Uploaded to Github on Thursday, a tool called Crashcast enables the almost instantaneous takeover all of Chromecast streaming devices left accessible online by mistake. This same misconfiguration issue was taken advantage of by the hacker duo Hacker Giraffe and j3ws3r earlier this week to broadcast a message in support of the YouTube star Felix Kjellberg, Read more about Researcher Distributes Tool That Enables Mass-Hijacking of Google Chromecast Devices[…]

A US Congressional report outlining the breakdowns that led to the 2017 theft of 148 million personal records from Equifax has revealed a stunning catalog of failure. The 96-page report (PDF) from the Committee of Oversight and Government Reform found that the 2017 network breach could have easily been prevented had the company taken basic Read more about Equifax how-it-was-mega-hacked damning dossier lands, in all of its infuriating glory[…]

On Monday, the question and answer site Quora announced that a third-party was able to gain access to virtually every data point the company keeps on 100 million users. Even if you don’t recall having a Quora account, you might want to make sure. In a blog post, Quora CEO Adam D’Angelo explained that the Read more about Hack of 100 Million Quora Users Could Be Worse Than it Sounds[…]

A Twitter user using the pseudonym of @TheHackerGiraffe has hacked over 50,000 printers to print out flyers telling people to subscribe to PewDiePie’s YouTube channel. The messages have been sent out yesterday, November 29, and have caused quite the stirr among the users who received them, as they ended up on a bunch of places, Read more about Twitter user hacks 50,000 printers to tell people to subscribe to PewDiePie[…]

More than 45,000 Internet routers have been compromised by a newly discovered campaign that’s designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday. The new attack exploits routers with vulnerable implementations Read more about Mass router hack exposes millions of devices to potent NSA exploit through UPNP[…]

US hotel chain Marriott has admitted that a breach of its Starwood subsidiary’s guest reservation network has exposed the entire database – all 500 million guest bookings over four years, making this one of the biggest hacks of an individual org ever. “On September 8, 2018, Marriott received an alert from an internal security tool Read more about Marriott’s Starwood hotels mega-hack: Half a BILLION guests’ deets exposed over 4 years[…]

Computer science boffins have demonstrated a side-channel attack technique that bypasses recently-introduced privacy defenses, and makes even the Tor browser subject to tracking. The result: it is possible for malicious JavaScript in one web browser tab to spy on other open tabs, and work out which websites you’re visiting. This information can be used to Read more about Talk about a cache flow problem: This JavaScript can snoop on other browser tabs to work out what you’re visiting[…]

People’s connections in the US to Google – including its cloud, YouTube, and other websites – were suddenly rerouted through Russia and into China in a textbook Border Gateway Protocol (BGP) hijacking attack. That means folks in Texas, California, Ohio, and so on, firing up their browsers and software and connecting to Google and its Read more about Google traffic routed to Russian and Chinese servers in BGP attack[…]

This week, US Cyber Command (CYBERCOM), a part of the military tasked with hacking and cybersecurity focused missions, started publicly releasing unclassified samples of adversaries’ malware it has discovered. CYBERCOM says the move is to improve information sharing among the cybersecurity community, but in some ways it could be seen as a signal to those Read more about The US Military Just Publicly Dumped Russian Government Malware Online[…]

A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment. […] Three hours after the public announcement of the security gap, Daemon Security CEO Michael Shirk replied with one line Read more about Trivial Bug in X.Org Gives Root Permission on Linux and BSD Systems[…]

Last April, Steven Schoen received an email from someone named Natalie Andrea who said she worked for a company called We Purchase Apps. She wanted to buy his Android app, Emoji Switcher. But right away, something seemed off. “I did a little bit of digging because I was a little sketched out because I couldn’t Read more about How A Massive Ad Fraud Scheme Exploited Android Phones To Steal Millions Of Dollars[…]

A wave of reports about hijacked WhatsApp accounts in Israel has forced the government’s cyber-security agency to send out a nation-wide security alert on Tuesday, ZDNet has learned. The alert, authored by the Israel National Cyber Security Authority, warns about a relatively new method of hijacking WhatsApp accounts using mobile providers’ voicemail systems. This new Read more about Recent wave of hijacked WhatsApp accounts traced back to voicemail hacking[…]

On 13 April 2018, with support from the Netherlands General Intelligence and Security Service and UK counterparts, the Netherlands Defence Intelligence and Security Service (DISS) disrupted a cyber operation being carried out by a Russian military intelligence (GRU) team. The Russian operation had targeted the Organisation for the Prohibition of Chemical Weapons (OPCW) in The Read more about Netherlands Defence Intelligence and Security Service disrupts Russian cyber operation targeting OPCW[…]

