Articles about Hacking

The ChatGPT artificial intelligence bot has been causing a bit of a buzz lately thanks to its ability to answer questions, ask follow ups and learn from its mistakes.

However, the research team at Cybernews has discovered that ChatGPT could be used to provide hackers with step-by-step instructions on how to hack websites.

Continue reading →

Password management firm LastPass has issued an update about a security breach that was first revealed back in August. The news is not good; the data breach is significantly worse than initial reports suggested.

LastPass says that its investigations into the incident now show that the hackers were able to obtain customer vault data. The company points out that these vaults are home to both encrypted and unencrypted data, and tries to play down the significance of a threat actor gaining access to unencrypted data.

Continue reading →

It's safe to say that Hollywood and pop culture have not always been kind to the tech and cybersecurity industry.

Throughout the years, movies and TV shows have established a stereotype of how IT and security experts should look, with one of the biggest stereotypes being the representation of a hacker.

Continue reading →

The short-term costs of a cyberattack are significant. Investigating and containing a breach, rebuilding IT systems and implementing new security controls, as well as the loss of productivity, can all cause severe financial strain.

However, the long-term costs of a breach are often even more damaging. Enterprises that do not handle an attack well can suffer a number of further consequences, including reputational damage, a loss of customer loyalty and a drop in share prices.

Continue reading →

We've already seen that cyberattacks have played a role in the war in Ukraine. But what about the prospect of more widespread cyber warfare. Could Ukraine be just a testing ground?

Education advice site Security Degree Hub has produced an infographic looking at the prospects of a cyber war and what it might look like.

Continue reading →

With the decline of the traditional enterprise network perimeter, more and more organizations are turning to a zero trust approach to securing their systems.

This not only reduces the attack surface, it ensures that if an attack does succeed it's much less likely to spread laterally within the network. We talked to Tim Silverline, VP of security at network automation specialist Gluware, to find out more about what implementing zero trust means.

Continue reading →

Fintech firm Revolut has been hit by a cyberattack that resulted in personal data of tens of thousands of users being exposed.

Described as a "highly targeted" attack -- although it is not clear who was targeted or why -- the security incident took place on the night of September 11. The attack gave an unauthorized third-party access to a range of data including postal and email addresses, account information, and phone numbers.

Continue reading →

Last month, LastPass suffered a cyberattack and the company shared some details about what had happened shortly afterwards. Now, having conducted further investigations, more information has been revealed including the fact that the attacker had access to the LastPass development environment for four days.

The company concedes that it is not clear how the attacker was able to gain access but says: "the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication". LastPass has also revealed the impact of the four-day security incident in the name of providing "transparency and peace-of-mind to [its] consumer and business communities".

Continue reading →

Researchers from cybersecurity firm Vectra have issued a warning that Microsoft Teams stores authentication tokens in an unprotected form that could easily be abused by hackers.

The desktop apps for Windows, macOS and Linux all store authentication tokens in cleartext, and this can be used by an attacker to steal an identity and log into accounts. This is clearly worrying, but what is more concerning is Microsoft's reaction; the company says that the issue does not require "immediate servicing".

Continue reading →

Uber is working with law enforcement after it became the latest company to fall victim to a cyber attack. Hackers were able to breach its internal systems and gain access to a range of data including emails, vulnerability reports, its HackerOne bug bounty program and more.

The attackers were also able to access Uber's Slack server, going as far as posting messaging to it. At the moment, it is not clear whether customer data has been exposed in the attack which seems to have come as the result of extracting passwords from an employee via social engineering.

Continue reading →

Samsung has revealed limited details of a security incident that took place earlier in the year, exposing the personal data of customers in the US.

The technology giant says that the data breach took place back in July when "an unauthorized third party acquired information from some of Samsung's US systems". No details about who may have been responsible have been released, and Samsung has issued a warning for customers to exercise caution.

Continue reading →

Major cyberattacks still have the power to make headline news, yet reporting and indeed conviction rates for cybercrime remain low. It's perhaps not surprising then that rising numbers of young people are getting involved in these illegal activities.

We spoke to Simon Newman, International Cyber Expo Advisory Council member and CEO of the Cyber Resilience Centre for London, to get his views on what needs to be done to improve reporting and change the mindset of 'script kiddies' for the better.

Continue reading →

LastPass, the firm behind the eponymous password management software, has revealed that it fell victim to a security breach two weeks ago. Although the company is quick to point out that passwords stored by users have not been exposed, the incident remains hugely significant.

The hackers were able to breach the security of a developer account and took advantage of this to steal "source code and some proprietary LastPass technical information". While LastPass is at pains to stress that it has seen "no evidence that this incident involved any access to customer data or encrypted password vaults" it is an incident that will nonetheless dent user confidence.

Continue reading →

The power of software supply chain attacks was amply demonstrated by SolarWinds but two years on some organizations are still vulnerable thanks to the use of source code management (SCM) systems.

IBM's X-Force Red ethical hacking team has been able to successfully gain access to SCM systems during an adversary simulation engagement in most cases.

Continue reading →

Twitter has confirmed that a hacker was able to exploit a security vulnerability on the social platform earlier this year, gaining access to the private data of millions of users.

In total, 5.4 million accounts were affected, with the attacker able to link account names to email addresses and phone numbers. While the incident took place back in January this year, Twitter has also revealed that the exposed user data was made available to buy just last month. In what will be regarded by many as something of an understatement, the company says that "it is unfortunate that this happened".

Continue reading →