Articles about Hacking

It's only a couple of weeks since WikiLeaks unleashed the first batch of its Vault 7 CIA documents, revealing the agency's spying and hacking capabilities. Now the organization has released a second cache of files dubbed Dark Matter, and they show that the CIA has developed tools for hacking Apple products.

Bold and exciting names like Sonic Screwdriver, DerStarke, Triton and DarkSeaSkies are the monikers given to attack the firmware of MacBooks and iPhones. What's particularly interesting about the documents is that they appear to show that the CIA had the ability to exploit Apple hardware and software a full decade ago.

Continue reading →

A group of hackers that goes by the name Turkish Crime Family, claims to have access to hundreds of millions of iCloud accounts, and it wants Apple to pay $75,000 in Bitcoin or Ethereum or $100,000 in iTunes gift cards to delete the compromised credentials.

This may lead one to believe that the collective has managed to hack iCloud, but according to Apple there "have not been any breaches" in any of its systems. "The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services."

Continue reading →

61 percent of UK businesses believe they will suffer from cyber crime in 2017, according to new research from Mimecast. These anxieties are justified: two thirds of large UK businesses were targeted by cyber criminals last year.

As the threat posed by cyber crime increases, businesses now invest more than ever in training, technology and skills -- global cyber spending is predicted to reach $1 trillion by 2021.

Continue reading →

A couple of bizarre incidents happened to Three users in the UK recently, and the media are suspecting the company might be facing a new data breach.

According to a report by The Guardian, some customers, logging into their accounts, were "presented with the names, addresses, phone numbers and call histories of strangers."

Continue reading →

The CIA's hacking tools leaked in the WikiLeaks Vault 7 disclosure revealed vulnerabilities in a range of popular software titles. Julian Assange has said that his organization will share details of the zero days revealed in the documents with the respective technology companies, but it now transpires that there are certain conditions to meet first. It’s a situation that has more than a slight air of "ransom" to it.

Microsoft has initially complained that after the initial leak there had been no contact from either WikiLeaks or the CIA, but it seems that contact has now been made with the Windows-maker and other companies. Mozilla is among those to have been contacted and to have responded, and sources suggest that Assange has attached conditions to disclosing details of vulnerabilities.

Continue reading →

News that multiple access points at the RSA security show may have been hacked made for great headlines, and that’s about it. The attack poses little actual risk to most corporate users, but it does underscore the importance the cloud can play in corporate VPNs.

Security researchers at Pwnie Express discovered the attack when scanning the conference floor. They found a rogue access point posing as a known, trusted network -- what’s called an EvilAP attack. In an EvilAP attack, the attacker impersonates a known wireless network by intercepting the SSID a user’s device discloses when searching for a WLAN. The attack is available from several hacking tools, including KARMA.

Continue reading →

The US Justice Department is charging two Russian spies and two hackers with orchestrating the attack against Yahoo in 2014 that saw 500 million accounts being compromised as part of an effort to collect intelligence.

The Justice Department says that Dmitry Dokuchaev and Igor Sushchin "and other known and unknown" FSB intelligence officers hired hackers Alexsey Beland and Karim Baratov to hack Yahoo accounts belonging to Russian journalists, officials, and employees of a "prominent" security company, as well as US officials and employees of tech companies.

Continue reading →

When WikiLeaks' Vault 7 revelations about the spying capabilities and techniques were unleashed, there was concern about a number of popular apps and services that -- the documents suggested -- had been compromised. Included in this list are popular, secure chat apps WhatsApp and Telegram, and Check Point software has just released details of a vulnerability that left millions of user accounts exposed to hackers.

Google was recently criticized for releasing details of a security hole in Windows (and, subsequently another one in Internet Explorer and Microsoft Edge) before Microsoft had patched it. In fact, it was a third party who jumped to the rescue, issuing patches before Microsoft. This time around, however, after notification of the problems from security firm Check Point, WhatsApp and Telegram both patched the security holes within a week.

Continue reading →

Technology companies will be given access to the CIA's hacking tools revealed earlier in the week, Julian Assange said today. The WikiLeaks founder said that full details of the exploits used by the CIA would be shared with a view to allowing companies to patch the security holes.

Apple has already said that it has fixed many of the iOS vulnerabilities mentioned in the document cache, and we know that the CIA exploited vulnerabilities in all major operating systems as well as weaponizing numerous popular programs. While WikiLeaks has made certain details of the CIA's hacking tools public, it intends to share them in their entirety privately so software developers can create patches.

Continue reading →

The FBI and CIA are working together on a joint investigation into the Vault 7 document cache published by WikiLeaks that supposedly reveals the CIA's hacking tools. Many of the companies mentioned in the documents for having exploitable vulnerabilities -- including Apple, the Linux Foundation, and Microsoft -- have spoken out about the leaks, but it has taken some time for the CIA itself to respond.

Speaking to the BBC, a CIA spokesperson said: "The American public should be deeply troubled by any Wikileaks disclosure designed to damage the intelligence community's ability to protect America against terrorists and other adversaries." FBI director James Comey has also spoken about the lack of privacy that now exists in the US.

Continue reading →

Yesterday WikiLeaks unleashed Vault 7 online, revealing a wealth of information about the CIA's hacking tools and techniques. Included in the data dump was the suggestion that the CIA was actively exploiting vulnerabilities in iOS and other software to listen in on people. Apple has responded by saying that "many" of these security holes have been fixed.

Importantly, the company is unable to say that all of the vulnerabilities being used -- or that have been historically used -- by the CIA have been addressed, but it does insist that it "will continue work to rapidly address" problems that are found. A number of iOS security flaws have been exploited by the CIA to surveil individuals, or even take remote control of devices.

Continue reading →

A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It's a situation that's described as "a tangible threat to online privacy and security."

Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who -- with a team of helpers -- has been investigating since January. River City Media's database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: "Chances are you, or at least someone you know, is affected."

Continue reading →

A new report suggests that Mike Pence not only used a personal email account to handle state business, but also that the email address was hacked. The US Vice President was one of many who were very vocal in denigrating Hillary Clinton for her use of a private email server in the run-up to the election.

The Indy Star says that Pence used an AOL email address to conduct public business during his time as governor of Indiana. The report also says that his email account was hacked, with a perpetrator gaining access to it in the middle of last year and sending out a fake email to his contacts.

Continue reading →

Yahoo CEO Marissa Mayer is not going to receive her annual bonus this year as the company punishes her for failing to react quickly enough to a security breach in 2014. Her bonus is to be shared between staff instead.

The security breach, followed by another in 2016 involving the use of forged cookies, meant Yahoo's sale to Verizon had to be renegotiated, slashing millions of dollars from the price. The company has revealed that around 32 million user accounts were accessed using forged cookies, and while this is nothing like the 500 million accounts affected by the 2014 breach, it rocked faith in Yahoo and Mayer felt it best to also pass on her stock award.

Continue reading →

Yahoo -- or, rather, its users -- have not been doing very well recently when it comes to security. Having already revealed details of a huge historic attack that led to the theft of details for millions of accounts, Yahoo is now notifying an unknown number of users that their accounts may have been breached by hackers using forged cookies.

At the same time, Bloomberg is suggesting that the impending deal with Verizon has been renegotiated. The latest revelations coupled with the previous security issues could have just cost Yahoo $250 million.

Continue reading →