Aug. 17, 2019
The threat of ransomware is becoming more prevalent and severe as attackers’ focus has now moved beyond computers to smartphones and other Internet-connected smart devices. In its latest research, security researchers at cybersecurity firm CheckPoint demonstrated how easy it is for hackers to remotely infect a digital DSLR camera with ransomware and hold private photos and videos hostage until victims pay a ransom.
Aug. 17, 2019
Hackers could crack open high-security electronic locks by monitoring their power, allowing thieves to steal cash in automated teller machines, narcotics in pharmacies and government secrets, according to research to be presented Friday at the annual Def Con hacking conference in Las Vegas. Mike Davis, a researcher with security firm IOActive, discovered the vulnerability last year and alerted government officials and Swiss company DormaKaba Holding (DOKA.S), the distributor of multiple brands of locks at issue. In an interview with Reuters, Davis said he used an oscilloscope worth about $5,000 to detect small changes in the power consumption, through what is known as a side-channel attack.
Aug. 3, 2019
On July 29, FBI agents arrested Paige A. Thompsonon suspicion of downloading nearly 30 GB of Capital One credit application data from a rented cloud data server. Capital One said the incident affected approximately 100 million people in the United States and six million in Canada. That data included approximately 140,000 Social Security numbers and approximately 80,000 bank account numbers on U.S. consumers, and roughly 1 million Social Insurance Numbers (SINs) for Canadian credit card customers.
Jul. 21, 2019
Red faces in Moscow this weekend, with the news that hackers have successfully targetedFSB—Russia’s Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world. The data was passed to mainstream media outlets for publishing.
May. 18, 2019
A security flaw in WhatsApp’s audio calling feature let hackers install spyware on iPhones and Androids. The attack is expected to have a limited reach but you should update WhatsApp straight away WhatsApp’s default end-to-end encryption is one of Facebook’s biggest security assets – but even this doesn’t help when the app itself is attacked. Mark Zuckerberg’s company has found a sophisticated cyberattack has been used to exploit a weakness in the messaging app that’s used by more than 1.5 billion people worldwide.
May. 18, 2019
The hacker who breached Stack Overflow last week managed to access data on user accounts, the company said today in an update on its investigation into a security breach it disclosed last night. The update comes to shed some light into what happened on the company’s servers last week, after Stack Overflow left many users scratching their heads when it posted a very short message on Thursday, announcing a severe breach of its production systems. While it initially said that there was no evidence of the hacker accessing user data, the company changed its statement today.
Nov. 18, 2018
According to the message, a hacker going by the name AmFearLiathMormakes quite a few interesting claims such as hacking ProtonMail’sservices and stealing user’s email, that ProtonMail is sending their user’s decrypted data to American servers, and that ProtonMail is abusing the lack of Subresource Integrity (SRI) use to purposely and maliciously steal their user’s passwords.
Source: bleepingcomputer.com
Oct. 26, 2018
A deeper investigation has revealed that hackers were stealing information for much longer than initially thought, and an additional 185,000 British Airways customer payment cards were compromised. Last month, British Airways announced that the customer data and details of some 380,000 card payments had been stolen from its network by hackers between August 21 and September 5 2018. Now, in an update posted on its website, British Airways says it has discovered that more of its customers have been affected – with potentially impacted individuals being those who made reward bookings between April 21 and July 28, 2018, and who used a payment card.
Oct. 1, 2018
The Facebook hack is even worse than was at first clear, the company has admitted. The site had already admitted that a hole in its code would allow people to gain access to any account, in a problem that affected some 50 million users. But it later said that the problem would also affect its ‘Facebook Login’ service, which allows other apps to use people’s Facebook account to login.
Sep. 20, 2018
In a major development, Japanese crypto exchange Zaif has been on the receiving end of a hacking incident last week, local media has reported. The hack, which occurred on Sept. 14 but was not discovered until Sept. 17, saw the hacker steal 4.5 billion yen from users hot wallets, as well as 2.2 billion yen from the assets of the company, with total losses amounting to 6.7 billion yen or around $59.7 million. Tech Bureau Inc. which operates the digital currency exchange Zaif said in a press release that the company noticed certain abnormalities on September 17, and the hacking damage was confirmed on September 18.
