Articles about Hacking

We're all familiar with the concept of the dark web where information gained from hacks and data breaches is traded amongst cyber criminals. But just how much are your identity and account credentials worth?

Password manager and digital vault app Keeper Security has produced an infographic looking at how much various pieces of information trade for.

Continue reading →

Wikileaks has released a batch of documents from the middle of 2012 revealing details of the CIA's CherryBlossom project. A joint venture with the Stanford Research Institute, the CherryBlossom files show how the agency can take remote control of routers and other networking devices from numerous manufacturers, transforming them into listening devices.

CherryBlossom also enables the CIA to interfere with both incoming and outgoing traffic. Passwords present little obstacle in many cases and the fact that remote infection is possible makes the implant very simple to install. The documents reveal how the CIA can home in on a target using information such as MAC address, email address, or even chat handles.

Continue reading →

If you have $20 to spare and some "basic programming knowledge," you can create a powerful hacking tool that can collect huge amounts of user credentials, easily. The best part about it is that you don’t even need to use any malware or viruses -- everything can be clean as a whistle.

The news was revealed by security experts Kaspersky Lab, which was able to create such a device using a Raspberry-Pi microcomputer that was then configured as an Ethernet adapter.

Continue reading →

Researchers from the Kromtech Security Research Center have discovered an unprotected database online that includes information on about 10 million cars sold in the US.

As well as data such as VIN and details of payment plans, the database also includes detailed information about owners, such as name, address, phone numbers and occupation. It has been left exposed online for over four months, but it's not clear who the owner is -- or how to address the security risk it poses.

Continue reading →

New evidence has emerged detailing Russia's attempts to interfere in the 2016 US election. A leaked, top secret NSA report shared by the Intercept reveals that Russian intelligence agencies hacked the manufacturer of US voting systems.

The Intercept says that the authenticity of the documents has been independently verified, and they show a concerted Russian effort to sway the result of the battle between Trump and Clinton. Following the leak, a government contractor called Reality Leigh Winner has been arrested for allegedly removing classified material from a government facility in Georgia.

Continue reading →

Password management service OneLogin has fallen victim to a serious attack. The company says that it "detected unauthorized access to OneLogin data in our US data region" -- this was blocked, but not before the attacker gained access to AWS keys and the ability to decrypt data.

The company warns that "all customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data." OneLogin has provided a guide for securing data, but it's possible that it may be too late for some people.

Continue reading →

A report published by the British American Security Information Council (BASIC) cautions that the UK's fleet of Trident submarines faces "growing potential for cyber-attack." The authors issue a stark warning that "a successful attack could neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads."

Government officials have long dismissed the risk of hacking the nuclear subs because they are not connected to the internet. But the report, entitled Hacking UK Trident: A Growing Threat, suggests that risk of malware infection during manufacturing or software updating are just two possible attack vectors that could lead to the compromise of nuclear weapons.

Continue reading →

TheShadowBrokers, the hacking group behind the leak of NSA malware, has announced further details of the "Data Dump of the Month" subscription service it has previously talked about. Now known as "TheShadowBrokers Monthly Dump Service," the launch sees the group switching from Bitcoin to Zcash as its currency of choice.

Signing up for the service will set interested parties back 100 ZEC (Zcash). As this equates to over $20,000, it's not a subscription that many people are likely to be taking out, particularly as there is no evidence that the group has more exploits to offer. The hacking group has previously said that it has Windows 10 vulnerabilities to expose.

Continue reading →

Security researchers from Check Point have discovered a major vulnerability in popular media players, like VLC, Kodi and Popcorn Time, which leaves users vulnerable to hacker attacks via malicious subtitles. The security firm estimates that the number of potential victims is around 200 million.

Media players give users the option to load subtitles from repositories, which can be tricked by attackers to rank their altered subtitles higher. This leads to those malicious subtitles being recommended to the user. If they are loaded, attackers can gain control over "any device running them." Check Point notes that the "potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more."

Continue reading →

Cybersecurity experts from Recorded Future think the cybercrime group we know as APT3 is on the Chinese Ministry of State Security’s payroll.

It bases its conclusions on the work of "intrusiontruth," a group claiming to have investigated some of the most important APT actors. Analyzing APT3’s C&C infrastructure, it came across two names, Wu Yingzhuo and Dong Hao, who allegedly registered many of the domains that the threat actors had used.

Continue reading →

Two thirds of consumers in the UK would "break up" with a brand if it suffers a data breach.

That's according to a new report by Talend which highlights the importance of businesses engaging with customers to ensure they provide high-quality data security.

Continue reading →

News over the past week has been dominated by the fallout from the WannaCry ransomware. Now the hacking group that released the NSA's hacking tool kit into the wild has announced plans to start an exploit subscription service in June.

ShadowBrokers used a blog post to announce that next month will see the launch of "TheShadowBrokers Data Dump of the Month" service. Described as "being like wine of month club," such a subscription service would attract a great deal of interest from intelligence agencies and would-be hackers alike, particularly if -- as the group suggests -- it includes access to Windows 10 exploits.

Continue reading →

Just a couple of weeks since a leak of season five of Orange is the New Black was held to ransom, the same is now happening with the upcoming Pirates of the Caribbean 5. Yesterday Disney CEO Bob Iger revealed that hackers had stolen one of the company's movies, and it has since transpired that it is the upcoming Johnny Depp flick.

Subtitled "Dead Men Tell No Tales", Pirates of the Caribbean 5 is due to hit the big screen next week, and hackers are demanding a ransom from Disney to avert a leak ahead of the official launch. This is the latest move in the world of piracy that shows a marked shift from the previous aim of release groups simply wanting to be the first to push out a decent quality rip of a movie.

Continue reading →

The "WannaCrypt" ransomware has proven to be a disaster globally. This malware will encrypt a user's files and then demand some Bitcoin ransom to decrypt them. While the amount being demanded is relatively low at $300 or $600, the scam can be modified for even larger amounts. Heck, even after the ransom is paid, there is no guarantee that the bad guys will follow through with the decryption, making it quite the gamble. As the ransomware has disrupted government agencies, medical services, and other critical computers, the ransom is being paid by some, as it can literally be the the difference between life and death -- surgeries and other procedures have been delayed.

While there are many directions in which you can point the finger of blame, Microsoft should absolutely not shoulder any of the responsibility. After all, the vulnerability that led to the disaster was patched back in March. It never even affected the most recent version of the operating system, Windows 10. The company has even since patched the archaic Windows XP! So who is to blame? Users and administrators that failed to keep their systems up to date are partially at fault. The biggest blame belongs to an unlikely party -- the US Government! You see, an agency of our own government -- the NSA -- knew about the exploit, and rather than alert Microsoft, it chose to stockpile it for intelligence purposes. Sadly, the exploit itself got leaked, and as a result, it landed into the hands of evildoers.

Continue reading →

Cyberattacks against the government sector increased by 100 percent in 2016, rising up to 14 percent, according to a new report by Dimension Data. The financial sector has also seen a dramatic increase in the number of attacks, from three percent in 2015 to 14 percent in 2016.

The manufacturing sector is now on third place with 13 percent of all attacks while retail, which used to be the number one target, fell to fourth place with 11 percent. Poor retail.

Continue reading →