Articles about Hacking

Researchers at Abnormal Security have detected an increase in business email compromise attacks that successfully compromise email accounts despite the use of multi-factor authentication (MFA) and Conditional Access.

This is possible because legacy email protocols, including IMAP, SMTP, MAPI and POP, don't support MFA. In addition many common applications -- such as those used by mobile email clients (for example, iOS Mail for iOS 10 and older) -- don't support modern authentication.

Continue reading →

Just a week ago, we covered the news that user log files from the VPN service UFO VPN had been exposed. A database of user data appeared online despite the company's claims of having a "strict no-logs policy".

But while security experts took steps to lock down the data and restrict access to it by the middle of this month, earlier this week it transpired that a second, newer UFO VPN database had appeared online, containing even more data. This time, however, hackers came to the rescue with a coordinated "Meow" attack.

Continue reading →

As damaging as security threats can be, they’re also easily avoidable when you have the appropriate safeguards in place. For businesses in particular, investing in the right methods is essential.

Here are my top 7 tips for keeping your data secure.

Continue reading →

We are in the middle of a pandemic, and lots of us are working from home these days. It is because of technological advances, such as the computer and internet, that so many can work remotely. Let us not forget the mighty webcam which allows our coworkers, friends, and family members to video chat with us. Hell, even doctors are seeing patients using video chat nowadays.

You know who else loves webcams? Hackers! Yes, it is possible for nefarious people to hack into your computer and access your webcam. Any hardware connected to the net can be hacked. And no, you cannot trust an activity light -- hackers can turn them off too. Look, no one wants to be watched by a stranger -- especially when naked or in some other embarrassing situation. Thankfully, something as simple as placing a piece of tape or a privacy shutter (such as this) over the webcam can thwart the bad guys in this regard (the microphone is another story). Unfortunately for those that own Apple laptops, the company is warning users against covering their webcam.

Continue reading →

Microsoft has revealed details of a new platform security technology which the company says will prevent data corruption attacks.

Kernel Data Protection (KDP) works by marking sections of kernel memory as read-only, so there is no way it can be tampered with. The technology comes in response to the fact that increasing numbers of attackers are using data corruption techniques to bypass security, gain additional privileges, and more.

Continue reading →

As technology continues to evolve, software development teams are bombarded with security alerts at an increasing rate, making it almost impossible to address every potential vulnerability.

New research from WhiteSource, an open source security and license compliance management specialist, and CYR3CON, which predicts cybersecurity attacks based on AI-gathered intelligence looks at how development teams prioritize fixing vulnerabilities and compares this to discussions in hacker communities.

Continue reading →

In the past businesses have needed to worry about protecting their networks. But the expansion of internet use, cloud and as-a-service products means there are now more potential threats to worry about.

A new study from attack surface management specialist RiskIQ looks at the digital presence of organizations, where they lack visibility, and the pathways hackers are using to exploit these blind spots.

Continue reading →

Budget airline easyJet has fallen victim to a cyberattack in which personal information of 9 million customers was exposed. Included in this personal data were details of travel plans, email addresses and, in some cases, credit card information.

The company is now in the process of contacting all of those who have been affected by the data breach, but says that anyone whose credit card details were stolen by hackers has already been contacted.

Continue reading →

While high profile attacks like phishing scams targeting stimulus payments make the headlines, a new report shows they are actually on the decline.

The annual security report from website security specialist SiteLock finds that quiet attack methods, like backdoor files, are more favored among hackers as they become increasingly sophisticated and turn to methods that can go undetected and deliver the biggest payout.

Continue reading →

Security researcher Björn Ruytenberg has revealed details of a vulnerability in the Thunderbolt 3 standard. The security flaw means that it is possible for a hacker with physical access to a computer to copy data even if the files are encrypted and the computer is locked.

The vulnerability affects all systems with Thunderbolt ports that shipped between 2011 and 2020, but some systems that shipped since 2019 have Kernel DMA Protection which means they are only partly at risk. Testing tools are available for both Windows and Linux so you can check to see if your computer is vulnerable.

Continue reading →

Researchers at Check Point have uncovered a China-based hacker group that has been targeting multiple national Governments in the APAC region over the past five years, to gather political intelligence and conduct espionage.

Targets include Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei. After infiltrating one government body, the hacker group uses that body’s contacts, documents and servers to launch targeted phishing attacks against new government targets.

Continue reading →

Following the discovery of an SQL injection vulnerability in its XG Firewall product, Sophos has released an emergency patch to protect users against hackers.

The vulnerability affects both physical and virtual XG Firewall units, and signs of attacks were first noticed last week. Attackers exploiting the vulnerability on unpatched firewalls would be able to access all local usernames and hashed passwords of any local user accounts, including local device admins, user portal accounts, and accounts used for remote access.

Continue reading →

A security flaw in Microsoft Teams made it possible for attackers to take over accounts just by getting a victim to view a GIF. The vulnerability stemmed from the way in which Teams handles images and could allow for account takeovers and data theft.

Security firm CyberArk discovered the issue over a month ago and then worked with the Microsoft Security Research Center under Coordinated Vulnerability Disclosure to get the vulnerability fixed. With COVID-19 leading to a huge increase in the number of people working remotely and relying on the likes of Zoom and Teams, the prospect of such an easily exploitable vulnerability is concerning.

Continue reading →

Security firm ZecOps has published research about security vulnerabilities affecting iPhones and iPads. The critical flaws are yet to patched by Apple and are said to be actively used to target high-profile users such as journalists, employees of Fortune 500 companies and VIPs.

What's particularly worrying about the flaws is that they can be exploited by sending a message that appears to be blank. Opened in iOS Mail, the message can be used to run code and spy on activity without the need for any interaction from the victim. There is a suggestion that a nation-state could be involved.

Continue reading →

Both the Windows and macOS versions of Zoom have critical, unpatched security vulnerabilities that could be exploited by hackers to target users and spy on calls and meetings.

Security experts say -- despite not having seen the actual code for the exploits -- that the Windows version of Zoom is affected by an RCE (Remote Code Execution) described as being "perfect for industrial espionage". The zero-days have been offered for sale for $500,000.

Continue reading →