Articles about Hacking

Anyone would think zero-day attacks are unpreventable following a recent claim from one leading cyber-security vendor. FireEye this year claimed to have discovered "29 of the last 53 zero-day attacks." 24 exploits remained undetected, yet this was still presented as some kind of monumental achievement. Such a statement leaves little comfort for the businesses who found themselves victims, so is it time to just give up completely and let the cyber criminals take over?

It certainly feels that way, even while threats intensify and Locky ransomware rears its ugly head in new forms with renewed malevolence.

Continue reading →

Every eighth person in England has had their healthcare data breached. This is the conclusion of a new report just released by Accenture. Based on a poll of 1,000 people it says that more than half of those who experienced a data breach (56 percent), were in fact, victims of medical identity theft.

The report also says that these data breaches are fairly expensive, too. On average, more than three quarters (77 percent) have had to pay roughly £172 in out-of-pocket costs, per incident.

Continue reading →

WikiLeaks continues to release documents that reveal various hacking tools used by the CIA. After the HIVE revelations just over a week ago, the group has followed up with details of operations that were mentioned in the very first batch of Vault 7 leaks -- hacking Samsung televisions to listen in on people.

The documents suggest that the CIA's work is based on a tool developed by MI5 in the UK called Extending. The CIA went on to transform this into its own utility by the name of "Weeping Angel." WikiLeaks has published the guide to using the tool in a file marked "SECRET STRAP 2 UK EYES ONLY," and it describes how an implant is configured on a Linux PC before installing it on a target Samsung F Series smart TV.

Continue reading →

Whether it’s state-sponsored attacks, corporate espionage, a moneymaking scheme or simply someone trying their luck, businesses and governments are facing a constant barrage of cyber attacks. The high-profile cases of lone wolves hacking into the systems of government organizations mask the more devastating consequences of attacks carried out or ordered by nation states against other nation states.

They are threatening national security around the world, but the wide variety of attack vectors, as well as the continuous evolution and improvement of methods, means we’re constantly chasing our tails trying to keep up and keep them out.

Continue reading →

UK companies are ill-equipped to deal with cyber-attacks, a report by the British Chambers of Commerce (BCC) says. Nearly one in five smaller companies (18 percent) have fallen prey to cybercrime, and the figures are even worse for larger firms.

When looking at companies with more than 100 employees, the number that have been hit by cyber-attacks jumps to a staggering 42 percent. More than three quarters of the firms surveyed by the BCC did not have anti-hacking security measures in place, and most relied on third-party firms to clean up after an attack rather than having in-house solutions.

Continue reading →

The Brexit process is now officially underway, but there is still a good deal of talk about the validity of the outcome. A number of members of parliament have expressed concerns that a foreign government may have interfered with the referendum, making it difficult or impossible for people to register to vote.

The Commons public administration and constitutional affairs committee (PACAC) has published a report which looks at the possible causes for the crash of the "register to vote" site last year. It suggests that the crash bears the hallmarks of a DDoS attack, and notes that this is a tactic employed by both Russia and China in the past.

Continue reading →

The CIA's range of hacking tools revealed as part of WikiLeaks' Vault 7 series of leaks have been used to conduct 40 cyberattacks in 16 countries, says Symantec. The security firm alleges that a group known as Longhorn has been using tools that appear to be the very same ones used by the CIA.

While it would be obvious to jump to the conclusion that the CIA was itself responsible for the attacks -- and that Longhorn is just a branch of the CIA -- Symantec opts for a rather more conservative evaluation of things: "there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group."

Continue reading →

Last year, hacking group TheShadowBrokers released a number of NSA exploits into the wild, showing how the agency was able to exploit big-name firewalls. At the same time it also released a second cache of documents, encrypted and password protected. Now, in protest against Donald Trump, the group has released the password for the encrypted data.

TheShadowBrokers used a Medium post over the weekend to express their disgust at Trump's presidency. The documents and tools released allegedly demonstrate that the US government, through the NSA, has been actively hacking foreign government networks, and reveal an exploit for the Unix-based Solaris operating system.

Continue reading →

Wonga.com -- the payday loan website -- is investigating a security breach which exposed the personal details of tens of thousands of customers. Up to 270,000 customers in the UK and Poland are believed to have been affected by the breach.

The incident happened last week, but Wonga initially played down its significance. However this weekend the company determined that customer data was involved, including names, addresses, phone numbers, bank account numbers and sort codes and started an investigation.

Continue reading →

Security researchers from Kaspersky Lab and Kings College London have uncovered similarities between Turla attacks from 2011 and 2017 and an ancient advanced persistent threat that was used two decades ago to launch an attack against the US government's network.

The researchers (Juan Andres Guerrero-Saade and Costin Raiu from Kaspersky Lab and Thomas Rid and Danny Moore from Kings College London) have taken logs of Moonlight Maze, an attack that happened in the late 90's, from a now retired IT admin whose server has been used as a proxy to launch the attacks.

Continue reading →

There is a new, global cyber espionage campaign, and this one demonstrates a "new level of maturity." This is according to a new report by PwC and BAE, released after consultation with other cyber security experts, including the UK's National Cyber Security Center.

The report claims this new cyber espionage campaign targets businesses through managed services IT providers.

Continue reading →

Connected cameras, vending machines or light bulbs were the vectors of the latest cyber-attacks. It is just the beginning of a long list of Internet of Things that will be used by hackers to take down businesses or steal data. But who should be blamed for this new situation?

We heard about the promise of a better life when everything will be connected to it. We trusted it because we loved the idea of having an easier life and access to more services at the same time. Manufacturers also saw a huge opportunity in that trend for new business, so everybody was happy.

Continue reading →

The New York Post suffered a security breach this weekend when its push notification system was compromised. Unknown attackers used the system to send out messages to users of the New York Post mobile app.

The hackers sent out messages with strange, cryptic content. One read "Heil President Donald Trump!", while others had a religious or spiritual tone to them, and one quoted a Nirvana lyric.

Continue reading →

The statistics continue to chill. Two point three million estimated fraud victims in the UK alone in 2015 according to the ONS. 173,000 confirmed reports of identity theft amongst CiFas members (largely utilities and finance companies) in 2015.

From a consumer perspective the chances are that over a period of three to four years you are now more likely than not to be a victim of a successful fraudulent act of some kind.

Continue reading →

Debate and discourse around WikiLeaks’ announcement about a series of leaks from the CIA continue unabated. Codenamed "Vault 7," WikiLeaks claims this is the largest classified information leak to have come from the CIA to date. Added to that, only one percent of documents have been made public so far.

From the leaked documents it’s become clear that the CIA has created its own internal hacking capabilities to rival that of the NSA. It may be more tactical than strategic -- but with exploit sets including Android, IoS, Samsung TVs, Linux, Mac, zero day attacks and more, it could certainly give the NSA a run for its money.

Continue reading →