Getting colder -- cutting the risk of thermal attacks


Earlier this week we reported on a technique that could determine a password by listening to keystrokes. Just in case you weren't worried enough by that, today we learn of the risk of passwords being compromised by 'thermal attacks'.
These use heat-sensitive cameras to read the traces of fingerprints left on surfaces like smartphone screens, computer keyboards and PIN pads. Hackers can then use the relative intensity of heat traces across recently-touched surfaces to reconstruct users' passwords.
Get 'Hacking For Dummies, 7th Edition' (worth $18) for FREE


Your smartphone, laptop, and desktop computer are more important to your life and business than ever before. On top of making your life easier and more productive, they hold sensitive information that should remain private. Luckily for all of us, anyone can learn powerful data privacy and security techniques to keep the bad guys on the outside where they belong.
Hacking For Dummies takes you on an easy-to-follow cybersecurity voyage that will teach you the essentials of vulnerability and penetration testing so that you can find the holes in your network before the bad guys exploit them. You will learn to secure your Wi-Fi networks, lock down your latest Windows 11 installation, understand the security implications of remote work, and much more.
Hacking hybrid: Closing security gaps in a distributed workforce


When, where, and how we work has evolved. And in the past few years, the rise of flexible working patterns has helped improve employee wellbeing and created new opportunities to innovate. According to the Office of National Statistics, 44 percent of people in the UK work in a hybrid model -- making it almost as common as commuting to the office.
At the same time, these new freedoms have ushered in new priorities for security teams. Securing the enterprise is now more complex because the perimeter has become blurred. To address this, focus must be put on securing endpoints, such as PCs and printers -- the "ground zero" for most attacks. New cybersecurity strategies are needed to prevent, detect, and contain cyber-threats, but also enhance remote PC management to mitigate the risks associated with lost or stolen devices.
AI will outperform the average hacker in five years -- say hackers


The latest 'In the Mind of a Hacker' report from Bugcrowd, which includes responses from 1,000 white hat hackers across 85 countries, finds 55 percent saying that generative AI can already outperform hackers or will be able to do so within the next five years.
But despite this, hackers aren't especially worried about being replaced, with 72 percent saying that generative AI will not be able to replicate the creativity of human hackers.
Hacking and why it can be good for cybersecurity [Q&A]


Hacking tends to have something of a bad name, but there are many hackers who do good work, identifying flaws before they can be exploited in cyberattacks.
However, many of these people operate in the shadows for fear of being prosecuted for violating legislation. We talked to Laurie Mercer, director of sales engineering at security platform HackerOne, to discuss whether ethical hackers need to be more open about their activities in order to bring about change and how ethical hacking is making organizations safer.
77 percent of UK citizens are concerned about online privacy


A new survey shows that 77 percent of people in the UK are concerned about the privacy of their data online, but 15 percent don't do anything at all to protect themselves online.
The study, carried out for Proton by YouGov, reveals concern is even greater among those who have been a victim of a hack, or know someone who has.
How long would it take to crack your password?


Thankfully the days of organizations storing passwords in plain text are pretty much gone. Most are now hashed using algorithms that prevent hackers from reading the database easily.
But, as new research from Specops Software reveals, that doesn't necessarily make things safe. The quality of the password itself has a big impact on how long it will take to crack.
From a hacker's cheat sheet to malware… to bio weapons? ChatGPT is easily abused, and that's a big problem


There's probably no one who hasn't heard of ChatGPT, an AI-powered chatbot that can generate human-like responses to text prompts. While it's not without its flaws, ChatGPT is scarily good at being a jack-of-all-trades: it can write software, a film script and everything in between. ChatGPT was built on top of GPT-3.5, OpenAI’s large language model, which was the most advanced at the time of the chatbot's release last November.
Fast forward to March, and OpenAI unveiled GPT-4, an upgrade to GPT-3.5. The new language model is larger and more versatile than its predecessor. Although its capabilities have yet to be fully explored, it is already showing great promise. For example, GPT-4 can suggest new compounds, potentially aiding drug discovery, and create a working website from just a notebook sketch.
Understanding the business model of cybercrime


As businesses get bigger they begin to gain extra layers of management and start to behave in different ways. A new report from Trend Micro reveals that the same is true for cybercrime groups.
A typical large cybercrime organization allocates 80 percent of its operating expenses to wages, with the figure similarly high (78 percent) for smaller criminal organizations, according to the report.
Reddit reveals details of security incident that gave hackers access to internal documents, code and internal business systems


Reddit has fallen victim to a security incident that has been described as a "sophisticated and highly-targeted phishing attack". Hackers targeted employees of the site a few days ago, and were able to gain access to "some internal documents, code, and some internal business systems".
The unknown attackers sent Reddit employees "plausible-sounding prompts" leading to a website that cloned the behavior of the company's intranet gateway. While able to use an employee's credentials to steal data and code, user accounts are not affected.
You don't have to be clever to be a cybercriminal


Cybercriminals don't need to be clever and use inventive hacking exploits to breach systems as organizations are making things too easy for them, says a new report.
Intelligence-led computer security testing company SE Labs has released its annual Cyber Threat Intelligence report with a warning that CEOs need to take cybersecurity seriously or risk falling into the clutches of criminals eager to take their data and their money.
Lazarus Group targets medical research and energy


Researchers at WithSecure have uncovered a cyberattack campaign linked back to North Korea's notorious Lazarus Group.
It is extremely rare to be able to link a campaign so strongly to a perpetrator as WithSecure has been able to do here. The Hackers have been targeting medical research and energy organizations with the intent to commit espionage.
GitHub hit by hackers; code signing certificates for GitHub Desktop and Atom applications stolen


GitHub has issued a warning about "unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom" in a hack that took place back in December.
Users are being advised to ensure that they install the latest updates for the affected software, but there is currently no suggestion that GitHub.com has been impacted. With the attackers having stolen code signing certificates, GitHub is revoking the certificates for some versions of Atom and GitHub Desktop on February 2, so users should update before this date.
Riot Games delays release of game updates and patches following security breach


League of Legends publisher Riot Games has announced that it suffered a security breach last week. While it is not clear precisely what was compromised in the social engineering-driven attack, the company says that personal information and player data was not accessed by the hackers.
The impact of the hack is that key updates and patches for numerous titles will be delayed. In addition to League of Legends, games including Teamfight Tactics have also been affected, forcing developers to change the release schedule for hotfixes.
Major security breach exposes usernames and passwords of Norton Password Manager customers


The company behind NortonLifeLock, Gen Digital, has issued a warning to customers about a security breach that took place in December. Hackers used a credential-stuff attack to gain access to hundreds of thousands of Norton Password Manager accounts.
Gen Digital says that its own systems were not compromised, but warns affected customers that "we strongly believe that an unauthorized third party knows and has utilized your username and password for your account".
Recent Headlines
Most Commented Stories
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
Regional iGaming Content
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.