Ticketfly was the target of a malicious cyber attack last week In consultation with third-party forensic cybersecurity experts we can now confirm that credit and debit card information was not accessed. However, information including names, addresses, email addresses and phone numbers connected to approximately 27 million Ticketfly accounts was accessed. It’s important to note that Read more about Ticketfly exposes data on 27m customers in hack[…]

ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE: these are the vendors newly-named by Cisco’s Talos Intelligence as being exploited by the malware scum running the VPNFilter attacks, and the attack’s been spotted hitting endpoints behind vulnerable kit. As well as the expanded list of impacted devices, Talos warned that VPNFilter now attacks endpoints behind the Read more about VPNFilter router malware is a lot worse than everyone thought[…]

EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails. Email is a plaintext communication medium whose communication paths are partly protected by TLS (TLS). For people in hostile environments (journalists, political activists, whistleblowers, …) who depend on the confidentiality of digital communication, this may not be Read more about EFAIL: PGP and S/MIME (encrypted email) are no longer safe[…]

Thieves siphoned hundreds of millions of pesos out of Mexican banks, including No. 2 Banorte, by creating phantom orders that wired funds to bogus accounts and promptly withdrew the money, two sources close to the government’s investigation said. Hackers sent hundreds of false orders to move amounts ranging from tens of thousands to hundreds of Read more about Thieves suck millions out of Mexican banks in transfer heist[…]

It’s not particularly difficult, particularly with Shodan to help. The required steps are: Discover targets on Shodan by searching for the rootDesc.xml file (Imperva found 1.3 million devices); Use HTTP to access rootDesc.xml; Modify the victim’s port forwarding rules (the researchers noted that this isn’t supposed to work, since port forwarding should be between internal Read more about UPnP joins the ‘just turn it off on consumer devices, already’ club[…]

Hard on the heels of the first network-based Rowhammer attack, some of the boffins involved in discovering Meltdown/Spectre have shown off their own technique for flipping bits using network requests. With a gigabit connection to the victim, the researchers reckon, they can induce security-critical bit flips using crafted quality-of-service packets. Last week, we reported on Read more about Oh, great, now there’s a SECOND remote Rowhammer exploit / Nethammer[…]

PoC for a NTFS crash that I discovered, in various Windows versions Type of issue: denial of service. One can generate blue-screen-of-death using a handcrafted NTFS image. This Denial of Service type of attack, can be driven from user mode, limited user account or Administrator. It can even crash the system if it is in Read more about USB drive that crashes Windows[…]

Saks has been hacked — adding to the already formidable challenges faced by the luxury retailer. A well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor, according to a cybersecurity research firm that specializes in tracking stolen financial data. Read more about Card Data Stolen From 5 Million Saks and Lord & Taylor Customers[…]

European organisations are taking longer to detect breaches than their counterparts in North America, according to a study by FireEye. Organisations in EMEA are taking almost six months (175 days) to detect an intruder in their networks, which is rather more than the 102 days that the firm found when asking the same questions last Read more about EU businesses take 175 days to detect breaches vs global averge of 101 days[…]

Hundreds of thousands of online shoppers may have had their name, address, and credit information stolen by hackers thanks to a security issue with the online customer service software from [24]7.ai. Customers that shopped online at Delta, Sears, Kmart, and Best Buy could have been affected thanks to malware that was infecting [24]7.ai’s online chat Read more about Delta, Best Buy, and Sears Customers May Have Had Personal Info Stolen in Hack of [24]7.ai chat system[…]

Sodexo Filmology said it had informed the Information Commissioner’s Office and a specialist forensic investigation team. “We would advise all employees who have used the site between 19th March-3rd April to cancel their payment cards and check their payment card statements,” it said. “These incidents have been caused by a targeted attack on the system Read more about Sodexo Filmology attacked, kills service, tells users: good luck![…]

Orbitz says one of its older websites may have been hacked, potentially exposing the personal information of people who made purchases online between Jan. 1, 2016 and Dec. 22, 2017. The current Orbitz.com website was not involved in the incident. Orbitz is now owned by Expedia Inc. of Belleview, Washington. Orbitz said Tuesday about 880,000 Read more about Orbitz Says Legacy Travel Site Likely Hacked, Affecting 880K[…]

Last week, the code repository GitHub was taken off air in a 1.3Tbps denial of service attack. We predicted then that there would be more such attacks and it seems we were right. Arbor Networks is now reporting that a US service provider suffered a 1.7Tbps attack earlier this month. In this case, there were Read more about World’s biggest DDoS attack record broken after just five days using poorly configured memcache servers[…]

Computer speakers and headphones make passable microphones and can be used to receive data via ultrasound and send signals back, making the practice of air gapping sensitive computer systems less secure. In an academic paper published on Friday through preprint service ArXiv, researchers from Israel’s Ben-Gurion University of the Negev describe a novel data exfiltration Read more about Air gapping PCs won’t stop data sharing thanks to sneaky speakers[…]

Two Russian criminals have been sent down in America after pleading guilty to helping run the largest credit-card hacking scam in US history.Muscovites Vladimir Drinkman, 37, and Dmitriy Smilianets, 34, ran a massive criminal ring that spent months hacking companies to get hold of credit and debit card information. They then sold it online to Read more about Russians behind bars in US after nicking $300m+ in credit-card hacks[…]

Last year, a vigilante hacker broke into the servers of a company that sells spyware to everyday consumers and wiped their servers, deleting photos captured from monitored devices. A year later, the hacker has done it again. Thursday, the hacker said he started wiping some cloud servers that belong to Retina-X Studios, a Florida-based company Read more about A Hacker Has Wiped a Spyware Company’s Servers—Again[…]

Telegram has fixed a security flaw in its desktop app that hackers spent several months exploiting to install remote-control malware and cryptocurrency miners on vulnerable Windows PCs.The programming cockup was spotted by researchers at Kaspersky in October. It is believed miscreants have been leveraging the bug since at least March. The vulnerability stems from how Read more about Telegram desktop app exploited for malware, cryptocurrency mining[…]

In its original announcement of the hack, the company had revealed that some driver’s license numbers were exposed. The new documents show that the license state and issue date might have also been compromised. Equifax spokesperson Meredith Griffanti told CNNMoney Friday that the original list of vulnerable personal information was never intended to represent the Read more about The Equifax hack could be worse than we thought[…]

The Grammarly browser extension, which has about 22 million users, exposes its authentication tokens to all websites, allowing any to access all the user’s data without permission, according to a bug report from Google Project Zero’s Tavis Ormandy. The high-severity bug was discovered on Friday and fixed early Monday morning, “a really impressive response time,” Read more about Bug in Grammarly browser extension exposes virtually everything a user ever writes[…]