Hackers who stole millions of customer records from affair-inciting site Ashley Madison have posted the data online.
It comes almost exactly a month after hackers, dubbed Impact Team, claimed to have breached the company's systems, pilfering as many as 37 million customer records. They then threatened to release the files online.
Just days after patching the DYLD_PRINT_TO_FILE vulnerability with a new OS X point release, Apple's desktop operating system has been hit with yet another zero-day exploit that would allow an attacker to gain root access without using a password.
The exploit was discovered by Italian developer Luca Todesco, who relies on a combination of attacks — including a null pointer dereference in OS X's IOKit — to drop a proof-of-concept payload into a root shell. It affects every version of OS X Yosemite, but seems to have been mitigated in OS X El Capitan, which is nearing release.
Many people rely on security questions like "What's your mother's maiden name?" to protect their personal information online, but hackers are getting better at finding the answers.
Case in point: the hackers who raided US Government's Internal Revenue Service data systems. Those attackers were much more successful at answering security questions than previously known, the government agency announced Monday, underscoring the dangers of using simple security to protect valuable data.
We now know one area Uber plans to invest in following the closing of its recent $1 billion funding round: security.
The ride-sharing startup plans to boost its security team from a staff of 25 to 100 by the end of 2015, Uber chief security officer Joe Sullivan told the Financial Times on Monday. Sullivan, a former assistant United States attorney who specialized in high tech crimes and hacking, joined Uber in April 2015 after a stint as Facebook’s chief security officer that lasted a little over five years.
In two separate presentations at Def Con in Las Vegas last weekend, security experts demonstrated vulnerabilities in two consumer drones from Parrot. The simplest of the attacks could make Parrot drones, including the company's Bebop model, fall from the sky with a keystroke.
Two-factor authentication is a great way to keep your online accounts safe. For those who are unfamiliar with two-factor authentication, basically what happens is that when you enter your regular password into the login page, you will then be prompted to enter another code. This code is generated on the spot and sent to your associated mobile device.
Oracle's chief security officer is tired of customers performing their own security tests on Oracle software, and she's not going to take it anymore. That was the message of a post she made to her corporate blog on August 10—a post that has since been taken down.
When Der Spiegel and Jacob Appelbaum published leaked pages of the National Security Agency's ANT Catalog—the collection of tools and software created for NSA's Tailored Access Operations (TAO) division—it triggered shock, awe, and a range of other emotions around the world. Among some hardware hackers and security researchers, it triggered something else, too—a desire to replicate the capabilities of TAO's toolbox to conduct research on how the same approaches might be used by other adversaries.
Adobe has fixed a series of security vulnerabilities in Flash Player
The company said in an advisory Tuesday that the updates will address security flaws that "could potentially allow an attacker to take control of the affected system." The patches aim to fix flaws that could lead to code execution -- in other words, allowing an attacker to run malicious code.
Sometimes, the simplest plans are the smartest. And the most illegal.
That’s certainly the case with a group of accused criminals, including six American stock traders and two Ukrainian hackers, along with 23 other defendants—who stand accused of running a very, very lucrative scheme for almost five years, according to the AP.
