Articles about Hacking

We all know that following a data breach the stolen information is likely to turn up for sale on the dark web. But what's this information worth and how is its value arrived at?

Researchers at consumer website Comparitech have analyzed over 40 dark web marketplaces to find out how much credit card, Paypal, and SSN details are worth to cybercriminals.

Continue reading →

The recently announced COVID-19 vaccines require a 'cold chain' -- a temperature-controlled supply chain that maintains the desired temperature range throughout distribution.

New research from IBM Security X-Force reveals that this cold chain is being targeted in a precision phishing campaign.

Continue reading →

The increasing number of news headlines that mention data piracy, theft and database hacking makes it clear that businesses need to treat data as a valuable asset. This is especially true of businesses with teams that work remotely, as these set-ups usually have fewer security protocols.

Most remote workers are working from their homes, and unless those team members are conscious of cybersecurity, they’re not likely to have intrusion detection systems and firewalls on their personal networks.

Continue reading →

Hackers have breached 7,500 organizations and are selling network access on multiple Russian hacker forums.

An investigation by CyberNews.com reveals compromised networks located in the USA, Canada, and Australia which include educational, entertainment and bar industry organizations.

Continue reading →

Google has shared details of a bug in the Windows Kernel Cryptography Driver (cng.sys) which is currently being exploited in the wild by hackers.

The Project Zero team had already privately shared details of the security flaw with Microsoft a little over a week ago, but now that it is being actively exploited the company has gone public. The zero-day flaw is being tracked as CVE-2020-117087, and it is not likely to be addressed by Microsoft for a couple of weeks.

Continue reading →

Some nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms.

This is one of the findings of Accenture's latest Cyber Threatscape Report. Analysts have seen attackers using a combination of off-the-shelf tooling -- including 'living off the land' tools, shared hosting infrastructure and publicly developed exploit code -- and open source penetration testing tools to carry out cyberattacks and hide their tracks.

Continue reading →

Hackers are increasingly turning their attention to attacking Linux servers and workstations, according to security researchers from Kaspersky.

While it is Windows systems that have traditionally been in the cross-hairs of attackers, advanced persistent threats (APTs) are now a serious issue in the Linux world. Linux systems are being specifically targeted with an ever-widening selection of malware tools.

Continue reading →

People like to be individuals, and in the computing arena one way to be a little different is to change the look of Windows by using themes. But a security researcher has warned of a technique that could be exploited by hackers to trick users into divulging their Windows login details when applying a theme.

Malicious theme packs can be used to execute a "pass-the-hash" attack which sends passwords to a remote server. The specially designed themes are easy to create, andthe way the credential stealing attack works will fool many people -- but there are protective measures that can be put in place.

Continue reading →

Researchers at F-Secure have uncovered a targeted, advanced attack on a cryptocurrency organization which they have linked to the Lazarus Group, and believe is part of a global, and financially motivated, hacking campaign.

Lazarus has been linked to the now infamous WannaCry attacks of 2017. This latest report identifies the tactics, techniques, and procedures (TTPs) used during the attack, such as spearphishing via a service (in this case, using LinkedIn to send a fake job offer tailored to the recipient’s profile).

Continue reading →

Almost half of all actions by attackers are identical to the normal activities of the users and admins, and in most companies even a low-skilled hacker can obtain control of the infrastructure.

These are among the findings of a new study from penetration testing specialist Positive Technologies. Testers, acting as internal attackers, managed to obtain full control of infrastructure at 23 tested companies usually within three days.

Continue reading →

Penetration of a local network takes between 30 minutes to 10 days and in most cases, attack complexity is low, meaning that an attack is within the capabilities of a hacker with basic skills.

Moreover there is at least one easy penetration vector in 71 percent of companies according to the research from Positive Technologies which analyzed the security of corporate information systems and prepared an overview of the most common security flaws and attack methods.

Continue reading →

Researchers at Abnormal Security have detected an increase in business email compromise attacks that successfully compromise email accounts despite the use of multi-factor authentication (MFA) and Conditional Access.

This is possible because legacy email protocols, including IMAP, SMTP, MAPI and POP, don't support MFA. In addition many common applications -- such as those used by mobile email clients (for example, iOS Mail for iOS 10 and older) -- don't support modern authentication.

Continue reading →

Just a week ago, we covered the news that user log files from the VPN service UFO VPN had been exposed. A database of user data appeared online despite the company's claims of having a "strict no-logs policy".

But while security experts took steps to lock down the data and restrict access to it by the middle of this month, earlier this week it transpired that a second, newer UFO VPN database had appeared online, containing even more data. This time, however, hackers came to the rescue with a coordinated "Meow" attack.

Continue reading →

As damaging as security threats can be, they’re also easily avoidable when you have the appropriate safeguards in place. For businesses in particular, investing in the right methods is essential.

Here are my top 7 tips for keeping your data secure.

Continue reading →

We are in the middle of a pandemic, and lots of us are working from home these days. It is because of technological advances, such as the computer and internet, that so many can work remotely. Let us not forget the mighty webcam which allows our coworkers, friends, and family members to video chat with us. Hell, even doctors are seeing patients using video chat nowadays.

You know who else loves webcams? Hackers! Yes, it is possible for nefarious people to hack into your computer and access your webcam. Any hardware connected to the net can be hacked. And no, you cannot trust an activity light -- hackers can turn them off too. Look, no one wants to be watched by a stranger -- especially when naked or in some other embarrassing situation. Thankfully, something as simple as placing a piece of tape or a privacy shutter (such as this) over the webcam can thwart the bad guys in this regard (the microphone is another story). Unfortunately for those that own Apple laptops, the company is warning users against covering their webcam.

Continue reading →