Biometric authentication systems have been around for ages, but it wasn’t until Apple released Touch ID alongside the iPhone 5s that it entered the mainstream. Building off that, a number of banks across the globe have started to update their mobile apps with with fingerprint and facial recognition systems in place of the tried and true password.
At the Black Hat Conference in Las Vegas last week, Apple introduced its first bug bounty program. Whereas Apple has historically relied upon security researchers and hackers to discover and report critical security exploits out of the goodness of their hearts, Apple finally wised up and realized that it might want to include some sort of financial incentive for those who have a knack for discovering important security flaws.
Oracle, a software giant that makes point-of-sale credit card systems, has reportedly seen a massive security breach that could have far-reaching implications for its customers. According to security journalist Brian Krebs, a Russian cybercrime group has gained access to Oracle’s systems, including the customer portal for businesses that use its credit card processing systems. As you might imagine, this is not good.
Oracle confirmed to Krebs that it had “detected and addressed malicious code in certain legacy MICROS systems,” and is telling customers to reset username and passwords. The Micros systems are credit card processing terminals used by hotels, banks, restaurants, and hundreds of thousands of other businesses.
It sounds way too good to be true. “One Weird Trick Can Get You Into Any Airline Lounge You Want!” But as Wired reports, one ethical hacker did actually find a simple way to trick the computer systems used by airline lounges across the world.
The security flaw was discovered by Przemek Jaroszewski, the head of Poland’s Computer Emergency Response Team. He discovered that lounge access is coded into the QR code of an electronic boarding pass, but not verified by any central database.
According to hundreds of reports on social media, people across the US have been receiving password reset emails for their Walmart.com accounts, indicating that someone is trying to access those accounts and change the password.
This appears to be some kind of mass hacking attempt, although success appears to be limited for now.
As a desktop OS, Linux leaves a lot to be desired compared to OS X or Windows. But one thing we’re always hearing about is the Linux community, a frequently-sweary place likeminded geeks can gather and work towards the greater good.
Well, that community — or at least one of its more prominent message boards — has been badly hacked.
Bad news for Google, good news for pirates: a pair of security researchers have found a flaw in the way the Chrome browser unpacks encrypted video. It’s all rather technical, but the upshot is that pirates have an easy way to save DRM-ed video streams to their desktop.
Wired first reported on the vulnerability, which was discovered by researchers David Livshits from the Cyber Security Research Center at Ben-Gurion University and Alexandra Mikityuk of Telekom Innovation Laboratories.
I’m aware that card skimmers at ATMs and gas stations are a very real threat. I always pay attention when using a card machine, but to date, I’ve never seen a card skimmer in the flesh. Maybe that’s because they’re way, way sneakier than I’d imagined.
Torrenting TV shows isn’t a particularly risky activity, but most pirates tend to prefer to keep their identity a secret. That’s why a security breach on the forums of uTorrent, the internet’s most widely used torrenting software, is not a good thing.
If there’s one person you’d think would use good security to protect social media accounts, Facebook CEO Mark Zuckerberg would be a good bet. But apparently, nothing is sacred: Zuckerberg’s Twitter, Pinterest and possibly Instagram accounts have all been hacked.
Zuckerberg’s accounts appear to have been compromised sometime on Sunday. In a series of messages posted to Zuck’s Twitter and Pinterest accounts, the hacker group OurMine took responsibility, and claimed they were just trying to raise awareness.
Teamviewer, a piece of software that people can use to remote-control PCs, appears to have been hacked. Numerous user reports have indicated that unknown third parties are taking control of PCs and trying to steal money, through services like PayPal or eBay. Needless to say, this looks bad.
Teamviewer has denied the allegations, but something’s definitely going on. Dozens of Reddit users are flooding the /r/teamviewer forum looking for advice, and one of my personal friends asked my advice after reporting something very similar.
Researchers from Trustwave’s SpiderLabs research team recently discovered a new zero-day exploit that affects all versions of Windows from Windows 2000 all the way up to Windows 10.
Trustwave initially discovered the exploit last month after seeing it advertised on a Russian hacking forum for the not-so-affordable price of $95,000. According to security researcher Brian Krebs, the exploit is of the “local privilege escalation” variety and, as a result, works in tandem with other exploits.
“An attacker may already have a reliable exploit that works remotely,” Krebs explains, “but the trouble is his exploit only succeeds if the current user is running Windows as an administrator. No problem: Chain that remote exploit with a local privilege escalation bug that can bump up the target’s account privileges to that of an admin, and your remote exploit can work its magic without hindrance.”
A security researcher has discovered a “bug” in Symantec antivirus software, which affects “the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products.” I say “bug” because it’s less bug, and more a gaping security flaw that makes it incredibly easy to hack any PC, Mac or Linux box running Symantec software.
The flaw (spotted by The Register) was found by Tavis Ormandy, a white-hat hacker whose previous work has involved hacking internet-connected scales. The Symantec bug is to do with how the antivirus engine scans code, in particular an old compression tool.