fbpx

Download free GDPR compliance checklist!

Tag Archives for " hacking "

Marriott International faces class action suit over mass data breach

Technology consultant leads legal action after hackers stole personal details of 300m guests.

Hotel group Marriott International is facing a class action lawsuit in London’s high court from millions of customers, who are seeking compensation after their personal details were stolen in one of the world’s largest data breaches .

Source: Marriott International faces class action suit over mass data breach

U.S. Government Contractor Embedded Software in Apps to Track Phones

Anomaly Six LLC , a small U.S. company with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide.

Virginia-based company founded by two U.S. military veterans with a background in intelligence, said in marketing material it is able to draw location data from more than 500 mobile applications, in part through its own software development kit, or SDK, that is embedded directly in some of the apps.

Source: U.S. Government Contractor Embedded Software in Apps to Track Phones – WSJ

WhatsApp spyware attack: senior clergymen in Togo among activists targeted

A prominent Catholic bishop and a priest in Togo have been told they were targeted by spyware made by the private surveillance firm NSO Group, in the first known case of its kind involving members of the clergy.

WhatsApp announced last year that 1,400 of its users were attacked with the malware, which is made by Israel’s NSO Group, over a two-week period last April.

Source: WhatsApp spyware attack: senior clergymen in Togo among activists targeted | Technology | The Guardian

Years before big hack, Twitter contractors reportedly spied on celebs

Years before the July 15th attack on Twitter that let hackers compromise some of the social network’s most high-profile accounts to tweet Bitcoin scams, Twitter contractors apparently were able to use Twitter’s internal tools to spy on some celebrities, including Beyoncé, chronicling longtime security concerns at the company.

The tools in question typically allow certain Twitter staffers to do things like reset accounts or respond to content violations, but they could apparently also be used to spy on or hack an account.

Source: Years before big hack, Twitter contractors reportedly spied on celebs, including Beyoncé – The Verge

The Twitter hack shows a major cybersecurity vulnerability: employees

Attackers keep finding ways to leverage human weakness to get around security measures.

On Wednesday, Twitter fell victim to hackers who used a “coordinated social engineering attack” to compromise some of Twitter’s highest-profile accounts—including those belonging to Barack Obama, Elon Musk, Bill Gates, and Kanye West—to launch a crypto scam targeting those users’ followers.

While cybersecurity advances have hardened IT infrastructure and made it increasingly difficult to hack systems remotely, criminals have a logical way around these measures: targeting the employees who are already inside the systems.

Source: The Twitter hack shows a major cybersecurity vulnerability: employees.

Germany proposes first-ever use of EU cyber sanctions over Russia hacking

Berlin has officially called for the use of a new EU sanctions framework to target Russian individuals following the 2015 hack attack against the German parliament’s IT system, an inquiry has revealed.

If agreed, the plan, which was recommended by Berlin last month, would be the first use of an EU cyber sanctions regime adopted in 2017.

Source: Germany proposes first-ever use of EU cyber sanctions over Russia hacking | News | DW | 12.07.2020

Hackers are hiding virtual credit card skimmers in image file metadata

Hackers put Magecart JavaScript code into the EXIF metadata of image files, which is then loaded and executed by compromised stores.

Hiding malicious code inside of images is nothing new, but it’s the first time security researchers have seen them used to obscure credit card skimmers.

Source: Hackers are hiding virtual credit card skimmers in image file metadata | Engadget

iPhone spyware lets police log suspects’ passcodes when cracking doesn’t work

A tool, previously unknown to the public, doesn’t have to crack the code that people use to unlock their phones. It just has to log the code as the user types it in.

The spyware has been available for about a year but this is the first time details of its existence have been reported, in part because of the non-disclosure agreements police departments sign when they buy a device from Grayshift known as GrayKey.

Source: iPhone spyware lets police log suspects’ passcodes when cracking doesn’t work

Critical Vulnerability Could Have Allowed Hackers to Disrupt Traffic Lights

A critical vulnerability affecting traffic light controllers made by SWARCO could have been exploited by hackers to disrupt a city’s traffic lights.

Researchers at ProtectEM, a Germany-based company that provides cybersecurity guidance and solutions for industrial and embedded systems, discovered that SWARCO’s CPU LS4000 traffic light controllers are vulnerable to attacks due to an open port designed for debugging.

Source: Critical Vulnerability Could Have Allowed Hackers to Disrupt Traffic Lights | SecurityWeek.Com

New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

New Android Bug Affecting Over A Billion Phones Could Let Malware Hijack Legitimate Apps.

A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information.

Dubbed ‘Strandhogg 2.0,’ the new vulnerability affects all Android devices, except those running the latest version, Android Q / 10, of the mobile operating system—which, unfortunately, is running on only 15-20% of the total Android-powered devices, leaving billions of rest of the smartphones vulnerable to the attackers.

Source: New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

>