hacking
Latest
Hackers stole $40 million from a major Bitcoin exchange
Binance, one of the world's largest cryptocurrency exchanges, announced that it lost $40 million (7,000 Bitcoins) in a "large scale security breach." The company said that hackers accessed a hot wallet that contained about two percent of its total BTC holdings. They used phishing and viruses to obtain user data and managed to bypass security checks, preventing Binance from blocking the transaction. The company said that "no user funds will be affected," as has an emergency fund that will cover the incident "in full."
Card skimming hack targets 201 campus stores in North America
The infamous Magecart card skimming hack has been used to make life miserable for college students. Trend Micro has discovered that a hacking group, currently nicknamed Mirrorthief, relied on the scripting technique to steal card data from 201 online campus stores across the US and Canada on April 14th. The team slipped its scripts into the checkout pages of the sites (all created by a common developer, PrismRBS) to harvest full card details, names, addresses and phone numbers. The number of people affected by the heist isn't yet clear.
Microsoft webmail breach exposed email addresses and subject lines
You'll want to keep an eye out for suspicious activity if you use Microsoft's webmail services. The company has confirmed to TechCrunch that "cybercriminals" compromised a "limited number" of its web-based email accounts between January 1st and March 28th by using a customer support rep's credentials. The breach didn't expose sign-in details or message contents, but it did offer access to email addresses (including names of addresses in conversations), subject lines and custom folder names.
US charges Assange with conspiracy to commit computer hacking
The US Justice Department just officially charged Wikileaks co-founder Julian Assange, shortly after he was removed from the Ecuador embassy in London and arrested by local police. The charge is "conspiracy to commit computer intrusion" for agreeing to break a password to a classified US government computer. The Justice department also said it was in relation to "Assange's alleged role in one of the largest compromises of classified information in the history of the United States." It's the same allegation that was made in the Chelsea Manning trial in 2013, in which the former US Army private was found guilty of theft and espionage in relation to the release of classified government documents. But now that Assange has had his asylum revoked by the Ecuadorian government and has been arrested, he can finally be extradited to the US to face these charges.
Facebook groups for buying and selling credit cards still abound
We might think that stolen credit cards and personal information only get traded on the dark web, but the information is moving in plain sight on Facebook. According to intelligence firm Cisco Talos, there are dozens of groups on the social network that rather explicitly buy and sell credit card numbers and other stolen information. The security firm tracked 74 groups in total that have approximately 385,000 members.
Hackers obtain millions of cards from Planet Hollywood's parent company
More than a few restaurant-goers in the US will want to check their bank statements. Earl Enterprises has confirmed that hackers used point-of-sale malware to scoop up credit and card data at some of its US restaurants between May 2018 and March 2019, including virtually all Buca di Beppo locations, a few Earl of Sandwich locations and Planet Hollywood's presences in Las Vegas, New York City and Orlando. It's a fairly large data breach -- KrebsOnSecurity discovered that a trove of 2.15 million cards were on sale in the black market as of February.
Hackers hijacked update server to install backdoors on ASUS machines
For nearly half a year, computer maker ASUS was unwittingly pushing malware that gave hackers backdoor access to thousands of computers, according to Kaspersky Lab. Hackers managed to compromise one of the company's servers used to provide software updates to ASUS machines. The attack, which has been given the name ShadowHammer was discovered late last year and has since been stopped. Engadget reached out to ASUS for comment and will update this story if we hear back.
Beto O'Rourke was a member of hacking group Cult of the Dead Cow
Democratic presidential candidate Beto O'Rourke was a member of the influential US-based hacking group Cult of the Dead Cow (CDC), according to a report from Reuters. The former three-term congressman from Texas confirmed his involvement in the group to the publication, as did members of the hacking collective.
Senators want Congressional hacks to be public knowledge
When a company is hacked, consumers usually find out about it through the press or emails. You probably remember the Target hack that spilled data from millions of credit and debit card accounts. But do you remember the last publicly disclosed Congressional computer breach? (It was in 2009.) That's because Congress doesn't have to report when representatives' networks are hacked. Two Senators want to change that.
Iranian hackers stole terabytes of data from software giant Citrix
Citrix is best-known for software that runs behind the scenes, but a massive data breach is putting the company front and center. The FBI has warned Citrix that it believes reports of foreign hackers compromising the company's internal network, swiping business documents in an apparent "password spraying" attack where the intruders guessed weak passwords and then used that early foothold to launch more extensive attacks. While Citrix didn't shed more light on the incident, researchers at Resecurity provided more detail of what likely happened in a conversation with NBC News.
