Articles about Hacking

Major cyberattacks still have the power to make headline news, yet reporting and indeed conviction rates for cybercrime remain low. It's perhaps not surprising then that rising numbers of young people are getting involved in these illegal activities.

We spoke to Simon Newman, International Cyber Expo Advisory Council member and CEO of the Cyber Resilience Centre for London, to get his views on what needs to be done to improve reporting and change the mindset of 'script kiddies' for the better.

Continue reading →

LastPass, the firm behind the eponymous password management software, has revealed that it fell victim to a security breach two weeks ago. Although the company is quick to point out that passwords stored by users have not been exposed, the incident remains hugely significant.

The hackers were able to breach the security of a developer account and took advantage of this to steal "source code and some proprietary LastPass technical information". While LastPass is at pains to stress that it has seen "no evidence that this incident involved any access to customer data or encrypted password vaults" it is an incident that will nonetheless dent user confidence.

Continue reading →

The power of software supply chain attacks was amply demonstrated by SolarWinds but two years on some organizations are still vulnerable thanks to the use of source code management (SCM) systems.

IBM's X-Force Red ethical hacking team has been able to successfully gain access to SCM systems during an adversary simulation engagement in most cases.

Continue reading →

Twitter has confirmed that a hacker was able to exploit a security vulnerability on the social platform earlier this year, gaining access to the private data of millions of users.

In total, 5.4 million accounts were affected, with the attacker able to link account names to email addresses and phone numbers. While the incident took place back in January this year, Twitter has also revealed that the exposed user data was made available to buy just last month. In what will be regarded by many as something of an understatement, the company says that "it is unfortunate that this happened".

Continue reading →

Technology is supposed to make our lives easier, but it seems that in many cases it also gives us something else to worry about.

Research by Bespoke Software Development Company has used the online analytics tool Ahrefs to work out which products we're most concerned about being hacked.

Continue reading →

Microsoft has confirmed reports that it was hacked by the Lapsus$ extortion group, also known as DEV-0537. While admitting that the hackers managed to steal source code, the company is simultaneously trying to downplay the incident.

Lapsus$ shared a 37GB archive online containing partial source code for Cortana and Bing, but Microsoft insists that no customer data was compromised. The company says that "our investigation has found a single account had been compromised, granting limited access."

Continue reading →

Microsoft is conducting an investigation after data extortion group Lapsus$ claimed to have hacked the company and stolen data.

In a leaked screenshot, the hackers brag about gaining access to an Azure DevOps repository which is home to source code for all manner of Microsoft projects including Bing and Cortana. Having already hacked the likes of Samsung, NVIDIA and Vodafone, the claims made by Lapsus$ are entirely feasible, but for now Microsoft is saying nothing about what -- if anything -- has been stolen.

Continue reading →

In the days since Russia invaded Ukraine, to nobody’s surprise, there’s been almost non-stop news. A surprising amount of it has centered around tech. Anonymous made an appearance early-on, even before a single sanction had been instituted. 

We are keeping track of all the tech news from the conflict, or trying our best, with updates at least once a day from multiple sources. You can follow it all here. 

Continue reading →

A few days ago, Russia launched a full-scale invasion of the sovereign nation of Ukraine. Likely most of you have seen at least some of the endless coverage that currently blankets the airwaves. But TV is only giving you part of the story; you can learn a lot more by nosing around online. For the past several days I have kept a running update of what hacktivist collective Anonymous has been up to. The group has been busy and they have made the Russian government even busier, hacking their various state-run 'news' services, such as RT (Russia Today). You can look back at the original post and the multiple updates that were added to it on a daily basis. 

Now it’s time to start again and unlike the original story, this time we are letting you know there will be updates that you’ll want to check back in on. We will post them as they happen, which could be once or more in a day. We will begin with what is happening today, March 2. 

Continue reading →

While the US and other NATO nations continue to plan and implement sanctions and possible other means of making Vladimir Putin and his Oligarchs feel some pain over what they are currently doing, Hacktivist group Anonymous has already made its choices and has quickly started implementing its own set of consequences upon those responsible for alleged war crimes. 

As of Saturday morning, the group had taken down websites of the Kremlin, the Russian Department of Defense and Russian DUMA (the lower house of the federal assembly). The sites were taken down rather quickly once Anonymous targeted them but periodically popped back to life, only to have that life snuffed backed out again by renewed efforts. 

Continue reading →

Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups, according to a new report.

The study by Ivanti, produced in conjunction with Cyber Security Works, shows 65 new vulnerabilities tied to ransomware last year, representing a 29 percent growth compared to the previous year and bringing the total number of vulnerabilities associated with ransomware to 288.

Continue reading →

It's understandable if you've made thwarting ransomware your top cybersecurity priority for 2022. The number of successful ransomware attacks, which encrypt computers until victims pay the attackers to unlock their data, surged last year. Ransomware payments reported by banks and other financial institutions (PDF) totaled $590 million for the first six months of 2021, surpassing the $416 million for all of 2020. 

When it comes to protecting your data center and endpoints (e.g., employees' laptops and mobile devices), ransomware should be top of mind. But when securing your cloud environments, don't worry about ransomware -- worry about the misconfigurations that lead to devastating data breaches. 

Continue reading →

The European Data Protection Supervisor (EDPS) has ordered Europol to delete huge quantities of personal data about hundreds of thousands of people. The European Union's police agency has been found to have illegally collected billions of pieces of data about criminals, suspected terrorists and innocent citizens.

The colossal stash of information has been dubbed a "big data ark" by privacy experts, and it includes data gathered by hacking encrypted services and NSA-style grabs. The data store was collected over a period of six years, and the EDPS ruling means that Europol must delete data that has been stored for over six months. The agency also has a year to determine what of the remaining data it may legally continue to hold.

Continue reading →

New data from AtlasVPN shows that 86 percent of hacked Google Cloud accounts are used for illegal cryptomining.

Besides cryptojacking, other uses of compromised accounts include conducting port scanning of other targets on the Internet, occurring 10 percent of the time after a Google Cloud compromise.

Continue reading →

On almost an annual basis we see policy proposing the authorization of private-sector hack back, the latest of which has been legislation from two US senators. One of the main issues with policy proposals for hack back is that they rarely address how it would work in reality and how opportunities for abuse or unintended harm would be handled.

To address this, Senators Daines and Whitehouse have proposed that the US Department of Homeland Security (DHS) "conducts a study on the potential benefits and risks of amending section 1030 of title 18, United States Code (commonly known as the 'Computer Fraud and Abuse Act') to allow private entities to take proportional actions in response to an unlawful network breach, subject to oversight and regulation by a designated Federal agency."

Continue reading →