Hack News, Articles and Updates

'Golden Ticket' SAML attack vector puts cloud apps at risk

New Golden Ticket technique could allow hackers to authenticate themselves with cloud services and enable any level of privilege.

AVGater hijacks functionality of AV tools to turn them against themselves

Researcher uncovers method of hijacking the functionality of some AV tools in order to compromise endpoints. Trend Micro, Emisoft, Ikarus, Kaspersky, Check Point's ZoneAlarm and Malwarebytes have fixed their offerings.

Boeing 757 airliner successfully hacked with radio comms hacking tools

A Boeing 757 airliner was successfully hacked by a team of public and private security professionals, according to a US Department of Homeland Security (DHS) official.

Kracking the code - why businesses don't yet need to panic about 'Krack attack'

Krack attackers need to be within range of the targeted Wi-Fi network, so widespread data loss is unlikely, but do add fixes when available as this vulnerability would allow anyone to read traffic from mobile and laptop to Wi-Fi devices.

Equifax hackers likely in network from March - 141 days before discovery

It took Equifax 141 days to discover a breach that exposed the data of 143 million US consumers with hackers likely accessing the credit monitoring firm's systems in March, a full two months before Equifax originally said they did.

BlueBorne shows Bluetooth protocol's security inadequately researched

Bluetooth technology is overlooked by security experts and bug hunters in comparison to other protocols. The highly eclectic and fragmented nature of devices relying on Bluetooth means that some may never issue secure updates.

Instagram hack victims identified, details now for sale on darkweb

The 500 A-list celebrities whose Instagram accounts have been hacked, and whose contact details are for sale on the dark web, have now been identified.

Messing about with Real Madrid Twitter accounts, FC Barcelona breached

Grey hat hackers pranked soccer fans by hacking the Real Madrid Twitter accounts and posting tweets announcing the signing of rival player Lionel Messi.

Skype bug allows hackers to execute arbitrary code on victim's machine

Security researchers have discovered a flaw in Skype that could enable hackers to run code on a target system, phish for credentials and crash applications.

ICYMI: MSP APT; MS 0-day; Travel phish: Retraining; Hacktivists hit

In Case You Missed It: Chinese hack MSPs; Windows Server 2003 flaw; Phishing hits travellers; retraining graduates; OpIsrael hacktivists targeted.

ICYMI: Cyber-Sec challenge; Tesco hack, DDoS hits Finns; US election hack?; NHS Trust downed

In this week's In Case You Missed It we look at: Youngest Cyber-Sec winner; Tesco bank hacked; DDoS hits Finns heating; US election vulnerability; NHS Trust closed by malware

ICYMI:PSN hacked; Russia prepares; Internet blackouts; Mirai botnet use; GDPR & Brexit

This week In Case You Missed It looks at: PSN hack on B1 launch; Russia prepares for retaliation; Blackouts from Dyn DDoS; Mirai botnets cause Dyn blackouts; Brexit confuses GDPR plans.

PSN hacked! Server outage on launch day of Battlefield 1

The PlayStation Network (PSN) is reportedly down worldwide on the same day as the launch of Battlefield 1, one of the network's biggest games.

ICYMI: US to retaliate; 6,000 stores hacked; Euro CyberSec exercise; GDPR preparation

ICYMI: This week: The buck stops with Obama; 6000 e-commerce stores hacked; largest ever pan-European cybersec exercise; preparation for the GDPR and mounting security spends

Hackers hiding stolen credit card details in images

Cyber-criminals extract financial information using website product pictures

Trump says Russia's role in hacks unclear, US intel community says otherwise

During Sunday's presidential debate, Donald Trump said Hillary Clinton doesn't know if Russia is behind hacks of the DNC and others.

Russia 'offers to rein in WADA hackers' in exchange for dropping sport investigation

Sources close to Russian presidency tell SC's Russia correspondent they can put a stop to Fancy Bear's attacks on World Anti Doping Agency (WADA) if an investigation of Russian sport is halted and atheletes pardoned.

ICYMI: Dropbox, Minecraft fans, malicious SSL attacks, voter databases breached

This Week: Dropbox data dump, Minecraft fansite data dump, one click iOS exploitation, more encryption means more cyber-attacks and two the voter databases of two separate US states get breached by hackers

Swift reveals banks of more cyber-thefts

Financial institutions advised to tighten security further

Epic hack, thousands of salted logins stolen

A hacker has stolen around 808,000 accounts from two forums run by Epic Games, the games maker has confirmed the hack and is investigating what happened.

WordPress Summer of Pwnage: 64 holes in 21 days

As the Pwnage summer heat rages on, hackers find 64 holes in popular publishing platform, WordPress

Researchers claim Android Keystore encryption is broken

Developers wrong to choose simplicity over security

20 million Iranian mobile users' data leaked but operator denies being hacked

Iran's second largest mobile operator, Irancell, lost the personal information of 20 million customers in a data leak last week but denies being hacked.

GoToMyPC, but not until you reset your password

Unfortunately, the GoToMYPC service has been targeted by a 'very sophisticated password attack', says GoToMYPC

Here's a free tool to help with the TeamViewer hack

The uncertainty about the TeamViewer breach has many sysadmins worried about steps to take to reinforce their security around this tool, so here's a free script that might help.

'Guccifer 2.0' claims glory for DNC Hack, more documents leaked.

A hacker named Guccifer 2.0 has come out to claim responsibility for the recent hack on the Democratic National Committee

Black-Hat uses SQL injection to your site to boost their SEO ranking

Instead of stealing your data, a criminal-run bot-net is using SQL injection to insert hidden links to boost the SEO of their own dodgey sites.

75% of UK consumers won't do biz with a company that has been hacked

Three quarters of UK consumers would stop doing business or cancel memberships with an organisation if it was hacked.

Filipino authorities arrest second man in hack that revealed data on 55M voters

The 23-year-old mastermind behind the hack of the Commission on Elections (COMELEC) website, which led to the exposure of 55 million voter records, was arrested by the Cyber-crime Division of the National Bureau of Investigation in the Philippines Friday.