Articles about Hacking

Technology is supposed to make our lives easier, but it seems that in many cases it also gives us something else to worry about.

Research by Bespoke Software Development Company has used the online analytics tool Ahrefs to work out which products we're most concerned about being hacked.

Continue reading →

Microsoft has confirmed reports that it was hacked by the Lapsus$ extortion group, also known as DEV-0537. While admitting that the hackers managed to steal source code, the company is simultaneously trying to downplay the incident.

Lapsus$ shared a 37GB archive online containing partial source code for Cortana and Bing, but Microsoft insists that no customer data was compromised. The company says that "our investigation has found a single account had been compromised, granting limited access."

Continue reading →

Microsoft is conducting an investigation after data extortion group Lapsus$ claimed to have hacked the company and stolen data.

In a leaked screenshot, the hackers brag about gaining access to an Azure DevOps repository which is home to source code for all manner of Microsoft projects including Bing and Cortana. Having already hacked the likes of Samsung, NVIDIA and Vodafone, the claims made by Lapsus$ are entirely feasible, but for now Microsoft is saying nothing about what -- if anything -- has been stolen.

Continue reading →

In the days since Russia invaded Ukraine, to nobody’s surprise, there’s been almost non-stop news. A surprising amount of it has centered around tech. Anonymous made an appearance early-on, even before a single sanction had been instituted. 

We are keeping track of all the tech news from the conflict, or trying our best, with updates at least once a day from multiple sources. You can follow it all here. 

Continue reading →

A few days ago, Russia launched a full-scale invasion of the sovereign nation of Ukraine. Likely most of you have seen at least some of the endless coverage that currently blankets the airwaves. But TV is only giving you part of the story; you can learn a lot more by nosing around online. For the past several days I have kept a running update of what hacktivist collective Anonymous has been up to. The group has been busy and they have made the Russian government even busier, hacking their various state-run 'news' services, such as RT (Russia Today). You can look back at the original post and the multiple updates that were added to it on a daily basis. 

Now it’s time to start again and unlike the original story, this time we are letting you know there will be updates that you’ll want to check back in on. We will post them as they happen, which could be once or more in a day. We will begin with what is happening today, March 2. 

Continue reading →

While the US and other NATO nations continue to plan and implement sanctions and possible other means of making Vladimir Putin and his Oligarchs feel some pain over what they are currently doing, Hacktivist group Anonymous has already made its choices and has quickly started implementing its own set of consequences upon those responsible for alleged war crimes. 

As of Saturday morning, the group had taken down websites of the Kremlin, the Russian Department of Defense and Russian DUMA (the lower house of the federal assembly). The sites were taken down rather quickly once Anonymous targeted them but periodically popped back to life, only to have that life snuffed backed out again by renewed efforts. 

Continue reading →

Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups, according to a new report.

The study by Ivanti, produced in conjunction with Cyber Security Works, shows 65 new vulnerabilities tied to ransomware last year, representing a 29 percent growth compared to the previous year and bringing the total number of vulnerabilities associated with ransomware to 288.

Continue reading →

It's understandable if you've made thwarting ransomware your top cybersecurity priority for 2022. The number of successful ransomware attacks, which encrypt computers until victims pay the attackers to unlock their data, surged last year. Ransomware payments reported by banks and other financial institutions (PDF) totaled $590 million for the first six months of 2021, surpassing the $416 million for all of 2020. 

When it comes to protecting your data center and endpoints (e.g., employees' laptops and mobile devices), ransomware should be top of mind. But when securing your cloud environments, don't worry about ransomware -- worry about the misconfigurations that lead to devastating data breaches. 

Continue reading →

The European Data Protection Supervisor (EDPS) has ordered Europol to delete huge quantities of personal data about hundreds of thousands of people. The European Union's police agency has been found to have illegally collected billions of pieces of data about criminals, suspected terrorists and innocent citizens.

The colossal stash of information has been dubbed a "big data ark" by privacy experts, and it includes data gathered by hacking encrypted services and NSA-style grabs. The data store was collected over a period of six years, and the EDPS ruling means that Europol must delete data that has been stored for over six months. The agency also has a year to determine what of the remaining data it may legally continue to hold.

Continue reading →

New data from AtlasVPN shows that 86 percent of hacked Google Cloud accounts are used for illegal cryptomining.

Besides cryptojacking, other uses of compromised accounts include conducting port scanning of other targets on the Internet, occurring 10 percent of the time after a Google Cloud compromise.

Continue reading →

On almost an annual basis we see policy proposing the authorization of private-sector hack back, the latest of which has been legislation from two US senators. One of the main issues with policy proposals for hack back is that they rarely address how it would work in reality and how opportunities for abuse or unintended harm would be handled.

To address this, Senators Daines and Whitehouse have proposed that the US Department of Homeland Security (DHS) "conducts a study on the potential benefits and risks of amending section 1030 of title 18, United States Code (commonly known as the 'Computer Fraud and Abuse Act') to allow private entities to take proportional actions in response to an unlawful network breach, subject to oversight and regulation by a designated Federal agency."

Continue reading →

Rootkits, those sneaky bits of software that lurk deep inside a system in order to give access to hackers, have been around since the late 1980s.

A new study from Positive Technologies takes a close look at how they have evolved in recent years and just how much of a threat they present.

Continue reading →

Security researchers have shown that it is possible to bypass the biometric security of Windows Hello. Using a fake web, the CyberArk Labs research team was able to fool the facial recognition component of Windows Hello to send infrared images.

Windows Hello requires a camera with RGB and IR sensors, but the security tool actually only uses IR imagery. Using a custom USB device, hackers can manipulate the stream of data that is sent, injecting IR imagery of an authorized user.

Continue reading →

The US, UK and other allied nations have accused the Chinese Ministry of State Security of engaging in a global hacking campaign. Included in this was an attack on Microsoft Exchange servers earlier in the year, and other activity that has been described as "irresponsible and destabilizing behavior in cyberspace".

China has been called on to "end this systematic cyber sabotage", and a statement issued by the White House said that "an unprecedented group of allies and partners are joining the United States in exposing and criticizing the PRC’s malicious cyber activities".

Continue reading →

We’ve seen the now infamous Guy Fawkes masks around for a long time. More so a few years ago, than in current times. The main group they belong to, 'Anonymous', has a reputation as hackers but members aren’t the people shutting down gas lines or airlines -- they prefer to think of themselves as ethical. Hacktivists if you will. You may disagree, authorities certainly do, and many members have been arrested. 

A decade ago member Christopher Doyon was nabbed in San Francisco. He allegedly jumped bail and headed south of the border, where he has remained ever since. Producer Gary Lang traveled there and featured him in the Canadian documentary 'The Face of Anonymous' in 2020. 

Continue reading →