A vulnerability in a widely-used internet forum software is becoming a go-to method for hackers to steal data.Hackers recently targeted 11 different sites, many of them from Russia, and stole information from more 27 million Internet accounts, according to LeakedSource, a repository for data breaches. About 25 million accounts of those accounts were from cfire.mail.ru, parapa.mail.ru, and tanks.mail.ru, all of them Russian language games. Another 1 million were tied to gaming titles from Funcom, including The Secret World and Age of Conan. The stolen data includes email addresses and hashed passwords that can be easily cracked.To read this article in full or to leave a comment, please click here
It’s never a good sign when a website markets itself with a phony security award. But that’s what Ashley Madison did prior to last year’s massive data breach.On Monday, privacy officials in Canada and Australia found that the Canadian adultery website used deceptive and confusing practices to make customers think the service was secure.Privacy authorities from both countries have been investigating Ashley Madison following last year’s hack, which exposed personal data on 36 million users, including names, credit card numbers, and in some cases, their sexual fantasies. To read this article in full or to leave a comment, please click here
It’s never a good sign when a website markets itself with a phony security award. But that’s what Ashley Madison did prior to last year’s massive data breach.On Monday, privacy officials in Canada and Australia found that the Canadian adultery website used deceptive and confusing practices to make customers think the service was secure.Privacy authorities from both countries have been investigating Ashley Madison following last year’s hack, which exposed personal data on 36 million users, including names, credit card numbers, and in some cases, their sexual fantasies. To read this article in full or to leave a comment, please click here
A recent data breach at Epic Games may have been avoided if the company had simply installed a security patch.On Monday, Epic Games reported that its internet forums had been compromised. The leaked data includes email addresses and hashed passwords taken from legacy forums at Infinity Blade, previous Unreal Tournament games, and an archived Gears of War forum.Epic Games declined to explain how the leak occurred, but a website that stores information on data breaches said hackers were responsible and that 808,000 users are affected.The anonymous attackers targeted the vBulletin forum software on Aug. 11, according to the website Leaked Source, which has been in contact with the hackers. To read this article in full or to leave a comment, please click here
A recent data breach at Epic Games may have been avoided if the company had simply installed a security patch.On Monday, Epic Games reported that its internet forums had been compromised. The leaked data includes email addresses and hashed passwords taken from legacy forums at Infinity Blade, previous Unreal Tournament games, and an archived Gears of War forum.Epic Games declined to explain how the leak occurred, but a website that stores information on data breaches said hackers were responsible and that 808,000 users are affected.The anonymous attackers targeted the vBulletin forum software on Aug. 11, according to the website Leaked Source, which has been in contact with the hackers. To read this article in full or to leave a comment, please click here
Anonymous hackers probably gave away hundreds of thousands of dollars in potential sales in the black market when they leaked valuable cyberweapons allegedly stolen from the U.S. National Security Agency.The hackers, known as the Shadow Brokers, posted a sample file of the cyberweapons earlier this month and at least some of them appear to be zero-day exploits, or attacks that rely on software defects that practically no one knew about.Before they were publicly leaked, each of these zero-day exploits could have sold for a great deal of money, according to security researchers. They’re designed to affect firewall and router products from Cisco, Juniper Networks and Fortinet, in addition to those from Chinese vendors.To read this article in full or to leave a comment, please click here
Anonymous hackers probably gave away hundreds of thousands of dollars in potential sales in the black market when they leaked valuable cyberweapons allegedly stolen from the U.S. National Security Agency.The hackers, known as the Shadow Brokers, posted a sample file of the cyberweapons earlier this month and at least some of them appear to be zero-day exploits, or attacks that rely on software defects that practically no one knew about.Before they were publicly leaked, each of these zero-day exploits could have sold for a great deal of money, according to security researchers. They’re designed to affect firewall and router products from Cisco, Juniper Networks and Fortinet, in addition to those from Chinese vendors.To read this article in full or to leave a comment, please click here
Republicans in Congress have subpoenaed three technology companies that declined to hand over documents about former U.S. Secretary of State Hillary Clinton’s private email server.On Monday, Datto, SECNAP Network Security and Platte River Networks received subpoenas from U.S. Rep. Lamar Smith, a Texas Republican.Smith is demanding documents from the companies as two congressional committees from the House and Senate investigate the Democratic presidential nominee’s use of a private email server while she was secretary of state.All three companies either sold products used in Clinton’s email server or were hired to maintain it, Smith said in the subpoenas. For example, Datto provided an online backup system that eventually began storing Clinton’s emails off site.To read this article in full or to leave a comment, please click here
Republicans in Congress have subpoenaed three technology companies that declined to hand over documents about former U.S. Secretary of State Hillary Clinton’s private email server.On Monday, Datto, SECNAP Network Security and Platte River Networks received subpoenas from U.S. Rep. Lamar Smith, a Texas Republican.Smith is demanding documents from the companies as two congressional committees from the House and Senate investigate the Democratic presidential nominee’s use of a private email server while she was secretary of state.All three companies either sold products used in Clinton’s email server or were hired to maintain it, Smith said in the subpoenas. For example, Datto provided an online backup system that eventually began storing Clinton’s emails off site.To read this article in full or to leave a comment, please click here
Smart sockets that let you control an electrical plug over the internet may sound cutting edge, but they can also be rife with security flaws.One such plug was found vulnerable to hacks. Security firm Bitdefender said that it could steal user email logins from the device, control it over the Internet, and potentially use the socket to launch other malware attacks. “This is a serious vulnerability, we could see botnets made up of these power outlets,” Alexandru Balan, chief security researcher at Bitdefender, said in a Thursday blog post.To read this article in full or to leave a comment, please click here