Microsoft: Russian hackers are trying to influence EU elections
The European Elections come at a crucial time for the world, since their outcome could ultimately dictate if peace in Europe can be maintained. That explains why the number of attempts to undermine the process by a hostile nation state (with a name that rhymes with blusher) is intensifying. Microsoft has revealed that it's not just political campaigns that have come under fire, but the broader pillars of the political process.
iOS pirates are using Apple's developer certificates to share hacked apps
Just days after it was revealed that dozens of gambling and pornographic apps have been abusing enterprise certificates to distribute apps outside of Apple's app store, Reuters has found that software pirates have been using the same process to distribute hacked versions of popular apps such as Spotify, Minecraft and Pokemon Go. The apps have been modified to block in-app advertising and make paid-for features available for free.
Networked freezers at grocery stores are vulnerable to hacking
Security researchers at Safety Detective revealed vulnerabilities in the temperature control systems found in freezers that could allow an attacker to hijack the devices and destroy its contents. The security hole, which stems from weak passwords, affect internet-connected thermostats manufactured by Resource Data Management (RDM). The company's products are used by grocery stores, hospitals pharmaceutical firms, among others.
US will map and disrupt North Korean botnet
The US government plans to turn the tables on North Korea-linked hackers trying to compromise key infrastructure. The Justice Department has unveiled an initiative to map the Joanap botnet and "further disrupt" it by alerting victims. The FBI and the Air Force Office of Special Investigations are running servers imitating peers on the botnet, giving them a peek at both technical and "limited" identifying info for other infected PCs. From there, they can map the botnet and send notifications through internet providers and foreign governments -- they'll even send personal notifications to people who don't have a router or firewall protecting their systems.
BleemSync is back to put a SNES in your Playstation Classic
Sony's PlayStation Classic is essentially an emulator in a mini PS1 shell. Of course, that means you can overcome its shortcomings (chiefly its lack of great games) by using hidden settings and hacks -- albeit at at your own risk. Which is where BleemSync, the go-to modding solution for the PS Classic, comes in. Though it's been around for a minute, BleemSync has now launched its official build, which should make it easier to use. With it you can add your own games to the retro console, run other console emulators (including the NES, SNES, GameBoy Advance, Genesis and the PSP) and get more save states, among other features.
SEC brings charges in connection with hack of its financial system
The United States Securities and Exchange Commission announced today that it is bringing charges against a Ukranian hacker for breaking into the agency's corporate filing system to access nonpublic information. The SEC is also charging a number of individual traders and entities who used that information to generate more than $4.1 million on illegal trades. The Attorney's Office for the District of New Jersey announced it will be bringing related criminal charges.
Hackers claim to have insurance data linked to 9/11 attacks
The hackers who stole Orange is the New Black are back, and they've hit a new low. The group known as TheDarkOverlord claims to have stolen 18,000 documents from Hiscox Syndicates, Lloyds of London and Silverstein Properties, and threatened to release files providing "answers" for 9/11 attack "conspiracies" unless it received a ransom. A Hiscox spokesperson confirmed the hack to Motherboard and indicated that this was likely insurance data tied to litigation involving the terrorist campaign.
Hackers steal personal data from 997 North Korean defectors
Hackers just caused grief for North Korean defectors. South Korea's Unification Ministry has revealed that attackers stole the personal data of 997 defectors, including their names and addresses. The breach came after a staff member at the Hana Foundation, which helps settle northerners, unwittingly opened email with malware. The defectors' data is normally supposed to be isolated from the internet and encrypted, but the unnamed staffer didn't follow those rules, officials said.
DOJ charges two Chinese nationals with 'extensive' hacking campaign
Today, the Department of Justice announced charges against Zhu Hua and Zhang Shilong, two Chinese nationals who engaged in an extensive hacking campaign against the US and other countries. First reported by CNBC, the campaign was allegedly successful at infiltrating at least 45 US and global technology companies and government agencies, and these actions were taken at the behest of the Chinese government. Incredibly, the hackers have been operating since 2006 through this year, according to the DOJ. This comes a week after the NSA warned it had evidence of China preparing for "high-profile" cyber-attacks.
US Treasury sanctions Russians for hacking and election meddling
The US government isn't done taking action against Russians accused of hacking and interference campaigns. The Treasury Department has leveled sanctions against 16 current and former GRU intelligence officers (some of whom were targeted in earlier indictments) for their involvement in multiple campaigns against the US, including the Democratic National Committee hacks, World Anti-Doping Agency hacks and election meddling efforts.
