Revenge is sweet, but irony is sweeter. Apparently, the hacker who infiltrated San Francisco’s Muni transportation system late last week fell victim to his own horrible personal cyber hygiene.
According to security reporter Brian Krebs, a separate individual infiltrated the Muni hacker’s own email using nothing more than the ransom note provided by the hacker himself. And he pulled it off using the oldest trick in the book.
Members of the porn site xHamster should be changing their passwords today after a set of nearly 380,000 usernames, emails and poorly hashed passwords appeared online.
The subscription-only breach notification site LeakBase has published the set of login credentials, which Motherboard reports were being traded online. It’s not clear exactly where the database originated, but it contains information for only a small subset of xHamster’s 12 million registered users. While xHamster doesn’t require viewers to register with the site, those who do can comment and make video playlists.
The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan.
San Francisco’s public transit riders got what seemed like a Black Friday surprise: The system wouldn’t take their money. Not that Muni’s bosses didn’t want to, or suddenly forgot about their agency’s budget shortfalls.
Nope—someone had attacked Muni’s computer system and was demanding a ransom. Monitors in station agent booths were seen with the message, “You Hacked. ALL data encrypted,” and the culprit allegedly demanded 100 Bitcoin (about $73,000).
A low-tech but cunning malware program is worrying security researchers after it started spreading rapidly in the past week through a new attack vector: by forcibly exploiting vulnerabilities in Facebook and LinkedIn.
According to the Israeli security firm Check Point, security flaws in the two social networks allow a maliciously coded image file to download itself to a user's computer. Users who notice the download, and who then access the file, cause malicious code to install "Locky" ransomware onto their computers.
Attackers are compromising government and banks across Asia by exploiting a years-old zero day vulnerability in desktop publishing application InPage, which targets users working in Urdu or Arabic.
Kaspersky Labs analyst Denis Legezo found the attacks and reported the zero-day to InPage, which he says ignored his disclosures.
You probably know MailChimp either as an email newsletter service, or the company that seems to have adverts on every single podcast you've ever listened to. Hackers recently jumped on that popularity, and managed to send out emails containing malicious links to subscribers of various different companies.
The incident shows that hackers will likely use whatever distribution channels they can in an attempt to spread their malware and turn a profit.
Quantum computers have the potential to perform calculations faster than ever possible before, inviting a significant rethink in how we approach cyber security.
Given the amount of research being ploughed into this area, we are likely to see a commercially viable machine in the near future, so cryptographers and the cyber security industry in general should work to have a clear view on the implications way ahead of that achievement.
After an election marred by hacker intrusions that breached the Democratic National Committee and the email account of one of Hillary Clinton’s top staffers, Americans are all too ready to believe that their actual votes have been hacked, too. Now those fears have been stoked by a team of security experts, who argue that voting machine vulnerabilities mean Clinton should demand recounts in key states.
Google is warning prominent journalists and professors that nation-sponsored hackers have recently targeted their accounts, according to reports delivered in the past 24 hours over social media.
