Category: Hacking

China data breach Hacking Marriott Spying

It’s increasingly looking like China was behind the massive Marriott data hack

sudshr47 December 12, 2018

TwitterFacebook

All signs point to China when it comes to the massive Marriott hack that came to light last month.

The data breach that exposed personal data of around 500 million guests of the hotel chain is believed to part of a Chinese state-run espionage operation, according to multiple sources briefed on the U.S. government’s investigation that spoke with the New York Times and Washington Post

The intrusion into Marriott International’s Starwood hotel reservation system shared similarities to previous Chinese-government linked intelligence gathering operations. The hackers in the Marriott hotel chain breach used the same cloud hosting service that previous Chinese cyber attacks utilized. The sources familiar with the U.S. investigation also point out that similar techniques, such as server “hopping,” lead to the belief that China is behind the hack.  Read more…

More about China, Hacking, Marriott, Data Breach, and Spying

View More It’s increasingly looking like China was behind the massive Marriott data hack
Bugs Hacking Microsoft Office vulnerability

A bug left your Microsoft account wide open to complete takeover

sudshr47 December 11, 2018

TwitterFacebook

Bug bounty hunter Sahad Nk recently uncovered a series of vulnerabilities that left Microsoft users’ accounts — from your Office documents to your Outlook emails — susceptible to hacking.

While working as a security researcher with cybersecurity site SafetyDetective, Nk discovered that he was able to take over the Microsoft subdomain, http://success.office.com, because it wasn’t properly configured. This allowed the bug hunter to set up an Azure web app that pointed to the domain’s CNAME record, which maps domain aliases and subdomains to the main domain. By doing this, Nk not only takes control of the subdomain, but also receives any and all data sent to it. Read more…

More about Microsoft, Hacking, Office, Bugs, and Vulnerability

View More A bug left your Microsoft account wide open to complete takeover
computer security DJI Gadgets Hacking Internet Security north america Security spokesperson vulnerability

Security flaw in DJI’s website and apps exposed accounts to hackers and drone live feeds

sudshr47 November 8, 2018

It took about six months for popular consumer drone maker DJI to fix a security vulnerability across its website and apps, which if exploited could have given an attacker unfettered access to a drone owner’s account. The vulnerability, revealed Thursday by researchers at security firm Check Point, would have given an attacker complete access to […]

View More Security flaw in DJI’s website and apps exposed accounts to hackers and drone live feeds
computer security exploit Hacking Hardware healthcare Security Wireless

A pair of new Bluetooth security flaws expose wireless access points to attack

sudshr47 November 1, 2018

Security researchers have found two severe vulnerabilities affecting several popular wireless access points, which — if exploited — could allow an attacker to compromise enterprise networks. The two bugs are found in Bluetooth Low Energy chips built by Texas Instruments, which networking device makers — like Aruba, Cisco and Meraki — use in their line-up […]

View More A pair of new Bluetooth security flaws expose wireless access points to attack
Hackers Hacking Stem Tech Women Stem

The hackers getting paid to keep the internet safe

sudshr47 November 1, 2018

TwitterFacebook

This post is part of Mashable’s ongoing series The Women Fixing STEM, which highlights trailblazing women in science, tech, engineering, and math, as well as initiatives and organizations working to close the industries’ gender gaps.

It had taken a month of work, but Jesse Kinser had finally hit the jackpot. The security researcher had managed to pull off quite a feat — stealing the source code for more than 10,000 different websites, including a big four consulting company — and the ramifications of her find were staggering. 

But contrary to many people’s perceptions of shadowy hackers, her next move wasn’t trading the data on the dark web, or crafting exploits to sell to the highest bidder. Rather, she was faced with a different sort of daunting task: developing a responsible disclosure process to notify the thousands of vulnerable companies she’d just pwned. That’s right, after accessing all that code, her next job was to let the victims know exactly how she’d done it — and how they could stop someone with a different set of moral guideposts from doing the same.  Read more…

More about Hackers, Hacking, Stem, Women Stem, and Tech

View More The hackers getting paid to keep the internet safe
Amazon Hacking Iphone Mashable Video Tech

From iPhone XR to election hacking: Mashable’s tech team breaks down the week’s headlines — Technically Speaking

sudshr47 October 25, 2018

This week, on Technically Speaking: Our tech reporters discuss the latest tech headlines, election hacking, and the new iPhone XR.  Read more…More about Tech, Iphone, Amazon, Mashable Video, and Hacking

View More From iPhone XR to election hacking: Mashable’s tech team breaks down the week’s headlines — Technically Speaking
Facebook Hacking Social Media Companies Tech

Facebook says there’s no evidence ‘so far’ that hackers accessed third-party apps

sudshr47 October 2, 2018

TwitterFacebook

Less than a week after revealing that 50 million Facebook users may have had their accounts compromised by hackers, the company is trying to allay concerns that the massive hack could get even worse. 

