Articles about Hacking

Rootkits, those sneaky bits of software that lurk deep inside a system in order to give access to hackers, have been around since the late 1980s.

A new study from Positive Technologies takes a close look at how they have evolved in recent years and just how much of a threat they present.

Continue reading →

Security researchers have shown that it is possible to bypass the biometric security of Windows Hello. Using a fake web, the CyberArk Labs research team was able to fool the facial recognition component of Windows Hello to send infrared images.

Windows Hello requires a camera with RGB and IR sensors, but the security tool actually only uses IR imagery. Using a custom USB device, hackers can manipulate the stream of data that is sent, injecting IR imagery of an authorized user.

Continue reading →

The US, UK and other allied nations have accused the Chinese Ministry of State Security of engaging in a global hacking campaign. Included in this was an attack on Microsoft Exchange servers earlier in the year, and other activity that has been described as "irresponsible and destabilizing behavior in cyberspace".

China has been called on to "end this systematic cyber sabotage", and a statement issued by the White House said that "an unprecedented group of allies and partners are joining the United States in exposing and criticizing the PRC’s malicious cyber activities".

Continue reading →

We’ve seen the now infamous Guy Fawkes masks around for a long time. More so a few years ago, than in current times. The main group they belong to, 'Anonymous', has a reputation as hackers but members aren’t the people shutting down gas lines or airlines -- they prefer to think of themselves as ethical. Hacktivists if you will. You may disagree, authorities certainly do, and many members have been arrested. 

A decade ago member Christopher Doyon was nabbed in San Francisco. He allegedly jumped bail and headed south of the border, where he has remained ever since. Producer Gary Lang traveled there and featured him in the Canadian documentary 'The Face of Anonymous' in 2020. 

Continue reading →

We all know that following a data breach the stolen information is likely to turn up for sale on the dark web. But what's this information worth and how is its value arrived at?

Researchers at consumer website Comparitech have analyzed over 40 dark web marketplaces to find out how much credit card, Paypal, and SSN details are worth to cybercriminals.

Continue reading →

The recently announced COVID-19 vaccines require a 'cold chain' -- a temperature-controlled supply chain that maintains the desired temperature range throughout distribution.

New research from IBM Security X-Force reveals that this cold chain is being targeted in a precision phishing campaign.

Continue reading →

The increasing number of news headlines that mention data piracy, theft and database hacking makes it clear that businesses need to treat data as a valuable asset. This is especially true of businesses with teams that work remotely, as these set-ups usually have fewer security protocols.

Most remote workers are working from their homes, and unless those team members are conscious of cybersecurity, they’re not likely to have intrusion detection systems and firewalls on their personal networks.

Continue reading →

Hackers have breached 7,500 organizations and are selling network access on multiple Russian hacker forums.

An investigation by CyberNews.com reveals compromised networks located in the USA, Canada, and Australia which include educational, entertainment and bar industry organizations.

Continue reading →

Google has shared details of a bug in the Windows Kernel Cryptography Driver (cng.sys) which is currently being exploited in the wild by hackers.

The Project Zero team had already privately shared details of the security flaw with Microsoft a little over a week ago, but now that it is being actively exploited the company has gone public. The zero-day flaw is being tracked as CVE-2020-117087, and it is not likely to be addressed by Microsoft for a couple of weeks.

Continue reading →

Some nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms.

This is one of the findings of Accenture's latest Cyber Threatscape Report. Analysts have seen attackers using a combination of off-the-shelf tooling -- including 'living off the land' tools, shared hosting infrastructure and publicly developed exploit code -- and open source penetration testing tools to carry out cyberattacks and hide their tracks.

Continue reading →

Hackers are increasingly turning their attention to attacking Linux servers and workstations, according to security researchers from Kaspersky.

While it is Windows systems that have traditionally been in the cross-hairs of attackers, advanced persistent threats (APTs) are now a serious issue in the Linux world. Linux systems are being specifically targeted with an ever-widening selection of malware tools.

Continue reading →

People like to be individuals, and in the computing arena one way to be a little different is to change the look of Windows by using themes. But a security researcher has warned of a technique that could be exploited by hackers to trick users into divulging their Windows login details when applying a theme.

Malicious theme packs can be used to execute a "pass-the-hash" attack which sends passwords to a remote server. The specially designed themes are easy to create, andthe way the credential stealing attack works will fool many people -- but there are protective measures that can be put in place.

Continue reading →

Researchers at F-Secure have uncovered a targeted, advanced attack on a cryptocurrency organization which they have linked to the Lazarus Group, and believe is part of a global, and financially motivated, hacking campaign.

Lazarus has been linked to the now infamous WannaCry attacks of 2017. This latest report identifies the tactics, techniques, and procedures (TTPs) used during the attack, such as spearphishing via a service (in this case, using LinkedIn to send a fake job offer tailored to the recipient’s profile).

Continue reading →

Almost half of all actions by attackers are identical to the normal activities of the users and admins, and in most companies even a low-skilled hacker can obtain control of the infrastructure.

These are among the findings of a new study from penetration testing specialist Positive Technologies. Testers, acting as internal attackers, managed to obtain full control of infrastructure at 23 tested companies usually within three days.

Continue reading →

Penetration of a local network takes between 30 minutes to 10 days and in most cases, attack complexity is low, meaning that an attack is within the capabilities of a hacker with basic skills.

Moreover there is at least one easy penetration vector in 71 percent of companies according to the research from Positive Technologies which analyzed the security of corporate information systems and prepared an overview of the most common security flaws and attack methods.

Continue reading →