Parliament has been hit by a cyber attack, officials at Westminster say. The "sustained" hack began on Friday night, prompting officials to disable remote access to the emails of MPs, peers and their staff as a safeguard.
The parliamentary authorities said hackers had mounted a "determined attack" on all user accounts "in an attempt to identify weak passwords". Government sources say it appeared the attack has been contained but it will "remain vigilant". A parliamentary spokeswoman said they were investigating the attack and liaising with the National Cyber Security Centre.Read more
Passwords belonging to British politicians, diplomats and senior police officers have been traded by Russian hackers, it has been reported.
Security credentials said to have belonged to tens of thousands of government officials, including 1,000 British MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office staff were in the troves sold or swapped on Russian-speaking hacking sites. The majority of the passwords are said to have been compromised in a 2012 hacking raid on the business social network LinkedIn, in which millions of users' details were stolen.Read more
Encrypted information has been accessed during a data breach at password management service OneLogin. It affects "all customers served by our US data centre" and perpetrators had "the ability to decrypt encrypted data".
Those affected have been advised to visit a registration-only support page, outlining the steps they need to take. Security experts said the breach was "embarrassing" and showed every company was open to attack. OneLogin is a single sign-on service, allowing users to access multiple apps and sites with just one password. In 2013, the company had 700 business customers and passed 12 million licensed users.Read more
Hackers have zeroed in on the growing number of third-party sellers on Amazon Marketplace, reportedly using stolen logins to swipe thousands of dollars from some merchants.
In recent weeks, hackers have ramped up their attacks by taking over dormant accounts and changing the bank account information. They'll then post nonexistent merchandise at bargain prices, make the sell and collect the cash. Buyers can get a refund, but the scam hits sellers hard, since they're on the hook for reimbursing customers who never received their merchandise. Hackers then likely used a method called "credential stuffing."Read more
Do you know how many kinds of sensors your smartphone has inbuilt? And what data they gather about your physical and digital activities? An average smartphone these days is packed with a wide array of sensors such as GPS, Camera, microphone, accelerometer, magnetometer, proximity, gyroscope, pedometer, and NFC, to name a few.
Now hackers can potentially guess PINs and passwords – that you enter either on a bank website, app, your lock screen – to a surprising degree of accuracy by monitoring your phone's sensors, like the angle and motion of your phone while you are typing.Read more
British travellers to the US face the uncomfortable choice of handing over personal information or running the risk of being denied entry to the country, under a new “extreme vetting” policy being considered by the Trump administration.
Tourists from the UK and other US allies including Germany and France, could be forced to reveal personal data, as well as disclose financial information and face detailed ideological questioning. While US citizens have established rights against unlawful searches at the border, the extent to which foreign travellers can resist requests to hand over personal information is unclear.Read more
If you were protecting your smartphone passcode from someone lurking over your shoulder, or from unseen security cameras, you might cover the screen as you tap in the PIN’s four or six digits.
But once you’ve unlocked the phone, perhaps you’d let down your guard, and leave the screen in full view — especially if it’s off. That would be unwise, according to researchers at two German universities. At an upcoming conference, they will present a new study that explains how someone armed with a thermal-imaging camera would have little trouble extracting your passcode from the heat signature left on your smartphone’s screen.Read more
In response to more activists using Apple Mac computers instead of Windows PCs, suspected Iranian government hackers have apparently developed their own Mac-based malware, according to a new report from security researchers.
The finding highlights the constant ebb-and-flow of governments disrupting and tracking activist movements. As one group adopts a new tool or technique, state-sponsored hackers may need to adapt to get the information they're after. "This demonstrates that Iranian actors are responsive to their environment," Collin Anderson, one of the security researchers behind the report, told in an email.Read more
A series of remotely exploitable vulnerabilities exist in a popular web-based SCADA system made by Honeywell that make it easy to expose passwords and in turn, give attackers a foothold into the vulnerable network.
The flaws exist in some versions of Honeywell’s XL Web II controllers, systems deployed across the critical infrastructure sector, including wastewater, energy, and manufacturing companies. An advisory from the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team warned about the vulnerabilities. It’s unclear how widespread the usage of Honeywell’s XL Web II controllers is.Read more
Supercell, the developers of mobile game Clash of Clans, has confirmed the details of users on its official community forum that have been stolen by hackers. A breach notification website, LeakBase, claims that the leak involves roughly 1.1 million accounts.
The hacked information reportedly includes usernames, email addresses, hashed passwords and IP addresses, according to experts who obtained and verified a small number of the forum's total accounts. Like many hacks before it, the incident has been blamed on forum-making software vBulletin. The Helsinki-based firm released a statement about the incident.Read more