As indicated by an earlier report, Yahoo today confirmed it’s working with law enforcement to investigate a data breach which affected the account information of “at least” 500 million users. The company says that the user account information was stolen from its network in late 2014 by what it now believes to be a state-sponsored actor. The stolen information includes people’s names, email addresses, telephone numbers, birth dates, passwords (most hashed with bcrypt), and, in some cases, encrypted or unencrypted responses to security questions and answers.
Continue reading “Yahoo confirms state-sponsored attacker stole personal data of “at least” 500 million users”
EDGARTOWN, Massachusetts — House Minority Leader Nancy Pelosi warned fellow Democrats on Saturday to change their cellphone numbers and not let family members read their text messages after personal and official information of Democratic House members and congressional staff was posted online.
Continue reading “Nancy Pelosi warns fellow Democrats of “electronic Watergate break-in””
In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years. But that experience doesn’t seem to have deterred Garcia and his colleagues from probing more of VW’s flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995.
Continue reading “A New Wireless Hack Can Unlock 100 Million Volkswagens”
Now $200,000 seems like small change.
It was only last week that Apple finally launched a bug bounty program, but it did not take long for exploit peddlers to outbid the tech giant.
Continue reading “Exploit broker steals Apple thunder, offers $500,000 for iOS zero days”
Intruders might have had a gateway to stealing your payment details.
Data thieves don’t always have to go straight to the source to swipe payment details… sometimes, they can take a roundabout route. Oracle has confirmed to security guru Brian Krebs that hackers breached a support portal for Micros, the point-of-sale credit card payment system it acquired in 2014. It’s not certain just how many systems were breached (Krebs’ sources say over 700), but the intruders had slipped malware on to the portal that would let them grab logins for the companies using Micros. They wouldn’t have had direct access to payment data, but there’s a chance those account details could be used to slip malware into the credit card systems and then grab sensitive info.
Continue reading “Oracle data breach opened credit card payment systems to attack”
(CNN)The CEO of the Democratic National Committee and two other high-level staffers left the organization on Tuesday in the wake of the committee’s hacked email controversy.
Amy Dacey is the highest-ranking official at the DNC to step aside due to the matter, a senior Democratic official said. The DNC also announced the departure of CFO Brad Marshall and and Communications Director Luis Miranda in a press release Tuesday afternoon.
Continue reading “DNC CEO resigns in wake of email controversy”
The flaw, which allows a malicious website to extract user passwords, is made worse if a user is logged in with a Microsoft account.
Continue reading “Microsoft won’t fix Windows flaw that lets hackers steal your username and password”
Another week gone by, and the place is in cybersecurity shambles again. A years’ old hacking issue, unencrypted wireless keyboards, being featured in an upcoming Defcon talk mystifyingly became a hot new Internet of Things threat. Obama gave us a colorful “threat level” cyber-thermometer that no one’s really sure what to do with. Ransomware is hitting hospitals like there’s a fire sale on money. And the DNC-Wikileaks email debacle exploded, splattering blame all over Russia.
Just when I thought I’d picked the wrong week to stop sniffing glue, a U.S. National Institute for Standards and Technology (NIST) report came out that included recommendations about the inherent risks in two-factor authentication, upon which the tech press basically lost their minds and told everyone to assume crash positions because the password sky was falling. Again.
Continue reading “SMS two-factor authentication isn’t being banned”
Hillary Clinton’s campaign network was breached by hackers targeting several large Democratic organizations, Reuters reports.
Continue reading “Clinton campaign breached by hackers”
A dangerous, previously unknown security vulnerability has been discovered in LastPass which permits attackers to remotely compromise user accounts.
Continue reading “LastPass unpatched zero-day vulnerability gives hackers access to your account”