China's long-running hacking efforts may be more extensive than first thought. Security researchers at ProtectWise's 401TRG team have determined that a long series of previously unconnected attacks are actually part of a concerted campaign by Chinese…
Google's Advanced Protection Program can be extremely valuable if you're a high-profile hacking target who's willing to trade a ton of convenience for some extra peace of mind. However, you've had to use Google's apps to get that protection — and th…
Game-makers have had a field day making examples out of cheaters the past few weeks. Most recently, a pair of Overwatch hackers were charged in South Korea as a result of a year-long investigation by the region's police. Working with Blizzard (transl…
The security community is still reeling from the discoveries of the Meltdown and Spectre computer vulnerabilities, and now it seems that a rash of new hardware vulnerabilities called MasterKey, RyzenFall, Fallout and Chimera have been found in the past few months, too.
Unlike most previous threats, all these vulnerabilities attack a computer’s hardware, rather than its software. This second release of attacks may be early indications that Meltdown and Spectre have opened a new front in the war between hackers and defenders in the realm of computer chips.
While experts are working to make and distribute patches for these bugs, the question remains: What does this mean for cybersecurity as a whole? The answer to that question starts with understanding a bit about how hackers work.
Hackers are a social and trendy bunch. A couple of years ago, hacking onboard computers on cars was common, so a bunch of vulnerabilities were found and patched and now cars have become somewhat harder to commandeer. Then drone hacking was all the rage, and drone manufacturers too have implemented patches and become somewhat more secure.
That is how cyber defenses work. Some smart researcher finds a new hole. If they’re nice (most are nice), they tell the manufacturers about it so they can fix the bugs. With Meltdown and Spectre, the researchers were nice and informed the manufacturers months beforehand. The MasterKey, RyzenFall, Fallout and Chimera researchers were not so nice, and only gave them a day. If the researchers are really not nice and decide instead to use their exploit, then some unlucky person or organization is probably going to have a very bad day.
That moment of discovery is the starting gun for an intense race between the defense community and the hacker community. Some hacker genius somewhere already knows how to use the bug and other hacker geniuses start working overtime to write their own code that exploits it.
Once a few of them figure it out, one of them will write a simpler version for people who don’t understand the details so that hackers who aren’t geniuses can use it too. Soon after that, it gets included in the common hacking databases. From that point on, anyone can literally point and click their way into your computer.
Although not much can be done for the folks who already had their bad day, the defense community, as a whole, almost always wins that race. As soon as their fastest programmer finds a fix, it can be quickly distributed throughout the world, making the new hacking toys only useful against the stragglers who fell behind the herd. And these days, it’s gotten pretty hard to fall behind. The patching process has become invisibly smooth, and most regular computer users never even know that there was a race on.
With hardware vulnerabilities, things could be different. You can’t change hardware by sending an invisible string of 1s and 0s through the air. For Meltdown and Spectre, workarounds where changing the software can help block the hardware problem are still being figured out and distributed. These workarounds showed up quickly at first, but the process has been anything but smooth, and proof-of-concept code for exploiting these vulnerabilities has been seen online for more than a month. As for the more recent vulnerabilities, it’s not clear yet what workarounds exist, and there might not always be a workaround that creates software solutions to hardware problems.
Though stark, this situation is not entirely unprecedented. Some operating systems are no longer supported by their vendors, which means that any new hole will go un-patched. The most famous example is Windows XP. Most people know by now that using Windows XP is not safe, but don’t fully understand how unsafe it is.
Today, any computer-savvy high schooler can watch a YouTube video and learn in just a couple hours how to point and click their way to control of someone else’s computer on the internet, so long as it is running Windows XP. Even with Windows XP though, when a truly nasty bug comes out, Microsoft can choose to go back and patch it like they did last year for the WannaCry ransomware. With a nasty hardware vulnerability, that may not even be an option.
So what can be done? Hopefully, the hacking community will not become enthralled with searching for hardware vulnerabilities. They might not. It is hard and requires rare expertise that is not as easy to come by as software hacking. If we are not so lucky, then defending the herd by responding quickly to the first attack may no longer be a viable approach — but herd immunity comes in many forms.
