Tens of Vulnerabilities Found in Pentagon Travel Management System
HackerOne announced on Wednesday the results of “Hack the DTS,” the fifth bug bounty program run by the U.S. Department of Defense (DOD). The DTS (Defense Travel System) is a fully integrated and automated travel management system created specially for the DOD. The platform is said to be accessed by roughly 100,000 unique users every…
Alexa, stop eavesdropping and sending recorded conversations to other people!
Amazon confirmed that a couple’s Echo recorded their private conversation and sent it to another person – all without their knowledge or verbal consent. In this case, Alexa’s eavesdropping was not a hack pulled off security researchers; it was an “unlikely” chain of events which ended up as a privacy fiasco for a Portland couple. The couple…
Over a Million Dasan Routers Vulnerable to Remote Hacking
Researchers have disclosed the details of two unpatched vulnerabilities that expose more than one million home routers made by South Korea-based Dasan Networks to remote hacker attacks. In a blog post published on Monday, vpnMentor revealed that many Gigabit-capable Passive Optical Network (GPON) routers, which are used to provide fiber-optic Internet, are affected by critical…
Graffiti in the digital world: How hacktivists use defacement
Activists have been featured more frequently in the news lately, with marches shining the spotlight on women’s rights and bringing about an end to gun violence, to name a few. However, the real world isn’t the only place where activism happens. The digital realm has become a critical space for individuals to express their opinions and…
iPhones, iPads Can Be Hacked via ‘Trustjacking’ Attack
A feature that allows users to wirelessly sync their iPhones and iPads with iTunes can be abused by hackers to take control of iOS devices in what researchers call a “Trustjacking” attack. This feature can be enabled by physically connecting an iOS device to a computer with iTunes and enabling the option to sync over…
Small hacks: Free coffee, spying taxis, and a vulnerable airport
News websites often feature stories about computer errors and vulnerabilities used to perpetrate sophisticated large-scale incidents like last year’s WannaCry and NotPetya attacks. But experts know that most successful hacks and cracks are the result of very basic blunders by system developers or installers. Incorrectly configured systems are everywhere, and only a few hours separate the moment when a…
Hackers Can Abuse Text Editors for Privilege Escalation
Several popular text editors can be leveraged for privilege escalation and their developers do not plan on taking any action to prevent abuse, according to SafeBreach, a company that specializes in simulating attacks and breaches. Some text editors allow users to run third-party code and extend the application’s functionality through extensions. While this provides some…
Cryptomining: the new lottery for cybercriminals
Cryptomining has surpassed even ransomware as the revenue generator of choice according to a Cisco Talos report, which claims crypto-mining botnets can earn hackers up to $500 dollars a day and a dedicated effort could equate to more than $100,000 dollars a year. Representing the perfect balance of stealth and wealth for cybercriminals and some unscrupulous,…
Olympic Destroyer: who hacked the Olympics?
Long ago, during the Olympic Games, the participating countries halted their wars and put aside their political disputes. Today, the opposite is increasingly likely. The PyeongChang Winter Olympic Games started with a scandal: unknown hackers attacked the servers just before the opening ceremonies and many spectators were unable to attend the ceremonies as they were unable…
Hackers breached German government’s secure computer networks
The Russia-linked Sofacy hacking group has breached the secure computer networks of a number of German federal agencies. The group – also known as APT28, Fancy Bear, and Pawn Storm – has been targeting government institutions, political organizations and military/defense companies around the world for over a decade. Confirmation of the breach The confirmation of…