Hacking, Security & Privacy News - Page 4

All the latest Hacking, Security & Privacy news with plenty of coverage on new data breaches and leaks, new hacks, ways to protect yourself online & plenty more - Page 4.

Follow TweakTown on Google News

Ransomware group claims to have hacked all of Sony's systems, company 'currently investigating'

Kosta Andreadis | Sep 27, 2023 12:27 AM CDT

According to a new report at Cyber Security Connect, a ransomware group called Ransomed.vc claims that it has compromised all of Sony's system and is putting up all of the company's data for sale.

Ransomware group claims to have hacked all of Sony's systems, company 'currently investigating'

It's a bold claim and could be one of the biggest security breaches in a long time, especially when you factor in the size and scope of Sony's operations - which includes over 40 million PlayStation 5 owners and gamers.

Ransomed.vc announced the breach on its leak sites, adding that Sony isn't willing to pay for the data it's up for sale. The extent of the breach and the validity of the claim haven't been confirmed, with Sony offering a statement to IGN that says it is " "currently investigating the situation" though it offers "no further comment at this time."

Continue reading: Ransomware group claims to have hacked all of Sony's systems, company 'currently investigating' (full post)

Microsoft AI researchers accidentally expose 38TB of data to GitHub

Jak Connor | Sep 20, 2023 11:18 AM CDT

A staggering 38 terabytes of data was accidentally leaked by Microsoft AI researchers on the website called GitHub, according to a cloud security company report.

Microsoft AI researchers accidentally expose 38TB of data to GitHub

The new report released by Wiz, a cloud security company, among the leaked files, were two entire backups of workstation computers that contained confidential Microsoft information such as company "secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages". The incredibly large data exposure may result in Microsoft's AI systems being vulnerable to attack or any other Microsoft-related systems. So, how did this happen?

Unfortunately, it was a simple yet critical mistake that occurred when Microsoft AI researchers were trying to publish a "bucket of open-source training material" and "AI models for image recognition" to GitHub. The files' SAS token was misspelled, resulting in the public's storage permissions switching to the entire storage account rather than the AI material that developers were attempting to publish. Unfortunately, the bad news doesn't stop there.

Continue reading: Microsoft AI researchers accidentally expose 38TB of data to GitHub (full post)

Hackers claiming responsibility for shutting down MGM Resorts say it took just a 10 minute call

Jak Connor | Sep 14, 2023 5:43 AM CDT

The company wrote in a statement that it identified a cybersecurity threat in some of its systems that has resulted in its website being temporarily shut down.

Hackers claiming responsibility for shutting down MGM Resorts say it took just a 10 minute call

MGM Resorts released a statement that confirmed its systems powering a selection of its casinos along the Las Vegas stripe detected a cybersecurity issue that caused some slot machines being taken offline, with other gambling systems also being temporarily shut down. The company said it took "prompt action to protect our systems and data," but isn't sure how widespread the vulnerability is and what systems have been affected by the attack.

The ALPHV/BlackCat ransomware group have claimed responsibility for the attack in a forum post, where it boasts that it was extremely easy to gain access to MGM Resort's systems. The ransomware group claims they used basic social engineering tactics to gain the necessary information to access the systems in order to obtain data that would force MGM Resorts to pay a ransom. However, MGM Resort refuses to pay the group.

Continue reading: Hackers claiming responsibility for shutting down MGM Resorts say it took just a 10 minute call (full post)

Good-guy hackers destroy spyware across 75,000 phones

Jak Connor | Aug 29, 2023 8:16 AM CDT

A group of unnamed hackers have gained access to spyware firm WebDetetive to delete device information in a move to protect 10s of thousands of people from being surveilled.

Good-guy hackers destroy spyware across 75,000 phones

Spyware is exactly what it sounds like - a piece of software that grants remote access to an individual's device to spy on them. Through this access, users can listen in on victims' phone calls, read messages, track locations, send/receive data such as photos/videos, view screens in real-time, and much more. Typically, this type of software is used by nefarious people who are interested in tracking individuals, monitoring there whereabouts and to gather intelligence that is typically used to blackmail the victim.

However, spyware is also used by government agencies to catch criminals. WebDetetive was one of these types of spyware until a group of unnamed hackers accessed their system and removed the device information from 76,000 devices, along with more than 1.5 gigabytes of data stored on the spyware service's servers. It should be noted that these are claims from a group of hackers and are yet to be independently verified.

Continue reading: Good-guy hackers destroy spyware across 75,000 phones (full post)

WinRAR version 6.23 patches up a very serious security flaw, so make sure you update now

Kosta Andreadis | Aug 21, 2023 6:02 AM CDT

If you're one of them any PC users out there that use WinRAR to handle their compression-related tasks (it's still one of the most popular archive utilities), then you might want to make sure you update to WinRAR version 6.23. Grab it here.

WinRAR version 6.23 patches up a very serious security flaw, so make sure you update now

The latest version of the shareware app patches a rather significant security flaw dubbed CVE-2023-40477, allowing hackers to access memory beyond the allocated buffer.

The flaw would give hackers code execution on the target system, though only after opening a malicious RAR file. Still, you're looking at a very serious vulnerability when someone can execute commands on your PC simply because you opened a RAR file, let alone extracted its contents. The fact that it requires the user to open a specific RAR file dropped the security flaw's severity rating to 7.8.

