A leading US supplier of voting machines confirmed on Thursday that it exposed the personal information of more than 1.8 million Illinois residents.
State authorities and the Federal Bureau of Investigation were alerted this week to a major data leak exposing the names, addresses, dates of birth, partial Social Security numbers, and party affiliations of over a million Chicago residents. Some driver’s license and state ID numbers were also exposed. Jon Hendren, who works for the cyber resilience firm UpGuard, discovered the breach on an Amazon Web Services (AWS) device that was not secured by a password.Read more
A hacker Thursday afternoon published what he says is the decryption key for Apple iOS’ Secure Enclave Processor (SEP) firmware. The hacker, identified only as xerub, told that the key unlocks only the SEP firmware, and that this would not impact user data.
“Everybody can look and poke at SEP now,” xerub said. Apple did confirm that if the key was legitimate, that user data would not be at risk from this leak. Apple has reportedly yet to confirm the validity of the key. The Secure Enclave, as explained in the iOS Security Guide, is a coprocessor onto itself inside the mobile operating system.Read more
Several HBO Twitter accounts were hacked and taken over by the notorious OurMine hacking group, posting #HBOHacked messages and warnings about security.
OurMine took control of the main HBO Twitter account on Wednesday, as well as those for TV shows including Game of Thrones and Girls, posting its usual statement: “Hi, OurMine are here, we are just testing your security, HBO team please contact us to upgrade the security.” The messages from OurMine were removed within an hour of their appearance, with HBO seemingly taking back control of its accounts. An HBO spokesperson said the TV network was “investigating” the hack.Read more
A friendly neighbourhood hacker has helped a family reunite with their beloved car which they had to abandon for months after they lost a one-of-a-kind key.
The Higgins family from Surrey in Canada have spent the last two months desperately trying to find a solution to getting back into their Toyota Estima family wagon after dad, John, lost the key to the imported car when he bent down to tie his son's laces one day. The key features a unique security chip that turned out to impossible to replicate, meaning the imported Japanese vehicle could not start without it. Higgins originally posted his dilemma to Facebook in the hope someone might have seen his keys and it soon went viral.Read more
Russian-speaking cyberespionage group APT28, also known as Sofacy, is believed to be behind a series of attacks last month against travelers staying in hotels in Europe and the Middle East. APT28 notably used the NSA hacking tool EternalBlue as part of its scheme to steal credentials from business travelers, according to a report released Friday by security firm FireEye.
One of the goals of the attack is to trick guests to download a malicious document masquerading as a hotel reservation form that, if opened and macros are enabled, installs a dropper file that ultimately downloads malware called Gamefish.Read more
EirGrid, an electricity provider that manages power across Ireland and Northern Ireland, was allegedly compromised by 'state-sponsored' hackers in April 2017.
The culprits hacked the state-owned operator after infiltrating a Vodafone network used by the company. They installed malicious software to intercept all unencrypted communications flowing through its web routers in Wales and Northern Ireland. Last month, Vodafone uncovered the breach with the help of the National Cyber Security Centre, an arm of British intelligence, before telling the electricity provider. The security services have reportedly claimed the incident was a 'state-sponsored' attack.Read more
Android users need to be on the lookout yet again for a new type of malware targeting the mobile devices. The latest attack poses as an update to Flash and targets banking information and credit card details of its victims.
The attack, discovered by security researchers at SophosLabs, has been identified as Andr/Banker-GUA or Invisible Man —a variant of a well-known banking malware known as Svpeng that previously ran amok on Android devices. The modified version of the trojan originally developed by Russian hackers has an additional threat that was absent in the original: a keylogger that keeps track of everything a victim types on their infected devices.Read more
More than £108,000 in bitcoin paid by victims of the WannaCry ransomware attack, which crippled parts of the NHS as well as businesses in 150 countries worldwide, has been withdrawn from the digital wallets the funds were being held in.
Nearly three months after the ransomware struck computers, locking up data, demanding ransoms and causing chaos in hospitals and firms including Spain’s Telefonica and FedEx, a total of £108,953 worth of bitcoin was withdrawn. The money, presumably moved by the hackers, was taken from three bitcoin wallets associated with WannaCry, according to tracking firm Elliptic.Read more
A threat analyst at the cybersecurity firm Mandiant has been hacked and the attackers are claiming to have lurked on his computer for a year, collecting his login credentials for various sites and tracking his location.
The hackers got their hands on some internal data about the clients Mandiant and its parent company FireEye protect, including the Israeli Defense Forces. Mandiant confirmed the data breach. “We are aware of reports that a Mandiant employee’s social media accounts and personal laptop have been compromised. We are investigating this situation, and have taken steps to limit further exposure,” a FireEye spokesperson told.Read more
In September 2016, researchers from Chinese firm Tencent Keen Security Lab managed to hack into a Tesla Model S and take control of various systems. Now, that group has done the same thing with a Tesla Model X.
Keen Lab's researchers found several zero-day exploits hidden within multiple Tesla in-car modules, which allowed them to access the car's CAN BUS system, which is responsible for making sure every system plays nice with one another. After bypassing Tesla's firmware signing system, researchers installed new firmware that could execute custom commands. Keen Lab took control of the car's lights, displays and doors, the latter of which could be opened at random intervals.Read more