Following up from Fridays theft of $500 Million in NEM coins, Bloomberg has posted an article about the hack. According to the article, Coincheck has not disclosed how their system was breached, aside from it wasn't an inside job. No one knows who owns the accounts that the coins were...
In a forum post today, OnePlus has released more details on the breach that forced them to halt credit card payments on their site Tuesday. OnePlus states that "One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it...
Rhino Labs has discovered a new way to get your Windows credentials using the subDoc feature of Microsoft Word. The bad guys insert a sub-document into a Word file from a server out on the internet. This sub-document tricks the PC into giving up the NTLM hash needed for authenticaton. Once...
In a statement, the DHS announced that a data breach exposed personally identifiable information on more than 240,00 current and former employees in 2014. The breach also contained Investigative Data for individuals associated with investigations from 2002-2014, which includes subjects...
It has been discovered that several models of OnePlus smartphones were inadvertently left with a Qualcomm diagnostic tool called EngineerMode inside it's smartphones. The application was made to provide manufacturers like OnePlus a tool to test all the components of their devices. Robert...
On Wednesday, in a security hearing that called both Equifax and Yahoo’s past and present executives to Washington D.C., we’re learning a bit more about what Yahoo didn’t know about the biggest hack in history. So let me see if I can get this right....Yahoo had 500 million, I mean 3 Billion...
According to the Norwegian Consumer Council, they discovered flaws in child safety smartwatches that would allow attackers to track, eavesdrop or even communicate with the wearers. That sounds to me these so called safety watches could end up being just what a molester needs to track his...
Some of the biggest tech giants in the industry are warning customers of a very serious vulnerability affecting TPM chips produced by Infineon Technologies. The vulnerability itself is created by a flaw in the Trusted Platform Module (TPM), which is designed to protect cryptographic devices...
If you were a possible victim of the Pizza Hut hack earlier this month you should have received an email from the company by now. However, I'd recommend that anyone who has been buying Pizza Hut products online to keep a good eye on your credit report and credit cards. Supposedly it's only 60K...
Subaru's company motto is, "Confidence in Motion." However, confidence in how secure your Subaru might be another question altogether. One enterprising Dutch electronics wiz has found that the "rolling codes" used by most key fobs are not rolling at all with some Sabaru models. Instead of...
The latest reports from the massive Equifax hack is that the stolen records included 10.9 million driver's licenses from U.S. citizens. While your driver's license isn't exactly personal identification, having that information makes it that much easier to impersonate you. Equifax is also now...
It would seem that the FBI will not be forced to disclose the name of the company that cracked Syed Farook's iPhone 5C last year, or how much it paid to do so, in order for the FBI to search the contents of the phone after the San Bernardino terror attack.
In her ruling, released Saturday...
Patrick Wardle a former NSA hacker showed off a zero-day exploit in macOS High Sierra that allows an attacker to steal every password stored in the Keychain without needing a master login password. He reported the bug to Apple earlier this month, but the patch did not make it into the release of...
This is a good read.
It's interesting to know that the original iPhone did not have a single game on it. I've never had an iphone, but I feel like this scene paved the way not only for jailbreaking iPhones, but for Android as well.
Last week Intel let us all know that its Intel® Active Management Technology, Intel® Small Business Technology, and Intel® Standard Manageability products have an "elevation of privilege" issue that basically allows a "hacker" to enter a blank password into the AMT's web browser interface. This...
Rafael Scheel has found that hacking the glowing box in your living room is as easy as spending 180 bucks on a DVB-T transmitter. Once the transmitter is in range of the target boob-tube the hack begins to exploit hybrid broadcast TV signals to leverage common bugs that exist in most web...
Brickerbot is a new strain of malware that intentionally bricks unsecured Linux BusyBox-based IoT devices. Unsecured devices are typically placed into service without changing the default password, thus allowing anyone that can Google the default password for a product line to take control of...
At the Security Analyst Summit yesterday, Kaspersky Labs researchers announced the results of a deep dive into the top-to-bottom compromise of a Brazilian bank's online presence. Last October, for a weekend, hackers took control of the bank's DNS account and hijacked all 36 of their domains...
A group of security researchers at the University of Michigan and the University of South Carolina have demonstrated that it is possible to hack phones and self driving cars using nothing but sound waves. The sound waves are used to trick the accelerometers in the phones and cars to provide...
Intel's SGX or Software Guard Extensions were designed to hide sensitive data such as RSA keys. A team of researchers from Austria's Graz University of Technology were able to write a proof-of-concept malware that can grab RSA keys from SGX enclaves on the same system within 5 minutes of...
IoT connected devices just can't get out of their own way when it comes to internet security. A stuffed animal called Cloudpets that allows you to record conversations and send them to others has been coerced into giving out 2 million recordings along with 800,000 email addresses and passwords...
For maximum security, corporations will air-gap their most sensitive data. Air-gap is when the PC isn't connected to the internet or other PCs connected to a network that can assess the internet. Sounds like a really protected PC that you can trust? Of course not!
In this age of industrial...
On the heels of today's news that Yahoo still has hacking issues, it seems that Verizon wants a price reduction on their Yahoo purchase. Verizon is buying Yahoo on the strength of their messenger, email and search assets; none of which I have used in years.
I thought that the reduction would...
Newsweek is reporting that more than 10,000 websites were taken offline on Friday after a hacker associated with Anonymous targeted Freedom Hosting II, a hosting company allegedly hosting child pr0n. (Warning, the linked story, while safe for work, does starts playing automatically.) According...