hackers
Latest
Hackers are selling card info stolen in last year's Wawa breach
If you purchased anything at the East Coast gas station and convenience store chain Wawa between March and December last year, there's a chance your credit and debit card info is being sold on the dark web. Earlier this week, fraud intelligence company Gemini Advisory discovered stolen payment card data being uploaded to Joker's Stash, an online cybercrime marketplace. It seems the data was obtained during the Wawa breach discovered in December.
Homeland Security wants you to update your Firefox browser right now
The Department of Homeland Security is urging Firefox users to update their browsers. The rare warning was issued earlier this week, after Mozilla released two critical security updates. According to the Cybersecurity and Infrastructure Security Agency (CISA), the exploit could allow hackers to "take control of an affected system."
TikTok fixed a flaw that could have exposed user accounts
TikTok has been the subject of national security concerns for some time, and now things are set to get a little more uncomfortable for the company. According to cybersecurity company Check Point, the popular app had serious vulnerabilities that could have allowed hackers to obtain personal information and manipulate user data.
International money transfer service Travelex held ransom by hackers
Foreign exchange company Travelex has been targeted by hackers demanding $6 million (£4.6 million), in an attack many believe could have been averted months ago. The ransomware gang known as Sodinokibi -- also as REvil -- says it has downloaded more than 5GB of sensitive customer data, including dates of birth, credit card information and national insurance numbers, which it will publish if payment is not made within a week. The hackers originally demanded $3 million, but doubled the sum after two days of non-payment.
Techno-thriller 'Mr. Robot' ends on a mind-melting high
(This article contains spoilers for 'Mr. Robot' season four) When Mr. Robot debuted in June 2015, it was the show's commitment to authentic hacking that attracted eyeballs. For so long, cybersecurity had been shortchanged on-screen -- an ever-changing field that needed to be simplified, producers thought, for mainstream audiences and dramatic pacing. Mr. Robot was unique in part because it veered in the other direction, embracing the skill and complexity of modern-day hacking and taking time -- exponentially more than the average TV drama, anyway -- to explain the vulnerabilities that were being exploited and the knowledge or leverage it would give each character. Hacking, though, was never the central theme of the show. Not really.
Hackers made a Detroit interstate billboard play a porn scene
Drivers in Auburn Hills, Michigan, got a heck of a surprise last Saturday night when an electronic billboard starting playing porn. The billboard, located alongside I-75 North between University Drive and highway M-59 in Auburn Hills, began playing the X-rated movie not long before midnight. It was shut down after 20 minutes, when police made contact with the sign's owner, Triple Communications.
Researchers easily breached voting machines for the 2020 election
The voting machines that the US will use in the 2020 election are still vulnerable to hacks. A group of ethical hackers tested a bunch of those voting machines and election systems (most of which they bought on eBay). They were able to crack into every machine, The Washington Post reports. Their tests took place this summer at a Def Con cybersecurity conference, but the group visited Washington to share their findings yesterday.
Nearly everyone in Ecuador is the victim of a data breach
A massive data breach exposed sensitive data of nearly every individual in Ecuador. The breach impacted an estimated 20 million people -- for reference, Ecuador has a population of about 17 million. According to ZDNet, it exposed data on 6.7 million minors, as well as the country's president and WikiLeaks founder Julian Assange, who was granted political asylum by Ecuador in 2012.
Apple re-fixes a bug that let users jailbreak iPhones
Apple fixed a vulnerability that temporarily allowed hackers to jailbreak iPhones. The bug was first fixed in iOS 12.3 but reintroduced in iOS 12.4. Hackers discovered the flaw earlier this month and shared a free public jailbreak just for the fun of it. Today, Apple released iOS 12.4.1, which should take care of the vulnerability once and for all.
Hackers make jailbreaking iPhones a thing again
In the iPhone's early days, hackers would "jailbreak" the iPhone in order to install third-party apps that weren't available through the App Store. It's been a while since anyone seriously needed to jailbreak their iPhone, as there are plenty of apps and more customizable operating systems to choose from. But this weekend, hackers dusted off their jailbreaking skills when a vulnerability was discovered in iOS 12.4. Security researcher Pwn20wnd released the first free public jailbreak for a fully updated iPhone in years.
