Money may not grow on trees, but apparently, it can grow in Amazon Web Services (AWS).
A report from the security intelligence group RedLock found at least two companies which had their AWS cloud services compromised by hackers who wanted nothing more than to use the computer power to mine the cryptocurrency bitcoin. The hackers ultimately got access to Amazon's cloud servers after discovering that their administration consoles weren't password protected. "Upon deeper analysis, the team discovered that hackers were executing a bitcoin mining command from one of the Kubernetes containers," reads the RedLock report.Read more
Disqus has confirmed its web commenting system was hacked. The company, which builds and provides a web-based comment plugin for news websites, said that hackers stole more than 17.5 million email addresses in a data breach in July 2012.
About a third of those accounts contained passwords which has largely been deprecated in recent years in favor of stronger password scramblers. The data also contained sign-up dates and the date of the last login. Some of the exposed user information dates back to 2007. Many of the accounts don't have passwords because they signed up to the commenting tool using a third-party service.Read more
Last week, the credit reporting agency Equifax announced that malicious hackers had leaked the personal information of 143 million people in their system. That’s reason for concern, of course, but if a hacker wants to access your online data by simply guessing your password, you’re probably toast in less than an hour.
Now, there’s more bad news: Scientists have harnessed the power of artificial intelligence to create a program that, combined with existing tools, figured more than a quarter of the passwords from a set of more than 43 million LinkedIn profiles. Yet the researchers say the technology may also be used to beat baddies at their own game.Read more
Security researchers have unearthed a sprawling list of login credentials that allows anyone on the Internet to take over home routers and more than 1,700 "Internet of things" devices and make them part of a destructive botnet.
The list of telnet-accessible devices, currently posted at this Pastebin address, was first posted in June, but it has been updated several times since then. It contains user names and passwords for 8,233 unique IP addresses, 2,174 of which were still running open telnet servers as of Friday morning, said Victor Gevers, chairman of the GDI Foundation, a Netherlands-based nonprofit that works to improve Internet security.Read more
Parliament has been hit by a cyber attack, officials at Westminster say. The "sustained" hack began on Friday night, prompting officials to disable remote access to the emails of MPs, peers and their staff as a safeguard.
The parliamentary authorities said hackers had mounted a "determined attack" on all user accounts "in an attempt to identify weak passwords". Government sources say it appeared the attack has been contained but it will "remain vigilant". A parliamentary spokeswoman said they were investigating the attack and liaising with the National Cyber Security Centre.Read more
Passwords belonging to British politicians, diplomats and senior police officers have been traded by Russian hackers, it has been reported.
Security credentials said to have belonged to tens of thousands of government officials, including 1,000 British MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office staff were in the troves sold or swapped on Russian-speaking hacking sites. The majority of the passwords are said to have been compromised in a 2012 hacking raid on the business social network LinkedIn, in which millions of users' details were stolen.Read more
Encrypted information has been accessed during a data breach at password management service OneLogin. It affects "all customers served by our US data centre" and perpetrators had "the ability to decrypt encrypted data".
Those affected have been advised to visit a registration-only support page, outlining the steps they need to take. Security experts said the breach was "embarrassing" and showed every company was open to attack. OneLogin is a single sign-on service, allowing users to access multiple apps and sites with just one password. In 2013, the company had 700 business customers and passed 12 million licensed users.Read more
Hackers have zeroed in on the growing number of third-party sellers on Amazon Marketplace, reportedly using stolen logins to swipe thousands of dollars from some merchants.
In recent weeks, hackers have ramped up their attacks by taking over dormant accounts and changing the bank account information. They'll then post nonexistent merchandise at bargain prices, make the sell and collect the cash. Buyers can get a refund, but the scam hits sellers hard, since they're on the hook for reimbursing customers who never received their merchandise. Hackers then likely used a method called "credential stuffing."Read more
Do you know how many kinds of sensors your smartphone has inbuilt? And what data they gather about your physical and digital activities? An average smartphone these days is packed with a wide array of sensors such as GPS, Camera, microphone, accelerometer, magnetometer, proximity, gyroscope, pedometer, and NFC, to name a few.
Now hackers can potentially guess PINs and passwords – that you enter either on a bank website, app, your lock screen – to a surprising degree of accuracy by monitoring your phone's sensors, like the angle and motion of your phone while you are typing.Read more
British travellers to the US face the uncomfortable choice of handing over personal information or running the risk of being denied entry to the country, under a new “extreme vetting” policy being considered by the Trump administration.
Tourists from the UK and other US allies including Germany and France, could be forced to reveal personal data, as well as disclose financial information and face detailed ideological questioning. While US citizens have established rights against unlawful searches at the border, the extent to which foreign travellers can resist requests to hand over personal information is unclear.Read more