Hacking, Security & Privacy News - Page 5

It wasn't until recently that I discovered Chrome has an in-built feature to help protect your kids (and anyone, actually) while browsing the web with Google's popular web browser. A recent Facebook post from the Google Chrome page alerted me to its "Enhanced Protection" security mode and family DNS feature, which we dive into below.

In the simplest terms, when turned on, this feature proactively monitors the user's behavior in Chrome and blocks bad websites, downloads, and extensions before they can cause a problem on your device. For example, you or your child might be about to enter a harmful website that attempts to steal important information. Chrome blocks the website and presents a very obvious red screen warning you.

A little discussion with your kids would go a long way, alerting them if they see this obvious red screen, reminding them it's a bad site and they shouldn't visit it. Chrome can also scan any downloads before the files are executed for malware. Privacy advocates may not be impressed by the feature since some of your data and activity need to be processed by Google. Still, it should be a suitable compromise for most if security concerns you. Considering this free feature doesn't slow down your devices as external security monitoring software and apps can, it's well worth it.

A group of hackers that are suspected of being Russian targeted more than a dozen US airport websites on Monday.

According to reports from ABC News and several other publications, a group of hackers believed to be located in Russia targeted fourteen US airport websites on Monday, with some of the websites being LaGuardia, O'Hare and LAX. The hack brought down the website for approximately fifteen minutes and sparked a response from a US government official that stated air traffic control, along with internal airport communications and other critical operations, weren't impacted by the hack.

However, travelers that were interested in wait times or any other information found on the website would have experienced an inconvenience. Furthermore, a spokesperson for LAX said that the attack didn't compromise internal airport systems and that there were no operational disruptions to report.

In what appears to be the largest education breach in the last couple of years, a large amount of student data has been released by a group of hackers that infiltrated a school system last month.

The hacking group named Vice Society claimed responsibility for the ransomware attack on Los Angeles Unified School District (LAUSD), which resulted in the bad actors gaining access to emails, computer systems, applications, and more. Reports indicate that hundreds of gigabytes of student data was stolen and that the hacker group demanded an undisclosed amount of money for the return of the data. Unfortunately, as expected by U.S. authorities, the data was released online as the October 4 deadline was not met.

According to Tech Crunch, the stolen data was posted to Vice Society's dark website and contains extremely sensitive data on students, such as personal identification information, passport details, Social Security numbers, and tax documents. Additionally, the half a terabyte of leaked sensitive information also contains confidential information in the form of documents, contracts, health information on students/staff, COVID-19 test data, conviction reports, and psychological assessments on students.

The hacking collective Anonymous has taken to YouTube to announce that its declaring war against the creators of one of the most popular NFT projects, the Bored Ape Yacht Club.

Anonymous released the above video onto its YouTube channel on September 27, and in the almost 9-minute long video, the hacking collective accuses the creators of the Bored Ape Yacht Club NFT project, Yuga Labs, of including "esoteric" Nazi, white supremacist, and pedophilic symbolism throughout its designs. These accusations aren't necessarily surprising, as Yuga Labs has previously denied any intentional inclusion of artistry that represents the aforementioned groups or ideologies.

Futurism reports that the accusations originally began with digital artist Ryder Ripps who published a website that connected symbols within some of the Bored Ape Yacht Club designs with Nazi symbolism. These allegations were seemingly picked up by Anonymous, which the hacking collective states in the above video it has found proof "beyond a shadow of a doubt" that Yuga Labs intentionally includes elusive Nazi symbolism within its digital art projects.

Hackers have infiltrated both Apple News and the business magazine Fast Company to send out an extremely offensive message to Apple News users.

The message, which has been reposted online in a censored and uncensored format, was confirmed to be a result of a hack, which was verified by both Apple News and Fast Company via Twitter. Apple News wrote on Twitter that an "incredibly offensive alert was sent by Fast Company", which was hacked, and that Apple has since disabled their channel. Fast Company wrote on Twitter that its Apple News account became compromised on Tuesday evening and that two "obscene and racist push notifications were sent about a minute apart".

Following up in more tweets, Fast Company clarified that its content management system (CMS) was hacked on Tuesday evening and which gave the hackers access to Fast Company's Apple News push notifications. The business magazine has stated that it launched an investigation into the situation and that its temporarily shut down FastCompany.com until the situation is completely resolved.

As part of the hacking collective Anonymous' operation against the Iranian government, it has claimed it has hacked the National Bank of Iran.

