Welcome Guest | Sign In
Google Makes It Easier to Do the 2-Step
June 21, 2016
Google on Monday began rolling out a new two-step authentication feature, Google Prompt, targeting enterprise employees. The new option consists of a pop-up that displays a mobile user's name and profile image, and that specifies the location and device involved in the attempted sign-in. The device owner is asked whether to allow or deny the sign-in.
Russians Hack DNC Servers to Get Goods on Trump
June 15, 2016
Two groups of Russian hackers burrowed into the Democratic National Committee's servers and spent months stealing information on Donald Trump, the Republican Party's presumptive presidential nominee, according to Crowdstrike. The security firm identified "two sophisticated adversaries on the network," noted CTO Dmitri Alperovitch, dubbed "Cozy Bear" and "Fancy Bear."
Crime Pays: Ransomware Bosses Make $90K Annually
June 14, 2016
If crime doesn't pay, Russian ransomware bosses wouldn't know it. The average Russian ransomware boss makes $90,000 a year -- or 13 times the average income for citizens in the country who stick to the "straight and narrow," according to a recent Flashpoint study. What does a ransomware honcho do for those rubles? Basically, the job calls for supporting and maintaining the malware.
Twitter Users Snared in Dark Web's Brisk Password Trade
June 10, 2016
Data stolen from more than 32 million Twitter users has been offered for sale on the dark web for 10 bitcoin, or around $5,800, LeakedSource reported Wednesday. LeakedSource has added the account and email information to its searchable repository of compromised credentials. The data set came from someone who has been connected to other large collections of compromised data.
Hacks Highlight Zuckerberg's Cavalier Attitude Toward Security
June 7, 2016
Facebook top dog Mark Zuckerberg had several of his social media accounts breached and defaced, according to reports that surfaced Sunday. Zuckerberg's Twitter, LinkedIn and Pinterest memberships were hacked, but evidence of the attacks quickly disappeared. In addition to requiring passwords, Twitter and LinkedIn protect their accounts with optional two-factor authentication.
Banking Trojans Take Backseat to Ransomware
June 4, 2016
The banking trojan -- a type of malware used to steal credentials for bank accounts -- has been a staple of cyberthieves for years. However, ransomware, which has proven both easy to use and highly successful, has started eroding its popularity. In a typical banking trojan attack, a robber mounts a phishing campaign to entice a target to open an attachment or click on a link.
Myspace Crowned King of Mega Breaches, With More Likely to Come
June 1, 2016
Myspace and Tumblr this week emerged as the latest in a string of mega breaches that resulted in the theft of millions of user IDs -- not just recently but years ago. "Over the period of this month, we've seen an interesting trend of data breaches," wrote security researcher Troy Hunt, operator of the Have I Been Pwned website. "To see a cluster of them appear together is quite intriguing."
Oculus Riles Users Over Piracy Block That Fails Anyway
May 25, 2016
It took a hacker just a day to come up with a workaround for the platform update Oculus released last week, which blocked users from running the company's games on rival virtual reality systems. Version 1.4 of the Oculus App blocked a hack from LibreVR called "Revive" that allowed users to play Oculus games on rival systems, including the HTC Vive and Valve.
Hacker Hawks 2-Year-Old Cache of 117M LinkedIn User IDs
May 23, 2016
A hacker reportedly has offered to sell the account information of 117 million LinkedIn users, which was stolen in a 2012 hack. The data includes users' email addresses and passwords.The hacker, who goes by the handle "Peace," reportedly offered the data on The Real Deal -- a site on the dark web -- for 5 bitcoins -- about $2,200. LeakedSource last week announced it had more than 167 million stolen records.
Flaw Puts a Billion Wireless Mice at Risk
May 20, 2016
Wireless mice and keyboards are the perfect accessories for a world in which devices increasingly are shuffling off their connection coils, but those accessories -- especially untethered rodents -- also can create new threats for those who use them. One such threat is Mousejack. The attack exploits a vulnerability found in 80 percent of wireless mice.
