued a statement in which it stresses that the updated figure does not represent "a new security issue" and that plaintext passwords were not accessed. The biggest data breach in history just got even bigger, and it's going to take a lot for Yahoo, Oath and Verizon -- the new owner -- to move on from it.

Continue reading →

A judge has ruled that the FBI will not have to reveal any details about the hacking tool it bought to crack the iPhone at the center of the San Bernardino shooting case back in early 2016.

Following a Freedom of Information request by Vice News, USA Today and the Associated Press, federal judge Tanya Chutkan ruled in favor of the FBI, meaning that the agency will be able to keep this information secret.

Continue reading →

Global accountancy firm Deloitte -- known as one of the "big four" -- has been hit by a sophisticated hack. With echoes of the Equifax data breach and CCleaner hack, the cyberattack went undetected for months and results in confidential emails being accessed, as well as company plans, and the private information of high-profile, blue-chip clients.

Deloitte says that only a small number of its clients have been affected, but the size and importance of those that it deals with -- including US government departments -- means that even a limited number could have great impact. The firm is said to have discovered the hack in March, but it is possible that attackers gained access as long ago as October 2016.

Continue reading →

Russian hackers successfully compromised election systems in some states during the 2016 election. There have long been suggestions that Russia tried to influence the outcome of the Trump vs Clinton election, and now the Department of Homeland Security has informed 21 states that their systems were targeted.

This means that the DHS has concerns about almost half of the states of America, but so far only Illinois has been confirmed as having been successfully compromised.

Continue reading →