Jul. 13, 2018
This week, the start-up said that a wallet being used to ‘upgrade’ smart contracts was compromised. This wallet was then used to withdraw $12.5 million in Ethereum (ETH), alongside $1 million in Pundi X (NPXS) and $10 million in Bancor Network Tokens (BNT). Bancor says that once the compromised wallet was identified the company was able to mitigate the damage by freezing the transfer of BNT, bringing the cost down to roughly $13.5 million.
Jul. 13, 2018
A hacker has gained access to a developer’s npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the poisoned package inside their projects. The JavaScript (npm) package that got compromised is called eslint-scope, a sub-module of the more famous ESLint, a JavaScript code analysis toolkit. The hack took place on the night between July 11 and 12, according to the results of a preliminary investigation posted on GitHub a few hours ago.
Jun. 13, 2018
The exchange in question is called Coinrail, and if you visit its website right now you’ll see a “System maintenance” message that tells you more than they’re just updating the servers. The devil’s in the detail – the site is down because it got hacked over the weekend. The statement on Coinrail’s website says that some (but not all) of the cryptocurrency exchange’s digital currency was stolen by hackers.
Jun. 9, 2018
China’s state hackers have reportedly stolen a large amount of highly-sensitive US navy data on its undersea warfare, including plans for supersonic anti-ship missiles on submarines. Government experts were said to have compromised the computers of a US navy contractor, giving them access to the information, according to the Washington Post, citing unnamed American officials. They said – on the condition of anonymity about an ongoing investigation – that the security breaches were believed to have taken place in January and February.
Jun. 2, 2018
A hacker briefly took over Ticketfly’s website, defacing it with a picture of the V for Vendetta character and a claim of responsibility. The hacker also sent Motherboard files of what they say is employee and customer information taken from Ticketfly’s database. Ticketfly, which is owned by Eventbrite, took down the site and posted a message saying that the company had been “the target of a cyber incident.”
May. 29, 2018
Two Canadian banks warned Monday they have been targeted by hackers, and that the personal information of tens of thousands of customers may have been stolen — something that appeared to be confirmed in a letter to the media from someone who said they were demanding a $1-million ransom from the banks. CIBC-ownedSimplii Financial was the first to warn on Monday morningthat hackers had accessed thepersonal and account information of more than 40,000 of the bank’s customers. The bank said it received a tip over the weekend that hackers had obtained the data, and after a preliminary investigation decided to go public on Monday.
May. 28, 2018
Cryptocurrency trading app Taylorsuffered a catastrophic hack on May 22 that resulted in the loss of over 2,500 ETH, valued at $1.5 million. In addition, the trading platform lost 7% of the total TAY token supply, potentially crippling the development of the trading software. According to the official statement, the only tokens that remain in the Taylor fund are those in the Founders’ and Advisors’ pools that are held in aninaccessible vesting contract.
May. 28, 2018
German researchers reckon they have devised a method to thwart the security mechanisms AMD’s Epyc server chips use to automatically encrypt virtual machines in memory. So much so, they said they can exfiltrate plaintext data from an encrypted guest via a hijacked hypervisor and simple HTTP requests to a web server running in a second guest on the same machine. AMD’s data-center processors, as well as its Ryzen Pro line, support what’s called Secure Encrypted Virtualization.
May. 24, 2018
A malicious miner successfully executed a double spend attack on the Bitcoin Gold network last week, making BTG at least the third altcoin to succumb to a network attack during that timespan. Bitcoin Gold director of communications Edward Iskra first warned users about the attack on May 18, explaining that a malicious miner was using the exploit to steal funds from cryptocurrency exchanges. To execute the attack, the miner acquired at least 51 percent of the network’s total hashpower, which provided them with temporary control of the blockchain.
May. 22, 2018
Cryptocurrency enthusiasts are keen on telling ordinary civilians how safe and secure the Blockchain protocols powering their favorite coins are. Indeed, major cryptocurrencies like Bitcoin and Ethereum have maintained their security quite well—better, arguably, than any other digital asset/payment system in history—which is pretty remarkable, considering that they are unbacked digital money free from any single party’s control with an effective multi-billion dollar bounty on their proverbial heads. Last month, an as-of-yet unidentified attacker was able to severally compromise Verge, a relatively small, privacy-focused cryptocurrency.