Dec. 10, 2020
U.S. drugmaker Pfizer and its German partner BioNTech said on Wednesday that documents related to development of their COVID-19 vaccine had been ‘unlawfully accessed’ in a cyberattack on Europe’s medicines regulator. The European Medicines Agency (EMA), which assesses medicines and vaccines for the European Union, said hours earlier it had been targeted in a cyberattack. It gave no further details.
Sep. 25, 2020
I haven’t written an “attack of the week” post in a while, and it’s been bumming me out. This is not because there’s been a lack of attacks, but mostly because there hasn’t been an attack on something sufficiently widely-used that it can rouse me out of my blogging torpor. But today brings a beautiful attack called ReVoLTE, on a set of protocols that I particularly love to see get broken: namely, cellular protocols.
Jul. 18, 2020
A Twitter hacking scheme that targeted political, corporate and cultural elites this week began with a teasing message between two hackers late Tuesday on the online messaging platform Discord. “yoo bro,” wrote a user named “Kirk,” according to a screenshot of the conversation shared with The New York Times. “i work at twitter / don’t show this to anyone / seriously.
May. 31, 2020
In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn’t implement their own additional security measures. This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not. For this vulnerability, I was paid $100,000 by Apple under their Apple Security Bounty program.
May. 7, 2020
Samsung patches 0-click vulnerability impacting all smartphones sold since 2014 Samsung patched this month a critical bug discovered by Google security researchers. South Korean smartphone vendor Samsung released this week a security update to fix a critical vulnerability impacting all smartphones sold since 2014. The security flaw resides in how the Android OS flavor running on Samsung devices handles the custom Qmage image format (.qmg), which Samsung smartphones started supporting on all devices released since late 2014.
May. 6, 2020
A hacker who bribed a worker for the online video game Roblox managed to gain access to the personal information of over 100 million active users, the ability to change passwords and email addresses, and allocate in-game currency. The hacker first paid an employee to look up data about users, and then targeted a customer support representative. They saidthey did it to “prove a point” to the company.
Feb. 21, 2020
Last November, software developers Lenny Bakkalian and David Albert discovered two loopholes in the German McDonald’s system which allowed them to order an endless supply of free food. Recently, I met the two Hamburglars and their colleague Mats Tesch at an East Berlin McDonald’s so they could show me how they did it. McDonald’s receipts in Germany end with a link to a survey page.
Feb. 21, 2020
10.6 million people who had stayed at MGM Resorts have had their personal data published on a hacking forum, it was revealed this week. It is thought that the recent breach stems from an earlier incident which occurred last year, whereby unauthorised actors were able to access MGM’s internal cloud and therefore the personal information of previous guests. The biggest concern in the MGM disclosure is that hackers stole deeper, more sensitive data on 1300 individuals, including information off driver’s licenses and military D cards.