Hacking & Security News - Page 4
Scamming is becoming more and more prevalent in this day and age, and the new form of scamming that is hitting the internet in waves is 'business email compromise' or BEC for short.
What is a BEC scam? Well, its actually quite simple when you think about it. A BEC scam is when a criminal impersonates a third-party convinces someone at a business to wire them business funds. Usually the criminal will locate someone within the business that has access to the companies funds, once that person is located the criminal might compromise the email account holder or the companies supplier and request funds to be paid to them. Some cases of BEC scams have been based entirely on social engineering through spoofed email accounts.
In the case of Portland Public Schools, the scammer got two employee's at the schools to send him money as the scammer was posing as one of the institution's construction contractors. The employees unknowingly sent the scammer a staggering $2.9 million dollars, luckily Portland Schools moved extremely quickly and contacted the banks to freeze the transaction. The transaction was successfully frozen, and Portland Public School contacted the FBI for further investigation into the matter.
In this day and age with so many devices being adopted by users across the world, many users are worried about their safety with this ever-evolving technology, and they have every right to do so.
According to researcher lead Matt Wixey, for the PwC UK Cyber Security practice, a doctoral student discovered an exploit in speaker and volume controls through a range of different devices. This exploit allowed for researchers to hack into the devices and access the volume controls to produce sounds at volume levels that would be detrimental to human hearing. The researchers also found that these sounds that could be produced by the device could not only damage the victims hearing, but also the device itself.
Wixey has now taken his findings to a range of different device manufactures and some of these manufactures have updated their firmware so the attacks weren't possible. Unfortunately, Wixey mentions that despite the firmware changes, sound attacks such as these are still open on a plethora of different devices (which he didn't name for obvious reasesons). He also mentions that instead of hackers hacking into devices for data foraging, they could hack into devices with the intent of possible physical harm.
By now you would know that if it is on the internet then you should assume that it can basically be hacked. A new report has come out of Microsoft and even your printers aren't safe.
Microsoft announced on Monday that Russian hackers who go by the names; Strontium, Fancy Bear, and APT28 have been detected by Microsoft. These Russian hackers have also been linked to military intelligence agency GRU, and are known for their infiltration into the Democratic National Committee in 2016 and other well known hacks.
Since most PC's are using Windows at a corporate level, Microsoft has some of the best hacking detection software available and in April of 2019 Microsoft's Threat Intelligence Center detected an infiltration by Fancy Bear. According to Microsoft, Fancy Bear has used 'internet of things' devices such as phones, a connected office printer and a video decoder to access corporate networks.
A recent report has come out of the Wall Street Journal (WSJ) revealing that about 10,000 College students have had their personal information disclosed in a data breach.
The WSJ has said that the FBI notified education software company Pearson that there servers were recently hijacked, revealing college students' dates of birth and email addresses. The report also says that one Nevada school district told the WSJ that around 114,000 students that attend schools in that area between 2001 and 2016 have been effected.
According to the notes in WSJ, the leaked information doesn't contain sensitive information like "social Security numbers, credit-card data or other financial information." A spokesperson from Pearson told Mashable via email that the "Pearson Clinical Assessments notified affected customers of unauthorized access to approximately 13,000 school and university AIMSweb 1.0 accounts. The exposed data was isolated to first name, last name, and in some instances may include date of birth and/or email address. Protecting our customers' information is of critical importance to us. We have strict data protections in place and have reviewed this incident, found and fixed the vulnerability."
A recent announcement has come out from Capital One, who has admitted that there servers experienced a breach recently that has disclosed roughly 100 million American's personal information.
According to the announcement by Capital One, credit card information that they contained between the years of 2005 and 2019 has been disclosed. This potential of this information leak includes: "names, addresses, ZIP codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income, credit scores, credit limits, balances, payment history, contact information."
