Articles about Hacking

One of the greatest concerns surrounding the growth of the Internet of Things (IoT) is its security, and it seems that some people's worst fears have just been realized. Security experts at Trend Micro have discovered a vulnerability in Qualcomm Snapdragon-produced SoC (system on a chip) devices.

In fact, it is the same vulnerability that cropped up earlier in the month, affecting Nexus 5, Nexus 6, Nexus 6P and Samsung Galaxy Note Edge Android handsets. This in itself is concerning as these are devices that are no longer in line for security updates, but more concerning is the fact that the same chips are used in IoT devices. The vulnerability makes it possible for an attacker to gain root access to the hardware, and this is worrying in a world of inter-connected devices.

Continue reading →

Many people look at hackers as bad guys, and yeah, some are. However, some of these people are actually good -- their work is beneficial for security. When they discover exploits, and report them, it can result in more secure software -- if companies listen, that is.

Google is a huge proponent of for-good hacking, and it even has its own Chrome Reward Program aimed at motivating these people. Basically, Google will pay hackers to find and report security issues in its Chrome software. Today, the company is upping the ante by increasing how much it will pay out.

Continue reading →

The battle between the FBI and Apple over access to the San Bernardino shooter's iPhone is turning into little more than a battle of wills. Both sides are using the case to make a point; Apple posits that unlocking the phone would set a dangerous precedent, the FBI says not unlocking the phone amounts to aiding terrorists.

There have been heavy words thrown from both sides, and the latest round of blows sees Apple claiming that the FBI could follow up its phone unlocking demand with a demand to switch on iPhone cameras and microphone for the purposes of spying on users. "Where will this stop?" asks Eddy Cue. "Some day, someone will be able to turn on a phone's microphone. That should not happen in this country".

Continue reading →

Your CCTV camera might make you feel physically safer, but after reading this article, it will sure make you feel virtually vulnerable. New research from cloud-based video surveillance company Cloudview suggests that the majority of CCTV systems can be hacked, providing an open door to cyber attackers.

The report, entitled Is your CCTV system secure from cyber attack?, says there are "major vulnerabilities" in both traditional DVR-based CCTV systems, as well as cloud-based video systems. Hackers can "easily" hijack connections to the device’s IP address, putting a lot of people, their properties and data at risk.

Continue reading →

Linux Mint is a good operating system. The problem, however, is that it really doesn't need to exist. Mint is based on Ubuntu, which is a wonderful OS on its own. Ultimately, the biggest reason for Mint's existence is the Cinnamon desktop environment, and that is certainly no reason for an entirely new OS. One of the things keeping Linux behind on the desktop is the sheer number of unnecessary distributions, such as Mint, but I digress.

When Linux Mint forums and ISOs were compromised, many of its users felt betrayed. After all, Linux is supposed to be safe and secure -- this hack was a major blemish to the community overall. Of course, this is unfair -- the kernel was not hacked, only Mint's servers. Today, as a reactionary response to the hack, Mint is changing password policies.

Continue reading →

The Government wants backdoor access to our devices so that it can protect us from terrorists and defend matters of national security. Even if its intentions are good, there are people out there that would abuse such a feature, security professionals attending the RSA conference agree.

Endpoint protection and response, security and compliance solutions company Tripwire surveyed 198 security professionals at the RSA Conference 2016 in San Francisco. Out of those surveyed, 81 percent said it was certain (or at least very likely) that cyber-criminals would abuse the government’s access to encrypted data via a backdoor.

Continue reading →

In the run-up to the presidential election, few days go by when Donald Trump isn't hitting the headlines for something he's said or done. The bombastic billionaire looks set to become the republican candidate, and his journey towards the White House is littered with offense and controversy, and back in December Anonymous declared war on him.

The loose collective of hackers and activist made its declaration after Trump announced plans to ban Muslims from entering the US. One of the alleged first strikes in Anonymous' war sees the group hacking the businessman's voicemail and leaking the messages. The messages appear to show that Trump had a surprisingly cosy relationship with the more left-leaning section of the media than one might imagine.

