Hacking, Security & Privacy News - Page 2

All the latest Hacking, Security & Privacy news with plenty of coverage on new data breaches and leaks, new hacks, ways to protect yourself online & plenty more - Page 2.

Follow TweakTown on Google News

World's most popular operating system threatened by new form of malware

Jak Connor | Jun 13, 2024 8:39 PM CDT

Hacking groups have been using a piece of weaponized code for nearly 10 years to access both Windows and Linux operating systems, and now security researchers have discovered it is not a variant of other malware but its own individual entity.

World's most popular operating system threatened by new form of malware

A new report published by Trend Micro has outlined a go-to form of malware used by Chinese-state-sponsored hacking groups such as Iron Tiger and Calypso. The piece of malware is believed to have been used since at least 2016, and was originally thought to be a variant of other famous malware such as Gh0st RAT and Rekoobe. Trend Micro reports the new malware isn't a variant of the aforementioned malware, but a "new type altogether".

The publication suspects its currently being used by many Chinese hacking groups performing espionage or cybercrime, and it has been dubbed "Noddle RAT". The new form of malware has been confirmed on both Windows and Linux machines, with some instances dating back as far as July 2016.

Continue reading: World's most popular operating system threatened by new form of malware (full post)

Ticketmaster just got hacked exposing more than half a billion users

Jak Connor | Jun 1, 2024 2:32 AM CDT

A hacking group has claimed to have stolen an astonishing 500 million Ticketmaster customers' data, which includes a treasure trove of sensitive user data.

Ticketmaster just got hacked exposing more than half a billion users

It was only last month Ticketmaster was slapped by the Department of Justice (DOJ), which filed an anti-trust lawsuit against Ticketmaster's parent company Live Nation Entertainment over its alleged monopoly on the entertainment industry. Now, Ticketmaster is reportedly suffering as a hacking group claimed to have stolen more than 500 million Ticketmaster customers' data in a recent attack, which the group is now turning around and attempting to sell for $500,000.

According to the hacker group the treasure trove of stolen data is approximately 1.3 terabytes and contains various sensitive user information such as full names of Ticketmaster customers, their addresses, phone numbers, email addresses, order history and ticket purchase details. It doesn't stop there. The group also claims to have scraped customers' payment data which includes names and the last four digits of their credit card numbers that were used at checkout of the ticketing service.

Continue reading: Ticketmaster just got hacked exposing more than half a billion users (full post)

US authorities arrest administrator behind 'likely world's largest botnet ever'

Jak Connor | May 31, 2024 10:01 PM CDT

United States authorities announced they have arrested the administrator behind what is likely the world's largest botnet, which included more than 19 million compromised Windows machines across multiple countries.

US authorities arrest administrator behind 'likely world's largest botnet ever'

The description of the world's largest botnet comes from FBI director Christopher Wray, who said the botnet was used to gather millions of dollars from people over the last 10 years. More specifically, the FBI director said to the Justice Department that a international cyber operation was conducted to identify the alleged administrator of the botnet known as "911 S5", who was found to be the individual Yunhe Wang. Wang was arrested and US authorities "seized infrastructure and assets, and levied sanctions against Wang and his co-conspirators," said Wray.

The infection of this botnet was truly global, with US officials writing the 911 S5 Botnet had infected PCs in nearly 200 countries and "facilitated a whole host of computer-enabled crimes, including financial frauds, identity theft, and child exploitation." Moreover, the US Treasury wrote in its announcement Wang didn't act alone in the venture, and named two more alleged perpetrators, Jingping Liu and Yanni Zheng. In total, the US authorities believe the botnet netted Wang and others involved $99 million.

Continue reading: US authorities arrest administrator behind 'likely world's largest botnet ever' (full post)

College students discover security flaw that could let millions do laundry for free

Jak Connor | May 20, 2024 4:32 AM CDT

Two college students discovered a security exploit within the API of a washing machine that is currently in use across several countries.

College students discover security flaw that could let millions do laundry for free

Alexander Sherbrooke and Iakov Taranenko discovered the security flaw within the API created by the company behind the washing machines, CSC ServiceWorks. The two students claim the vulnerability within the internet-connected API enabled them to remotely turn a machine on without payment, and update their laundry account to display millions of dollars. Reports indicate that CSC ServiceWorks has more than a million machines across college campuses, housing communities, and laundromats in the US, Canada, and Europe.

The two college students contacted CSC ServiceWorks about the security flaw and didn't receive a response from the company, but noticed shortly after their laundry account balance was changed from millions of dollars back to $0. The two students spoke to The Verge and said the lack of response from CSC ServiceWorks led them to tell other people about the vulnerability, which resulted in the posting of the list of commands that enables anyone to access CSC's network-connected laundry machines.

Continue reading: College students discover security flaw that could let millions do laundry for free (full post)

How to Stay Safe from Cybercrime While Traveling Abroad

Kosta Andreadis | May 9, 2024 6:27 AM CDT

Traveling to a new country for work, leisure, or vacation can be as exciting as it can be daunting. You want to make the most of your time abroad, so everything from flights to accommodation to sites to see and food and beverages to consume happens online. However, at any point, do you stop and take a moment to consider cyberattacks and cybersecurity when traveling or planning a trip?

How to Stay Safe from Cybercrime While Traveling Abroad

The answer should be yes because cybercrime is as much of a threat as physical crime, especially when going on holiday or traveling to a new country.

