Hackers News, Articles and Updates

Pro-establishment Iranian hackers gaining prominence in the Persian Gulf

The rising capabilities of Iranian hackers came to the fore in 2017 when hacker groups like Helix Kitten, Charming Kitten, and Volatile Kitten launched several crippling cyber-attacks on Saudi Arabian entities.

Gwent Police sat on data breach exposure for a year before informing ICO

Gwent Police failed to inform up to 450 people that hackers may have accessed their confidential information after it found that an online tool that allowed citizens to report incidents to the Police was exposed to hackers.

Avast: CCleaner hackers planned to infect victims with third-stage Chinese hacking tool

The hackers who injected malicious code into a version of computer maintenance app CCleaner last year may have been preparing to deliver third-stage malware to some of the 2.27 million computers that had downloaded it.

Hacking Team reunion samples found in 14 countries

The Hacking Team is back: previously unreported samples of its infamous surveillance tool, the Remote Control System (RCS), were spotted in the wild throughout fourteen countries, according to ESET researchers.

Phishing campaign found to be targeting humanitarian organisations

Security researchers recently uncovered a phishing campaign that suspected Korean hackers had, since August 2017, unleashed on humanitarian aid organisations by using topics on North Korean politics.

Hackers could obfuscate malware through code signing and SSL certificates

Made to order certificates available on the dark web. Security researchers have discovered that hackers are able to obfuscate malware through code signing and SSL certificates.

Private chats and user accounts could be exposed by Tinder security bug

An easy-to-exploit bug has left Tinder accounts and private chats exposed to hackers, revealed a researcher this week.

Lazarus Group back from the dead - again - with renewed phishing campaign

Hacker group Lazarus has renewed a phishing campaign it launched, but instead of injecting malware to access enterprise IT environments, the group is now injecting implants to identify those running Bitcoin-related software.

2018 Winter Olympics hit with destroyer malware during opening ceremony

Warnings that the 2018 Winter Olympic Games would be the target for hackers came true almost immediately as the Pyeongchang computer system was hit with a "destroyer" cyber-attack knocking its website and other services offline.

Criminals ramps up server-side attacks

Hackers are increasingly turning to server-side attacks, according to a new report. Report notes fall in use of client-side exploit kits.

All versions' of Windows vulnerable to tweaked Shadow Broker NSA exploits

NSA exploits stolen by hacker Shadow Brokers can be tweaked to exploit vulnerabilities in all versions of Windows, including Windows 10 - so deploy the MS17-010 security update from Microsoft as soon as possible.

Hackers using sophisticated malware to target Winter Olympics organisations

Sophisticated implants such as Gold Dragon, Brave Prince, Ghost419, and RunningRat allow hackers to steal sensitive data from systems owned by organisations involved with the Winter Olympics in South Korea.

Active Directory attack could enable malicious domain controller set up

DCShadow attack allows installation of backdoor. Hackers could set up their own fake domain controller in an existing corporate network to distribute malware and leave a backdoor.

Cisco warns of a critical vulnerability in its SSL VPN solution

Hackers could run code on VPN box. Cisco has confirmed a critical security vulnerability in its SSL VPN solution, Adaptive Security Appliance (ASA), one of the most widely-deployed SSL VPNs on the market.

Owners of hacked Tokyo cryptocurrency exchange owed £302 million

On Sunday it was announced that Coincheck Inc would return 46.3 billion Yen (£302 million) of virtual money to its owners after hackers stole the amount last week in one of the biggest-ever virtual money thefts, according to Reuters.

Compromising security certificates is top priority for cyber-criminals

Digital security certificates assure regular users that the websites they visit can be trusted and are free of malicious code. But if security certificates are themselves compromised, how can users be protected from malicious hackers?

Ethical hackers can earn 16 times a software engineers' salary, report

A recent HackerOne survey found that some bug bounties bounty-hunters are earning more than 16 times what they would have earned as a software engineer in their own country.

Hackers crack BlackWallet DNS server, steal US$ 400,000

Attackers have made off with up to US$ 400,000 (£290,000) in cryptocurrency after an ingenious attack on Stellar Lumen (XLM) wallet, BlackWallet.

Hackers could steal from shipping companies by diverting cargo payments

Security researchers have found that freight messaging systems can be subverted to send money to criminals.

Meltdown, Spectre updates aplenty, but the fix is more complicated

A pair of flaws dubbed Meltdown and Spectre that take advantage of the speculative execution performance feature in modern CPUs make the memory of virtually all computers and devices accessible to hackers.

John McAfee Twitter and phone hacked to promote cryptocurrencies

Cyber-security pioneer John McAfee is warning users that anyone can be hacked after someone allegedly broke into his Twitter account to promote cryptocurrency investments.

More evidence emerges of North Korea targeting cryptocurrency industry

State-sanctioned North Korean hackers allegedly continue to target cryptocurrency companies and exchanges, particularly as a means of enriching the nation and countering the effects of imposed economic sanctions.

Russians suspected of gearing up to hit Ukraine power-grid over holidays?

Days before Christmas in 2015, remote hackers took control from Ukrainian grid operators and by digitally commandeering substations, shut off power for 225,000 customers for several hours.

Hackers use NSA exploits to mine Monero

Zealot campaign used Eternalblue and Eternalsynergy to mine Monero cryptocurrency on networks.

Contestants launch nearly 39,000 attacks in Radware Hacker's Challenge

The first-ever US-based Radware Hacker's Challenge took place in NYC last week, daring pentesters, bug bounty hunters, and other security pros to launch attacks on a simulated network and website in a race against the clock.

Hackers target private schools in UK

Hackers are taking advantage of poorly secured systems at schools in the UK, nicking identifying data, typically through phishing attacks, that they could use to target parents with fake invoices and other means of cyber-crime.

Building management systems still ripe for hacking

The security of building management systems has improved over the last few years but many of them aren't set up properly to avoid being hacked, according to security researchers.

Database aggregating 1.4B credentials found on dark web

A single file on the dark web with a database of 1.4 billion clear text credentials not only is the largest aggregate found there but it opens a trove of credentials to even the least sophisticated hackers.

Update: TeamViewer releases emergency patch for permissions flaw

TeamViewer has rushed out an emergency patch to fix a security flaw that could allow hackers to take over other machines during an active session.

Cryptocurrency thieves steal £51 million of Bitcoin from mining platform

Hackers may have gotten away with £51 million of bitcoin after a cyber-attack hit the cryptocurrency mining platform NiceHash. The attack was highlighted on Twitter and Reddit with users saying they may lose hundreds of dollars.