Yahoo confirms hack, roughly 500 million email accounts breached

Posted by:
Date: Friday, September 23rd, 2016, 05:51
Category: Hack, Legal, News, security

yahoomail

In the annals of hacks and breaches, this is pretty epic.

Yahoo confirmed on Thursday data “associated with at least 500 million user accounts” have been stolen in what may be one of the largest cybersecurity breaches ever.

The company said it believes a “state-sponsored actor” was behind the data breach, meaning an individual acting on behalf of a government. The breach is said to have occurred in late 2014.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in a statement.

(more…)

Niantic announces crackdowns, bans on Pokémon Go hackers, cheaters

Posted by:
Date: Monday, August 15th, 2016, 05:06
Category: Fun, Hack, iOS, News, Software

Pokemon-GO-Icon

Pokémon Go players who are found to be cheating have begun facing both punishment and permanent bans.

Game maker Niantic, the developer behind mobile sensation Pokémon Go, is now issuing permanent bans to players who violate its terms of service. Though TOS violations vary, these bans appear to be directed at cheaters who rely on GPS spoofing, bots, and other software techniques that allow Pokémon Go to be played beyond the realm of Niantic’s design parameters.

For instance, GPS spoofing lets you trick a smartphone into thinking you’re located in a different country, allowing you to catch pokémon that may be more easily located in that area or restricted to certain regions. Bots, on the other hand, let you automate portions of the game.

(more…)

Exodus Intelligence announces bounties up to $500,000 for zero-day vulnerability flaw discoveries in iOS 9.3 and higher

Posted by:
Date: Thursday, August 11th, 2016, 13:18
Category: Hack, iOS, News, security, Software

hackicon

Forget the $200,000 bounty Apple is offering for information regarding zero-day vulnerabilities in iOS, a new security firm is offering up to $500,000 per discovery.

On Tuesday, Texas-based Exodus Intelligence said it will give between $5,000 and $500,000 for zero-day vulnerabilities relating to iOS version 9.3 and higher.

These zero-days are software flaws that have gone undetected by Apple, making them potentially very valuable, especially for cyber criminals who can use them to hack iOS devices.

(more…)

Edward Snowden announces forthcoming prototype of device to prevent iPhone radio transmission

Posted by:
Date: Friday, July 22nd, 2016, 12:36
Category: Hack, Hardware, iPhone, News, security

snowdenprototype

Edward Snowden may be in exile from the U.S., but that doesn’t seem to be slowing him down.

Snowden, who once met with reporters in a Hong Kong hotel room to spill the NSA’s secrets and famously asked them put their phones in the fridge to block any radio signals that might be used to silently activate the devices’ microphones or cameras, has released plans to announce a prototype for a device that could stop this kind of surveillance.

On Thursday at the MIT Media Lab, Snowden and well-known hardware hacker Andrew “Bunnie” Huang plan to present designs for a case-like device that wires into your iPhone’s guts to monitor the electrical signals sent to its internal antennas and they say it could offer a constant check on whether your phone’s radios are transmitting. They say it’s an infinitely more trustworthy method of knowing your phone’s radios are off than “airplane mode,” which people have shown can be hacked and spoofed.

In short, this could stop the transmission and thus better protect the user’s privacy.

(more…)

Additional malware strains for Macs surface, GateKeeper still recommended as means of protection

Posted by:
Date: Thursday, July 7th, 2016, 11:43
Category: Hack, macOS, News, OS X, security, Software

trojanhorse

After a hiatus, a trio of three new discovered Mac malware strains have emerged.

The strains, once installed, have the potential to access Web cameras, password keychains, and pretty much every other resource on an infected machine.

