Articles about Hacking

Greetings, Comrade!

I write to you to celebrate the coming glorious victory over imperialist America. Our efforts to undermine their so-called democratic institutions is nearly complete. What began as a seemingly disastrous failure on the part of our cyber and Internet propaganda forces has now morphed into a highly successful psy-ops campaign that threatens the black, decadent heart of the Western society!

Continue reading →

If the word MouseJack seems familiar, it's because it as been around for a while. It is a remote access hack that emerged a few years back that took advantage of a vulnerability in some Logitech wireless dongles, as well as hardware from other manufacturers.

Being at least three years old, you would expect that patches would have been addressed -- and they were. But a large number of devices are still at risk because Logitech failed to recall the affect units that were on sale so there's a chance that if you bought a Logitech wireless keyboard, mouse or standalone dongle in the last few years, you could be at risk.

Continue reading →

Learn Ethical Hacking from Scratch from Packt Publishing will teach you how to hack systems like black hat hackers and secure them like security experts.

It will help you understand how computer systems work and their vulnerabilities, explain how to exploit weaknesses and hack into machines to test their security, and learn how to secure systems from hackers now.

Continue reading →

Congratulations! You’ve selected and deployed a new cybersecurity solution. But, once you’re up and running you might not feel completely secure. Do you need to test your incident response process as much as testing the software? Does the new solution have vulnerabilities you -- or its creators -- don’t know about? Are there emerging attacks that it will miss?

If you want to know that a cybersecurity solution will do what you need it to do, and that you’re ready to respond to whatever it detects, you need to test it. Penetration testing ("pentesting") is a common part of deploying any new tool for cybersecurity, and it may help you identify and fix weaknesses in your defense. Pentesting can be automated through software, but that can lack the ingenuity of a live human trying to breach your system. The surefire way to simulate a real human attack is to enlist the service of a real human attacker -- subjecting your network and its cybersecurity defenses to "ethical hacking."

Continue reading →

Canonical -- the company behind the Ubuntu Linux distro -- is investigating an attack on its GitHub account over the weekend.

On Saturday, hackers were able to break into Canonical's GitHub account and create a number of new repositories. Named CAN_GOT_HAXXD, the eleven repositories were empty and have now been removed. Canonical says that no source code was accessed, but it is not yet known who carried out the attack.

Continue reading →

A Windows support tool bundled with Dell computers has a high-severity security hole that leaves millions of systems at risk of a privilege-escalation attack.

Dell has announced that both the Business and Home versions of its SupportAssist tool have a security vulnerability within the PC Doctor component that requires immediate patching. The discovery was made by SafeBreach, and there could be over 100 million systems that are affected.

Continue reading →

A number of Linux and FreeBSD servers and systems are vulnerable to a denial of service vulnerability dubbed SACK Panic, as well as other forms of attack.

A total of three security flaws were discovered by Jonathan Looney of Netflix Information Security. A series of malicious packets sent to vulnerable system is all it takes to crash or slow them down -- a remotely-triggered kernel panic. Patches and workaround have been released to help plug the holes.

Continue reading →

Security firm Symantec was attacked by a hacker back in February, but the company did not reveal details of the incident.

The attack has been brought to light by Guardian Australia which has seen some of the data extracted by hackers. This comprises not only passwords, but what is thought to be a list of Symantec clients -- including government agencies. But Symantec is downplaying the data breach, dismissing it as a "minor incident".

Continue reading →

Security researchers have revealed an exploit that can be used by hackers to steal data from DRAM, even if ECC protection is in place. RAMBleed is a Rowhammer-based attack that can also be used to alter data and increase privilege levels.

Taking advantage of the design of modern memory chips, a Rowhamer attack works by "hammering" the physical rows of data in quick succession causing bit-flipping in neighboring rows. RAMBleed takes this in a different direction, using a similar technique to access data stored in physical memory.

Continue reading →

Hackers have stolen the photographs of travellers entering and leaving the US, as well as photos of their license plates, US Customs and Border Protection (CBP) has said.

The cyberattack was carried out on the network of a federal subcontractor, and the images were taken as part of a "malicious cyberattack". Although the hack attack has only just been revealed publicly, CBP first learned of it on May 31.

Continue reading →

Medical testing firm and clinical laboratory Quest Diagnostics has revealed that a data breach has led to the records of nearly 12 million of its customers being exposed. The data includes financial data, Social Security numbers and medical information.

Quest Diagnostics was itself not the target of hackers, but the American Medical Collection Agency (AMCA) was. The company is used by Optum360 for billing collections services, and Optum360 is used by Quest Diagnostics.

Continue reading →

Flipboard is resetting the passwords of millions of users after suffering a data breach. Hackers were able to access databases containing usernames and passwords, as well as access tokens for some third-party services.

The company has not revealed how many users are affected by the security incident, but says that hackers had access to its systems for a nine months.

Continue reading →

Google is recalling the Bluetooth Low Energy (BLE) version of its Titan Security Key, and is offering free replacements to owners.

The recall comes after the company became aware of a security issue which could allow a nearby hacker to hijack the security device. Google says that the security issue only affects the Bluetooth versions of the 2FA device sold in the US.

Continue reading →

Cryptocurrency exchange Binance has been struck by hackers who were able to make off with $40 million worth of Bitcoin.

The exchange suffered what it describes as a "large scale security breach" in which attackers were able to obtain "a large number of user API keys, 2FA codes, and potentially other info". CEO Zhao Changpeng says that 7,000 BTC were withdrawn in a single transaction and the attack which was perpetrated using a variety of methods.

Continue reading →

According to the latest Data Breach Report from Risk Based Security the number of reported data breaches was up 56.4 percent in the first quarter of 2019 compared to the same period last year.

The increase in reporting could be a result of new legislation like GDPR that obliges businesses to be more open about security issues. The number of exposed records was also up by 28.9 percent. Already in 2019, there have been three breaches exposing 100 million or more records.

Continue reading →