Late on Thursday, federal prosecutors signaled their intention to charge former NSA contractor Harold T. Martin with violating The Espionage Act after authorities discovered that he took upwards of 50 TB of classified data from the NSA to his home. While the precise details regarding the stolen data remain murky, the New York Times a few weeks ago claimed that it may have included “highly classified computer codes developed to hack into the networks of foreign governments” like China, North Korea and Iran.
One of the more common ways that purveyors of malware are able to trick unsuspecting users into downloading malicious software is to prey upon the public’s insatiable appetite for celebrity news, photos and gossip.
As a result, some celebrity-oriented search queries tend to be associated with a greater likelihood of downloading malware than others. As Intel notes, malicious actors are quick to put up websites “loaded with malware that can steal passwords and personal information,” especially in the days preceding new movie and music releases and in the days following a major celebrity breakup a’la the recent divorce news involving Brad Pitt and Angelina Jolie.
Yahoo has confirmed that a data breach from 2014 hit 500 million users, allowing hackers access to sensitive information, including poorly encrypted passwords.
A press release from Yahoo confirms the news, and follows reports earlier today that Yahoo was set to confirm the breach. If true, stealing the user credentials from 500 million users would be one of the largest hacks ever to hit a US company.
With the Snowden leaks, Stingray and FBI surveillance planes always in the news, most people just assume that The Man has god-like surveillance capabilities on tap. But the nuts and bolts of how government-sanctioned hacking actually works has always been a little mysterious.
A new video obtained by Motherboard shows an Italian software company showing off a hacking tool, intended for use by police forces and government agencies. The video shows how little technical knowledge cops really need to get a scary level of detail out of a target’s computer.
Researchers have discovered a scarily effective piece of malware, authored by an Israeli “cyber arms dealer,” that can completely hack an iPhone if the user clicks on one link. First found by a UAE human rights defender who was sent a malicious link, the spyware uses a series of zero-day exploits to thoroughly take control of a users’ iPhone.
Ahmed Mansoor, the human rights defender in question, was sent the link earlier in August. It was in a text message which promised him information if he followed the link. Instead, he sent the link to researchers at Citizen Lab, who analyzed the malware installed after the link.
Biometric authentication systems have been around for ages, but it wasn’t until Apple released Touch ID alongside the iPhone 5s that it entered the mainstream. Building off that, a number of banks across the globe have started to update their mobile apps with with fingerprint and facial recognition systems in place of the tried and true password.
At the Black Hat Conference in Las Vegas last week, Apple introduced its first bug bounty program. Whereas Apple has historically relied upon security researchers and hackers to discover and report critical security exploits out of the goodness of their hearts, Apple finally wised up and realized that it might want to include some sort of financial incentive for those who have a knack for discovering important security flaws.
Oracle, a software giant that makes point-of-sale credit card systems, has reportedly seen a massive security breach that could have far-reaching implications for its customers. According to security journalist Brian Krebs, a Russian cybercrime group has gained access to Oracle’s systems, including the customer portal for businesses that use its credit card processing systems. As you might imagine, this is not good.
Oracle confirmed to Krebs that it had “detected and addressed malicious code in certain legacy MICROS systems,” and is telling customers to reset username and passwords. The Micros systems are credit card processing terminals used by hotels, banks, restaurants, and hundreds of thousands of other businesses.
It sounds way too good to be true. “One Weird Trick Can Get You Into Any Airline Lounge You Want!” But as Wired reports, one ethical hacker did actually find a simple way to trick the computer systems used by airline lounges across the world.
The security flaw was discovered by Przemek Jaroszewski, the head of Poland’s Computer Emergency Response Team. He discovered that lounge access is coded into the QR code of an electronic boarding pass, but not verified by any central database.
According to hundreds of reports on social media, people across the US have been receiving password reset emails for their Walmart.com accounts, indicating that someone is trying to access those accounts and change the password.
This appears to be some kind of mass hacking attempt, although success appears to be limited for now.
As a desktop OS, Linux leaves a lot to be desired compared to OS X or Windows. But one thing we’re always hearing about is the Linux community, a frequently-sweary place likeminded geeks can gather and work towards the greater good.
Well, that community — or at least one of its more prominent message boards — has been badly hacked.
Bad news for Google, good news for pirates: a pair of security researchers have found a flaw in the way the Chrome browser unpacks encrypted video. It’s all rather technical, but the upshot is that pirates have an easy way to save DRM-ed video streams to their desktop.
Wired first reported on the vulnerability, which was discovered by researchers David Livshits from the Cyber Security Research Center at Ben-Gurion University and Alexandra Mikityuk of Telekom Innovation Laboratories.
I’m aware that card skimmers at ATMs and gas stations are a very real threat. I always pay attention when using a card machine, but to date, I’ve never seen a card skimmer in the flesh. Maybe that’s because they’re way, way sneakier than I’d imagined.