hacking
Latest
Hackers targeted BMW, Hyundai in hunt for trade secrets
Two of the world's larger car makers were the victims of a sophisticated (but still not very successful) hacking campaign. Bayerricscher Rundfunk has learned that intruders from the hacking group OceanLotus slipped into the networks of BMW and Hyundai in an attempt to find trade secrets. BMW, at least, found the hackers quickly -- instead, it let them operate for "months" to gather data before blocking them at the start of December. No sensitive data would have leaked out of BMW, according to an anonymous security expert, and the attackers wouldn't have breached the central data center in Munich.
DOJ charges two Russians with using malware to steal millions
Officials are offering a $5 million reward for information that leads to the capture of Maksim Yakubets of Moscow. Yakubets is one of two Russian nationals charged with cybercrimes that resulted in tens of millions in losses. The $5 million reward is the largest amount offered for a cyber criminal's capture to date.
Amazon Echo Show falls victim to an old flaw at hacking contest
The latest iteration of the Pwn2Own hacking contest just underscored an all-too-common flaw with smart home devices. The security research team Fluoroacetate hacked into an Amazon Echo Show 5 by taking advantage of its "patch gap" -- that is, its use of older software that had been patched on other platforms. Brian Gorenc, the director of contest host Zero Day Initiative, explained to TechCrunch that the smart screen uses a not-so-current version of Google's Chromium browser engine that leaves it vulnerable to attacks. Fluoroacetate exploited this out-of-date code by using an integer overflow JavaScript bug to hijack the device while it was connected to a malicious WiFi network.
Chinese hacking group targeted governments in six countries
A Chinese hacking group has caused chaos for government organizations in numerous different countries for the last three years, a new report reveals.
Even the tech expert from 'Mr. Robot' can’t figure out this iPhone hack
If your dad were the technical advisor for the realistic hacks on Mr. Robot and he lovingly micromanaged your gadgets, you'd probably feel pretty badass about the security of your personal devices. So when one of Marc Rogers' kids had their iPhone pickpocketed at San Francisco Pride this year, things took an unexpected turn when tech-savvy thieves pulled off hacking tricks that had Rogers beside himself with curiosity and fascination. And concern. Lots of concern.
iPhone exploit could allow permanent jailbreak for millions of devices
Jailbreaks seemed to be a thing of the past, but last month, a security research released the first free, public iPhone jailbreak in years. Now, another security researcher has discovered an exploit that could make it possible to permanently jailbreak any iPhone from the 2011 4S to the 2017 iPhone X and 8/Plus.
Alleged JPMorgan hacker set to plead guilty
Andrei Tyurin, one of the key suspects in the huge JPMorgan Chase hack in 2014, is set to plead guilty, according to a court filing obtained by Bloomberg. The Russian reportedly struck a deal with federal prosecutors and will appear at a plea hearing next week in New York.
Apple re-fixes a bug that let users jailbreak iPhones
Apple fixed a vulnerability that temporarily allowed hackers to jailbreak iPhones. The bug was first fixed in iOS 12.3 but reintroduced in iOS 12.4. Hackers discovered the flaw earlier this month and shared a free public jailbreak just for the fun of it. Today, Apple released iOS 12.4.1, which should take care of the vulnerability once and for all.
Hitting the Books: How legendary hackers wound up working for the CIA
Welcome to Hitting the Books. With less than one in five Americans reading just for fun these days, we've done the hard work for you by scouring the internet for the most interesting, thought provoking books on science and technology we can find and delivering an easily digestible nugget of their stories.
Key U.S. election systems could have been exposed online for months
More than 30 backend election systems over the last year -- including some in key swing states like Florida, Michigan and Wisconsin -- have been left online and were susceptible to hackers. A Motherboard investigation published today revealed that systems made by ES&S, one of the largest makers of voting machines in the country, were connected to the internet for long periods of time, in some instances as long as a year. This information contradicts prior claims by election officials that voting machine systems were no longer connected after Election Day.
