Tagged: hacked Toggle Comment Threads | Keyboard Shortcuts

  • jkabtech 12:53 pm on October 21, 2019 Permalink |
    Tags: Asian, , hacked, , telcos, travellers, Uighur   

    China hacked Asian telcos to spy on Uighur travellers – sources 

    Cyber-espionage campaign targets “high-value individuals”, diplomats, military personnel. Hackers working for the Chinese government have broken into telecoms networks to track Uighur travellers in Central and Southeast Asia, two intelligence officials and two security consultants who investigated the attacks told Reuters.The hacks are part of a wider cyber-espionage campaign …

    Hi! You’ve reached one of our premium articles. This is available exclusively to subscribers.

    It’s free to register, and only takes a few minutes.

    Once you sign up you’ll have unlimited access to the full catalogue of Australia’s best business IT content, as well as a daily news bulletin delivered straight to your inbox.

    Register now Already have an account? Log in to read this article.

    Got a news tip for our journalists? Share it with us anonymously here.

    View the Original article

     
  • jkabtech 8:17 pm on July 1, 2018 Permalink |
    Tags: , , , hacked, ,   

    How to Protect Your Smartphone’s Data, and Avoid Being Hacked 

    The government hack of an iPhone used by a San Bernardino killer serves as a reminder that phones and other electronic devices aren’t impenetrable vaults.

    While most people aren’t targets of the NSA, FBI or a foreign government, hackers are looking to steal the financial and personal information of ordinary people. Your phone stores more than just selfies. Your email account on the phone, for instance, is a gateway to resetting banking and other sensitive passwords.

    Like washing your hands and brushing your teeth, a little “cyber hygiene” can go a long way toward preventing disaster.

    Lock your phone with a passcode
    Failing to do so is like leaving your front door unlocked.

    A four-digit passcode – and an accompanying self-destruct feature that might wipe a phone’s data after too many wrong guesses – stumped the FBI for weeks and forced them to bring in outside help. Using six digits makes a passcode 100 times harder to guess. And if you want to make it even harder, you can add letters and other characters to further increase the number of possible combinations. These are options on both iPhones and Android.

    The iPhone’s self-destruct feature is something you must turn on in the settings, under Touch ID & Passcode. Do so, and the phone wipes itself clean after 10 failed attempts. But the 10 attempts apply to your guesses, too, if you forget your passcode, or if your kids start randomly punching in numbers. Android has a similar feature.

    Both systems will also introduce waiting periods after several wrong guesses to make it tough to try all combos.

    Biometrics, such as fingerprint scanners, can act as a shortcut and make complex passcodes less of a pain.

    Use encryption
    Much to the FBI’s displeasure, iPhones running at least iOS 8 offer full-disk encryption by default. That means that the information stored on the phone can’t be extracted – by authorities or by hackers – and read on another computer. If the phone isn’t unlocked first, any information obtained would be scrambled and unreadable.

    With Android, however, you typically have to turn that on in the settings. Google’s policy requires many phones with the latest version of Android, including its own Nexus phones, to offer encryption by default. But, according to Google, only 2.3 percent of active Android devices currently are running that version.

    Set up device finders
    Find My iPhone isn’t just for finding your phone in the couch cushions.

    If your device disappears, you can put it in Lost Mode. That locks your screen with a passcode, if it isn’t already, and lets you display a custom message with a phone number to help you get it back.

    The app comes with iPhones, but you need to set it up before you lose your phone. Look for the Find iPhone app in the Extras folder.

    Meanwhile, Activation Lock makes it harder for thieves to sell your device. The phone becomes unusable – it can’t be reactivated – without knowing its Apple ID. The feature kicks in automatically on phones running at least iOS 7.

    If all else fails, you can remotely wipe the phone’s data. While your information will be lost, at least it won’t end up in the hands of a nefarious person.

    There isn’t anything comparable built into Android phones, but Google’s Android Device Manager app, along with a handful of others made by third parties, can be downloaded for free from the Google Play app store.

    Back up your phone
    If you do have to remotely wipe the phone’s data, it’s comforting to know that you won’t lose all your photos and other important data. It’s helpful, too, if your toddler dunks your phone in a glass of water.

    As mentioned before, apps such as Find My iPhone and Android Device Manager will allow you to do this, provided you set them up ahead of time.

    Keep your software up to date
    Software updates often contain fixes to known flaws that might give hackers a way into your device.

    On iPhones, Apple prompts you to get the update.

    It’s more complicated with Android because updates need to go through various phone manufacturers and wireless carriers first. But do install updates when asked.

    For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

    Tags: Android, Apple, Encryption, Mobiles, Smartphones

    View the Original article

     
  • jkabtech 4:17 am on December 6, 2017 Permalink |
    Tags: 'very, , clients, Deloitte, hacked   

    Deloitte hacked, says ‘very few’ clients affected 

    Few details on the breach. Global accounting firm Deloitte has acknowledged it was the victim of a cyber attack last year that it said affected the data of a small number of clients.

    Deloitte said in a statement that attackers accessed data from the company’s email platform, confirming some details in a report by the Guardian.

    The attack appears to have targeted the firm’s United States operations.

    It was discovered in March this year and could have begun as early as October 2016, according to the Guardian. Deloitte’s statement did not confirm those details.

    The breach at Deloitte, which says its clients include 80 percent of Fortune 500 companies, is the latest in a series involving organisations that handle sensitive financial data, a trend that has rattled lawmakers, regulators and consumers.

    Earlier this month, the US Securities and Exchange Commission and credit monitoring bureau Equifax both reported that confidential filings and sensitive personal data were compromised by hackers.

    Deloitte said it contacted government authorities immediately after it became aware of the incident, and notified each of the “very few clients” that had been affected.