Perhaps it will be from increased diversity of chip designs or perhaps approaches to slow the spread of information from hacker genius to amateur. Perhaps it will be from improved perimeter defenses, although hardware at the perimeter may be just as vulnerable as the rest.
Time and again, the adaptability of the world’s smartest engineers have overcome the most dire threats to computing and the internet. The safe money is on them to win the day again, but with hardware vulnerabilities it may require a whole new approach for defending the herd.
The fallout from the 2016 presidential election continues to dominate the news. If you flick to your favorite news channel, there’s a strong chance at least something to do with the election is still making headlines.
And for a good reason. Whatever side of the political spectrum you hail from, there’s a lot to talk about.
One of the major sticking points is that of election hacking. Allegations of election hacking and tampering continue to swirl, and with more elections looming near, this combustible topic is going to feature increasingly.
However, election hacking is a broad term. With one eye on the midterms and another on the future, let’s try and understand exactly what election hacking is.
What Is Election Hacking?
Election hacking has a broad set of definitions, but you can boil it down to one central concept: manipulation of the voting process in favor of a candidate or political party.
Election hacking is also known as electoral fraud. At other times critics refer to it as vote rigging or electoral interference. But the objective is always the same—to directly influence the outcome of a vote.
One challenge facing voters is pinning down the effects of election hacking. Voters encounter difficulty because it isn’t usually a single observable issue taking place. In many cases, the manipulation is subtle, plays out over a lengthy period, and isn’t apparent until after the election results (but not all the time).
Around the world, numerous totalitarian states feature only name on the ballot: that of the existing leader or party, or parties subservient to the ruling party. This happens in countries like China, North Korea, Cuba, and Vietnam (there are several more, too). These are single-party dictatorships, however, and differ somewhat from rigged voting situations.
There are countless rigged election examples. For instance, the Ugandan general election of 2006, the Kenyan presidential election of 2007, the Romanian presidential election of 2014, the Syrian presidential election of 2014, and hundreds more all fit this category.
What Election Hacking Looks Like in Practice
Despite the many examples of electoral interference around the globe, election hacking boils down to just three major, coverall categories. Why? Because together, these three categories form a cohesive strategy for election hacking.
1. Manipulate the Voters Before the Election
The first strategy is to manipulate the voters before they hit the polling booths. Manipulating voters before an election is itself multifaceted, but there are prominent recent examples for you to examine.
The post-2016 presidential election analysis from various government agencies made it clear that Russia had run a “messaging strategy that blends covert intelligence operations—such as cyber activity—with overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or ‘trolls.’”
In early November 2017, Congress released a series of Russian-backed Facebook ads that targeted voters of specific demographics. The advertisements promote divisive, emotional topics designed to begin online arguments (some of which spilled out into public). Other revelations saw Russian-run Facebook pages uniting different political pages under unique hashtags to raise awareness.
“Fake news” plays a significant part in voter influence, as does social media in the distribution of the false stories. The severity of fake news varies. At times, fake news is a regular news report that has its truth economically twisted to suit the goal of the news outlet and their political choices.
However, at other times, fake news is outright lies spread throughout social media (sometimes using the aforementioned targeted advertising to hit key demographics that are more likely to share the fake media and thus increase its reach).
Facebook isn’t the only place where voters were unduly influenced by other nations. Twitter is also rife with fake bot accounts that only retweet specific hashtags. Reddit has well-known problems with downvote and upvote brigading, forcing dissenting voices toward the bottom of the conversation.
Fake news regularly appears in national newspapers, making bold, false allegations that target specific demographics or make sweeping, generalized statements. But when proven false, the newspaper prints a minute apology buried in the middle of an edition months down the line.
Another common voter manipulation tactic is to split the opposition support, then manufacture conflict between those parties. The US political system has only two major parties that will realistically win control of the three branches. Thus, splitting voters within parties isn’t a common tactic. However, in the UK, this tactic becomes more potent due to the overlap of many political parties.
