In response to more activists using Apple Mac computers instead of Windows PCs, suspected Iranian government hackers have apparently developed their own Mac-based malware, according to a new report from security researchers.
The finding highlights the constant ebb-and-flow of governments disrupting and tracking activist movements. As one group adopts a new tool or technique, state-sponsored hackers may need to adapt to get the information they're after. "This demonstrates that Iranian actors are responsive to their environment," Collin Anderson, one of the security researchers behind the report, told in an email.Read more
Supercell, the developers of mobile game Clash of Clans, has confirmed the details of users on its official community forum that have been stolen by hackers. A breach notification website, LeakBase, claims that the leak involves roughly 1.1 million accounts.
The hacked information reportedly includes usernames, email addresses, hashed passwords and IP addresses, according to experts who obtained and verified a small number of the forum's total accounts. Like many hacks before it, the incident has been blamed on forum-making software vBulletin. The Helsinki-based firm released a statement about the incident.Read more
If you’re paranoid, and you know what hackers can do when they can get their hands on your computer even for just a few moments, you probably already know that you shouldn’t leave your laptop unattended.
Now, if you’re an Apple user, you have another great reason not to do that. Using a contraption that costs around $300 and some open source software, a hacker could steal your MacBook password from your own laptop while it’s sleeping or locked in just 30 seconds. This would allow them to unlock the computer and even decrypt the files on your hard drive. In other words, game over. As it turns out, Mac stores the password in memory in cleartext.Read more
You probably know a trick or two to help strengthen your passwords by now. You might work in a number or two, or maybe even toss in a little punctuation to make it harder for the bad guys to figure out.
Perhaps you sneak in the name of a site or the first letter of its name to change things up. Whatever you’re doing, it’s probably not enough. Experts describe how they were able to successfully crack some passwords in fewer than 100 guesses. Even if someone was typing those guesses in manually, that’s a ridiculously small amount of effort. Their algorithm, called TarGuess, achieved success rates of up to 73% in some test scenarios.Read more
Sending data over wireless formats like Wi-Fi and Bluetooth is very convenient, but not necessarily secure. A Princeton report revealed that some smart home devices unwittingly broadcast location information while others didn't encrypt their data streams at all.
To get around the uncertainty of pushing information over the air, some scientists have posited using the body as a conduit. Instead of using its magnetic field, as previous researchers have, engineers from the University of Washington have pioneered a way to send wireless signals from a touchpad or screen held in one hand to a smart device in physical contact with the other.Read more
Crikey: 43,570,999 user accounts were breached in a hack of Last.fm that occurred in March of 2012, according to a report from LeakedSource. The number of passwords and the severity of the hack were not uncovered until today.
Three months after the breach, in June of 2012, Last.fm issued the following statement: “We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.” The passwords were stored using unsalted MD5 hashing.Read more
Popular music streaming service Spotify is actively resetting a number of users' passwords. The company claims this is in response to data breaches of other websites, implying that the problem may be customers reusing passwords.
“To protect your Spotify account, we've reset your password. This is because we believe it may have been compromised during a leak on another service with which you use the same password,” an email sent to a user on Wednesday reads. “Don't worry! This is purely a preventative security measure. Nobody has accessed your Spotify account, and your data is secure,” it continues.Read more
Hackers have stolen over 60 million account details for online cloud storage platform Dropbox. Although the accounts were stolen during a previously disclosed breach, and Dropbox says it has already forced password resets, it was not known how many users had been affected, and only now is the true extent of the hack coming to light.
Experts obtained a selection of files containing email addresses and hashed passwords for the Dropbox users through sources in the database trading community. In all, the four files total in at around 5GB, and contain details on 68,680,741 accounts. The data is legitimate, according to a senior Dropbox employee.Read more
Turns out even LastPass, a service promoted as a password "vault," might be putting its users at risk of being hacked. A security researcher with an established record of tracking down security flaws has found a so-called zero-day hole that could let hackers remotely break into LastPass' millions of accounts.
It takes only a visit to a malicious website to become a victim. White hat researcher Tavis Ormandy was first to identify the problem, publishing a tweet. Ormandy followed up with a tweet saying that he sent a full report to LastPass and next up will look at a rival password manger, 1Password.Read more
Several TeamViewer users have reported unauthorized access over the last few days, leading some to suspect that the remote connection company has been hacked. The unauthorized access reports started showing up on Reddit around the same time that the company suffered possible DNS issues that triggered an outage lasting for several hours.
In some cases, those users reporting the incidents on Reddit say their PayPal accounts, as well as Amazon accounts were raided – after the unauthorized user took advantage of stored credentials in the browser to conduct transactions.Read more