Articles about Hacking

Oooohhh, things are about to get really interesting in the cyber-security world. Kaspersky Lab has just declared war on the infamous hacking collective Lazarus Group, and it’s bringing its friends to the fight.

Together with Novetta and "other industry partners", Kaspersky Lab has announced the formation of Operation Blockbuster targeted at disrupting the activity of the Lazarus Group.

Continue reading →

There have been 1,673 data breaches last year. They have led to 707 million data records being compromised. Those are the results of a new report by digital security firm Gemalto, entitled Breach Level Index.

The Breach Level Index tracks all data breaches worldwide, looking at their size, severity, as well as the number of records compromised.

Continue reading →

German intelligence agencies are set to gain greater NSA-style surveillance powers after the German Interior Ministry announced plans to use Trojans to spy on the internet activities of suspects. Known as Bundestrojaner, the Trojan would give the government the ability to not only track which sites a target visits, but also record conversations, make use of webcams, access data and log keystrokes.

The Trojan has been in testing since late last year, and having received governmental approval could now be widely dispatched. Widely described as malware and spyware, the tool cannot be used without a court order, but this will do little to assuage the fears of privacy groups.

Continue reading →

Linux Mint is one of the best distos around, but if you’ve installed it recently you might have done so using a compromised ISO image.

The Linux Mint team today reveals that hackers made a modified Linux Mint ISO with a backdoor in it, and managed to hack the Mint website so it pointed to this bad version.

Continue reading →

A researcher from Google Project Zero discovered a serious security issue with the technical support tools supplied with Comodo software products. Tavis Ormandy found that Comodo Antivirus, Comodo Firewall, and Comodo Internet Security all included a bundled VNC server with either no password protection, or a very weak password.

GeekBuddy is a remote desktop tool used by support staff to troubleshoot customer problems, but it also serves as a backdoor that allows for near-unrestricted access to users' computers. The tool installs with full admin rights, meaning that an attacker could very easily gain complete control of a remote computer.

Continue reading →

Listen to Tim Cook and you’d be forgiven for thinking that Apple was standing up for the little guy, sticking up for the likes of you and I in fighting the FBI. The FBI, Apple would have you believe, wants Apple to break encryption, thereby weakening security for everyone. But that's not really the case at all.

The FBI has not asked for encryption to be broken; it wants access to data on the San Bernardino shooter's iPhone, and it wants to do so by using the (as yet unknown) PIN that has been used to lock it. Get it wrong too many times and the device is wiped. The FBI wants custom firmware to be made available that would allow it to brute force the PIN. It's nothing to do with cracking encryption, but that's not what Apple wants you to believe. It's an exercise in misdirection and a classic straw man argument. The problem is, if the straw man goes up in flames, will Apple too?

Continue reading →

We all know that hackers are looking to steal credentials and get their hands on sensitive data, but exactly how does this process work?

Researchers at data protection company Bitglass carried out its second 'Where’s Your Data' experiment, creating a digital identity for an employee of a fictitious retail bank, a functional web portal for the bank, and a Google Drive account, complete with real credit-card data.

Continue reading →

A new study by security firm Tripwire says IT security experts are very confident they can detect a breach, and that they can detect it quite fast. For automated tools, they do not share the same levels of confidence.

The survey questioned 763 IT professionals in various verticals, including retail, energy, financial services and public sector organizations in the US, about the seven key security controls that need to be in place in order to quickly spot an ongoing hack attack.

Continue reading →

Privacy International has lost a court case that questioned the legality of GCHQ's hacking operations. The UK-based privacy and human rights charity launched a legal campaign after Edward Snowden revealed the spying and surveillance that was being carried out by the NSA and GCHQ.

In the course of the case, GCHQ admitted for the first time that it was involved in hacking devices and computers not only in the UK, but around the world. The Investigatory Powers Tribunal (IPT) ruled that activities such as the installation of keyloggers, the remote activation of microphones and cameras, and the use of malware by the intelligence agency is entirely legal.

Continue reading →

In today’s mobile-centric world, using mobile phones for Internet banking is standard practice for most people, but do customers know they could be at risk of a new type of scam?

SIM swap fraud, where scammers cancel and re-activate new SIM cards to hack into bank accounts, is reportedly on the rise.

Continue reading →

I arrived onsite to suite 102 -- the bank’s corporate headquarters -- around 9:40 am. I was impersonating a local utility worker -- with all the garments like a hardhat, clipboard, obnoxious yellow vest, and some old Timberland work boots. I played the part well.

When I approached the suite I saw a giant glass entrance into the main office of the bank with a secretary minding the entrance and questioning visitors. I also noticed employees were entering and exiting an unmarked door at the end of the hallway -- no cameras to be seen. I proceeded slowly past the main entrance and then ran to catch the secured door as it was closing behind an unsuspecting employee. I was in!

Continue reading →

Electronic toys maker VTech has recently been a victim of a cyber-attack, which has seen the data of more than 6.3 million children exposed. The hackers got access to chat logs and photos.

Following the breach, VTech has updated its End User License Agreement, saying the company can’t provide a 100 percent guarantee that it won’t be hacked. It also shifts the responsibility back to the parents:

Continue reading →

Hackers have leaked the contact information of 20,000 FBI employees, which follows the previous day's release of 10,000 Homeland Security employees' data.

The hackers communicating through Twitter, claimed "Well folks, it looks like @TheJusticeDept has finally realized their computer has been breached after one week".

Continue reading →

The energy industry is mostly unprepared for cyber-threats, a new study by Tripwire suggests.

The global provider of advanced threat, security and compliance solutions announced these results in a study conducted for it by Dimensional Research. The study looked at cyber-security challenges faced by organizations in the energy sectors, and includes answers from more than 150 IT professionals.

Continue reading →

There are numerous ways to keep your smartphone safe from prying eyes, and a lock screen protected with a passcode is a popular choice. But a newly discovered vulnerability in iOS 8 and iOS 9 means that iPhones and iPads could be accessed by attackers.

The vulnerability was discovered by security analyst Benjamin Kunz Mejri and it has been assigned a Common Vulnerability Scoring System (CVSS) count of 6.0, as well as a 'high' severity rating. Apple has been aware of the issue since late last year, but has yet to issue a patch.

Continue reading →