2. Manipulate the Votes and Machines
Directly after the 2016 presidential election, voters were left wondering if nefarious individuals tampered with their voting machines. At the time, the Department of Homeland Security had found no evidence.
However, there were attacks against at least one US voting software supplier, while a leaked NSA document confirmed a breach with a Florida-based voting-equipment vendor. A Bloomberg report in 2017 alleges “Russian hackers hit systems in a total of 39 states,” drastically increasing the scope of potential interference.
A direct attack on the voting machines seems unlikely; outrageous, even. They are a bastion of democracy, after all. But hackers have repeatedly shown just how easy it is to exploit a voting machine. At the enormous DEFCON cybersecurity convention, it took hackers less than two hours to hack a US voting machine. The DEFCON organizers pooled 30 voting machines from a variety of manufacturers, none of which remained secure.
— Matthijs Pontier (@Matthijs85) July 29, 2017
One wireless hack exploited a 14-year-old vulnerability in unpatched Windows XP machines. Using the exploit, Danish security researcher Carsten Schürmann could change the machine vote tally from anywhere on the planet.
Despite what both major US political party supporters yell, there is still no evidence that there was direct voting machine manipulation affecting the outcome of the 2016 US presidential election. But “[w]ithout question, our voting systems are weak and susceptible,” says Jake Braun, CEO of security consulting firm Cambridge Global Advisors. “Thanks to the contributions of the hacker community today, we’ve uncovered even more about exactly how.”
3. Manipulate the Infrastructure
Finally, consider how manipulating the infrastructure around an election also plays a part in the outcome. Causing mass-disruption to citizens attempting to cast a vote is another way to hack an election. Disturbing the election process on the day of, or day before, can sway numbers.
Disruption levels vary, as you might imagine. An extreme example is the 1984 Rajneeshee attack. A religious cult poisoned over 700 Oregonians with salmonella to stop them voting in county elections, almost killing several in the process. At the same time, the cult registered thousands of homeless people to vote, promising them food in return. This level of disruption to cause “natural” voter fraud is rare. Also, it is difficult to contain, as the cult quickly realized.
However, widespread disruption doesn’t require poisoning or busloads of homeless people. A hacker with access to a voter database could delete or corrupt voter logs. Sounds outlandish? This exact hack took place at the aforementioned DEFCON conference. As you have already seen, Russian hackers hit voting systems in 39 states, so it isn’t entirely out of the question.
Another infrastructure disruption tactic is a powerful DDoS to take political information offline at critical moments. A Distributed Denial of Service (DDoS) attack is easy to organize, as well as cheap and very effective. Political sites can be forced offline under the strain of a DDoS attack.
So while mobilizing individuals or even thousands of people to commit voter fraud through disruption is difficult, using digital systems is not.
Election Hacking Is Broad
These three categories cover the majority of the electoral tampering spectrum. Unfortunately, it is broad.
But in democratic countries with a strong history of stable voting (as well as the peaceful transition of power), claims of electoral fraud are usually without basis.
The problem with such assertions is the resulting reactions harm those that already struggle to vote, in turn creating another form of election hacking (this falls under section one and three, by the way).
Image Credit: lisafx/Depositphotos
Thanks to a silly statement made by its prime minister, most British politicians are now asked in interviews about the worst thing they have ever done. When MP Kemi Badenoch was handed the question, she confessed to something quite serious: Hacking i…
Concerned about the security of your Bitcoin, Litecoin, Ethereum, or altcoin? You should be, particularly if you’re not using cold storage for security. Not convinced? Here are seven of the largest and most significant cryptocurrency hacks in history.
Why Hack Cryptocurrency?
Since mid-2017, the total market capitalization (coin price x number of coins) of the crypto space has bounced between roughly $250 billion and $750 billion.
That’s a lot of money. It makes all the different currencies extremely attractive to hackers and cyber-criminals.
But hackers had already been interested in coins and tokens for a long time before 2017’s remarkable bull run. In fact, cryptocurrency hacks are almost as old as the technology itself. Your money might not be as safe as you think it is.