On Tuesday, a hacktivist collective claimed responsibility for the hacking of several Iranian government websites, including the website of the Central Bank of Iran. A member of the Anonymous hacking collective posted on Twitter on the same day as the attack, writing, "We are here with you. The operations against Iran began. Wait for us." Notably, two of the Iranian government websites, along with several other Iranian government-affiliated website, were brought down, coming back online a few hours later.

More specifically, one of the websites that was targeted by Anonymous was responsible for publishing government news and interviews with Iranian officials, and according to a social media account affiliated with the Anonymous hacking collective, "All database has been deleted". The hacking happened amid large-scale anti-government protests erupting in central Tehran, Iran's capital, and many Iranian cities and towns. These protests began on Friday last week when 22-year-old Kurdish woman Mahsa Amini who was wounded and arrested a week ago by the Islamic Republic's hijab police.

TikTok is facing many questions regarding its data security after rumors began circulating about its source code becoming comprised.

Bloomberg reported that several cyber security analysts took to Twitter on Monday to inform the public about a potential security breach in TikTok's source code. This security breach was traced to TikTok's data storage that the analysts claim contained personal account information on users, which led them to deem the purported breach a "high-severity vulnerability". The security breach was found in TikTok's Android application and would have allowed attackers to "comprise users' accounts with a single click".

On September 3 posts surfaced on the Breach Forums message board where a hacker wrote that the server contains 2.05 billion records in a humongous 790GB database. Followed by these rumors was a tweet from hacking group BlueHornet, who has seemingly had their account suspended by Twitter after this story gained traction. The tweet read, "Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?".

Reports indicate that several Russian soldiers have been baited by hackers using fake accounts of attractive women.

A new report from the Financial Times delves into a group of hackers called Hackyourmom that was founded by Nikita Knysh, a 30-year-old IT professional from Kharkiv, a northeastern city in Ukraine. Knysh informed the publication that he wanted to assist his country with the invasion and decided to form a group that consists of thirty hackers from various locations across Ukraine.

The founder of the group stated that last month he and his fellow hackers were able to gather the locations of several Russian soldiers in Melitopol by pretending to be attractive women on several social media platforms. The hackers communicated with Russian soldiers for quite some time, eventually convincing them to send photos of them on the front line, which immediately gave the hackers enough information to discern an approximate location.

Hackers have disrupted the flow of traffic in Moscow, Russia, by ordering dozens of taxis to what is originally considered to be a lightly trafficked road.

VICE reports that the ground of hackers infiltrated the ride-hailing app Yandex Taxi to order taxis to Kutuzov Prospect in Moscow on Thursday. The hacking was confirmed by a Yandex spokesperson who said that on the morning of September 1, the ride-hailing service detected a hacking attempt that sent several dozen taxi drivers an order to fill in the Fili district of Moscow. Notably, the Fili district is right outside of Moscow city center and is a typical road used to enter the city center.

Moscow is no stranger to traffic jams, as the city ranks as one of the worst in the world for traffic jams. Additionally, the Yandex spokesperson said that the initial security breach was fixed in less than an hour and that improvements have been made to the system to prevent future attacks. On September 3, the Anonymous TV Twitter account, an account affiliated with the notorious hacking group Anonymous, took to Twitter to "confirm" that Anonymous carried out the attack on the Yandex Taxi in cooperation with the IT Army of Ukraine.

Twitter has been discovered to have a major flaw that has reportedly exposed account data of millions of users, including celebrities and companies.

A cybersecurity expert that goes by the name Zhirinovskiy took to the HackerOne forum in January to report a vulnerability within Twitter's login pipeline. According to the report, the vulnerability was a gaping hole within the platform's cybersecurity, and just within a few days, Zhirinovskiy was able to successfully infiltrate and discover Twitter accounts linked to specific numbers and email addresses. Zhirinovskiy explained that a malicious party could easily find an individual's Twitter account with a phone number or email address.

Zhirinovskiy contacted Twitter support about the security flaw, which was found in Twitter's Android app, and was rewarded a $5,040 bug bounty for the discovery. A patch was rolled out that fixed the major issue, but according to Restore Privacy, it was already too late as a malicious individual that uses the username "devil" had already exploited the flaw and scraped 5,485,636 Twitter accounts. The swath of data was then thrown onto the dark web hacking community forum 'Breached Forums', where the lister claimed that the data included users that "range from Celebrities to Companies, randoms, OGs, etc."