Continue reading →

The precise number of websites out there running on WordPress may not be known, but one thing is for sure -- there are a lot of them. Two reasons for the popularity of WordPress are the ease of set up and the availability of a huge range of plugins. One popular plugin, Custom Content Type Manager (CCTM), has just been pulled from the WordPress Plugin Directory after a backdoor was discovered.

The plugin has been installed on thousands of websites, and a recent update -- automatically installed for many users -- included a worrying payload. In the hands of a new developer, Custom Content Type Manager made changes to core WordPress files, ultimately making it possible to steal admin passwords and transmit them in plaintext to a remote server.

Continue reading →

While it is true that pretty much every network is vulnerable to a cyber attack, it is also the case that attackers must follow a certain formula of actions to compromise these systems. Industry research has shown that, on average, advanced attacks nest inside organizations for 200 days before discovery. That’s a long time for an attacker to stealthily gather private data, monitor communications and map the network.

However, once we understand the steps of a successful cyber attack from an attacker’s point of view, then it is possible to, at the very least, shorten the amount of time it takes to detect it; or mitigate it entirely.

Continue reading →

The security group Rapid7 has released a new report that may prompt some alarm from web users who are heedless when it comes to choosing their online passwords.

Instead of using the passwords that internet users are the most likely to pick, the group took a different route and examined the passwords that cybercriminals are actually trying to use to hack into a number of systems including POS systems, kiosks, and computers.

Continue reading →

The Pentagon is to run its own big bounty program, inviting white-hat hackers to test the security of its systems. It is not intended to be a free-for-all, and would-be hackers will be vetted before being given the go-ahead -- although of course there is nothing to stop anyone from trying to breach the defenses if they feel so inclined

The 'Hack the Pentagon' initiative was launched today by Defense Secretary Ash Carter. He said "I am confident that this innovative initiative will strengthen our digital defenses and ultimately enhance our national security". It is to be a carefully managed program which will only be open to US citizens, and networks relating to particularly sensitive material and weapons will be off-limits.

Continue reading →

The UK's controversial Snooper's charter (or draft Investigatory Powers Bill) has been updated to grant the police sweeping new powers. The new legislation will permit authorities to not only access the browsing histories of suspected criminals, but also to remotely hack into computers and phones in certain circumstances.

Previous version of the bill had limited such powers to the investigation of "serious crime", but the updated version expands this dramatically. Home Secretary Theresa May is hoping to push the draft Investigatory Powers Bill through parliament later this year. The bill has already met with strong criticism from not only privacy groups, but also governmental advisers. While there are some concessions to protect unbreakable encryption, the latest changes will do little to assuage concerns with the bill.

Continue reading →

There are two kinds of people in this world, and I don’t mean those who can read binary and those that cannot. I’m thinking about those who are aware of the security risks smartphones pose, and those who aren’t.

And according to a new survey by security firm Norton, the world is literally split in half over this -- 56 percent of those surveyed say the prospect of the financial and banking information stored on their phone being hacked is "upsetting". Meaning, for the remaining 44 percent it’s not upsetting.

Continue reading →

Just because your business doesn’t have a website, that doesn’t mean it can’t be a victim of a DDoS (distributed denial of service) attack. This sentence might not make much sense at this point, but keep reading.

Security firm Kaspersky Lab and researchers B2B International looked at what cyber-crooks go for when attacking businesses and enterprises, and here’s what they came up with:

Continue reading →

Recently Anonymous has mostly been in the news for targeting Islamic State on the web, playing its part in helping to shut down thousands of ISIS-supporting accounts on Facebook and Twitter.

But the hacktivist collective, which has been active since 2003, has initiated a lot of campaigns over the years, targeting a variety of people and organizations, some more successfully than others. The group’s list of achievements is quite impressive -- ranging from getting an internet predator arrested, to taking on the Church of Scientology.

Continue reading →