fbpx

Download free GDPR compliance checklist!

Tag Archives for " hacking "

Years before big hack, Twitter contractors reportedly spied on celebs

Years before the July 15th attack on Twitter that let hackers compromise some of the social network’s most high-profile accounts to tweet Bitcoin scams, Twitter contractors apparently were able to use Twitter’s internal tools to spy on some celebrities, including Beyoncé, chronicling longtime security concerns at the company.

The tools in question typically allow certain Twitter staffers to do things like reset accounts or respond to content violations, but they could apparently also be used to spy on or hack an account.

Source: Years before big hack, Twitter contractors reportedly spied on celebs, including Beyoncé – The Verge

The Twitter hack shows a major cybersecurity vulnerability: employees

Attackers keep finding ways to leverage human weakness to get around security measures.

On Wednesday, Twitter fell victim to hackers who used a “coordinated social engineering attack” to compromise some of Twitter’s highest-profile accounts—including those belonging to Barack Obama, Elon Musk, Bill Gates, and Kanye West—to launch a crypto scam targeting those users’ followers.

While cybersecurity advances have hardened IT infrastructure and made it increasingly difficult to hack systems remotely, criminals have a logical way around these measures: targeting the employees who are already inside the systems.

Source: The Twitter hack shows a major cybersecurity vulnerability: employees.

Germany proposes first-ever use of EU cyber sanctions over Russia hacking

Berlin has officially called for the use of a new EU sanctions framework to target Russian individuals following the 2015 hack attack against the German parliament’s IT system, an inquiry has revealed.

If agreed, the plan, which was recommended by Berlin last month, would be the first use of an EU cyber sanctions regime adopted in 2017.

Source: Germany proposes first-ever use of EU cyber sanctions over Russia hacking | News | DW | 12.07.2020

Hackers are hiding virtual credit card skimmers in image file metadata

Hackers put Magecart JavaScript code into the EXIF metadata of image files, which is then loaded and executed by compromised stores.

Hiding malicious code inside of images is nothing new, but it’s the first time security researchers have seen them used to obscure credit card skimmers.

Source: Hackers are hiding virtual credit card skimmers in image file metadata | Engadget

iPhone spyware lets police log suspects’ passcodes when cracking doesn’t work

A tool, previously unknown to the public, doesn’t have to crack the code that people use to unlock their phones. It just has to log the code as the user types it in.

The spyware has been available for about a year but this is the first time details of its existence have been reported, in part because of the non-disclosure agreements police departments sign when they buy a device from Grayshift known as GrayKey.

Source: iPhone spyware lets police log suspects’ passcodes when cracking doesn’t work

Critical Vulnerability Could Have Allowed Hackers to Disrupt Traffic Lights

A critical vulnerability affecting traffic light controllers made by SWARCO could have been exploited by hackers to disrupt a city’s traffic lights.

Researchers at ProtectEM, a Germany-based company that provides cybersecurity guidance and solutions for industrial and embedded systems, discovered that SWARCO’s CPU LS4000 traffic light controllers are vulnerable to attacks due to an open port designed for debugging.

Source: Critical Vulnerability Could Have Allowed Hackers to Disrupt Traffic Lights | SecurityWeek.Com

New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

New Android Bug Affecting Over A Billion Phones Could Let Malware Hijack Legitimate Apps.

A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information.

Dubbed ‘Strandhogg 2.0,’ the new vulnerability affects all Android devices, except those running the latest version, Android Q / 10, of the mobile operating system—which, unfortunately, is running on only 15-20% of the total Android-powered devices, leaving billions of rest of the smartphones vulnerable to the attackers.

Source: New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

Hacker Selling 80,000 Users’ Data Stolen From Cryptocurrency Wallets

A hacker who was behind the cyber attack on Ethereum.org is now selling data tied to key cryptocurrency wallets like Keepkey, Trezor, Ledger and online investment platform Bnktothefuture. The hacker has three large databases with information pertaining to at least 80,000 customers. This includes the customer’s email address, name, phone number, residential address and other data.

“The hacker doesn’t seem to have any passwords, but is offering detailed information that was stolen from an alleged Shopify breach like email addresses, home addresses, and phone numbers,” reports Bitcoin News.

Source: Hacker Selling 80,000 Users’ Data Stolen From Cryptocurrency Wallets

Hacker leaks 40 million user records from popular Wishbone app

A hacker has put up for sale the details of 40 million users registered on Wishbone, a popular mobile app that lets users compare two items in a simple voting poll. Later Wishbone user database has leaked in full, being offered as a free download on one of the hacking forums it was being sold on.

A well-known hacker known as ShinyHunters has taken credit for hacking the company. According to the seller’s claims and a sample of the data published online, the Wishbone data includes user information such as usernames, emails, phone numbers, city/state/country, but also hashed passwords.

Source: Hacker leaks 40 million user records from popular Wishbone app | ZDNet

FBI cracks alleged al-Qaida shooter’s iPhone without Apple’s help

U.S. authorities have reportedly broken through the encryption on one of the iPhones belonging to a mass shooter without the help of Apple who refused to create a backdoor saying it violated privacy rights.

FBI defeated the password on the iPhone belonging to Mohammed Saeed Alshamrani, a Saudi military trainee who went on a mass shooting at a Naval Air Station in Pensacola, Florida last December killing four and injuring eight.

Source: FBI cracks alleged al-Qaida shooter’s iPhone without Apple’s help | Cult of Mac

1 2 3 24
>