Articles about Hacking

It has been slightly over 3 months since the extra-marital affair website Ashely Madison was hacked and the details of millions of users were released to the world.

But the surprising thing is that other dating websites haven’t learned the lesson from this attack.

Continue reading →

A security researcher at Check Point has discovered a vulnerability in the WhatsApp Web app. The app -- which allows for WhatsApp messages sent to a phone to be viewed on a desktop computer, as well as syncing data -- can be exploited if a malicious user sends a specially-crafted vCard contact to someone.

A problem with WhatsApp's filtering of the contact card means that it could be used to "trick victims into executing arbitrary code on their machines in a new and sophisticated way". What's particularly worrying about this vulnerability is the fact that all an attacker needs is the phone number associated with a WhatsApp account. With an estimated 200 million WhatsApp Web users, there are a lot of potential victims.

Continue reading →

If you have not recently updated the firmware for your Seagate wireless NAS drives, now is the time to do so. Researchers at Tangible Security have discovered a series of vulnerabilities in a number of devices produced by Seagate that could allow unauthorized access to files and settings.

An undocumented Telnet feature could be used to gain control of the device by using the username 'root' and the hardcoded default password. There are also other vulnerabilities that allow for unauthorized browsing and downloading of files, as well as permitting malicious files to be uploaded. Tangible Security says that Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL drives are affected, but there may also be others.

Continue reading →

Cybercriminals are a motivated bunch that continually change up their approaches to evade traditional detection-based security. Rather than continuing the insane circle of identify and respond security, it’s time to flip your cyber script and focus on gaining situational awareness of the real risks your organization actually faces.

Once you know what hackers are after and how they are getting in, you can shift your defenses accordingly. To that end, let’s take a look back on the first half of 2015.

Continue reading →

PayPal has patched a security vulnerability which could have been used by hackers to steal users' login details, as well as to access unencrypted credit card information. A cross site scripting bug was discovered by Egyptian 'vulnerabilities hunter' Ebrahim Hegazy -- ironically on PayPal's Secure Payments subdomain.

Hegazy found the Stored XSS Vulnerability on https://Securepayments.Paypal.com back in the middle of June, and was able to demonstrate how it could be exploited. More than two months later, PayPal has addressed the issue and plugged the security hole.

Continue reading →

Hackers, predominantly based in Ukraine and Russia, repeatedly infiltrated the networks of Business Wire, Marketwired and PR Newswire over a period of five years in order to gain profitable information.

Nine of the alleged hackers have now been indicted in the US, charged with stealing more than 100,000 news releases, making more than $30 million. In total, it is believed that 32 hackers have made in excess of $100 million via illegal trading of corporate information.

Continue reading →

Adobe has had endless problems with security vulnerabilities. There seems to be another one all the time. So, it comes as no surprise when news of one is announced. Now is no different as yet another security bulletin has been posted.

This one is APSB15-19, which unsurprisingly allows for a remote user to take control of your system. This one affects all systems.

Continue reading →

Fresh details have been released related to the US Government data that was stolen by hacking group Anonymous.

According to the reports, data for more than 4,200 employees was compromised during this hack but fortunately, the hackers were shut down within 90 minutes of detecting the intrusion.

Continue reading →

We reported last week that a number of Fiat Chrysler vehicles were being recalled  due to the potential for them to be hacked.

Experts at IoT security specialist INSIDE Secure have been looking at the risks and how vehicles can be made more secure in future.

Continue reading →

When it comes to cars, I only consider American manufacturers. Every car I've ever owned has been a Ford, but I am open to GM and Fiat Chrysler vehicles like Chevrolet, Jeep, Dodge and Ram. Lately, I fell in love with the Jeep Renegade -- an Italian-made American SUV -- which was tempting me from Ford.

Due to the reported security deficiencies in Jeep vehicles -- potentially deadly hacks -- I immediately came to my senses. No such vehicles in my future. While the Renegade is not impacted, the brand is, at least for now, tarnished for me. Today, Fiat Chrysler is voluntarily recalling the vehicles that are prey for hackers -- Dodge, Jeep, Chrysler and Ram are all on the list.

Continue reading →

The Ashley Madison hack has once again shown how serious and just how devastating cyberattacks can be. According to a report by Business Insider, the attack against the infidelity site could cost it $200 million (£128m).

According to the report, the site planned on launching a $200 million initial public offering in London later this year.

Continue reading →

When Hacking Team was hacked, a massive cache of data was leaked, including the source code for government-strength surveillance tools. Hacking Team warned that the code could have fallen into terrorist hands, but then backtracked slightly to say that any code that had been obtained was incomplete and out of date.

We already know that the company managed to sneak malicious apps into Google Play, and you might be concerned that some of its malware has made its way onto your computer. To help put minds at rest -- hopefully -- Rook Software has released a tool to seek out Hacking Tool malware.

Continue reading →

As you may or may not know, Adobe Flash -- a veteran tool required by many modern browsers for video playback -- is riddled with vulnerabilities. The product has a long history of being thrown under the bus for its security incompetence. Such is the case today. Mozilla announces that it is blocking all versions of Flash Player in its browser with its latest update.

Mark Schmidt, the head of the Firefox team at Mozilla notes that the company is disabling Adobe Flash by default in the browser. The block is accompanied by an image showing a raised fist and the phrase "Occupy Flash". Users who wish to enable Flash can do so by flipping switches in the settings menu, however.

Continue reading →

Following a massive security breach, Italian security firm Hacking Team warned that its government-strength surveillance tools could have fallen into the hands of terrorists. The company advised its customers -- including governments and law agencies around the world -- to stop using its software, and is now launching something of a damage-limitation exercise.

Hacking Team has released a statement indicating that far from giving up and admitting defeat, a new, more powerful version of its software will be released soon. The replacement for Galileo, called Remote Control System 10, is described as a "complete revision" of the old system and "not simply an update". The security firm also stresses that not all of its source code was compromised, only code which is considered obsolete.

Continue reading →

Security researchers at Symantec have discovered that a number of well-known hacking collectives are actually highly trained independent groups targeting large corporations for financial gain.

The likes of Apple, Facebook and Twitter have all faced cyberattacks in the past and it is now thought that this is only viable if the information that is acquired is then sold or traded through some "financial market".

Continue reading →