In new research they plan to present at the USENIX Security conference on Thursday, a group of researchers from the University of Washington has shown for the first time that it’s possible to encode malicious software into physical strands of DNA, so that when a gene sequencer analyzes it the resulting data becomes a program Read more about Biohackers Encoded Malware in a Strand of DNA[…]

Last August, Zac Plansky woke to find that the rifle scopes he was selling on Amazon had received 16 five-star reviews overnight. Usually, that would be a good thing, but the reviews were strange. The scope would normally get a single review a day, and many of these referred to a different scope, as if Read more about Dirty dealing in the $175 billion Amazon Marketplace[…]

Earlier this month, security researcher Troy Hunt identified the first tranche of that mega-dump, named Collection #1 by its anonymous creator, a set of cobbled-together breached databases Hunt said represented 773 million unique usernames and passwords. Now other researchers have obtained and analyzed an additional vast database called Collections #2–5, which amounts to 845 gigabytes Read more about Hackers Are Passing Around a Megaleak of 2.2 Billion Records[…]

Airbus has admitted that a “cyber incident” resulted in unidentified people getting their hands on “professional contact and IT identification details” of some Europe-based employees. The company said in a brief statement published late last night that the breach is “being thoroughly investigated by Airbus’ experts”. The company has its own infosec business unit, Stormguard. Read more about Personal data slurped in Airbus hack – but firm’s industrial smarts could be what crooks are after[…]

Sonoff B1, lights and shades 12 Replies Six months ago I was reviewing the AiThinker AiLight, a great looking light bulb with an embedded ESP8266EX microcontroller, driven by a MY9291 LED driver. Just before summer IteadStudio released it’s Sonoff B1 [Itead.cc] light bulb, heavily inspired (probably same manufacturer) by the AiLight, at least on the Read more about Custom firmware for lights allows you to control them with Homeassistant and more controllers[…]

WPML (or WP MultiLingual), the most popular WordPress plugin for translating and serving WordPress sites in multiple languages. According to its website, WPML has over 600,000 paying customers and is one of the very few WordPress plugins that is so reputable that it doesn’t need to advertise itself with a free version on the official Read more about WPML WordPress plugin hacked, possibly by angry former employee[…]

Federal prosecutors unveiled charges in an international stock-trading scheme that involved hacking into the Securities and Exchange Commission’s EDGAR corporate filing system. The scheme allegedly netted $4.1 million for fraudsters from the U.S., Russia and Ukraine. Using 157 corporate earnings announcements, the group was able to execute trades on material nonpublic information. Most of those Read more about International stock trading scheme hacked into SEC database EDGAR – again[…]

The one thing no one expects on a job interview is North Korean hackers picking up on the other line. But that’s apparently exactly what happened to a hapless employee at Redbanc, the company that handles Chile’s ATM network. The bizarre story was reported in trendTIC, a Chilean tech site. A Redbanc employee found a Read more about North Korean Hackers Gain Access to Chilean ATMs Through Skype[…]

The South Korea Ministry of National Defense says 10 of its internal PCs have been compromised by North Korea unknown hackers . Korea’s Dong-A Ilbo reports that the targeted machines belonged to the ministry’s Defense Acquisition Program Administration, the office in charge of military procurement. The report notes that the breached machines would have held Read more about South Korea says mystery hackers cracked advanced weapons servers[…]

On December 28th, Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof, analyzed the data stream of BinaryEdge search engine and identified an open and unprotected MongoDB instance: The same IP also appeared in Shodan search results: Upon closer inspection, an 854 GB sized MongoDB database was left unattended, with Read more about 202 Million private Chinese resumes exposed[…]

A newly disclosed vulnerability in Skype for Android could be exploited by miscreants to bypass an Android phone’s passcode screen to view photos, contacts, and even launch browser windows. Bug-hunter Florian Kunushevci today told The Register the security flaw, which has been reported to Microsoft, allows the person in possession of someone’s phone to receive Read more about Can’t unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass[…]