1. 2010: 92 Million Bitcoin Out of Thin Air
We all love money for nothing. And with the current price of bitcoin, it’s fair to say we’d all love some cryptocurrency for nothing as well.
Back in August 2010, that’s precisely what happened.
In what is still the only major security flaw that’s been found and exploited in bitcoin’s code, a hacker managed to create 92 billion bitcoin out of thin air. At today’s prices, it would have made the hacker the wealthiest person on the planet. A number overflow error made the hack possible.
You can still see the forum thread where early bitcoin enthusiasts discovered the problem.
Luckily, the community was able to cancel all transactions following the hack and rollback the blockchain to its pre-hack state.
2. 2016: Bitfinex
Bitfinex is one of the most popular cryptocurrency exchanges in the world. It has about two million users and sees billions of dollars’ worth of transactions take place every day.
In August 2016, the company was the victim of a hack. At the time, it was the second largest hack in cryptocurrency history. Thieves stole 120,000 bitcoins. They were worth $72 million. In today’s prices, that would be several orders of magnitude larger.
Bitfinex’s usage of multi-signature wallets made the hack possible. Ironically, the company had only introduced the wallet’s 12 months previously in a bid to make users’ coins more secure.
The wallets were poorly coded. In theory, Bitfinex would hold two keys, and BitGo would store one. All parties would have to independently sign off on a transaction to verify it.
In practice, BitGo would simply mirror whatever Bitfinex did. As such, there was only one point of failure. As soon as hackers got into Bitfinex’s servers, the game was up.
The hack caused bitcoin’s value to drop 20 percent in the markets.
3. 2014: Mt Gox
The Mt Gox story is well-known in the crypto world. It is the largest bitcoin hack to date, and one of the most significant cryptocurrency hacks in history.
In case you’re not familiar, Mt Gox had grown to become the world’s principle crypto exchange; it was handling more than 70 percent of all bitcoin transactions.
In February 2014, it was discovered that hackers had stolen 850,000 bitcoins over a period of three years. 750,000 of them were from Mt Gox’s customers. Transaction malleability was to blame; someone could edit transaction details to make it seem like the transaction never took place.
In what proved to be a lesson in how not to handle a PR disaster, the Mt Gox board relocated the company’s headquarters to avoid protesters, deleted it’s Twitter accounts, and took its website offline.
4. 2011: Mt Gox… Again
Frankly, the writing had been on the wall at Mt Gox for a long time. While the 2014 hack is the one that still garners headlines, fewer people know the exchange had already been hacked once before three years previously. With hindsight, it was a sign of things to come.
So, what happened?
A computer belonging to one of the company’s auditors was comprised. A hacker, who therefore had access to the exchange, altered the nominal value of bitcoin to one cent.
The change created a huge “ask” order at any price, thus initiating a mass selloff. Accounts with values in the millions were affected, and the still-unknown hacker walked away as a rich man.
5. 2016: The DAO
The four hacks we’ve looked at so far have all affected bitcoin. But the world’s second-largest coin—Ethereum—has also been a victim. The hack happened in The DAO.
In simple terms, The DAO was a smart contract on the Ethereum blockchain that operated like a venture capital fund. Buyers could invest in The DAO through crowdfunding which would them allow them to vote on which companies the fund should invest in.
The original crowdfunding phase raised 12.7 Ether ($150 million), making it the largest crowdfunding project in history. It had control of 14 percent of all ether in circulation.
In June 2016, a hacker took advantage of a loophole in The DAO which allowed someone to create a “Child DAO.” They put a recursive function into the withdrawal request; the code made The DAO keep handing over more ether for the same DAO tokens. $50 million was lost.
The hack resulted in a soft fork and the splitting of the Ethereum community. The old Ethereum is now called Ethereum Classic; the forked version goes by the name of Ethereum.
6. 2018: Coincheck
The Coincheck breach is the most recent hack on this list. It only happened in January 2018.
Coincheck is a cryptocurrency exchange in Tokyo. The hack affected popular altcoin, NEM.