Smart sockets that let you control an electrical plug over the internet may sound cutting edge, but they can also be rife with security flaws.One such plug was found vulnerable to hacks. Security firm Bitdefender said that it could steal user email logins from the device, control it over the Internet, and potentially use the socket to launch other malware attacks. “This is a serious vulnerability, we could see botnets made up of these power outlets,” Alexandru Balan, chief security researcher at Bitdefender, said in a Thursday blog post.To read this article in full or to leave a comment, please click here
The disclosure this week of a cache of files supposedly stolen from the National Security Agency has put a spotlight on secret cyber weapons the NSA has been holding -- and whether they should be disclosed.Security researchers have been poring over a sample set of hacking tools that may have been stolen from the NSA.An anonymous group called the Shadow Brokers has posted the samples online and is auctioning off the rest, claiming they contain cyber weapons that rival the Stuxnet computer worm.Experts say the whole matter points to the danger of the NSA hoarding cyber weapons: they could fall into the wrong hands.To read this article in full or to leave a comment, please click here
The disclosure this week of a cache of files supposedly stolen from the National Security Agency has put a spotlight on secret cyber weapons the NSA has been holding -- and whether they should be disclosed.Security researchers have been poring over a sample set of hacking tools that may have been stolen from the NSA.An anonymous group called the Shadow Brokers has posted the samples online and is auctioning off the rest, claiming they contain cyber weapons that rival the Stuxnet computer worm.Experts say the whole matter points to the danger of the NSA hoarding cyber weapons: they could fall into the wrong hands.To read this article in full or to leave a comment, please click here
A suspect in a recent data breach at Sage, a U.K. provider of business software, has been arrested. On Wednesday, police in London detained a company employee.The 32-year-old woman was held for alleged fraud against the company, London City Police said. She has since been released on bail.It’s still unclear what information, if any, may have been leaked. However, Sage, a supplier of accounting and payroll software, began notifying customers about the breach last week.Between 200 and 300 business clients in the U.K. may have been affected. At the time, Sage said the breach had come from unauthorized access to internal login data.Security firm the Antisocial Engineer has been in contact with Sage and said a company insider was the prime suspect.To read this article in full or to leave a comment, please click here
A suspect in a recent data breach at Sage, a U.K. provider of business software, has been arrested. On Wednesday, police in London detained a company employee.The 32-year-old woman was held for alleged fraud against the company, London City Police said. She has since been released on bail.It’s still unclear what information, if any, may have been leaked. However, Sage, a supplier of accounting and payroll software, began notifying customers about the breach last week.Between 200 and 300 business clients in the U.K. may have been affected. At the time, Sage said the breach had come from unauthorized access to internal login data.Security firm the Antisocial Engineer has been in contact with Sage and said a company insider was the prime suspect.To read this article in full or to leave a comment, please click here
A stolen cache of files that may belong to the National Security Agency contains genuine hacking tools that not only work, but show a level of sophistication rarely seen, according to security researchers.That includes malware that can infect a device’s firmware and persist, even if the operating system is reinstalled. “It's terrifying because it demonstrates a serious level of expertise and technical ability,” said Brendan Dolan-Gavitt, an assistant professor at New York University’s school of engineering.He’s been among the researchers going over the sample files from the cache, after an anonymous group called the Shadow Brokers posted them online.To read this article in full or to leave a comment, please click here
A stolen cache of files that may belong to the National Security Agency contains genuine hacking tools that not only work, but show a level of sophistication rarely seen, according to security researchers.That includes malware that can infect a device’s firmware and persist, even if the operating system is reinstalled. “It's terrifying because it demonstrates a serious level of expertise and technical ability,” said Brendan Dolan-Gavitt, an assistant professor at New York University’s school of engineering.He’s been among the researchers going over the sample files from the cache, after an anonymous group called the Shadow Brokers posted them online.To read this article in full or to leave a comment, please click here
Not even the National Security Agency is immune to carelessness, according to noted leaker Edward Snowden. The agency’s operatives can get lazy, and sometimes they leave behind files inside the servers they’ve hacked.That could explain how an anonymous group managed to obtain hacking tools that may belong to the NSA. The files are up for auction to the highest bidder, and allegedly include cyber weapons that rival the Stuxnet computer worm.Counterhacking
On Tuesday, Snowden, a former NSA contractor, tweeted that it isn’t “unprecedented” for cyberspies to try to hack the agency’s malware staging servers.To read this article in full or to leave a comment, please click here
Not even the National Security Agency is immune to carelessness, according to noted leaker Edward Snowden. The agency’s operatives can get lazy, and sometimes they leave behind files inside the servers they’ve hacked.That could explain how an anonymous group managed to obtain hacking tools that may belong to the NSA. The files are up for auction to the highest bidder, and allegedly include cyber weapons that rival the Stuxnet computer worm.Counterhacking
On Tuesday, Snowden, a former NSA contractor, tweeted that it isn’t “unprecedented” for cyberspies to try to hack the agency’s malware staging servers.To read this article in full or to leave a comment, please click here
A ransomware strain has been making a pretty penny by opening its doors to unskilled hackers.
Security firm Check Point gained a rare look at the inner workings of the Cerber ransomware and found that its developers are building a network of partners to attack more targets -- and rake in more cash.
Check Point also warned that because of Cerber, more unskilled cybercriminals might choose to participate in ransomware schemes.
"Even the most novice hacker can easily reach out in closed forums to obtain an undetected ransomware variant," it said in a new report.To read this article in full or to leave a comment, please click here
Michael Kan