Vevo has joined the growing list of media entities to fall victim to a security breach and release of internal documents.
The online music video service, a joint venture between music giants Universal Music Group, Sony Music Entertainment and Warner Music Group, was recently targeted by hackers who posted more than 3 terabytes of internal files online, experts reported late Thursday. The leaked files are mostly benign, experts reported, containing mainly office documents, videos and promotional materials. Vevo confirmed the breach, calling it the result of a phishing scam via LinkedIn.
Read moreInternet-of-things are turning every industry into the computer industry, making customers think that their lives would be much easier with smart devices. However, such devices could potentially be compromised by hackers. There are, of course, some really good reasons to connect certain devices to the Internet.
But does everything need to be connected? Of course, not — especially when it comes to medical devices. Medical devices are increasingly found vulnerable to hacking. Earlier this month, the US Food and Drug Administration recalled 465,000 pacemakers after they were found vulnerable to hackers.
Read moreA missile control system developed by US defense contractor Raytheon is detailed in the CIA’s project ‘Protego,’ shared by WikiLeaks as part of the ‘Vault7’ series. WikiLeaks said the project differed to the “usual” malware development project from the CIA, with no indication as to why it’s contained within a repository of hacking techniques.
The release details micro-controller units which exchange data and signals over encrypted and authenticated channels, used on-board Pratt & Whitney aircraft equipped with missile launch systems. ‘Master Processor’ and ‘Deployment Box’ systems are on board the flight, with micro-controllers for the missile.
Read moreModern smartphones take pains to “sandbox” apps, keeping them carefully segregated so that no mischievous program can meddle in another app’s sensitive business.
But security researchers have found an unexpected feature of Android that can surreptitiously grant an app the permission to not merely reach outside its sandbox but fully redraw the phone’s screen while another part of the operating system is running, tricking users into tapping on fake buttons that can have unexpected consequences. And while that hijacking of your finger inputs isn’t a new feat for Android hackers, a fresh tweak on the attack makes it easier than ever to pull off.
Read moreThe ShadowBrokers have promised the release of NSA exploit UNITEDRAKE which remotely targets Windows machines to subscribers. This week, the threat group posted an update to the Monthly Dump service, which will now include two cache dumps every four weeks for subscribers.
The changes have been made potentially as a means to drum up extra interest for cyberattackers, government groups, or vendors which have chosen to subscribe to the service to gain access to the stolen exploits and malware samples. The September dump includes a manual for UNITEDRAKE, modular malware which remotely targets Microsoft Windows machines.
Read moreVendors relying on Mastercard’s Internet Gateway Service for processing online payments ought to double-check every transaction before they send out items to customers.
There is a critical flaw in the system’s validation protocol and it appears the company is completely ignoring it. Independent security researcher has stumbled upon a glaring flaw in the MIGS protocol that allows hackers to spoof the payment system and trick merchants into accepting invalid transactions as successful. “It can be said that this is a MIGS client bug, but the hashing method chosen by Mastercard allows this to happen,” the researcher explains.
Read moreWikiLeaks’ website appears to have been hacked by a group called OurMine, whose previous hacks have targeted tech CEOs, companies, and news sites.
As of early Thursday morning, the WikiLeaks.org homepage displayed a message that read: “Hi, it’s OurMine (Security Group), don’t worry we are just testing your…. blablablab, oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?” “Anonymous, remember when you tried to dox us with fake information for attacking wikileaks [sic]?” the message continues. “There we go! One group beat you all! #WikileaksHack lets get it trending on twitter [sic]!”
Read moreAn Instagram bug allowed hackers to access contact phone numbers and email addresses for high-profile users, the company said today. The bug was discovered recently in Instagram’s application programming interface, or API, which the service uses to communicate with other apps.
Instagram declined to specify which users had been targeted, but the news comes two days after hackers accessed the account of its most-followed user, Selena Gomez, and posted nude pictures of her ex-boyfriend Justin Bieber. The company has notified all of its verified account holders of the possible leak of their contact information.
Read moreNearly half a million pacemakers are being recalled by the US Food and Drug Administration after the agency found that the devices could be hacked to control pacing or deplete batteries. Rather than having patients remove or replace the device, however, the manufacturer is releasing a firmware update designed to address the vulnerabilities.
Yes, that’s right — grandpa, grandma, your baby, or anyone with arrhythmia and has a pacemaker implanted might need to get a firmware update. The affected pacemakers are made by St. Jude Medical, which was acquired by Abbott in January.
Read moreSecurity researchers have discovered a new targeted email campaign that uses fake Game of Thrones Season 7 spoilers and video clips to lure curious fans and spread malicious malware. Security firm Proofpoint first came across an email on 10 August with a subject line that reads: "Wanna see the Game of Thrones in advance?"
The email features some details of upcoming episodes along with a malware-laced Microsoft Word attachment titled "game of thrones preview.docx" that purportedly lists potential GoT spoilers. Once downloaded and run, the "preview" executes a malicious PowerShell script that installs a diskless "9002" remote access Trojan that has previously been used by Deputy Dog.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland