Internet users have obviously known for some time that hackers pose a serious threat, but we all got a shocking reminder when security researchers revealed the massive Heartbleed bug earlier this month. The OpenSSL security flaw affected an estimated 66% of the entire Internet at the time of its discovery, and it may have exposed usernames and passwords on any number of popular websites. Big companies were quick to address the bug but as we learned recently, Heartbleed was around for years before companies started patching it earlier this month. As such, hackers had plenty of time to exploit the flaw and steal your login details.
Have any of your online accounts been hacked because of Heartbleed? Have hackers breached your accounts using other means? Thanks to a few free websites, it’s remarkably easy to tell if your data might be at risk. More →
The threat from hackers is very real and a new report shows that things are only getting worse. We recently told you about a terrifying new interactive map that shows global cyberattacks happening in real time. If that map seemed surprisingly busy to you, it’s because it is — a new study from Akamai shows that hackers attacked websites 75% more frequently in the fourth quarter last year than in the previous quarter. More →
After LaCie announced earlier this week it was the victim of a massive credit card breach that lasted for a year, crafts store Michaels revealed in a press release that hackers may have stolen credit card data for 3 million of its customers, including buyers that shopped at its Aaron Brothers subsidiary. The company has hired two independent security firms to conduct an extensive investigation, which revealed that payment systems in Michaels and Aaron Brothers stores were attacked by “highly sophisticated malware” that had not been seen before by either firm. More →
Kickstarter on Saturday acknowledged a hack that occurred on Wednesday night, advising users to immediately change the passwords of their accounts. According to the company, “law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data.” Kickstarter says that “no credit card data of any kind” was accessed by hackers, and there’s “no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.” More →
The recent breach of Yahoo’s Yahoo Mail servers is the latest in a string of high-profile hacks that have taken center stage in the tech media lately. It seems that no service is safe from malicious hackers, who constantly come up with terrifying new ways to steal your data. Of course it’s not just wide-scale hacks we have to be afraid of — our various online accounts are always at risk. Google’s Gmail service is hugely popular so it’s often a target for hackers on the prowl. And considering how awful our passwords often are, hacking into Gmail isn’t always much of a challenge. As Tech2 noted on Friday, however, there’s a pretty easy way to find out if your account was hacked without waiting for your friends to email you asking why you’re suddenly peddling Viagra on behalf of a shady Vietnamese pharmacy. More →
The massive hack that hit Target in the weeks before Christmas 2013 wouldn’t have been possible without someone actually stealing the credentials of a vendor, Reuters revealed. “The ongoing forensic investigation has indicated that the intruder stole a vendor’s credentials, which were used to access our system,” Target spokeswoman Molly Snyder said, without revealing what was taken. More →
The Target data breach may be just the tip of the iceberg in what seems to be a massive sophisticated attack on U.S. retailers that may have possibly originated in Russia, according to newly discovered evidence. The Wall Street Journal reports that federal and private investigators who are looking into the matter have discovered that parts of the malware used to hit Target has been available on the black market since last spring, and was written in Russian, leading them to believe the attack may have ties to organized crime in the former Soviet Union. More →
More unofficial details about the late 2013 Target hack that exposed up to 40 million credit and debit cards and personal data for up to 70 million customers have started to surface, Krebs on Security reports, revealing that a piece of malware that’s “nearly identical” to a 207kb malicious program sold on the black market with prices starting at $1,800 may have been responsible for the massive card data breach. More →
Target was not the only retail chain under attack during the 2013 Black Friday hack, with Neiman Marcus and other unnamed retailers confirmed to have been hit in a similar fashion. Target has recently confirmed that hackers managed to steal personal data belonging to 70 million people during the attack, after initially saying they stole credit and debit card data belonging to up to 40 million customers, including encrypted keys.
Hackers in Europe managed to target several cash machines from an unnamed bank earlier last year by infecting them with malware from USB drives, BBC News reports. The researchers who discovered the hack detailed their findings at the Chaos Computing Congress in Hamburg, Germany recently. According to their report, the ATM thefts were discovered in July after a bank noticed how its machines were emptied of cash even though the cash should have been protected inside safes. The bank then discovered how criminals were cutting holes into ATMs in order to transfer malware from the USB to the ATM. Once the data transfer was complete, the holes would be patched up to conceal the attack. More →
Andrew “bunnie” Huang and Sean “xobs” Cross have discovered a way to hack even the small microSD cards that go inside current smartphones and tablets to increase their storage, as well as other flash-based memory solutions, presenting their findings at the Chaos Computer Congress (30C3). In a detailed blog post on bunnie:studios, Huang explained how the hack works, and why many flash cards are susceptible to being hacked and used for malicious purposes by people who are aware of this particular potentially serious security vulnerability. More →
Target on Friday confirmed that hackers managed to steal encrypted data including encrypted PINs, as reported by Reuters earlier this week, but added that the PIN numbers are still safe and hackers shouldn’t be able to use the information to compromise debit cards. According to the retailer, the PIN information is encrypted at the keypad and it remains encrypted within the system until it is decrypted only by the external payment processing company. The PINs were encrypted with Triple DES, “a highly secure encryption standard used broadly throughout the U.S.” More →