Home » Archives by category » Headlines (Page 4)

Now’s a great time to find out if you’re a hacking victim

Something weird is happening in the world of hacked data—a lot of it is turning up around the same time. The phenomenon has Troy Hunt, the proprietor of data-breach search service Have I Been Pwned?, scratching his head. His site lets people see if they have indeed been “pwned” (victimized, in Internet-speak) in major hacks of online services, and he’s having a very busy time right now. Last week Hunt uploaded the data from the massive LinkedIn breach (167 million victims). He’s just added data from breaches of adult-connections site Fling.com (40…

Got $90,000? A Windows 0-day could be yours

How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000. So-called “zero-day” vulnerabilities are flaws in…

Myspace (which still exists) suffers major data breach

You would probably rather forget your Myspace profile. Mine included a number of prominently placed “My spoon is too big” references. But the social network is still around, and it apparently got hacked at some point, because user credentials from 360 million accounts started floating around online late last week. Whoops. Myspace said in a statement Tuesday that “[e]mail addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk.” It’s a rare opportunity for celebration among…

IG: Clinton refused official email address to keep message secret

Hillary Clinton told a top deputy in 2010 that she wanted to prevent messages to and from her personal email account from being publicly accessible, according to a government report released on Wednesday. Clinton has claimed that she exclusively used a personal email address for purposes of convenience. However, the report from the State Department’s inspector general suggests she was attempting to shield her communications from laws giving the public access to government information. “I don’t want any risk of the personal [email account] being accessible,” Clinton told top aide Huma Abedin…

It’s a trap! WhatsApp Gold ‘premium’ version lures users to malware

A new scam is tricking users of WhatsApp into downloading a so-called exclusive version of the app called ‘WhatsApp Gold’, which infects mobile devices with malware. A number of WhatsApp users have reported receiving messages that urge them to sign up for the ‘premium’ service through the WhatsApp Gold website, linked in the message. Users are urged not to click on the provided link from the message. The upgrade to the ‘premium’ version of the app claims to offer new features that are used by celebrities such as having video chats, sending…

FBI warns about keyloggers disguised as USB device chargers

A private industry notification issued by the FBI in late April may indicate that keyloggers disguised as USB device chargers have been fund being used in the wild. The notification does not say when or where the devices have been spotted, just that “the information in this notification was obtained through an FBI investigation.” The device in question is called KeySweeper. Created by well-known whitehat hacker Samy Kamkar, it is “a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over…

GSA says cyber ‘mistake’ was ‘no breach’; others investigate

The General Services Administration headquarters in Washington. (Mandel Ngan/AFP via Getty Images) A Government Services Administration office known as 18F functions as a computer consultancy for federal agencies and says it was “built in the spirit of America’s top tech startups.” But this government tech start-up had a technical slip-up of its own. “Over 100 GSA Google Drives were reportedly accessible by users both inside and outside of GSA during a five month period, potentially exposing sensitive content such as personally identifiable information and contractor proprietary information,” according to a “management alert” issued…

Latest Flash 0day exploit delivered via booby-trapped Office file

Genwei Jiang, the FireEye researcher who has been credited, along with several others, with the discovery of the flaw (CVE-2016-4117), says that the initial attacks were leveraged against targets running Windows and Microsoft Office. “Attackers had embedded the Flash exploit inside a Microsoft Office document, which they then hosted on their web server, and used a Dynamic DNS (DDNS) domain to reference the document and payload. With this configuration, the attackers could disseminate their exploit via URL or email attachment,” he explained. Victims would open the malicious Office document, and be shown…