The theft has replaced the Bitfinex hack as the second-largest of all time. When valued in dollars, it could yet prove to be even larger than current record holder, Mt Gox.
The 500 million lost NEM coins were worth about $550 million at the time of the hack, but the value dropped more than 20 percent after the news broke. The 500 million coins represented about five percent of the total supply of NEM.
It seems that a simple network hack was responsible. The cybercriminal was able to remain undetected inside the network for eight hours, giving them enough time to siphon off the money into 11 separate accounts. All the accounts holding the money now have the coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker tag.
Thankfully, the Coincheck hack does have a slightly happier ending—at least from an end-user perspective. The company said it would use its own capital to reimburse all 260,000 customers who lost out. They will receive ¥ 88.549 per NEM coin.
7. 2017: NiceHash
In December 2017, NiceHash—a Slovenian crypto-mining marketplace—announced it had been a hacking victim.
The precise amount stolen is not known, but a bitcoin wallet that’s under suspicion holds 4,736.42 coins, the equivalent of about $70 million.
To be fair to NiceHash, it handled the loss well. Users thought the site would be gone for good, but a surprise announcement around the turn of the year said its customers would get their money back:
“We are happy to announce we have been able to reserve the funds required to restore balances from a group of international investors. Old balances will, therefore, be restored by January 31, 2018. We need this interim period to ensure all legal paperwork is processed correctly, so please be patient while we do this.”
Protect Yourself from Cryptocurrency Hacks
Of course, the hacks we covered are far from being the only examples of crypto hacks.
Reuters estimates that criminals have stolen 980,000 bitcoins from exchanges since 2011. Today, the stolen coins would be worth more than $6 billion. And that’s before you consider other coins that have also been a victim.
There are also countless examples of crypto scams that you need to watch out for.
If you have money invested in the crypto space, it’s more important than ever to make sure it’s secure. If you’re not sure where to start, we have you covered. Check out our list of the best crypto wallets.
Image Credit: fergregory/Depositphotos
The power of botnets is increasing. A sufficiently organized and globalized botnet will take down portions of the internet, not just single sites, such is the power they wield. Despite their huge power, the largest DDoS attack didn’t use a traditional botnet structure.
How Do Botnets Grow?
The SearchSecurity botnet definition states that “a botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things devices that are infected and controlled by a common type of malware. Users are often unaware of a botnet infecting their system.”
Botnets are different from other malware types in that it is a collection of coordinated infected machines. Botnets use malware to extend the network to other systems, predominantly using spam emails with an infected attachment. They also have a few primary functions, such as sending spam, data harvesting, click fraud, and DDoS attacks.
The Rapidly Expanding Attack Power of Botnets
Until recently, botnets had a few common structures familiar to security researchers. But in late 2016, things changed. A series of enormous DDoS attacks made researchers sit up and take note.
- September 2016. The newly discovered Mirai botnet attacks security journalist Brian Krebs’ website with 620Gbps, massively disrupting his website but ultimately failing due to Akamai DDoS protection.
- September 2016. The Mirai botnet attacks French web host OVH, strengthening to around 1Tbps.
- October 2016. An enormous attack took down most internet services on the U.S. Eastern seaboard. The attack was aimed at DNS provider, Dyn, with the company’s services receiving an estimated 1.2Tbps in traffic, temporarily shutting down websites including Airbnb, Amazon, Fox News, GitHub, Netflix, PayPal, Twitter, Visa, and Xbox Live.
- November 2016. Mirai strikes ISPs and mobile service providers in Liberia, bringing down most communication channels throughout the country.
- March 2018. GitHub is hit with the largest recorded DDoS, registering some 1.35Tbps in sustained traffic.
- March 2018. Network security company Arbor Networks claims its ATLAS global traffic and DDoS monitoring system registers 1.7Tbps.
These attacks escalate in power over time. But prior to this, the largest ever DDoS was the 500Gbps attack on pro-democracy sites during the Hong Kong Occupy Central protests.
Part of the reason for this continual rise in power is an altogether different DDoS technique that doesn’t require hundreds of thousands of malware-infected devices.
