It doesn’t look good when half a billion of your company’s email accounts are hacked.
And it looks a bit worse when a cool billion of them in total were hacked.
Yahoo on Wednesday announced that it believes more than one billion Yahoo user accounts were compromised in a hack by an unauthorized third party in August of 2013.
The company disclosed that information stolen from affected accounts includes names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers. Clear text passwords, bank account information, and credit/debit card information were not believed to be accessed in the attack.
The Touch Bar on the new MacBook Pro notebooks has its fans and its detractors, but the fact that developer Adam Bell was able to run a copy of the classic shooter “Doom” on it is nothing short of awesome.
Keep in mind that since the Touch Bar is essentially a mini Apple Watch jammed above the notebook keyboard, there’s no reason it too can’t get involved. Bell stepped up to the plate for this one, uploading the following killer video to YouTube:
Following up on the large-scale distributed denial of service (DDoS) attack on Friday that temporarily took down large chunks of the Internet, it looks like Apple’s controversial “walled garden” approach to its HomeKit devices may have worked out.
As detailed in recent reports, the attack, which also targeted unprotected “Internet of Things” (IoT) devices, focused on Dyn, an internet management company that provides DNS services to many major web entities.
A series of repeated attacks caused websites including The Verge, Imgur and Reddit, as well as services like HBO Now, and PayPal, to see slowdowns and extended downtimes. Follow-up waves played havoc with The New York Times, CNN, Netflix, Twitter and the PlayStation Network, among many others.
Yet another chunk of malware for OS X/macOS to worry about.
Security researchers at Palo Alto Networks have identified a new trojan known as “Komplex”, which can download, execute, and delete files from an infected Mac. Interestingly, the Trojan will also save a PDF document to the infected system concerning the Russian space program.
The PDF document details planned Russian space projects from 2016 to 2025, but also acts as a decoy.
Well, this is why they invented bug fixes and updates.
A new discovery by iOS and security forensics company Elcomsoft has revealed that encrypted iOS backups saved via iTunes are now much easier to crack in iOS 10 than in recent years. The change in security is apparently due to a new password verification method in iOS 10.
The discovery focuses on the backup method, which in iOS 10, apparently “skips certain security checks” that were present in past versions of iOS. This allows passwords to be attempted signficnatly faster than before. The new backup method works alongside the old back up method, meaning that for pre-iOS 10 backups, the old method is used.
In the annals of hacks and breaches, this is pretty epic.
Yahoo confirmed on Thursday data “associated with at least 500 million user accounts” have been stolen in what may be one of the largest cybersecurity breaches ever.
The company said it believes a “state-sponsored actor” was behind the data breach, meaning an individual acting on behalf of a government. The breach is said to have occurred in late 2014.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in a statement.
Pokémon Go players who are found to be cheating have begun facing both punishment and permanent bans.
Game maker Niantic, the developer behind mobile sensation Pokémon Go, is now issuing permanent bans to players who violate its terms of service. Though TOS violations vary, these bans appear to be directed at cheaters who rely on GPS spoofing, bots, and other software techniques that allow Pokémon Go to be played beyond the realm of Niantic’s design parameters.
For instance, GPS spoofing lets you trick a smartphone into thinking you’re located in a different country, allowing you to catch pokémon that may be more easily located in that area or restricted to certain regions. Bots, on the other hand, let you automate portions of the game.
Edward Snowden may be in exile from the U.S., but that doesn’t seem to be slowing him down.
Snowden, who once met with reporters in a Hong Kong hotel room to spill the NSA’s secrets and famously asked them put their phones in the fridge to block any radio signals that might be used to silently activate the devices’ microphones or cameras, has released plans to announce a prototype for a device that could stop this kind of surveillance.
On Thursday at the MIT Media Lab, Snowden and well-known hardware hacker Andrew “Bunnie” Huang plan to present designs for a case-like device that wires into your iPhone’s guts to monitor the electrical signals sent to its internal antennas and they say it could offer a constant check on whether your phone’s radios are transmitting. They say it’s an infinitely more trustworthy method of knowing your phone’s radios are off than “airplane mode,” which people have shown can be hacked and spoofed.
In short, this could stop the transmission and thus better protect the user’s privacy.
After a hiatus, a trio of three new discovered Mac malware strains have emerged.
The strains, once installed, have the potential to access Web cameras, password keychains, and pretty much every other resource on an infected machine.
The first one, as mentioned yesterday, has been dubbed “Elanor” by researchers at antivirus provider Bitdefender and is hidden inside EasyDoc Converter, a malicious app that is, or at least was, available on a software download site called MacUpdate. When double clicked, EasyDoc silently installs a backdoor that provides remote access to a Mac’s file system and webcam, making it possible for attackers to download files, install new apps, and watch users who are in front of an infected machine. Eleanor communicates with control servers over the Tor anonymity service to prevent them from being taken down or being used to identify the attackers.