Continue reading: WinRAR version 6.23 patches up a very serious security flaw, so make sure you update now (full post)

AMD Ryzen CPUs affected by 'Inception' vulnerability and the fix could impact performance

Kosta Andreadis | Aug 17, 2023 6:02 AM CDT

Most modern Ryzen CPUs built using the Zen 3 and Zen 4 architectures (including the latest Ryzen 7000 series) are affected by the 'Inception' vulnerability. A new speculative side-channel attack that can expose sensitive or otherwise secure data - per AMD's description that you can read in full here.

AMD Ryzen CPUs affected by 'Inception' vulnerability and the fix could impact performance

The current understanding of 'Inception' is that the vulnerability is local, meaning you'd need to download malware containing the exploit for a potential issue. AMD notes that older Ryzen CPU hardware using the original Zen and Zen 2 architectures remain unaffected.

Regarding exploits, Inception is similar to the well-known Spectre attack, where secure data is accessed within memory via features in modern CPUs - going as far as to grab passwords, keys, and other secure data. The good news is that the exploit is being addressed in an upcoming AGESA Firmware update due for release later this month.

Continue reading: AMD Ryzen CPUs affected by 'Inception' vulnerability and the fix could impact performance (full post)

Microsoft vulnerability causes government emails to be hacked, officials launch investigation

Jak Connor | Aug 12, 2023 3:15 AM CDT

A Microsoft cloud breach that resulted in China state-backed hackers breaking into U.S. government emails has led the Cyber Security Review Board to launch an investigation.

Microsoft vulnerability causes government emails to be hacked, officials launch investigation

The Cyber Security Review Board (CSRB) announced on Friday that its investigation will look into cloud-based identity and authentication infrastructure, which will lead to a wider review of all potential and current problems.

This investigation was launched following U.S. government official email accounts being infiltrated by China state-backed hackers that gained access to U.S. Commerce Secretary Gina Raimondo's inbox, several other officials at the U.S. State Department, and officials at a few different government agencies.

Continue reading: Microsoft vulnerability causes government emails to be hacked, officials launch investigation (full post)

US military detects hidden Chinese malware on multiple systems that has an unusual intent

Jak Connor | Aug 1, 2023 3:34 AM CDT

US officials have claimed they have discovered what they suspect is Chinese malware designed to perform a specific task.

US military detects hidden Chinese malware on multiple systems that has an unusual intent

A new report from The New York Times has revealed that US officials have found Chinese malware across several military systems and that this malware isn't like the typical Chinese malware as it has a specific purpose - to disrupt. According to the report from the NYT, the malware isn't designed for surveillance, which is the typical form of malware that's discovered on US military and government systems.

Experts claim the recently discovered malware is simply to disrupt US military and civilian operations, and according to National Security Agency deputy director George Barnes, "China is steadfast and determined to penetrate our governments, our companies, our critical infrastructure." Notably, Rob Joyce, the director of cybersecurity at the NSA, said last month that the capabilities of the malware are "really disturbing" as it's able to shut off water and power and disable communications for both military bases and civilians.

Continue reading: US military detects hidden Chinese malware on multiple systems that has an unusual intent (full post)

Denuvo Anti-Tamper DRM creators want to prove it doesn't impact performance in PC games

Kosta Andreadis | Jul 11, 2023 1:28 AM CDT

It's a common belief that DRM in PC game releases, specifically the popular Denuvo Anti-Tamper anti-piracy software, adversely impacts performance. If a PC game is rocking DRM, you're looking at a noticeable drop-off in performance compared to a version of the same PC game without DRM-a pirated copy.

Denuvo Anti-Tamper DRM creators want to prove it doesn't impact performance in PC games

The Denuvo platform is owned by digital security company Irdeto, who bought Denuvo in 2018. In an interview with Ars Technica, Irdeto Chief Operating Officer of Video Games Steeve Huin, said, "There is no perceptible impact on gameplay because of the way we do things." Adding that anti-piracy measures are a benefit to both game publishers and players as it ensures that it protects investments and leads to more games in the future.

"Whether people want to believe it or not, we are all gamers, we love gaming, we love being part of it," Steeve Huin says. "We develop technologies with the intent to make the industry better and stronger." Translation, the people behind Devuno have a different take and want to prove it.

Continue reading: Denuvo Anti-Tamper DRM creators want to prove it doesn't impact performance in PC games (full post)

Starfield allows players to sell planet survey data, set up interstellar economies

Derek Strickland | Jul 3, 2023 3:36 PM CDT

One of the best ways to make money in Starfield is to sell data from planets that you survey.

Starfield allows players to sell planet survey data, set up interstellar economies

Starfield has 1,000 planets, and while only about 100 of them have life, that doesn't mean the rest of the 900 planets are complete barren wastelands with nothing to do. Bethesda has outlined an interesting player motivation loop that will keep you busy and reward you for venturing into the unknown and discovering planets.

In a very real sense, Starfield will make players into a kind of interstellar data analyst. You'll land on a planet, survey its life and resources, and then sell that data to a group in the game. This also brings lots of interesting implications--can you sell the data to the highest bidder? What happens if you sell it to the the pirates at the Crimson Fleet...will they start landing on the planets more often? Hmm...

Continue reading: Starfield allows players to sell planet survey data, set up interstellar economies (full post)