The first one, as mentioned yesterday, has been dubbed “Elanor” by researchers at antivirus provider Bitdefender and is hidden inside EasyDoc Converter, a malicious app that is, or at least was, available on a software download site called MacUpdate. When double clicked, EasyDoc silently installs a backdoor that provides remote access to a Mac’s file system and webcam, making it possible for attackers to download files, install new apps, and watch users who are in front of an infected machine. Eleanor communicates with control servers over the Tor anonymity service to prevent them from being taken down or being used to identify the attackers.

(more…)

Apple leaves iOS 10 beta kernel unencrypted, opens door to white hat hackers, researchers

Posted by:
Date: Thursday, June 23rd, 2016, 08:41
Category: Hack, iOS, News, security, Software

ios10logo

This is interesting.

According to users who’ve been testing the iOS 10 beta, Apple apparently left the operating system’s kernel unencrypted. Apple confirmed this on Wednesday, citing that the move was performed to streamline system performance.

An Apple spokesperson stated that because iOS 10’s kernel cache does not contain sensitive information, it does not need to be encrypted.

(more…)

FBI not submitting San Bernadino iPhone hack for peer review

Posted by:
Date: Thursday, April 28th, 2016, 08:50
Category: Hack, iPhone, Legal, News, security

lockediphone5c

The FBI is keeping the San Bernadino iPhone hack technique to itself for the time being.

A recent report has stated that the FBI will not be submitting the exploit used to break into the iPhone 5c of San Bernardino shooter Syed Rizwan Farook to a review process that could clear it for sharing with outside parties.

The FBI, which used a third party to unlock the iPhone, apparently didn’t acquire the rights to the technical details used in the hack, according to Amy Hess, the FBI’s executive assistant director for science and technology. As a result, Hess said the agency doesn’t “have enough technical information about any vulnerability” that could be considered for release.

(more…)

AceDeceiver trojan surfaces on iOS devices in Chinese marketplace, exploits weakness in FairPlay DRM

Posted by:
Date: Thursday, March 17th, 2016, 08:31
Category: Hack, iOS, News, security, Software

trojanhorse

A new variant of iOS trojan has been found in the wild.

The trojan, named “AceDeceiver”, has been found to infect non-jailbroken iOS devices, was discovered by Palo Alto Networks and is currently affecting iOS users in China.

The malware exploits a flaw in Apple’s FairPlay digital rights management system. It apparently uses a technique called “FairPlay Man-in-the-Middle,” which has been used to spread pirated iOS apps in the past by using fake iTunes software and spoofed authorization codes to get the apps on iOS devices. The same technique is now being used to spread the AceDeceiver malware.

(more…)

Security researcher examines MacKeeper, says sensitive data for more than 13 million accounts easily accessed

Posted by:
Date: Monday, December 14th, 2015, 08:34
Category: Hack, News, security, Software

MacKeeper-Logo

And yet more reasons have surfaced as to why you’d want to punch the entire staff of MacKeeper in their heads.

A security researcher claims that extremely poor security has allowed him to access sensitive data for more than 13 million MacKeeper accounts.

White-hat researcher Chris Vickery, who has previously exposed data breaches at MLB, ATP, Slipknot and a network of K-12 charter schools in California, posted the following to Reddit:

I have recently downloaded over 13 million sensitive account details related to MacKeeper, Zeobit, and/or Kromtech […] stuff like names, email addresses, usernames, password hashes, computer name, ip address, software license and activation codes, type of hardware (ex: “macbook pro”), type of subscriptions, phone numbers and computer serial numbers.

(more…)

Researchers demonstrate proof of concept for firmware worm that can directly target Macs

Posted by:
Date: Monday, August 3rd, 2015, 16:00
Category: Hack, MacBook, MacBook Air, MacBook Pro, News, security, Software

trojanhorse

It’s generally been accepted that Apple’s computers are much more secure than their Windows PC counterparts.

This isn’t entirely true, as a part of researchers have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of Macs. The researchers have designed a proof-of-concept worm for the first time that would allow a firmware attack to spread automatically from MacBook to MacBook, without the need for them to be networked.

(more…)