At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they call PhantomLance, in which spies hid malware in the Play Store to target users in Vietnam, Bangladesh, Indonesia, and India. Unlike most of the shady apps found Read more about How Spies Snuck Malware Into the Google Play Store—Again and Again: by upgrading a vetted app[…]

In a filing released on Thursday in federal court in Oakland, California, lawyers representing the social media giant alleged that NSO Group had used a network of remote servers in California to hack into phones and devices that were used by attorneys, journalists, human rights activists, government officials and others. NSO Group has argued that Read more about Facebook Accuses NSO Group of Using U.S. Servers for Spying, infecting phones via WhatsApp[…]

New Jersey IT services provider Cognizant has confirmed it is the latest victim of the Maze ransomware. The infection was disclosed to the public this weekend. Cognizant said the malware outbreak will likely disrupt service for some of its customers, and possibly put them in danger as well. Maze is unusual among ransomware strains in Read more about Bad news: Cognizant hit by ransomware Maze, which leaks customers’ data online after non-payment[…]

Security researcher Trammell Hudson analyzed the AirSense 10 — the world’s most widely used CPAP — and made a startling discovery. Although its manufacturer says the AirSense 10 would require “significant rework to function as a ventilator,” many ventilator functions were already built into the device firmware. Its manufacturer, ResMed, says the $700 device solely Read more about Medical Device ‘Jailbreak’ Could Help Solve the Dangerous Shortage of Ventilators[…]

A group of hackers operating as an offshoot of China’s Winnti group managed to stay undetected for more than a decade by going open source. A report from BlackBerry outlines how the group, actually a collection of five smaller crews of hackers thought to be state-sponsored, assembled in the wake of Winnti and exploited Linux Read more about Chinas Winnti group stayed under the radar for a decade by aiming for Linux servers[…]

For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame. According to security researcher John Wethington, one of the people who Read more about A hacker has wiped, defaced more than 15,000 Elasticsearch servers[…]

Marriott Hotels has suffered its second data spillage in as many years after an “unexpected amount” of guests’ data was accessed through two compromised employee logins, the under-fire chain has confirmed. The size of the latest data exposure has not been disclosed, though Marriott admitted it seemed to have started in January 2020 and was Read more about Marriott Hotels hacked AGAIN: Two compromised employee logins abused to siphon off guests’ personal info[…]

A hacker has hijacked all of Microsoft’s official YouTube accounts and is broadcasting a cryptocurrency Ponzi scam to the company’s subscribers, ZDNet has learned from one of our readers. The hacks appear to have occurred about 13 hours ago, according to our source. The hijacked accounts are still streaming at the time of writing, despite Read more about Hacker hijacks all Microsoft and CCC YouTube accounts to broadcast crypto Ponzi scam[…]

During a recent event I decided to setup a passive monitoring station to check for any attempts to impersonate, hi-jack, or deny service to our WiFi . For this task I decided to use an Alpha card, and Kismet (which comes already installed on Kali linux). To deploy for wireless intrusion detection (WIDS) Kismet worked Read more about WPA Cracking from Kismet sensors[…]

WHO Chief Information Security Officer Flavio Aggio said the identity of the hackers was unclear and the effort was unsuccessful. But he warned that hacking attempts against the agency and its partners have soared as they battle to contain the coronavirus, which has killed more than 15,000 worldwide. The attempted break-in at the WHO was Read more about Hackers target WHO as cyberattacks double[…]

The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online, according to ads seen by ZDNet and corroborating reports from Chinese media. In ads posted on the dark web and other places, a hacker claims to have breached Weibo in mid-2019 and obtained a dump Read more about Hacker selling data of 538 million Weibo users[…]

China’s largest cyber-security vendor has published today a report accusing the CIA of hacking Chinese companies and government agencies for more than 11 years. The report, authored by Qihoo 360, claims the CIA hacked targets in China’s aviation industry, scientific research institutions, petroleum industry, Internet companies, and government agencies. CIA hacking operations took place between Read more about Chinese security firm says CIA hacked Chinese targets for the past 11 years[…]

