Hacking, Security & Privacy News - Page 1

All the latest Hacking, Security & Privacy news with plenty of coverage on new data breaches and leaks, new hacks, ways to protect yourself online & plenty more.

Follow TweakTown on Google News

Google paid $10 million to people finding issues with its products in 2023

Jak Connor | Mar 13, 2024 5:45 AM CDT

Google has taken to its blog to share a 2023 Year in Review for its Vulnerability Reward Program, a community-driven security effort that Google pays decent money for.

Google paid $10 million to people finding issues with its products in 2023

Google has rewarded 632 security researchers from 68 different countries with $10 million for all of the bugs discovered in the company's products such as Android and Google-powered devices. Notably, the maximum payout per issue was $15,000, and the biggest payout for a vulnerability report throughout 2023 was $113,337. During 2023 Google added generative AI platforms such as Gemini were added to the Vulnerability Reward Program, and throughout the year 35 reports were paid out for a total of $87,000.

More specifically, Google writes that for Android and Google's own devices it paid out $3.4 million for bugs discovered, with bugs found in its Wear OS and Android Automotive operating systems generating $70,000 across 20 critical bug discoveries. Google Chrome security researchers earned a hefty chunk of money pulling in $2.1 million for 359 vulnerability reports. If you are interested in reading more about this story, check out Google's blog post here.

Continue reading: Google paid $10 million to people finding issues with its products in 2023 (full post)

Microsoft responds to 'holy grail' of Windows vulnerabilities

Jak Connor | Mar 11, 2024 12:56 AM CDT

Microsoft has finally addressed what has been described as the "holy grail" of Windows security vulnerabilities after being informed about it six months ago.

Microsoft responds to 'holy grail' of Windows vulnerabilities

Cybersecurity researchers from Avast informed Microsoft of the "holy grail" of security vulnerabilities in Windows that was used by the North Korean hackers Lazarus Group. The rootkit vulnerability was an admin-to-kernel exploit that was associated with a driver for AppLocker, which is an app that is designed for whitelisting software built into Windows. Notably, the vulnerability was discovered in the input/output dispatcher of appid.sys.

"A user-space attacker could abuse it to essentially trick the kernel into calling an arbitrary pointer. This presented an ideal exploitation scenario, allowing the attacker to call an arbitrary kernel function with a high degree of control over the first argument," said Avast

Continue reading: Microsoft responds to 'holy grail' of Windows vulnerabilities (full post)

Microsoft officially announces its under attack by hackers being paid by Russia

Jak Connor | Mar 9, 2024 12:35 AM CST

Microsoft has taken to its blog to officially announce that it is currently under attack by hackers sponsored by Russia.

Microsoft officially announces its under attack by hackers being paid by Russia

In its blog post, the company explains that on January 12, 2024, Microsoft's security team detected an attack on its corporate email systems, which triggered an immediate response by Microsoft and an investigation. The company identified the hackers as "Midnight Blizzard," a Russian state-sponsored actor that is also known as Nobelium. Since then, Microsoft has been conducting its investigation and has reported back that Midnight Blizzard is using information that it obtained through its hack on Microsoft's corporate email systems to "gain, or attempt to gain, unauthorized access."

More specifically, Microsoft writes that these attempts have resulted in "some of the company's source code repositories and internal systems" being accessed. Notably, Microsoft writes that it hasn't discovered any evidence of Microsoft-hosted customer-facing systems being compromised. Furthermore, Microsoft writes that Midnight Blizzard has increased its volume of attacks by as much as 10 times in February compared to the attacks it was experiencing in January.

Continue reading: Microsoft officially announces its under attack by hackers being paid by Russia (full post)

Google engineer faces 10 years in prison for stealing AI secrets for China

Jak Connor | Mar 7, 2024 8:31 AM CST

Many nations around the world are concentrating their efforts toward creating the most powerful artificial intelligence system, with the main goal being achieving Artificial General Intelligence (AGI), or a system that is capable of achieving the same level as sophistication as a human brain.

Google engineer faces 10 years in prison for stealing AI secrets for China

With the AI arms race fully underway, the two main countries competing are the United States and China. According to a report from The Verge, China has just gained a bunch of trade secrets from one of the biggest players in the game, Google. The report states that one Google engineer, Linwei Ding, also called Leon Ding, has been indicted by a federal jury and accused of stealing trade secrets regarding Google's AI chip software and hardware.

The former Google engineer has been accused of stealing 500 confidential files containing these AI secrets and being involved with China-based AI companies. Notably, the majority of the contents within the files is about Google's tensor processing unit (TPU), which is the hardware that powers many AI workloads such as the company's Gemini project.

Continue reading: Google engineer faces 10 years in prison for stealing AI secrets for China (full post)

Windows and Android users warned against growing Russian cybersecurity threat

Jak Connor | Mar 7, 2024 12:33 AM CST

A new malware campaign launched in December is beginning to gain steam, with researchers now putting out a warning to Windows and Android users.

Windows and Android users warned against growing Russian cybersecurity threat

The emerging cybersecurity threat targets corporate users, and according to researchers from Zcaler's ThreatLabz, which penned a new blog post discussing the threat, the attackers are specifically using fake online meeting hosting requests on a single IP address. These URLs are convincing enough to get corporate officials to kick on them to join the meeting as they are masquerading as Skype, Google Meet, and Zoom meeting requests.

Notably, the malware that is infected into the device is capable of stealing sensitive user data, or even company information. With this information the bad actor could then initiate ransomware, which is when bad actors threaten the company they stole the information from with either permanently locking the stolen data or releasing it online by a certain date - unless a substantial payment is made.

