Articles about Hacking

You know that Yahoo breach that just happened recently? The one where 500 million credentials were stolen? Well, a highly respected security researcher claims the hack was done by the same group that breached MySpace, LinkedIn, Badoo, VK.com, and a few others.

The researcher in question is Andrew Komarov, and he told The Register that not only did the same group do all these things, but the number of breached Yahoo accounts is probably a billion. Double what was reported. Komarov says the group, referred to as "Group E", is a "small Eastern European hacking outfit" that makes money by hacking big companies and selling their data to whoever is willing to pay.

Continue reading →

This has been a controversy for quite some time. Companies don't like their flaws exposed, and for the most part researchers have honored this, at least to a reasonable degree. Generally, a period of time is given for the company in question to fix the problem, but if it fails then the issue is made public, somewhat akin to branding the company with a scarlet A.

Now, one researcher is working on a book that will point out common system flaws and how to either fix them or avoid them to begin with.

Continue reading →

Apple has historically been very guarded and secretive. While this is still true today, the company has definitely become more open after Steve Job's death. Quite frankly, the fact that there are now public betas for both iOS and macOS is mind-blowing for the Apple faithful. Last month, the company even launched its first bug bounty program! Why did Apple soften its guarded position? It had to. As the technology market advances, and security becomes a bigger focus, it is not possible to catch all bugs and vulnerabilities in house.

While the bug bounty and public betas were very wise moves, the company is apparently taking things a step further. According to Forbes, Apple is enlisting iPhone jailbreakers and other hackers (such as Luca Todesco, Nicholas Allegra and Patrick Wardle) to bolster the security of its products using the aforementioned bug bounty program. In fact, it is rumored to be happening at a secret meeting. If true, is the company smart to trust these people?

Continue reading →

Back in August we learned of access to US voter registration databases in the states of Arizona and Illinois. After an extensive investigation it was widely believed the attempts had come from Russia, which has a history of attempting to influence votes in foreign nations.

Now Director Comey has once again appeared before congress to give some more bad news. "There have been a variety of scanning activities, which is a preamble for potential intrusion activities, as well as some attempted intrusions at voter registration databases beyond those we knew about in July and August", Comey states.

Continue reading →

Israeli security firm Cellebrite -- the company said to have helped the FBI access the San Bernadino iPhone -- says that it has the power to break into, and extract data from, just about any phone out there. Speaking with the BBC, the company demonstrated how it can crack the password on a smartphone to access its data.

It said that it was able to extract data from the very latest handsets including Android 7 devices and the iPhone 7. Cellebrite says it works with law enforcement agencies around the world too, and stopped short of saying it refused to work with oppressive regimes. The interview raises some interesting questions.

Continue reading →

If your business gets hacked, expect to lose a significant portion of your customers -- for good. This is according to a new report released by Alertsec, the cloud-based encryption company. Its Brand Perception Study, based on a poll of 1,200 Americans, says 17 percent of women and 11 percent of men would permanently lose trust in a hacked company.

Almost a third (29 percent) would need months to return while a further 22 percent would need only one. Men are also more likely (16 percent) to switch brands after a hack than women (6 percent). For more than a third (35 percent), a hack means the company was sloppy. Another third (32 percent) says it is the result of a lack of professionalism, while 26 percent say the company would become a great target for lawsuits.

Continue reading →

A group of hackers speaking Russian and using Russian servers are out hunting for American companies' user credentials, an exclusive story published on The Epoch Times claims.

This group, allegedly not tied to any government and basically operating on its own, is targeting "at least" 85 companies, including Amazon, American Airlines, AT&T, Best Buy, Wells Fargo, DropBox, Dunking Donuts, Ebay, GoDaddy, Uber, Match.com, McDonald’s, Office Depot, PayPal, Pizza Hut, Steam, and Apple Pay.

Continue reading →

There have been numerous cases of iCloud accounts being hacked over the years, but it's the celebrity ones that hit the headlines. Well, that and things like the Fappening. The latest celebrity account to fall victim to hackers is Pippa Middleton, sister of British royal Kate Middleton, the Duchess of Cambridge.

A reported 3,000 images have been stolen from Pippa's account, and these are said to include photographs of Kate and her children. Leaked images also show photos from private parties, and shots of wedding dresses.

Continue reading →

Data breaches have become the norm in recent years with 2014 earning the nickname the "year of the data breach" and 2015 being known as the "year of the breach". So far in 2016, even more data breaches have been made public, including LinkedIn, MySpace and Dropbox and we will likely see more before the year comes to a close.

For companies, being the victim of a breach is unnerving enough, but there also implications to their reputation, brand and finances. However, breaches also have an indirect impact on organizations and some end up facing the "collateral damage" of such an attack for some time after the initial breach.

Continue reading →

Yahoo users who have not changed their passwords for a while are being advised to do so. The company has confirmed that it suffered a major security breach back in 2014 and information relating to 500 million accounts was stolen.

Yahoo says that the attack was carried out by a "state-sponsored actor" but does not elaborate on who it might be. The data accessed includes "names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers".

Continue reading →

Attacks on websites are a daily occurrence so to get any real attention an attack needs to be something special. Starting on Tuesday, Brian Krebs' security blog, KrebsOnSecurity.com, was hit with what is being described as "the largest DDoS the internet has ever seen".

Despite being clobbered with a colossal 665 Gbps of traffic, Krebs' site remained online thanks to the anti-DDoS efforts of security firm Akamai. It is thought that Krebs was targeted for his exposés of hackers, and the attack was delivered via a huge number of hacked IoT devices.

Continue reading →

Hackers are increasingly targeting healthcare institutions with malware because of their poor cyber-security posture, reliance on legacy IT systems, third-party services and the need to access information as soon as possible in order to deliver great patient care. These are the conclusions released in a new report entitled McAfee Labs Threats Report: September 2016.

It says that hospitals paid almost $100,000 (£75,500) to a specific bitcoin account. In the first half of 2016, one "actor" (it could be a single hacker, but more likely a group) apparently received $121 million in ransomware (189,813 bitcoin), targeting various industries. This actor, according to the report, has had profits of $94 million in the first six months of this year.

Continue reading →

Hackers are using social media to gather information about their next victim. They use that information to form sophisticated strategies and deliver advanced threats into networks.

These are the results of a new Blue Coat Systems report, based on a poll of 3,130 workers in various industries in Great Britain, France and Germany. Key takeaway from the report is that user behavior has not improved much since last year. This year, 42 percent of respondents say they only accept friend requests from people they know.

Continue reading →

Whilst the popular view of hackers tends to be of outsiders, there's been increasing emphasis in recent years on the threat to enterprise data posed by those inside the organization.

Behavior analytics company RedOwl carried out a survey at last month's Black Hat conference, asking almost 300 security professionals for their views on insider threats, and the results are released today.

Continue reading →

A security researcher has revealed a way to determine the password needed to access a protected Windows or OS X account. Using Rob Fuller's technique, it doesn't matter if the computer in question is locked, and it uses a USB SoC-based device to crack user credentials.

By modifying the firmware of a USB dongle, Fuller was able to make the device appear as an Ethernet adaptor. By spoofing a network connection, it is then possible to trick a target computer into giving up an account password.

Continue reading →