Facebook’s stunning disclosure of a massive hack on Friday in which attackers gained access tokens to at least 50 million accounts—bypassing security measures and potentially giving them full control of both profiles and linked apps—has already stirred the threat of a $1.63 billion dollar fine in the European Union, according to the Wall Street Journal. Read more about Facebook Could Face Up to $1.63 Billion Fine for 50m User Hack Under the GDPR[…]

A rootkit is a piece of software that hides itself on computer systems, and uses its root or administrator-level privileges to steal and alter documents, spy on users, and cause other mischief and headaches. A UEFI rootkit lurks in the motherboard firmware, meaning it starts up before the operating system and antivirus suites run, allowing Read more about Resident evil: Inside a UEFI rootkit used to spy on govts, made by you-know-who (hi, Russia)[…]

Olle and his fellow cyber security consultant Pasi Saarinen recently discovered a new way to physically hack into PCs. According to their research, this method will work against nearly all modern computers. This includes laptops from some of the world’s biggest vendors like Dell, Lenovo, and even Apple. And because these computers are everywhere, Olle Read more about Cold Boot Attacks are back – plug a sleeping laptop into some kit and read all the memory, slurp all the passwords[…]

In this writeup, I’ll describe a new technique to crack WPA PSK (Pre-Shared Key) passwords. In order to make use of this new attack you need the following tools: hcxdumptool v4.2.0 or higher hcxtools v4.2.0 or higher hashcat v4.2.0 or higher This attack was discovered accidentally while looking for new ways to attack the new Read more about New attack on WPA/WPA2 using PMKID[…]

Snapchat doesn’t just make messages disappear after a period of time. It also does the same to GitHub repositories — especially when they contain the company’s proprietary source code. So, what happened? Well, let’s start from the beginning. A GitHub with the handle i5xx, believed to be from the village of Tando Bago in Pakistan’s Read more about Hacker swipes Snapchat’s source code, publishes it on GitHub[…]

At a Kiev nightclub in the spring of 2012, 24-year-old Ivan Turchynov made a fateful drunken boast to some fellow hackers. For years, Turchynov said, he’d been hacking unpublished press releases from business newswires and selling them, via Moscow-based middlemen, to stock traders for a cut of the sizable profits. Oleksandr Ieremenko, one of the Read more about How a hacker network turned stolen press releases into $100 million[…]

A service named “Timehop” that claims it is “reinventing reminiscing” – in part by linking posts from other social networks – probably wishes it could go back in time and reinvent its own security, because it has just confessed to losing data describing 21 million members and can’t guarantee that the perps didn’t slurp private Read more about Nostalgic social network ‘Timehop’ loses data from 21 million users[…]

For the past two days, secure email provider ProtonMail has been fighting off DDoS attacks that have visibly affected the company’s services, causing short but frequent outages at regular intervals. “The attacks went on for several hours, although the outages were far more brief, usually several minutes at a time with the longest outage on Read more about ProtonMail / ProtonVPN DDoS Attacks Are a Case Study of What Happens When You Mock Attackers[…]

Starting yesterday, there have been numerous reports of people’s Windows computers being infected with something called “All-Radio 4.27 Portable”. After researching this, it has been determined that seeing this program is a symptom of a much bigger problem on your computer. All-Radio 4.27 Portable If your computer is suddenly displaying the above program, then your Read more about All-Radio 4.27 Portable Can’t Be Removed? Then Your PC is Severely Infected[…]

Adidas AG ADDYY 2.03% said Thursday that a “few million” customers shopping on its U.S. website may have had their data exposed to an unauthorized party. Neither the specific number of users affected nor the time frame of the potential breach were immediately disclosed, but the German sportswear maker said it became aware of the Read more about Adidas Reports Data Breach of a few million customers[…]

Ticketmaster on Wednesday disclosed a data breach reportedly caused by malware infecting a customer support system outsourced to an external company. In a statement, Ticketmaster said some of its customer data may have been accessed by an unknown intruder. Email notifications were sent to customers who purchased tickets between February and June 23, 2018, the Read more about Ticketmaster Discloses Breach That Impacts Nearly 5 Percent of Its Customers[…]

Since late 2013, this band of cybercriminals has penetrated the digital inner sanctums of more than 100 banks in 40 nations, including Germany, Russia, Ukraine, and the U.S., and stolen about $1.2 billion, according to Europol, the European Union’s law enforcement agency. The string of thefts, collectively dubbed Carbanak—a mashup of a hacking program and Read more about The Biggest Digital Heist in History Isn’t Over Yet: $1.2 b and still growing since 2013[…]