Articles about Hacking

Microsoft says that a vulnerability in Windows made public by Google has been exploited by a hacking group with links to Russia. The group -- known variously as Strontium, Fancy Bear, and APT 28 -- has executed several spear phishing attacks, the company says.

Google was criticized for publicizing the vulnerability before Microsoft has released a patch. A fix for the security hole is not due to be released until Tuesday, 8 November -- voting day in the US election.

Continue reading →

Following the large scale cyberattack that took down a number of high-profile sites last Friday, a Chinese electronics component manufacturer has admitted that its products were used by the attackers behind the disruption.

Hangzhou Xiongmai Technology, which produces DVRs and internet-connect cameras, has come forward to acknowledge that its products were exploited and that the attackers had taken advantage of security vulnerabilities resulting from weak default passwords.

Continue reading →

Smartphones from LG, Samsung and Motorola are all vulnerable to an attack that makes it possible to gain root access in a matter of seconds. Known as Rowhammer, the attack works using a bit flipping technique that exploits a vulnerability in the design of RAM chips.

Because the attack takes advantage of a physical aspect of design, it is going to be difficult to quickly devise a fix. In the meantime, millions of smartphones are at risk of compromise in what could be as large an issue as the recently-discovered Dirty COW bug -- and there's an app you can use to check if you are at risk.

Continue reading →

A vulnerability discovered in the Linux kernel has been present for nine years, and users are being advised to seek out and install a patch as soon as they possibly can. Dubbed Dirty COW, the bug is a privilege escalation vulnerability which can be found in just about every Linux distro out there.

Discovered by security expert Phil Oester, Dirty COW is described as one of the most serious bugs of its type ever found in Linux. Assigned the code CVE-2016-5195, there is evidence that the vulnerability has been exploited and a website set up to alert people to the problem advises that the "security community should deploy honeypots that entrap attackers and to alert about exploitation attempts".

Continue reading →

Gartner described 2015 as the peak of the driverless car "hype cycle", as the battle between established car manufacturers and technology companies intensified to produce driverless or autonomous vehicles. However the driverless car phenomenon has escalated very quickly in recent months with Uber, Google and now traditional car manufacturer Ford having announced their plans to create and test self-driving vehicles, and rumors surfacing of Apple acquiring McLaren.

The US has also recently issued Federal proposed guidelines setting out 15 benchmarks car manufacturers will need to meet before their autonomous vehicles can hit the road. Ford is currently developing in-car connectivity, ride-sharing and autonomous technologies through its subsidiary; Ford Smart Mobility (FSM) and will launch its self-driving car by 2021. This vehicle will come without a steering wheel, an accelerator or pedals -- an image of a car that was probably unimaginable a decade ago and the battle for the dashboard becomes easier to imagine.

Continue reading →

It seems as no one wants to buy NSA’s exploit tools. Or maybe ShadowBrokers, the group selling the tools, overpriced the deal.

The group, allegedly formed by Russian, state-sponsored hackers, decided to pull the auction on the tools. Instead, it turned it into a crowdfunded sale, aiming for 10,000 bitcoin, or slightly over $6 million.

Continue reading →

Following the $81 million cyberattack in February, a second hacking group has emerged with the intention of exploiting the SWIFT money transfer system to rob banks.

A report from the security firm Symantec has revealed that these cyberattacks have occurred since January and have targeted companies located in the US, Hong Kong, Australian and other countries. The firm has detected 74 different computer infections that suggest that around 100 organizations have been affected by these attacks so far.

Continue reading →

2016 has been a long year for retailers, with a number of them being relieved of customer data by hackers looking mostly for credit card information. Wendys, Eddie Bauer, Hard Rock Hotel and Casino Las Vegas and others have all been forced to step forward in an effort to protect customers, though largely done after the fact.

Now the latest victim has been announced as retailer Vera Bradley reveals it too has suffered a serious breach of its payment processing system.

Continue reading →

One of the main reasons why hackers and other malicious actors are so hard to locate is not the fact they're really good at hiding their location -- it is because they're exceptional when it comes to faking things. They fake their locations, their working hours, language, infrastructure, toolkits -- even their own groups.

Hackers are going extreme lengths to make sure people looking for them are actually in for a wild goose chase. These conclusions were released by security researchers at Kaspersky Lab who tried to tackle the issue of misleading both victims and security researchers.

Continue reading →

There is only a month to go until the election showdown between Trump and Clinton finally comes to an end. There is a great deal riding on the result of this particular election and we have already seen DNC servers hacked.

There has been speculation about who may have been responsible for this security breach, but now the US has pointed the finger firmly at Putin's Russia. Russian hackers are accused of hacking into the Democratic National Committee's servers and trying "to interfere with the US election process".

Continue reading →

It's probably no great secret that today's older generation has a flock of followers online that they largely do not want, who are trying to con them out of their money. Trying to take advantage of this generation is nothing new. In the past it was done door to door with scams such as "roofers" and "driveway repairmen".

Security company Kaspersky has done a study of internet users aged 55 and older and the results, while unsurprising, aren't particularly good.

Continue reading →

You know that Yahoo breach that just happened recently? The one where 500 million credentials were stolen? Well, a highly respected security researcher claims the hack was done by the same group that breached MySpace, LinkedIn, Badoo, VK.com, and a few others.

The researcher in question is Andrew Komarov, and he told The Register that not only did the same group do all these things, but the number of breached Yahoo accounts is probably a billion. Double what was reported. Komarov says the group, referred to as "Group E", is a "small Eastern European hacking outfit" that makes money by hacking big companies and selling their data to whoever is willing to pay.

Continue reading →

This has been a controversy for quite some time. Companies don't like their flaws exposed, and for the most part researchers have honored this, at least to a reasonable degree. Generally, a period of time is given for the company in question to fix the problem, but if it fails then the issue is made public, somewhat akin to branding the company with a scarlet A.

Now, one researcher is working on a book that will point out common system flaws and how to either fix them or avoid them to begin with.

Continue reading →

Apple has historically been very guarded and secretive. While this is still true today, the company has definitely become more open after Steve Job's death. Quite frankly, the fact that there are now public betas for both iOS and macOS is mind-blowing for the Apple faithful. Last month, the company even launched its first bug bounty program! Why did Apple soften its guarded position? It had to. As the technology market advances, and security becomes a bigger focus, it is not possible to catch all bugs and vulnerabilities in house.

While the bug bounty and public betas were very wise moves, the company is apparently taking things a step further. According to Forbes, Apple is enlisting iPhone jailbreakers and other hackers (such as Luca Todesco, Nicholas Allegra and Patrick Wardle) to bolster the security of its products using the aforementioned bug bounty program. In fact, it is rumored to be happening at a secret meeting. If true, is the company smart to trust these people?

Continue reading →

Back in August we learned of access to US voter registration databases in the states of Arizona and Illinois. After an extensive investigation it was widely believed the attempts had come from Russia, which has a history of attempting to influence votes in foreign nations.

Now Director Comey has once again appeared before congress to give some more bad news. "There have been a variety of scanning activities, which is a preamble for potential intrusion activities, as well as some attempted intrusions at voter registration databases beyond those we knew about in July and August", Comey states.

Continue reading →