Continue reading: Windows and Android users warned against growing Russian cybersecurity threat (full post)

Malwarebytes software blocked malware from infecting a PC... from a vibrator connected via USB

Kosta Andreadis | Mar 1, 2024 12:27 AM CST

Recently, a Redditor posted a strange but funny incident surrounding malware being discovered using Malwarebytes software on a PC. Apparently, they connected a vibrator (yes, the pleasure toy) to their PC to charge when Malwarebytes Premium prompted them that it blocked malware from trying to infect the PC via the USB port.

Malwarebytes software blocked malware from infecting a PC... from a vibrator connected via USB

The, err, Sexology Pussy Power 8-Function Rechargeable Bullet Vibrator from Spencer was reportedly infected with something called Lumma - which steals information related to cryptocurrency, browser extensions, two-factor authentication, and more. Malwarebytes confirmed the story via its blog, noting Lumma is often associated with email, so spreading it via USB is less common but not unheard of.

To make the situation a little more on-the-nose, to avoid getting an STCV (sexually transmitted computer virus), Malwarebytes recommends the use of USB condoms. An actual device that sits on a USB port that prevents data exchange when a device is connected.

Continue reading: Malwarebytes software blocked malware from infecting a PC... from a vibrator connected via USB (full post)

Epic Games reportedly attacked by ransomware group that stole nearly 200GB of data

Jak Connor | Feb 28, 2024 9:17 AM CST

A hacking group has claimed they have infiltrated Epic Games servers and stolen nearly 200GB of data from the company.

Epic Games reportedly attacked by ransomware group that stole nearly 200GB of data

The Fortnite developer has reportedly been hacked by ransomware group Mogilevich, which WCCFTech and Cyber Daily report is a relative newcomer to the hacking scene. Regardless of its purported reputation, or lack of it, Mogilevich has claimed they have infiltrated Epic Games servers and stolen 189GB of data, which includes emails, passwords, full names of accounts, payment information, source code, and much more. Notably, the stolen data is reportedly up for sale, but there is currently no price attached, with a deadline set for March 4.

It should be noted the group has not provided any proof of their claims, which reasonably leads to the assumption of the possibility no data was actually stolen, especially considering that Epic Games hasn't confirmed nor denied the hack. While it's currently up in the air whether the hack took place or not, I would be recommended to change your Epic Games account as a precautionary measure.

Continue reading: Epic Games reportedly attacked by ransomware group that stole nearly 200GB of data (full post)

Cyber attacks are on the rise, and global costs will reach up to $18 trillion by 2030

Kosta Andreadis | Feb 23, 2024 2:28 AM CST

Technology has advanced so rapidly that most devices in a 2024 household are always online smart devices perpetually connected to the cloud. Beyond this, no workforce, industry, or government agency exists without a complex and interconnected web of users, systems, and online technologies. Is it any wonder that cyber-attacks are on the rise and have cost the world $8 trillion USD in 2023?

Cyber attacks are on the rise, and global costs will reach up to $18 trillion by 2030

According to ExpressVPN, the cost of cyber-attacks has increased steadily in recent years. With the rise of generative AI and more sophisticated technologies, the $8 trillion figure will hit $9.5 trillion in 2024 and effectively double to $17.9 trillion by 2030. Last year alone, the cost of cyber attacks would have made it the third-largest economy in the world behind the United States and China.

As for who bears the brunt of the cost, if you answered 'us,' you're correct. Looking into over 550 organizations hit by data breaches, IBM's 2023 Cost of Data Breach report arrived at this conclusion - additional costs passed onto consumers in various ways. So, the next time you see a subscription fee increase, one of the main reasons could very well be cybersecurity costs.

Continue reading: Cyber attacks are on the rise, and global costs will reach up to $18 trillion by 2030 (full post)

Three million smart toothbrushes infected by malware were used in a massive DDoS attack

Kosta Andreadis | Feb 7, 2024 12:33 AM CST

UPDATE: Turns out the following story was just a hypothetical situation and not real, an error in translation. "To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs," Fortinet confirmed in a statement. "It appears that due to translations, the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred." The original story follows.

Three million smart toothbrushes infected by malware were used in a massive DDoS attack

In the age of every household object doubling as a smart device, this headline might not be as strange as it sounds - and could soon become the norm. It seems that recent Swiss DDoS attacks that caused millions in damage resulted from - get this - three million smart toothbrushes infected by hackers with malware forming a botnet. Yeah, it is not exactly something you can (apologies in advance) brush off - as it highlights some of the dangers of smart devices like toothbrushes connecting to a network for seemingly simple tasks like tracking oral hygiene habits.

Apparently, there was a vulnerability in the Java-based OS, but the report doesn't indicate which online toothbrush brands were involved in the attacks. Probably all of them when you consider that next to no one is sitting there updating the firmware and monitoring the network traffic on their toothbrush.

Continue reading: Three million smart toothbrushes infected by malware were used in a massive DDoS attack (full post)

Your webcam might be shuttered, but an ambient light sensor is also a risk for being spied on

Darren Allan | Feb 2, 2024 1:00 PM CST

If you were worried about your webcam being a privacy threat, well, here's some bad news - there's something else to be concerned about that snoopers could leverage on your devices, namely the ambient light sensor.

Your webcam might be shuttered, but an ambient light sensor is also a risk for being spied on

These light sensors are present with many pieces of hardware - from phones and tablets through to laptops, or indeed TVs - and as the name suggests, they detect ambient light levels in order to adjust screen brightness appropriately.

However, there's a dark side to the light sensor, in that it can be compromised to spy on you, rather like a webcam (which these sensors are often placed near in laptops), if not to quite the same extent in terms of the invasion of your privacy.

Continue reading: Your webcam might be shuttered, but an ambient light sensor is also a risk for being spied on (full post)