ISIS Cyberthreat: Puny but Gaining Power
May 5, 2016
The Islamic State group's cyberwar capabilities are unsophisticated, but they won't be that way for long. That was the conclusion of a 25-page report released last week by Flashpoint. The report, "Hacking for ISIS: The Emergent Cyber Threat Landscape," found that the Islamic State's "overall capabilities are neither advanced nor do they demonstrate sophisticated targeting."
Russian 'Collector' Sells Stolen Email Credentials for a Song
May 5, 2016
A hacker dubbed "The Collector" turned over 272 million stolen email credentials in his possession, Hold Security announced Wednesday. The hacker bragged online about the stash, which included usernames and passwords, the firm said. It got a copy of the data -- which the hacker was peddling for 50 rubles, or less than US$1 -- after giving him a shout-out in the forum.
Researchers Hijack Samsung's SmartThings IoT System
May 4, 2016
Researchers at the University of Michigan on Monday announced they had uncovered a series of vulnerabilities in the Samsung SmartThings home automation system that essentially could have allowed hackers to take control of various functions and break into a user's home. The researchers, working with Microsoft, were able to perform four proof-of-concept attacks.
Supreme Court Grants Federal Agents Broader Surveillance Authority
May 3, 2016
The U.S. Supreme Court has approved a series of amendments to the federal rules of criminal procedure that would let judges issue search warrants for computers located outside their jurisdiction. Chief Justice John Roberts announced the changes in the Court's interpretation of the rules. They would allow a judge to issue warrants to search for electronic evidence at remote sites, for example.
Osterloh's Return Suggests Google Just Got Serious About Hardware
May 2, 2016
Google has rehired former executive Rick Osterloh to lead its hardware businesses, which it plans to consolidate under a single division, according to news reports published last week. Osterloh, who recently stepped down as president of Motorola, reportedly will head up Google's Nexus business, which will include a suite of products dubbed the "living room."
BlockIQ Escalates War on Ad Blockers
April 28, 2016
As consumers turn to ad blockers to avoid advertising on their mobile and computer screens, marketers and content providers who depend on pitches to pay the bills are searching frantically for ways to counter the pesky programs. BlockIQ offers them one. BlockIQ, owned by AdSupply, which recently merged with Adaptive Medias, has launched BlockBypass.
White Hat Finds Security Threats on Facebook's Corporate Net
April 26, 2016
A white hat hacker last week announced the discovery of more than a half-dozen security flaws in some software Facebook used on its corporate network. While performing penetration testing third-party software in a network appliance Facebook used, Orange Tsai discovered seven vulnerabilities that attackers could use to compromise a system, as well as a backdoor script left by someone else.
Insurance Industry Buzzes Over Data Breach Ruling
April 21, 2016
If the rash of data breaches in recent months has done anything for businesses, it's raised their awareness of cyber liability insurance. The market for cyber liability insurance is expected to increase dramatically as businesses become more aware that their current policies don't adequately cover cyber-risks, according to the National Association of Insurance Commissioners.
Journalist Gets 2-Years in Prison for Aiding Anonymous Prank
April 19, 2016
A U.S. District Court judge last week sentenced Matthew Keys to two years in prison after he was found guilty of conspiring with the hacker group Anonymous to break into the Los Angeles Times' website and modify a news story. Keys had been site administrator for KTXL Fox 40, which was owned by Tribune, the same company that owned the Times.
E2E Encryption Could Make WhatsApp a Spam Magnet
April 15, 2016
Facebook's WhatsApp last week announced it would roll out end-to-end encryption for its users, but the move could make the service more attractive to spammers. While encryption can safeguard information from data thieves, it also can block data protectors. The policy "will not stop the growth of spam on the platform and could make the problem worse," AdaptiveMobile's Simeon Coney said.
FBI Paid Hackers to Defeat Security of Shooter's iPhone
April 14, 2016
The FBI paid hackers to break onto the iPhone of the San Bernardino, California, shooter, according to a news report published Tuesday. The bureau obtained the services of gray hats, insiders said, and apparently did not get help from Cellebrite, as earlier reports had suggested. Gray hats are hackers who sell flaws to governments or companies that make surveillance tools.