The new DDoS technique exploits the memcached service. Of those six attacks, the GitHub and ATLAS attacks use memcached to amplify network traffic to new heights. What is memcached, though?
Well, memcached is a legitimate service running on many Linux systems. It caches data and eases the strain on data storage, like disks and databases, reducing the number of times a data source must be read. It is typically found in server environments, rather than your Linux desktop. Furthermore, systems running memcached shouldn’t have a direct internet connection (you’ll see why).
Memcached communicates using the User Data Protocol (UDP), allowing communication without authentication. In turn, this means basically anyone that can access an internet connected machine using the memcached service can communicate directly with it, as well as request data from it (that’s why it shouldn’t connect to the internet!).
The unfortunate downside to this functionality is that an attacker can spoof the internet address of a machine making a request. So, the attacker spoofs the address of the site or service to DDoS and sends a request to as many memcached servers as possible. The memcached servers combined response becomes the DDoS and overwhelms the site.
This unintended functionality is bad enough on its own. But memcached has another unique “ability.” Memcached can massively amplify a small amount of network traffic into something stupendously large. Certain commands to the UDP protocol result in responses much larger than the original request.
The resulting amplification is known as the Bandwidth Amplification Factor, with attack amplification ranges between 10,000 to 52,000 times the original request. (Akami believe memcached attacks can “have an amplification factor over 500,000!)
What’s the Difference?
You see, then, that the major difference between a regular botnet DDoS, and a memcached DDoS, lies in their infrastructure. Memcached DDoS attacks don’t need an enormous network of compromised systems, relying instead on insecure Linux systems.
Now that the potential of extremely powerful memcached DDoS attacks is in the wild, expect to see more attacks of this nature. But the memcached attacks that have taken place already—not on the same scale as the GitHub attack—have thrown up something different to the norm.
Security firm Cybereason closely tracks the evolution of memcached attacks. During their analysis, they spotted the memcached attack in use as a ransom delivery tool. Attackers embed a tiny ransom note requesting payment in Monero (a cryptocurrency), then place that file onto a memcached server. When the DDoS starts, the attacker requests the ransom note file, causing the target to receive the note over and over again.
Actually, there is nothing you can do to stop a memcached attack. In fact, you won’t know about it until it finishes. Or, at least until your favorite services and websites are unavailable. That is unless you have access to a Linux system or database running memcached. Then you should really go and check your network security.
For regular users, the focus really remains on regular botnets spread via malware. That means
- Update your system and keep it that way
- Update your antivirus
- Consider an antimalware tool such as Malwarebytes Premium (the premium version offers real-time protection)
- Enable the spam-filter in your email client; turn it up to catch the vast majority of spam
- Don’t click on anything you’re unsure about; this goes double for unsolicited emails with unknown links
Staying safe isn’t a chore—it just requires a little vigilance.
Image Credit: BeeBright/Depositphotos
They say you don't notice something good until it's gone. With China's decision to restrict its information security researchers from participating in global hacking competitions, we're about to see what that looks like on the global "zero day" stage…
The Department of Homeland Security and the FBI released a report today detailing Russian efforts to hack into US government entities and infrastructure sectors, including energy, nuclear, commercial, water, aviation and critical manufacturing sector…
Lauri Love, a 32-year-old student accused of hacking US government websites in 2012 and 2013, has won a high court battle and will not be extradited to the States. He suffers from Asperger syndrome — a form of autism that makes him worry and obsess…
Game console manufacturers don't particularly like hackers, but Nintendo's relationship with them has always been particularly tenuous. At a recent hacking conference in Germany a team presented their efforts at getting homebrew games on Nintendo's l…
The hacker group called Fancy Bear (which has been linked to Russian intelligence agency GRU) has been accused of the leaking of the Democratic National Convention emails, the distribution of malware that hijaked Ukranian artillery guns, phishing cam…