According to ExpressVPN, a recent survey showed that 7% of travelers experienced some form of hacking or fell victim to a digital scam while traveling. This figure wasn't far off the 10% that experienced physical crime in the form of hotel room theft or pickpocketing.

Continue reading: How to Stay Safe from Cybercrime While Traveling Abroad (full post)

FBI confirms Chinese hackers have infested US water and energy systems

Jak Connor | Apr 19, 2024 10:46 AM CDT

FBI director Christopher Wray has said that a Chinese hacking group has infiltrated critical infrastructure systems in the US and is simply just waiting for the right moment to strike.

FBI confirms Chinese hackers have infested US water and energy systems

Wray revealed the news at the Vanderbilt Summit on Modern Conflict and Emerging Threats and said the group behind the attacks is called Volt Typhoon, and they have infested systems that are dedicated to controlling water, energy, and telecommunications. More specifically, Volt Typhoon has gained access to 23 pipeline operators, and according to the FBI director, China is developing the "ability to physically wreak havoc on our critical infrastructure at a time of its choosing."

Wray says China's plan is to attack critical civilian infrastructure to induce panic among the population. "Its plan is to land low blows against civilian infrastructure to try to induce panic," said Wray. Additionally, the FBI director said it was difficult to determine if these hacks are part of China's overall intention to push the US away from defending Taiwan.

Continue reading: FBI confirms Chinese hackers have infested US water and energy systems (full post)

US government blames Microsoft for hackers stealing federal email accounts

Jak Connor | Apr 12, 2024 12:38 AM CDT

Microsoft announced early last month that on January 12, 2024, it detected a security breach in its corporate email systems, which was traced back to the notorious hacking group Midnight Blizzard.

US government blames Microsoft for hackers stealing federal email accounts

The hacking group is known to be a Russia government-backed group that also goes by the name Nobelium, and the attack on Microsoft servers resulted in the group gaining access to federal government emails. Now, the US Cybersecurity and Infrastructure Security Agency (CISA), the cybersecurity arm of the US government, has confirmed via a statement published on Thursday that federal government emails were stolen "through a successful compromise of Microsoft corporate email accounts."

"Midnight Blizzard's successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies," said CISA

Continue reading: US government blames Microsoft for hackers stealing federal email accounts (full post)

Apple sends threat notification to users about state-of-the-art spyware attacks

Jak Connor | Apr 11, 2024 12:53 AM CDT

Apple has issued a threat notification to users in 92 countries, warning them that they may have been an individual target of mercenary spyware attacks.

Apple sends threat notification to users about state-of-the-art spyware attacks

The company took to its support blog to explain its threat notifications are designed to inform users they may have been individually targeted by mercenary spyware attacks because of who they are or what they do. Notably, Apple states these attacks are "vastly more complex than regular cybercriminal activity and consumer malware" as mercenary spyware groups have "exception resources," and they target a small number of specific individuals and their devices.

Additionally, Apple says these mercenary groups apply "millions of dollars" to their hacking ventures, and they only have a "short shelf life," which makes them very hard to detect/prevent. Apple says that historically, these attacks can be traced back to state-sponsored groups or private companies performing the attacks on behalf of the state, and since 2021, the company has notified users in over 150 countries.

Continue reading: Apple sends threat notification to users about state-of-the-art spyware attacks (full post)

Microsoft fixes a record-breaking number of security vulnerabilities

Jak Connor | Apr 11, 2024 12:01 AM CDT

Microsoft has fixed a record-number of security vulnerabilities in an April 9, 2024 update that the company has classified as critical.

Microsoft fixes a record-breaking number of security vulnerabilities

The 147 security vulnerabilities have now been fixed, with three of them being in Microsoft Defender for IoT, and all but two of them considered "high risk". The company says that none of the security vulnerabilities have been exploited, and it hasn't provided any details on the vulnerabilities themselves.

According to reports the large number of the vulnerabilities that are now patched are in response to a number of Remote Code Activation (RCE) exploits found in the OLE DB driver for SQL Server (38), DHCP and DNS servers (9) and SFB vulnerabilities within Secure Boot (24).

Continue reading: Microsoft fixes a record-breaking number of security vulnerabilities (full post)

Google paid $10 million to people finding issues with its products in 2023

Jak Connor | Mar 13, 2024 5:45 AM CDT

Google has taken to its blog to share a 2023 Year in Review for its Vulnerability Reward Program, a community-driven security effort that Google pays decent money for.

Google paid $10 million to people finding issues with its products in 2023

Google has rewarded 632 security researchers from 68 different countries with $10 million for all of the bugs discovered in the company's products such as Android and Google-powered devices. Notably, the maximum payout per issue was $15,000, and the biggest payout for a vulnerability report throughout 2023 was $113,337. During 2023 Google added generative AI platforms such as Gemini were added to the Vulnerability Reward Program, and throughout the year 35 reports were paid out for a total of $87,000.

More specifically, Google writes that for Android and Google's own devices it paid out $3.4 million for bugs discovered, with bugs found in its Wear OS and Android Automotive operating systems generating $70,000 across 20 critical bug discoveries. Google Chrome security researchers earned a hefty chunk of money pulling in $2.1 million for 359 vulnerability reports. If you are interested in reading more about this story, check out Google's blog post here.

Continue reading: Google paid $10 million to people finding issues with its products in 2023 (full post)