Apple, FBI Tussle Puts Bull's-Eye on iPhone
April 7, 2016
The battle between the FBI and Apple over access to the iPhone of Syed Farook came to an abrupt end last week when the agency announced it no longer needed the company's assistance. Since the Department of Justice delayed a hearing on an order to force Apple to assist the FBI in brute-forcing the password, speculation has spread about how the agency planned to access the data.
DC Healthcare Provider Limps On After Malware Attack
April 1, 2016
Despite its computer systems being infected with malware since Monday, MedStar Health, which operates 10 hospitals and more than 250 outpatient facilities in and around Washington, D.C., has continued to provide patient care at near normal levels, according to several updates released this week. Since the malware attack occurred, MedStar Health has treated an average of 3,380 patients a day.
Firm Wins Patent for Novel Way to Detect Spearphishing
March 31, 2016
Hackers in recent weeks have stepped up their efforts to steal employee tax information from companies in all kinds of industries. Typically, the information contained on IRS form W-2 is used to file false tax returns or steal someone's identity. The situation has become so bad that the IRS earlier this month issued an alert to human resources and payroll professionals about the subject.
Feds Crack iPhone, Warn Apple to Keep One Eye Open
March 29, 2016
After a bitter legal battle over encryption and privacy rights, the Department of Justice on Monday announced it would back out of its case against Apple because the FBI was able to crack the code of the iPhone used by one of the San Bernardino, California, shooters. The department had asked a federal magistrate judge to force Apple to help the FBI crack open the encrypted smartphone.
Chinese National Cops Plea in Defense Secrets Case
March 29, 2016
A Chinese aviation and aerospace businessman last week pleaded guilty to participating in a conspiracy to steal sensitive military and export-controlled data from major U.S. defense contractors and send the information to China, according to the U.S. Department of Justice. Su Bin, also known as Stephen Su and Stephen Subin, entered the plea before Judge Christina A. Snyder.
FBI Would Rather Crack Terrorist's iPhone Itself
March 23, 2016
On the eve of a court showdown with Apple over unlocking the iPhone of one of the San Bernardino shooters, the FBI put its case on pause Monday to pursue an attack method that could allow it to crack the phone without Apple's assistance. After reviewing the FBI's request for postponement of oral arguments in the case, a U.S. District Court in California granted the delay.
New Stagefright Exploit Takes a Bow
March 22, 2016
Stagefright, a multimedia library in Android 2.2 and higher, has been exploited again, according to news reports published last week. Zimperium last year reported a Stagefright exploit that it said exposed 95 percent of Android devices. Details of the latest exploit, named "Metaphor," were published earlier this month in a paper from NorthBit. Metaphor affects Android 2.2-4.0 and 5.0-5.1.
Hopkins Boffins Break iMessage Encryption
March 22, 2016
A team of researchers at Johns Hopkins University has found a way to crack open files sent as encrypted instant messages in Apple's iMessage app, according to news reports published Monday. Although it took months to do, the researchers, led by Professor Matthew Green, were able to brute force a 64-bit encryption key, allowing them to unscramble an image file stored in Apple's iCloud.
Car Computers Are Vehicles for Hacking, Warns FBI
March 22, 2016
The FBI, the U.S. Department of Transportation and the National Highway Traffic Safety Administration last week issued a warning about the threat of automobile hacking. Computers that control steering, braking, acceleration and lights, as well as wireless technologies used in keyless entry, ignition control and navigation systems, provide portals for cyberattack, the agencies said.
See More Articles in Hacking Section >>
Facebook Twitter LinkedIn Google+ RSS
What's your alarm level over cyberattacks on the Internet's infrastructure?
Red: A deadly cyberwar will occur -- It's when, not if.
Orange: A big one could be costly and threaten public safety.
Yellow: We need to improve cybersecurity at a faster pace.
Blue: Regional outages will become more frequent and more annoying.
Green: There's no way anyone could take out the entire Internet.