A 20-year-old has pleaded guilty in a Chicago federal court to launching cyberattacks and harassment campaigns as a founding member of the hacker-for-hire groups Lizard Squad and PoodleCorp, according to the Chicago Tribune. Between them, the two out…
Mozilla has upset some of its most loyal users by inserting an add-on into Firefox without invitation or explanation. The add-on, called “Looking Glass,” turned out to be nothing more than part of the Mr. Robot ARG, but many Firefox users thought they had been hit with malware. Firefox add-ons are an integral part of Mozilla’s web browser, massively expanding its capabilities. Normally, you would visit the Add-on Store, find one you like, and install it. But in this particular instance, Mozilla distributed “Looking Glass” to every Firefox Quantum user. Mozilla Goes Through the Looking Glass “Looking Glass” appeared in…
Read the full article: Mozilla Inserted a Mr. Robot Add-on Into Firefox
More details are coming to light about Uber's huge data breach. Reuters is reporting that a 20-year-old Florida man was behind the 2016 extortion-oriented cyberattack and was paid through the firm's bug bounty program. We know that the individual, wh…
Some companies are just born with an infinite number of chances to keep doing everything wrong and yet somehow seem immune to the consequences. Uber is one of those companies. Uber's latest scandal — a fat hack and its dirty cover-up — is just one…
Uber's new CEO Dara Khosrowshahi has inherited yet another scandal from Travis Kalanick. The ridesharing firm has revealed to Bloomberg that it hid an extortion-oriented cyberattack which exposed the personal info for roughly 57 million customers an…
Amazon recently weirded out much of the internet when it unveiled its Key delivery service that lets its couriers open your home and deliver packages while you're away. A key part of that is the Cloud Cam security camera that confirms deliveries and…
One of the UK's top cybersecurity chiefs has revealed that Russian hackers are behind recent attacks on the nation's media, telecommunications and energy sectors. Speaking at the Times Tech Summit in London, Ciaran Martin, chief executive of the Nati…
Political mudslinging is a concept as old as politics itself, but in recent years it's found its way off the podium and onto the internet, and a new report now shows the extent of the problem. According to findings from Freedom House, governments in…
Facebook has announced it's trialling a tool in Australia to fight revenge porn on its platform, one that requires victims to send the company a copy of the violating images. Amazingly, this is true, and not a Clickhole story. It's the kind of thing…
Is Russia's hacking of the Democratic National Committee (DNC) emails a "hoax," as Donald Trump maintains? The US Department of Justice reportedly doesn't think so. It has identified six Russian government officials involved in hacking the DNC and us…
Senators Susan Collins and Martin Heinrich have put forward a bill that would protect America's voting infrastructure from foreign interference. The Securing America's Voting Equipment Act, or SAVE, is the newest attempt by the US to prevent election…
Many internet giants offer security measures like two-factor authentication (which you should really use) to keep your account safe from hackers. But there are a handful of people who are so valuable as targets that hackers will go after them specif…
The WPA2 encryption security protocol that protects your Wi-Fi connection has a flaw. And it’s a flaw that could allow hackers to intercept passwords, photos, emails, credit card information and more. It could also potentially be used to inject malware onto a website you’re casually visiting. This is a potentially catastrophic vulnerability that could adversely affect almost anyone connected to the internet. And unfortunately, there isn’t a great deal any of us can do to fix the problem. Instead, we’re reliant on the likes of Microsoft, Google, and Apple issuing fixes sooner rather than later. KRACKing the WPA2 Security Protocol…
Read the full article: Your Wi-Fi Connection Isn’t As Secure As You Think
Read the full article: We Bet You’re Making These Common Programming and Coding Mistakes!
Kaspersky is in hot water…again. The US government recently prohibited federal agencies from using the company's products, and the FBI is reportedly convincing private entities to do the same. Its latest headache is linked to the NSA cyberattacks a…
It's no secret that it's possible to hack voting systems. But how easy is it, really? Entirely too easy, if you ask researchers at this year's DefCon. They've posted a report detailing how voting machines from numerous vendors held up at the security…
China claims it wasn't behind the hacking of a US think tank that was set to host exiled Chinese tycoon-turned-activist Guo Wengui. The Hudson Institute abruptly canceled its event with Guo last week, claiming it had detected a Shanghai-based attack…