32 million patient records were breached in the first half of 2019
More than 32 million patient records were breached between January and June 2019. That's more than double the 15 million medical records breached in all of 2018, says healthcare analytics firm Protenus. According to the company, the number of disclosed incidents rose to 285 in the first half of the year, and the longstanding trend of at least one health data breach per day shows no signs of slowing down.
Government hackers reportedly broke into Russian search company Yandex
According to a Reuters report, hackers working for Western intelligence agencies reportedly broke into Yandex, the company often referred to as "Russia's Google." The hackers were allegedly looking for technical information that would indicate how Yandex authenticates user accounts. That information could help a spy agency impersonate Yandex users and obtain access to their private messages.
Cloudflare wants to protect the internet from quantum computing
Quantum computing has the potential to revolutionize health care, AI, financial modeling, weather simulation and more. It's also going to shake up encryption as we know it. Without advances in post-quantum cryptography, quantum computing could make it easy for hackers to access sensitive data, like credit card info. To prevent that, internet infrastructure company Cloudflare is testing post-quantum cryptography technology, and it's sharing its open-source software package, CIRCL, or Cloudflare Interoperable Reusable Cryptographic Library, on GitHub.
Florida city gives in to $600,000 bitcoin ransomware demand
Riviera Beach, a city in Florida, is set to pay hackers $600,000 in bitcoin with the hope of having its systems restored. Hackers took over the systems several weeks ago, when a police department employee opened a malicious email that allowed them to inject the city's network with malware. Now the council has voted to pay the ransom in the hopes of getting Riviera Beach's encrypted records back -- even though there's no actual guarantee the hackers will restore them.
Florida governor says Russians accessed voter databases in 2016
Hackers from Russia gained access to voter databases in two Florida counties before the 2016 presidential election, Gov. Ron DeSantis said. While the hackers didn't compromise election results or manipulate any data, the fact that they gained access at all is significant.
US charges China-based hacking group for massive 2015 Anthem breach
Four years after hackers committed one of the worst data breaches in history, the US Justice Department has charged a "sophisticated China-based hacking group" with the attacks. An indictment released yesterday charges two members of the group, Fuji Wang and another listed as John Doe, with four counts of conspiracy and intentional damage. According to the indictment, Wang and Doe allegedly broke into and stole data from computer networks in four distinct business sectors. The most high-profile hit was the 2015 Anthem breach, in which prosecutors say the hackers stole personal information from nearly 80 million people.
Hackers hijacked update server to install backdoors on ASUS machines
For nearly half a year, computer maker ASUS was unwittingly pushing malware that gave hackers backdoor access to thousands of computers, according to Kaspersky Lab. Hackers managed to compromise one of the company's servers used to provide software updates to ASUS machines. The attack, which has been given the name ShadowHammer was discovered late last year and has since been stopped. Engadget reached out to ASUS for comment and will update this story if we hear back.
A 19-year-old WinRAR bug is being used to install malware
Last month, a 19-year-old bug was discovered in WinRAR, a software used to extract .zip and other file archives on your Windows PC. The company was quick to patch the bug, but users who haven't updated to version 5.70 are still vulnerable. Now, opportunistic hackers are taking advantage of that. McAfee, a global software security company, revealed in a blog post that it has identified more than 100 unique exploits, with most of the targets in the US.
Cyber Command put the kibosh on Russian trolls during the midterms
The US military has reportedly retaliated against Russian attempts to interfere in elections. Cyber Command took the notorious Internet Research Agency offline on 2018 midterm election day in November, officials told the Washington Post.
'State-backed hackers' targeted Australia's main political parties
Politicians and their parties are high-value targets for foreign agents looking to disrupt elections, as we've seen in the US and elsewhere in recent years. Now, Australia is in the crosshairs. The main political parties there were the targets of a state-sponsored cyber attack, according to Prime Minister Scott Morrison. It's not clear what, if any, information they obtained from the parties' systems.