StockX confirms it was hacked (updated)
StockX's warning of "suspicious activity" appears to have stemmed from a serious data breach. TechCrunch has learned through a black market data seller that a hacker stole 6.8 million records from the shoe trading site in May, including names, email addresses and (thankfully hashed) passwords. The data also included less vital info like shoe sizes, trading currencies and device version profiles.
Data breach compromises info for 20,000 LAPD officers and applicants
Los Angeles police officers are the victims of what appears to be a serious data breach. The city's Personnel Department has warned the LAPD that intruders stole personal information for roughly 2,500 officers and 17,500 officer applicants, including names, dates of birth, partial employee serial numbers and login details for the applicants. More info may have been taken, an official told NBC Los Angeles.
Capital One data breach affected 100 million in the US
Just as Equifax announced a settlement for its massive data breach, Capital One has revealed that someone hacked into its systems earlier this year. According to the company, someone exploited a "configuration vulnerability" that allowed them to access and decrypt customer data affecting over 100 million people in the US, and about 6 million in Canada.
A Bluetooth vulnerability could give hackers your location
Your Fitbit and other Bluetooth gadgets could be giving away your location data. Researchers from Boston University (BU) detected a vulnerability in several high-profile Bluetooth devices that could allow third-parties to determine your location and other sensitive information. In the wrong hands, that information could be used for stalking or abuse. That's especially concerning given that basically everyone is carrying around a Bluetooth device.
Hackers broke into Sprint accounts through Samsung's website
Sprint's security team is having a very, very lousy 2019. On top of the earlier Boost Mobile breach, the carrier has revealed that hackers obtained "unauthorized access" to an unspecified number of Sprint accounts through Samsung's "add a line" website. The provider said that the data didn't pose a "substantial risk" for fraud or identity theft and didn't include credit card or social security numbers, but there's still good reason for concern. Intruders may have seen names, billing addresses, phone numbers, device IDs and account numbers, among other sensitive details.
Google warns banning Huawei could increase security risks
According to a Financial Times report, Google execs are concerned that banning Huawei could lead to increased security risks. Sources warn that if Huawei is not allowed access to Android updates, it could develop its own, similar software, which would be more susceptible to being hacked. Google is reportedly asking the Trump Administration to delay the ban or exempt the company altogether.
Teen hacked Apple hoping the company would offer him a job
If you were a teen hoping to land a job at a tech giant, how would you go about it? Plan your education and hope you eventually land an internship? An Australian had another, less conventional method. The teen hacked Apple and pleaded guilty while admitting that he hoped this would land him a job at the iPhone maker. He'd heard that Apple hired a European who'd done the same thing, and had assumed that a job was waiting for him the moment he was discovered. Clearly, law enforcement had other ideas.
Ransomware attacks in US cities are using a stolen NSA tool
The ransomware attacks in Baltimore and other US cities appear to have a common thread: they're using NSA tools on the agency's home soil. In-the-know security experts talking to the New York Times said the malware in the cyberattacks is using the NSA's stolen EternalBlue as a "key component," much like WannaCry and NotPetya. While the full list of affected cities isn't available, San Antonio and the Pennsylvania city of Allentown have reportedly been victims of EternalBlue-based campaigns.
Hackers turn tables on account hijackers by stealing forum data
Online account hijackers received a taste of ironic punishment this week. KrebsOnSecurity has learned that hackers stole the database from the popular hijacker forum OGusers on May 12th, obtaining email addresses, hashed passwords, IP addresses and private forum messages for 112,988 accounts. The administrator initially told users that a hard drive failure had wiped out the information and forced the use of a backup, but that tall tale fell apart when the administrator of a rival forum made the data public.
Hackers stole cash from 100 Amazon sellers in 'serious' fraud
Amazon and its sellers are now believed to be the victim of a substantial fraud campaign. A newly public legal filing obtained by Bloomberg has revealed that Amazon reported a "serious" campaign that compromised the accounts of roughly 100 sellers between May and October 2018, draining them of cash earned through loans and sales. While most details of the heist weren't specified, the internet giant understood that the intruders changed account details at Barclays and Prepay Technologies.
