Articles about Hacking

Problems for Zoom and users of the videoconferencing software seem just about unending. Following on from the revelation that a number of account credentials were available on the dark web, a new report shows that in fact there are credentials for hundreds of thousands of accounts available on hacking forums.

In all, over half a million account details have been found available -- some sold for fractions of a penny, and others made available completely free of charge.

Continue reading →

Zoom's popularity has accelerated in recent weeks thanks to the number of people now forced to work from home and conduct meetings online. Now security researchers have discovered a worrying vulnerability in the software that could be used to steal Windows login credentials.

The vulnerability steams from the fact that Zoom converts URLs that are sent in messages into clickable links. The same is true for UNC paths, and if such a link is clicked, it is possible to grab a user's login name and their NTLM password hash and decrypt it.

Continue reading →

Microsoft has warned that all versions of Windows feature critical unpatched RCE vulnerabilities. The security problems stem from the Windows Adobe Type Manager Library, and relates to the parsing of fonts.

The company is working on a fix which will be released when the next Patch Tuesday rolls around -- but for Windows 7 users, despite the critical nature of the bugs, it is only those who have paid for an ESU licence that will get the security update. There is a bit of good news, however. While the vulnerability is yet to be patched, there is a workaround available that will do the job for the time being.

Continue reading →

Researchers at security vendor Check Point have revealed the identity and activities of a hacker whose seven-year career in cybercrime has earned him at least $100,000, and probably much more.

He's single, 25-years-old and living in Benin City, Southern Nigeria. His cybercrime activities have earned him, on average, at least 14 times the national minimum wage in Nigeria and three times the average professional salary in Nigeria every year since 2013.

Continue reading →

Both the NSA and a cybersecurity firm have reminded the tech world of the existence of a remote code execution vulnerability in Microsoft Exchange Server.

Although Microsoft issued a patch for CVE-2020-0688 last month, numerous state-sponsors hacking groups have been spotted exploiting the vulnerability. There was an uptick in exploitation after a technical report of the details of the vulnerability were published by a security researcher.

Continue reading →

Vulnerability researchers were able to hijack a series of subdomains belonging to Microsoft after the company was found to be employing poor DNS practices.

Subdomains including mybrowser.microsoft.com and identityhelp.microsoft.com were among ten hijacked by a team of security researchers from Vullnerability. In all, more than 670 Microsoft subdomains were found to be at risk of being taken over.

Continue reading →

The personal details of 10.6 million people have been posted in a hacking forum after MGM Resorts hotels suffered a data breach. The data includes dates of birth, email addresses, names, phone numbers and physical addresses, and celebrities such as Justin Bieber and Twitter's Jack Dorsey are among those affected.

While the data has only just been leaked, it stems from a security breach that took place last year. Data dating back to 2017 was found accessible on an unsecured cloud server.

Continue reading →

Protect the web by learning the tools and the tricks of the web application attacker.

Becoming the Hacker will teach you how to approach web penetration testing with an attacker's mindset. While testing web applications for performance is common, the ever-changing threat landscape makes security testing much more difficult for the defender. There are many web application tools that claim to provide a complete survey and defense against potential threats, but they must be analyzed in line with the security needs of each web application or service. We must understand how an attacker approaches a web application and the implications of breaching its defenses.

Continue reading →

Concerns that quantum computing could place current encryption techniques at risk have been around for some time.

But now cybersecurity startup Active Cypher has built a password-hacking quantum computer to demonstrate that the dangers are very real.

Continue reading →

Researchers at managed security services provider Nuspire have released their latest quarterly threat report which looks at the top botnet, malware and exploit activity throughout 2019, focusing in on the fourth quarter.

Among the findings are that malicious cyber-activity declined towards the end of the year, partly as a result of hectic holiday schedules and vacations with fewer employees around to interact with malicious activity.

Continue reading →

A self-described "reverser/pwner [and] Windows kernel hacker" has demoed a working exploit for two recently discovered vulnerabilities in Windows Remote Desktop Gateway (RD Gateway).

The exploit takes advantage of the CVE-2020-0609 and CVE-2020-0610 vulnerabilities which have already been shown to make a denial of service attack possible. Now Luca Marcelli has shown how the same vulnerabilities can be exploited in a Remote Code Execution attack.

Continue reading →

Security experts from Security Research Labs (SRLabs) have warned that carriers are implementing RCS (Rich Communication Services which will supersede SMS) in ways that risk leaving users exposed to all manner of attack.

The German hacking research collective issues the stark warning that "RCS technology exposes most mobile users to hacking". This is not because of inherent problems with the messaging protocol, but with the ways in which it is being implement.

Continue reading →

OnePlus has issued a security notice to customers that have used its online store, informing them that their order information has been accessed by an unnamed third party in a security breach.

The company is giving away very little in the way of details about the incident. It is not clear when the data breach happened, who may be responsible, or how many customers are affected. OnePlus says that information such as names, phone numbers, email addresses and shipping addresses have been exposed.

Continue reading →

If you've ever expressed concern about the security implications of Amazon Ring connected doorbells; if you've ever voiced privacy concerns about letting Amazon have such a portal into your life... your fears have been justified.

It has just been revealed that a security flaw in the camera-toting devices made it possible for hackers to access customers' Wi-Fi usernames and passwords. With these credentials, it would then be possible to launch a wider privacy-invading attack on households, accessing all manner of data and devices on home networks.

Continue reading →

Domain name registrar Web.com has revealed that it fell victim to a data breach earlier in the year. Two of the company's subsidiaries, Network Solutions and Register.com were also attacked by the hackers at the same time.

The incidents took place back in late August, but were only discovered a couple of weeks ago. The attackers were able to access personal details of customers, but Web.com does not say how many people are affected -- although it is likely to run into the millions.

Continue reading →