Articles about Hacking

Both the NSA and a cybersecurity firm have reminded the tech world of the existence of a remote code execution vulnerability in Microsoft Exchange Server.

Although Microsoft issued a patch for CVE-2020-0688 last month, numerous state-sponsors hacking groups have been spotted exploiting the vulnerability. There was an uptick in exploitation after a technical report of the details of the vulnerability were published by a security researcher.

Continue reading →

Vulnerability researchers were able to hijack a series of subdomains belonging to Microsoft after the company was found to be employing poor DNS practices.

Subdomains including mybrowser.microsoft.com and identityhelp.microsoft.com were among ten hijacked by a team of security researchers from Vullnerability. In all, more than 670 Microsoft subdomains were found to be at risk of being taken over.

Continue reading →

The personal details of 10.6 million people have been posted in a hacking forum after MGM Resorts hotels suffered a data breach. The data includes dates of birth, email addresses, names, phone numbers and physical addresses, and celebrities such as Justin Bieber and Twitter's Jack Dorsey are among those affected.

While the data has only just been leaked, it stems from a security breach that took place last year. Data dating back to 2017 was found accessible on an unsecured cloud server.

Continue reading →

Protect the web by learning the tools and the tricks of the web application attacker.

Becoming the Hacker will teach you how to approach web penetration testing with an attacker's mindset. While testing web applications for performance is common, the ever-changing threat landscape makes security testing much more difficult for the defender. There are many web application tools that claim to provide a complete survey and defense against potential threats, but they must be analyzed in line with the security needs of each web application or service. We must understand how an attacker approaches a web application and the implications of breaching its defenses.

Continue reading →

Concerns that quantum computing could place current encryption techniques at risk have been around for some time.

But now cybersecurity startup Active Cypher has built a password-hacking quantum computer to demonstrate that the dangers are very real.

Continue reading →

Researchers at managed security services provider Nuspire have released their latest quarterly threat report which looks at the top botnet, malware and exploit activity throughout 2019, focusing in on the fourth quarter.

Among the findings are that malicious cyber-activity declined towards the end of the year, partly as a result of hectic holiday schedules and vacations with fewer employees around to interact with malicious activity.

Continue reading →

A self-described "reverser/pwner [and] Windows kernel hacker" has demoed a working exploit for two recently discovered vulnerabilities in Windows Remote Desktop Gateway (RD Gateway).

The exploit takes advantage of the CVE-2020-0609 and CVE-2020-0610 vulnerabilities which have already been shown to make a denial of service attack possible. Now Luca Marcelli has shown how the same vulnerabilities can be exploited in a Remote Code Execution attack.

Continue reading →

Security experts from Security Research Labs (SRLabs) have warned that carriers are implementing RCS (Rich Communication Services which will supersede SMS) in ways that risk leaving users exposed to all manner of attack.

The German hacking research collective issues the stark warning that "RCS technology exposes most mobile users to hacking". This is not because of inherent problems with the messaging protocol, but with the ways in which it is being implement.

Continue reading →

OnePlus has issued a security notice to customers that have used its online store, informing them that their order information has been accessed by an unnamed third party in a security breach.

The company is giving away very little in the way of details about the incident. It is not clear when the data breach happened, who may be responsible, or how many customers are affected. OnePlus says that information such as names, phone numbers, email addresses and shipping addresses have been exposed.

Continue reading →

If you've ever expressed concern about the security implications of Amazon Ring connected doorbells; if you've ever voiced privacy concerns about letting Amazon have such a portal into your life... your fears have been justified.

It has just been revealed that a security flaw in the camera-toting devices made it possible for hackers to access customers' Wi-Fi usernames and passwords. With these credentials, it would then be possible to launch a wider privacy-invading attack on households, accessing all manner of data and devices on home networks.

Continue reading →

Domain name registrar Web.com has revealed that it fell victim to a data breach earlier in the year. Two of the company's subsidiaries, Network Solutions and Register.com were also attacked by the hackers at the same time.

The incidents took place back in late August, but were only discovered a couple of weeks ago. The attackers were able to access personal details of customers, but Web.com does not say how many people are affected -- although it is likely to run into the millions.

Continue reading →

A Europe-wide survey of almost 600 successful businesses reveals that 61 percent of business leaders on the board of their company believe that in the war against cybercrime the hackers are more sophisticated than the software developers.

The study carried out for global network RSM by the European Business Awards also finds that 60 percent of these board members believe they may have been breached without them knowing and 73 percent consider themselves at risk from cybercrime.

Continue reading →

Security firm Avast has revealed that it detected and intercepted suspicious activity on its network. The malicious attack is believed to have been instigated by hackers seeking to target the CCleaner software.

This is not the first time Avast and CCleaner have been targeted, and the company has revealed that an attacker had been trying to gain access to its network through its VPN as long ago as mid-May. The attacks -- dubbed "Abiss" -- continued until the beginning of this month.

Continue reading →

A cyber threat is basically any type of threat that is computer related in nature. To be clear, a computer could be a desktop computer, a laptop, a tablet or even a smartphone. All of these devices have particular types of threats that they can be exposed to that users need to be aware of to ensure that they can protect themselves and their confidential information. 

Given the number of different types of devices that can be exposed to cyber threats, there are a number of different types of issues that can present themselves. Each of these threats is unique in its own right and poses a different type of issue for the user, but typically they all have the same end result… the impacted system is somehow compromised and the user, or the user’s information, is placed at risk. While the list below is extensive, it is not all inclusive. There are far too many types of threats out in the wild of the Internet to list in one article. What I do hope to do is to list those that are most prevalent and give the reader a good overview of what the threat is and how it is often used to do damage to both home and corporate networks. 

Continue reading →

Ransomware is a pervasive problem, and for victims it can be difficult to know whether paying up will help them to regain access to their maliciously encrypted files. So when ransomware decryption keys are released free of charge, it's always good news -- and this is exactly what has happened for HildaCrypt.

The developer of this particular strain of ransomware has released the decryption keys after a security researcher shared detailed of what was initially thought to be a new type of ransomware.

Continue reading →