The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week. Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the Read more about Details of 10.6 million Vegas MGM hotel guests posted on a hacking forum[…]

The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems (ADASs) and autopilots of semi/fully autonomous cars to validate their virtual perception regarding the physical environment surrounding the car with a third party, has been exploited in various attacks suggested by researchers. Since the application of these attacks comes with a Read more about Confusing car autopilots using projections[…]

Twitter has admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of twits en masse, which could lead to their de-anonymization. In an advisory on Monday, the social network noted it had “became aware that someone was using a large network of fake accounts to exploit our Read more about Twitter had a flaw allowing the discovery of phone numbers attached to accounts en masse. And it’s been used in the wild multiple times.[…]

The United Nations’ European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants’ fingertips. Incredibly, the organization decided to cover it up without informing those affected nor the public. […] A senior IT official dubbed the attack a “major meltdown,” in which personnel records – as well as Read more about UN didn’t patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it, accident waiting to happen[…]

An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says that dozens of servers were “compromised” at offices in Geneva and Vienna. Those include the U.N. human rights office, which has often been a lightning rod of criticism from autocratic governments for its calling-out of Read more about In ‘Sophisticated’ Incident, Dozens of U.N. Servers Hacked including their active directory server[…]

In early 2018, Saudi Crown Prince Mohammed bin Salman took a sweeping tour of the U.S. as part of a strategy to rebrand Saudi Arabia’s ruling monarchy as a modernizing force and pull off his “Vision 2030” plan—hobnobbing with a list of corporate execs and politicians that reads like a who’s who list of the Read more about These VIPs May Want to Make Sure Mohammed bin Salman Didn’t Hack Them[…]

Hackers are now getting telecom employees to run software that lets the hackers directly reach into the internal systems of U.S. telecom companies to take over customer cell phone numbers, Motherboard has learned. Multiple sources in and familiar with the SIM swapping community as well as screenshots shared with Motherboard suggest at least AT&T, T-Mobile, Read more about Hackers Are Breaking Directly Into Telecom Companies using RDP to Take Over Customer Phone Numbers themselves[…]

An explosive leak of tens of thousands of documents from the defunct data firm Cambridge Analytica is set to expose the inner workings of the company that collapsed after the Observer revealed it had misappropriated 87 million Facebook profiles. More than 100,000 documents relating to work in 68 countries that will lay bare the global Read more about Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’[…]

Personal information and what they bought, where it was delivered to. De gegevens van vermoedelijk bijna 10.000 Belgische en Nederlandse klanten die een paar jaar geleden online speelgoed kochten, worden door een hacker te koop aangeboden op het internet. Dat blijkt uit onderzoek van VRT NWS. Het gaat om persoonlijke gegevens en bepaalde aankopen van Read more about Bol.com partner Toppie Speelgoed loses 10000 Belgian and Dutch customer records, now for sale on hacker forum[…]

This page details experiences using LimeSDR to simulate GPS. Note, update (Aug 15, 2017) – The center frequency should be corrected below to 1575.42MHz. It would marginally work with the original 1545.42 but 1575.42 is rock solid gps sim performance. These experiments were inspired by the excellent procedure written up here [1]. We want to Read more about Using LimeGPS to spoof a fake location to any GPS device inside the room[…]

If you used the same password for an account that was previously breached as you did for your Disney+ password, a bad actor could gain access. Furthermore, hackers with stolen datasets at their fingertips could easily filter on key terms to find the Disney fans. Just look how many times the 12 Disney princesses showed Read more about Princesses make terrible passwords – quite possible Disney+ hacks related to this being your password.[…]

$18 million of fraudulent charges from the app blocked by malware security platform Secure-D London, October 31st, 2019  – A popular Android keyboard app, ai.type, downloaded more than 40 million times and included in the Google Play app store, has been caught making millions of unauthorized purchases of premium digital content, researchers at mobile technology company Read more about Trick or treating Android Emoji keyboard app makes millions of unauthorized purchases $18m blocked[…]