Articles about Hacking

The recently released mid-year report by Corero Network Security has identified some worrying trends in the cyberthreat landscape.

In particular, the research revealed that attackers are changing the way that they use DDoS attacks in an attempt to make them more effective.

Continue reading →

Call me a smartphone agnostic. Thanks to a quirk of geography and a period of deliberate disengagement from the tech industry, I missed out on the initial wave of the mobile device revolution. By the time I bought my first Android phone, KitKat was already the dominant platform, iOS 8 had just been released, and both BlackBerry and Microsoft had been relegated to the obituary section.

So when I finally did go smartphone shopping on a trip back to the States, my requirements were as modest (I mostly wanted a mobile hotspot for my laptops/tablets) as my budget. All of which led me to my local Metro PCS shop and my first taste of budget Android telephony: A Samsung Galaxy Avant. For the ridiculously low price of $119, I got an unlocked Avant with a 4.5" qHD (960 x 540 pixel) screen, 1.5GB of RAM, 16GB of storage and a quad-core CPU, all tied to an unlimited data plan (another $60) that delivered 50Mbps LTE speeds to my condo in FL.

Continue reading →

The fallout from the Ashley Madison hack continues. After the passwords of millions of users were stolen in a huge security breach, the encrypted database has now been cracked. A cracking group called CynoSure Prime eschewed a time-consuming brute force approach to breaking into the database, and instead exploited information revealed by a change the infidelity site made to the way it stored data.

This change effectively rendered pointless the bcrypt encryption that had been used to protect data. It was possible to dramatically speed up the cracking process so data was accessible in a matter of days rather than years. So should users of Ashley Madison be worried?

Continue reading →

A health insurer in upstate New York was hacked, and more than 10 million of its members might have had their data stolen, Reuters reported on Thursday.

The Rochester-based insurer Excellus BlueCross BlueShield said it and its affiliates had been the target of a sophisticated cyberattack. It is offering free identity theft protection services to the affected.

Continue reading →

It has been slightly over 3 months since the extra-marital affair website Ashely Madison was hacked and the details of millions of users were released to the world.

But the surprising thing is that other dating websites haven’t learned the lesson from this attack.

Continue reading →

A security researcher at Check Point has discovered a vulnerability in the WhatsApp Web app. The app -- which allows for WhatsApp messages sent to a phone to be viewed on a desktop computer, as well as syncing data -- can be exploited if a malicious user sends a specially-crafted vCard contact to someone.

A problem with WhatsApp's filtering of the contact card means that it could be used to "trick victims into executing arbitrary code on their machines in a new and sophisticated way". What's particularly worrying about this vulnerability is the fact that all an attacker needs is the phone number associated with a WhatsApp account. With an estimated 200 million WhatsApp Web users, there are a lot of potential victims.

Continue reading →

If you have not recently updated the firmware for your Seagate wireless NAS drives, now is the time to do so. Researchers at Tangible Security have discovered a series of vulnerabilities in a number of devices produced by Seagate that could allow unauthorized access to files and settings.

An undocumented Telnet feature could be used to gain control of the device by using the username 'root' and the hardcoded default password. There are also other vulnerabilities that allow for unauthorized browsing and downloading of files, as well as permitting malicious files to be uploaded. Tangible Security says that Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL drives are affected, but there may also be others.

Continue reading →

Cybercriminals are a motivated bunch that continually change up their approaches to evade traditional detection-based security. Rather than continuing the insane circle of identify and respond security, it’s time to flip your cyber script and focus on gaining situational awareness of the real risks your organization actually faces.

Once you know what hackers are after and how they are getting in, you can shift your defenses accordingly. To that end, let’s take a look back on the first half of 2015.

Continue reading →

PayPal has patched a security vulnerability which could have been used by hackers to steal users' login details, as well as to access unencrypted credit card information. A cross site scripting bug was discovered by Egyptian 'vulnerabilities hunter' Ebrahim Hegazy -- ironically on PayPal's Secure Payments subdomain.

Hegazy found the Stored XSS Vulnerability on https://Securepayments.Paypal.com back in the middle of June, and was able to demonstrate how it could be exploited. More than two months later, PayPal has addressed the issue and plugged the security hole.

Continue reading →

Hackers, predominantly based in Ukraine and Russia, repeatedly infiltrated the networks of Business Wire, Marketwired and PR Newswire over a period of five years in order to gain profitable information.

Nine of the alleged hackers have now been indicted in the US, charged with stealing more than 100,000 news releases, making more than $30 million. In total, it is believed that 32 hackers have made in excess of $100 million via illegal trading of corporate information.

Continue reading →

Adobe has had endless problems with security vulnerabilities. There seems to be another one all the time. So, it comes as no surprise when news of one is announced. Now is no different as yet another security bulletin has been posted.

This one is APSB15-19, which unsurprisingly allows for a remote user to take control of your system. This one affects all systems.

Continue reading →

Fresh details have been released related to the US Government data that was stolen by hacking group Anonymous.

According to the reports, data for more than 4,200 employees was compromised during this hack but fortunately, the hackers were shut down within 90 minutes of detecting the intrusion.

Continue reading →

We reported last week that a number of Fiat Chrysler vehicles were being recalled  due to the potential for them to be hacked.

Experts at IoT security specialist INSIDE Secure have been looking at the risks and how vehicles can be made more secure in future.

Continue reading →

When it comes to cars, I only consider American manufacturers. Every car I've ever owned has been a Ford, but I am open to GM and Fiat Chrysler vehicles like Chevrolet, Jeep, Dodge and Ram. Lately, I fell in love with the Jeep Renegade -- an Italian-made American SUV -- which was tempting me from Ford.

Due to the reported security deficiencies in Jeep vehicles -- potentially deadly hacks -- I immediately came to my senses. No such vehicles in my future. While the Renegade is not impacted, the brand is, at least for now, tarnished for me. Today, Fiat Chrysler is voluntarily recalling the vehicles that are prey for hackers -- Dodge, Jeep, Chrysler and Ram are all on the list.

Continue reading →

The Ashley Madison hack has once again shown how serious and just how devastating cyberattacks can be. According to a report by Business Insider, the attack against the infidelity site could cost it $200 million (£128m).

According to the report, the site planned on launching a $200 million initial public offering in London later this year.

Continue reading →