A security researcher warned Asus two months ago that employees were improperly publishing passwords in their GitHub repositories that could be used to access the company’s corporate network. One password, found in an employee repo on the code sharing, allowed the researcher to access an email account used by internal developers and engineers to share […]
View More Asus was warned of hacking risks months ago, thanks to leaky passwordsCategory: Hack
Microsoft sues to take control of domains involved in Iran hacking campaign
Microsoft has won a restraining order in a U.S. court in order to take control of domains used by an Iranian hacker group. The software and cloud giant applied to the court in order to take control of 99 websites used by the hacker group, known as Phosphorus or APT 35, in various hacking operations. […]
View More Microsoft sues to take control of domains involved in Iran hacking campaignAluminum manufacturing giant Norsk Hydro shut down by ransomware
Norsk Hydro, one of the largest global aluminum manufacturers, has confirmed its operations have been disrupted by a ransomware attack. The Oslo, Norway-based company said in a brief statement that the attack, which began early Tuesday, has impacted “most business areas,” forcing the aluminum maker to switch to manual operations. “Hydro is working to contain […]
View More Aluminum manufacturing giant Norsk Hydro shut down by ransomwareResearchers obtain a command server used by North Korean hacker group
In a rare move, government officials have handed security researchers a seized server believed to be used by North Korean hackers to launch dozens of targeted attacks last year. Known as Operation Sharpshooter, the server was used to deliver a malware campaign targeting governments, telecoms, and defense contractors — first uncovered in December. The hackers sent […]
View More Researchers obtain a command server used by North Korean hacker groupUber fixes bug that exposed third-party app secrets
Uber has fixed a bug that allowed access to the secret developer tokens of any app that integrated with the ride-sharing service, according to the security researchers who discovered the flaw. In a blog post, Anand Prakash and Manisha Sangwan explained that a vulnerable developer endpoint on Uber’s back-end systems — since locked down — […]
View More Uber fixes bug that exposed third-party app secrets11 DIY videos that absolutely no one asked for
DIY videos have saved our lives on more than one occasion, and sure, some of the hacks that surface are really cool and useful. But, some content creators have taken the trend a little too far.
We’re talking about those videos where someone dec…
Australia’s government and political parties hit by cyber attack from ‘sophisticated state actor’
The Australia government suffered a cyber attack that it suspects is the work of a “sophisticated state actor,” according to the country’s Prime Minister. PM Scott Morrison said today the computer network of the country’s parliament, and those belonging to Liberal, Labor and Nationals parties, were targeted by an attack which took place a few weeks ago, The Sydney […]
View More Australia’s government and political parties hit by cyber attack from ‘sophisticated state actor’ClassPass, Gfycat, StreetEasy hit in latest round of mass site hacks
In just a week, a single seller put close to 750 million records from 24 hacked sites up for sale. Now, the hacker has struck again. The hacker, whose identity isn’t known, began listing user data from several major websites — including MyFitnessPal, 500px and Coffee Meets Bagel, and more recently Houzz and Roll20 — earlier this week. […]
View More ClassPass, Gfycat, StreetEasy hit in latest round of mass site hacksMarriott now lets you check if you’re a victim of the Starwood hack
Hotel chain giant Marriott will now let you check if you’re a victim of the Starwood hack. The company confirmed to TechCrunch that it has put in place “a mechanism to enable guests to look up individual passport numbers to see if they were included in the set of unencrypted passport numbers.” That follows a statement […]
View More Marriott now lets you check if you’re a victim of the Starwood hackHacker who stole 620 million records strikes again, stealing 127 million more
A hacker who stole close to 620 million user records from 16 websites has stolen another 127 million records from 8 more websites, TechCrunch has learned. The hacker, whose listing was the previously disclosed data for about $20,000 in bitcoin on a dark web marketplace, stole the data last year from several major sites — […]
View More Hacker who stole 620 million records strikes again, stealing 127 million moreHouzz resets user passwords after data breach
Houzz, a $4 billion-valued home improvement startup that recently laid off 10 percent of its staff, has admitted a data breach. A reader contacted TechCrunch on Thursday with a copy of an email sent by the company. It doesn’t say much — such as when the breach happened, or if a hacker to blame or if […]
View More Houzz resets user passwords after data breachMost of the Fortune 100 still use flawed software that led to the Equifax breach
Almost two years after Equifax’s massive hack, the majority of Fortune 500 companies still aren’t learning the lessons of using vulnerable software. In the last six months of 2018, two-thirds of the Fortune 500 companies downloaded a vulnerable version of Apache Struts, the same vulnerable server software that was used by hackers to steal the […]
View More Most of the Fortune 100 still use flawed software that led to the Equifax breach