Articles about Hacking

The system used by millions of travelers each day to share data between travel agencies, airlines, passengers and websites is incredibly insecure. Security researchers have presented details that highlight just how easy it is to hack flight bookings.

German security firm SR Labs says that using nothing more than a traveler's surname and a six-digit Passenger Name Record (PNR), it is possible to not only gather personal information about people, but also make changes to bookings.

Continue reading →

Threat intelligence is a popular topic in security circles these days. Many organizations are now using a threat feed that comes bundled with some other security product, such as McAfee’s GTI or IBM’s X-Force feeds. Lots of products, notably SIEMs, have added support for some sort of integration with specific threat intelligence feeds or more generic imports via STIX/TAXII. With many now hoping to take advantage of the large number of open source and free intelligence feeds available. Some are even investing in commercial intelligence feeds.

However, as many organizations quickly discover, without effective management of the threat intelligence lifecycle, making effective use of this valuable information is nearly impossible. Today, an organization has two choices for managing threat intelligence, these are to deploy a threat intelligence management platform, or a manual in-house management program. The steps required to set up a manual threat intelligence lifecycle program will be outlined below for those who prefer this approach.

Continue reading →

Security has never been a more pressing issue for businesses than it is now. Mobile working, the proliferation of increasingly sophisticated, connected devices, and the growing number of applications relied upon by the modern enterprise all represent potential risks that weren’t apparent in generations past.

There is a growing fear about the level of damage that cyberattacks could bring, so much so that the United Kingdom has launched a £1.9bn National Cyber Security Strategy to prevent such attacks.

Continue reading →

Hackers are having a moment. As high-profile breaches have become the norm over the last few years, more and more enterprise organizations have turned to bug bounty programs. As a result, the idea of hacking for good has finally begun to resonate with the general public. This rise in popularity has inspired many, from aspiring hackers to seasoned security professionals, to join the hunt and seek out bug bounty programs to "hack on".

As an information security professional by trade and a hacker by heart, I’ve had years of experience hacking for good. From my days as a penetration tester and security leadership roles at HP Fortify, Redspin and Citrix to hacking on bug bounty programs of all sizes, I have spent my life hacking for good -- much of this experience has been hacking on bug bounty programs.

Continue reading →

According to the Crime Survey for England and Wales published this October by the UK's Office for National Statistics (ONS), the official crime rate all but doubled in the year ending June 2016 after the inclusion of online crime figures for the very first time. In fact, card fraud was cited as the most common crime in the UK. John Flatley, head of crime statistics and analysis at the ONS, stated that members of the public are now 20 times more likely to be a victim of fraud than of robbery.

The Numbers Are Soaring!

Continue reading →

We found out last week that one billion Yahoo accounts were hacked in 2013, only a couple months after we learned about a separate hack, that took place in 2014, which compromised an additional 500 million accounts. Combine that with the 360 million compromised MySpace passwords, 117 million from LinkedIn, 65 million from Tumblr, and 32 million from Twitter, and you can almost guarantee that you or someone you know was affected by the mega-breaches announced in recent months.

Being as most people use the same password over and over, these breaches give hackers access to multiple accounts. In a proactive security screen this fall, Netflix found a number of users whose Netflix passwords were compromised as part of another company’s breach. These instances do not simply let attackers tweet on your behalf; they can affect all of your accounts. How many people use the same password for LinkedIn or Yahoo as they do for their corporate email? An unsettling number.

Continue reading →

Here we go again. Friggin' Yahoo. Sigh.

Earlier this year, the company announced that 500 million Yahoo accounts were hacked in a massive breach. This was very upsetting, as it happened back in 2014, meaning users were not made aware for years. Today, an entirely different hack is brought to light. It is even worse than the previously announced breach, as it happened a year earlier (in 2013), and it impacts twice as many accounts -- more than one billion!

Continue reading →

Starting today, the FBI will now have a much easier time hacking just about any computer it wants to. The use of VPNs and other anonymizing software such as Tor meant that it was previously difficult for the Feds to apply for the necessary warrant within the relevant jurisdiction.

Now the location doesn't matter. A change to Rule 41 of the Federal Rules of Criminal Procedure means that investigators can obtain a search warrant regardless of location. The expansion of FBI hacking powers comes after a failed Senate bid to block the changes to Rule 41, and there are fears that it is power that could be abused by Trump.

Continue reading →

German telecommunications giant and T-Mobile parent company Deutsche Telekom was the victim of a cyber-attack over the weekend, which left some 900,000 users affected, the company confirms in a blog post.

This weekend, a hacker (or more likely, hackers) infiltrated the company, and tried to infect users' home routers with malware. Deutsche Telekom said its network was not affected "at any time".

Continue reading →

A data breach has exposed the personal details of more than 130,000 US Navy sailors, including social security numbers.

Rather than being a breach of the Navy's own defences, the data leak came about after a laptop owned by a Hewlett Packard Enterprise employee was compromised. In total, 134,386 current and former sailors are affected by the problem.

Continue reading →

Late yesterday, Three admitted to a breach of its customer databases which potentially put 6 million people at risk. Today the company has spoken out, indicating that far fewer customers were affected than first thought.

In fact, data from just over 130,000 accounts was accessed, with varying levels of access meaning different customer information was exposed. Three says the primary goal of the database breach was to intercept handsets rather than for other purposes, and it stresses that no financial information was stolen.

Continue reading →

Hackers have gained access to a database containing the personal details of up to six million customers of mobile carrier Three. A report in the Telegraph cites 'sources familiar with the incident', but while Three has confirmed a security breach took place, the company is yet to provide precise details.

What we do know is that the incident took place when hackers used employee login credentials to access the customer upgrade database. It is thought that the hackers gained accessed to customer names, addresses, phone numbers and dates of birth, but financial details were not exposed.

Continue reading →

According to a recent report from cyber-security experts at RSA, in today’s increasingly computerized world, cyber-crime issues "comprise a threat horizon that continues to accelerate and expand with no end in sight".

Since much the same can be said about the growth of computing power in today’s vehicles -- which rely on technology for everything from 3D navigation graphics to semi-autonomous driving capabilities -- the risks for having your car or truck hacked would seem to be on the rise as well. But should current drivers be worried about the issue right now, or is it time to pump the brakes on the car-hacking panic?

Continue reading →

Tesco Bank has taken the extraordinary measure of temporarily halting online transactions after thousands of customers experienced criminal activity in their accounts over the weekend. The move also means that customers are unable to use contactless payments.

Customers were alerted over the weekend via text message after suspicious activity was noticed in numerous accounts. Some have found that hundreds of pounds have gone missing from their accounts, but it is not clear whether the problem stems from a direct hack of Tesco Bank, or if a retailer suffered a security breach.

Continue reading →

A student and security researcher from Pakistan has found a serious issue with Gmail that makes it possible for a hacker to take over any email address.

The vulnerability relates to the way Google handles the linking of a primary Gmail account to another email address for the purposes of message forwarding. In just a few steps it was -- before Google fixed the problem -- possible to take over ownership of an email address by tricking the system into sending out the necessary verification code.

Continue reading →