Uploaded to Github on Thursday, a tool called Crashcast enables the almost instantaneous takeover all of Chromecast streaming devices left accessible online by mistake. This same misconfiguration issue was taken advantage of by the hacker duo Hacker Giraffe and j3ws3r earlier this week to broadcast a message in support of the YouTube star Felix Kjellberg, Read more about Researcher Distributes Tool That Enables Mass-Hijacking of Google Chromecast Devices[…]

A US Congressional report outlining the breakdowns that led to the 2017 theft of 148 million personal records from Equifax has revealed a stunning catalog of failure. The 96-page report (PDF) from the Committee of Oversight and Government Reform found that the 2017 network breach could have easily been prevented had the company taken basic Read more about Equifax how-it-was-mega-hacked damning dossier lands, in all of its infuriating glory[…]

On Monday, the question and answer site Quora announced that a third-party was able to gain access to virtually every data point the company keeps on 100 million users. Even if you don’t recall having a Quora account, you might want to make sure. In a blog post, Quora CEO Adam D’Angelo explained that the Read more about Hack of 100 Million Quora Users Could Be Worse Than it Sounds[…]

A Twitter user using the pseudonym of @TheHackerGiraffe has hacked over 50,000 printers to print out flyers telling people to subscribe to PewDiePie’s YouTube channel. The messages have been sent out yesterday, November 29, and have caused quite the stirr among the users who received them, as they ended up on a bunch of places, Read more about Twitter user hacks 50,000 printers to tell people to subscribe to PewDiePie[…]

More than 45,000 Internet routers have been compromised by a newly discovered campaign that’s designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday. The new attack exploits routers with vulnerable implementations Read more about Mass router hack exposes millions of devices to potent NSA exploit through UPNP[…]

US hotel chain Marriott has admitted that a breach of its Starwood subsidiary’s guest reservation network has exposed the entire database – all 500 million guest bookings over four years, making this one of the biggest hacks of an individual org ever. “On September 8, 2018, Marriott received an alert from an internal security tool Read more about Marriott’s Starwood hotels mega-hack: Half a BILLION guests’ deets exposed over 4 years[…]

Computer science boffins have demonstrated a side-channel attack technique that bypasses recently-introduced privacy defenses, and makes even the Tor browser subject to tracking. The result: it is possible for malicious JavaScript in one web browser tab to spy on other open tabs, and work out which websites you’re visiting. This information can be used to Read more about Talk about a cache flow problem: This JavaScript can snoop on other browser tabs to work out what you’re visiting[…]

People’s connections in the US to Google – including its cloud, YouTube, and other websites – were suddenly rerouted through Russia and into China in a textbook Border Gateway Protocol (BGP) hijacking attack. That means folks in Texas, California, Ohio, and so on, firing up their browsers and software and connecting to Google and its Read more about Google traffic routed to Russian and Chinese servers in BGP attack[…]

This week, US Cyber Command (CYBERCOM), a part of the military tasked with hacking and cybersecurity focused missions, started publicly releasing unclassified samples of adversaries’ malware it has discovered. CYBERCOM says the move is to improve information sharing among the cybersecurity community, but in some ways it could be seen as a signal to those Read more about The US Military Just Publicly Dumped Russian Government Malware Online[…]

A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment. […] Three hours after the public announcement of the security gap, Daemon Security CEO Michael Shirk replied with one line Read more about Trivial Bug in X.Org Gives Root Permission on Linux and BSD Systems[…]

Last April, Steven Schoen received an email from someone named Natalie Andrea who said she worked for a company called We Purchase Apps. She wanted to buy his Android app, Emoji Switcher. But right away, something seemed off. “I did a little bit of digging because I was a little sketched out because I couldn’t Read more about How A Massive Ad Fraud Scheme Exploited Android Phones To Steal Millions Of Dollars[…]

A wave of reports about hijacked WhatsApp accounts in Israel has forced the government’s cyber-security agency to send out a nation-wide security alert on Tuesday, ZDNet has learned. The alert, authored by the Israel National Cyber Security Authority, warns about a relatively new method of hijacking WhatsApp accounts using mobile providers’ voicemail systems. This new Read more about Recent wave of hijacked WhatsApp accounts traced back to voicemail hacking[…]