The worry — which has been raised by a number of security professionals in recent days — is that hackers who were able to get into users’ Facebook accounts would also have been able to get into any account that uses Facebook Login.

Think about that for a second: Thousands of apps use Facebook Login, including many containing sensitive personal and financial information, like Tinder, Uber, Venmo, and, yes, Instagram. If hackers were indeed able to access those accounts, it would make an already massive hack exponentially worse. Read more…

More about Tech, Facebook, Hacking, Social Media Companies, and Tech

View More Facebook says there’s no evidence ‘so far’ that hackers accessed third-party apps
Cybersecurity Facebook Hacking Tech

Facebook: 50 million accounts ‘directly affected’ by hack

sudshr47 September 28, 2018

TwitterFacebook

A million hacked Facebook accounts isn’t cool. You know what’s even less cool? Fifty million hacked Facebook accounts.

A Friday morning press release from our connect-people-at-any-cost friends in Menlo Park detailed a potentially horrifying situation for the billions of people who use the social media service: Their accounts might have been hacked. Well, at least 50 million of them were “directly affected,” anyway. 

The so-called “security update” is light on specifics, but what it does include is extremely troubling. 

“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts,” reads the statement. “[It’s] clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.” Read more…

More about Facebook, Hacking, Tech, and Cybersecurity

View More Facebook: 50 million accounts ‘directly affected’ by hack
Bitcoin Bitcoin Cash Cryptocurrency Hacking Tech

Cryptocurrency exchange claimed it was ‘practically impossible’ to hack. It was hacked.

sudshr47 September 21, 2018

TwitterFacebook

I guess we shouldn’t be all that surprised. But still, they did say it would be practically impossible. 

The Japan-based cryptocurrency exchange Zaif suffered a major hack last week. It issued a statement on Thursday stating that approximately $59 million worth of bitcoin, bitcoin cash, and MONAcoin had been stolen by unidentified criminals. This, obviously, is not good. What makes it perhaps worse is the company’s past insistence that it applied the “maximum effort” possible to keep its customers’ funds safe — and that hacking it would be “practically impossible.”

Like many exchanges, Zaif has a page on its website where it details the precautions taken to secure customer funds. With tens (or potentially hundreds) of millions of dollars worth of cryptocurrency at stake, it makes sense to let everyone know that you’re taking this security stuff seriously.  Read more…

More about Hacking, Bitcoin, Cryptocurrency, Bitcoin Cash, and Tech

View More Cryptocurrency exchange claimed it was ‘practically impossible’ to hack. It was hacked.
Cloud Computing computer security computing exploit firmware Gadgets Hacking Hardware Security software testing spokesperson Twitter vulnerability

Password bypass flaw in Western Digital My Cloud drives puts data at risk

sudshr47 September 19, 2018

A security researcher has published details of a vulnerability in a popular cloud storage drive after the company failed to issue security patches for over a year. Remco Vermeulen found a privilege escalation bug in Western Digital’s My Cloud devices, which he said allows an attacker to bypass the admin password on the drive, gaining […]

View More Password bypass flaw in Western Digital My Cloud drives puts data at risk
Cybersecurity Dnc Election Hacking Phishing

False alarm: DNC backtracks on voter database hacking attempt claim

sudshr47 August 23, 2018

TwitterFacebook

Whoops! One day after reports broke about a hacking attempt targeting the Democratic National Committee’s voter database, the DNC is admitting the whole incident was a false alarm.

Reported yesterday by CNN, the DNC reached out to the FBI for assistance after cybersecurity firm Lookout warned party officials of an extremely convincing fake login page it discovered that appeared to be part of a spear phishing operation. Lookout also reached out to the NGP Van, the DNC voter database management company and DigitalOcean, the web host that was hosting the fake site. Read more…

More about Cybersecurity, Hacking, Election, Phishing, and Dnc

View More False alarm: DNC backtracks on voter database hacking attempt claim