On top of that information leaking, the report also says that Capital One is also estimating that roughly 140,000 Social Security numbers were potentially compromised in the U.S, as well as 80,000 linked bank account numbers. The U.S Department of Justice has said that Seattle engineer, Paige A. Thompson has been arrested and indicted on accounts of having a connection to the breach.
A hacking group that goes by the nickname '0v1ru$' has disclosed some secret Russian spy projects, some of these projects were designed to store, monitor and decipher Tor users data.
The company that got hacked by 0v1ru$ is SyTech, a contracting company to the Federal Security Service of the Russian Federation. SyTech had its servers hijacked and 0v1ru$ managed to extract a whopping 7.5TB worth of data. Within the extracted data was several different security projects, the most notable one that was found was a project called 'Nautilus-S'.
The goal of the Nautilus-S project was to deanonymize Tor traffic while also creating a database of Tor users and their data. The disclosure revealed that this project begun way back in 2012, and was initialized in 2014 when Swedish researchers discovered Russian Tor nodes attempting to sift Tor users data. Since the hack has taken place, SyTech has taken down their website and has refused to contact the press regarding these disclosed projects.
A new report has been posted to the official United States Department of Justice website that has detailed a man who has pleaded guilty to the hacking of celebrities' Apple ID accounts.
According to the Department of Justice report, Kwamaine Jerell Ford has said he is guilty of hacking to the Apple accounts of certain professional athletes such as NBA players, NFL players musicians such as rappers. The report says that Jerell managed to gain access to these peoples accounts through tricking his victims into handing over their personal information by posing as a Apple customer support worker.
Once the account was compromised, Ford attempted to change the sign-in details of the account and scrape the credit card details that are attached to it. Ford then proceeded to pay "thousands of dollars" of travel and furniture for himself and was then indicted on six counts of computer fraud and aggravated identity theft. Ford has only pleaded guilty to one of these counts and his sentencing is scheduled to take place on June 24th. The high-profile people that were victims of Ford was not disclosed within the report.
As we get closer to the next Olympics, Japan is searching for new ways to beef up the security of their facilities but at the same time make sure that the increase of security doesn't hinder the process of getting inside of the Olympic venues.
The Japan Times has reported that sources close to the Olympic committee have said that there is speculation of facial recognition type technology to be used as security for the expected 300,000 to 400,000 attendees. If chosen as the select approach it has been said that it will not be used on spectators but instead could reduce the wait time of attendees such as officials and coaches.
There has been no official confirmation of if this technology will be implemented, so all concerns revolving around privacy have not been addressed yet. As we move closer to the beginning of the 2020 Olympics it is assumed that we will be updated with a confirmation announcement for if facial recognition is go or not.
TIO Networks is a telecom, wireless, cable and utility network operator in North America that also offers bill payment services, earlier this year PayPal purchased this company for $233 million and now it has come out that TIO network has had their data compromised. PayPal announced on November 10th that there was a potential breach in the TIO network but now has later confirmed that they "identified a potential compromise of personally identifiable information for approximately 1.6 million customers.
Thankfully PayPals systems are not linked in anyway to that of TIO networks as PayPal reassures customers that their data remains in secure hands.
"A review of TIO's network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers. The PayPal platform is not impacted in any way, as the TIO systems are completely separate from the PayPal network, and PayPal's customers' data remains secure."
Nghia Pho, a former NSA employee has pleaded guilty to taking home classified information that was soon after linked to a hack from Russian intelligence. Pho will be sentenced on April 6th and has had his maximum penalty capped at 8 years, which would usually be 10 years.
According to sources of The New York Times, Pho stole the information both in physical and digital form between 2010 and 2015, then proceeded to intentionally use this information to then rewrite his resume. The hack came through exploited Kaspersky anti-virus software which the company was not aware of at the time. Kaspersky was aware that it has held NSA data but it is not clear whether it was that specific data or not.
Recently the NSA has had to deal with many leaks, scrambling to fix all these leaks could either motivate others to come forward and blow the whistle, or they could see Pho be made an example of, putting fear into others that were considering coming forward because of the penalty.