    The Guardian said Deloitte had contacted six clients. The company did not name the clients, confirm the number of clients it had contacted or say what type of data was stolen.

    “No disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers,” the statement said.

    Deloitte said it had implemented a “comprehensive security protocol,” after the incident was discovered, using internal and external experts to help respond.

    View the Original article

     
  • jkabtech 1:26 am on September 11, 2017 Permalink |
    Tags: , hacked, script, , Thrones'   

    HBO hacked, ‘Game of Thrones’ script stolen 

    Terabytes of programming copied.

    US cable channel HBO said hackers had stolen upcoming programming including unbroadcast episodes of popular series such as the global hit show “Game of Thrones”.

    While Time Warner-owned HBO declined to provide specifics of the programming taken, Entertainment Weekly reported that the theft included a script for an unaired episode of the hit fantasy show.

    “As most of you have probably heard by now, there has been a cyber incident directed at the company which has resulted in some stolen proprietary information, including some of our programming,” HBO chairman Richard Plepler wrote in a message to employees.

    Plepler called the hack “obviously disruptive, unsettling, and disturbing for all of us”.

    HBO’s technology team and outside experts are working on assessing the extent of the hack and securing systems.

    The company refused to comment on reports that unbroadcast episodes and scripts were among the data hacked, citing an “ongoing investigation” by unspecified law enforcement officials.

    Entertainment Weekly reported that hackers stole 1.5 terabytes of data and had already posted online unbroadcast episodes of “Ballers” and “Room 104,” along with “a script or treatment” for next week’s episode of “Game of Thrones.”

    Reuters and other American media received an email over the weekend from a person claiming to have stolen HBO data, including “Game of Thrones.” The show is now in its seventh season and due to wrap up next year.

    View the Original article

     
  • jkabtech 4:31 am on June 22, 2016 Permalink |
    Tags: , hacked, , ,   

    Your smartphone could be hacked without your knowledge 

    1:50 PM ETCNBC.comSHARES

    Hacking your smartphone

    The majority of smartphone users unknowingly give hackers access to their phones by doing this one thing. CNBC’s Andrea Day explains.

    Not only can your smartphone be hacked, it can be done very easily without your knowledge.

    “At the end of the day, everything is hackable. What I am surprised about is that people sometimes forget that it’s so easy to hack into these devices,” said Adi Sharabani, the co-founder of mobile security company Skycure, who used to work for Israeli Intelligence.

    Even if a malicious attacker cannot get into your phone, they can try to get the sensitive data stored inside, including contacts, places visited and e-mails.

    “It’s important to realize that the services your smartphone relies on are much more attractive target to attackers. So for example, the photo leak that happened from iCloud where a bunch of celebrities had their photos posted all over the Internet is the perfect example,” said Alex McGeorge, the head of threat intelligence at cybersecurity company Immunity, Inc.

    Often, the hack or data breach occurs without the consumer’s knowledge, according to Sharabani.

    And it’s not just consumers that criminals target. With the rise of smartphones and tablets in the workplace, hackers attempt to attack enterprises through vulnerabilities in mobile devices.

    Both Sharabani and McGeorge perform attack simulations for clients and find that these hacking demonstrations usually go undetected.

    “It’s usually very rare that a breach that originated through a mobile device or is just contained to a mobile device is likely to be detected by a corporation’s incident response team,” McGeorge said.

    And Sharibani agrees. He says he’s still waiting for someone to call him and say that their IT department identified the attack demonstration.

    “No one knows,” he said. “And the fact that organizations do not know how many of their mobile devices encountered an attack in the last month is a problem.”

    Read MoreCost of data breaches hits $4 million on average: IBM

    But there is a silver lining, according to the wireless industry.

    “The U.S. has one of the lowest malware infection rate in the world thanks to the entire wireless ecosystem working together and individually to vigilantly protect consumers,” said John Marinho, vice president of technology & cybersecurity at CTIA, the wireless association. CTIA is an industry group which represents both phone carriers and manufacturers.

    Here are the three ways a smartphone is most likely to be breached.

    View the Original article

     
  • jkabtech 4:16 am on June 22, 2016 Permalink |
    Tags: Costolo, , hacked,   

    Former Twitter CEO Dick Costolo was hacked 

    5:46 AM ETRecodeSHARES

    Even the former CEO of Twitter isn’t protected from the occasional security hack. Earlier this afternoon, three tweets were sent from Dick Costolo’s account claiming to be from a group called OurMine.

    The tweets have since been deleted and the Twitter account belonging to OurMine has been suspended.

    More from Recode:
    Why blockchains can be really bad. Or: How techno-futurists can ruin things.
    Capital Gains: Gargantuan late-stage funding rounds are the new black, I guess
    New York’s newest ride-hail app is feeding off of drivers’ desperation

    However, according to Costolo, it wasn’t his Twitter account that was hacked.

    Dick Costolo tweet

    View the Original article

     
  • jkabtech 1:16 am on June 12, 2016 Permalink |
    Tags: , hacked, Myspace, , ,   

    Time Inc. confirms reports that social networking site Myspace has been hacked 

    View the Original article

     
  • jkabtech 11:31 pm on June 11, 2016 Permalink |
    Tags: , hacked, , , ,   

    Mark Zuckerberg’s LinkedIn, Twitter, and Instagram accounts have been hacked 

    userAction: window.ua,’shareButtons’: shareButtons,containerID: ‘social-tools-panel’,showCounts : ‘none’,iconsOnly: ‘true’,deviceType: ‘auto’,onSendDone: CNBC_Gigya_Omniture.onSendDoneBottom // onSendDone method is called after Gigya finishes the publishing process.,onConnectionAdded: CNBC_Gigya_Omniture.onConnectionAdded // Fired whenever a user is connected to a provider,onConnectionRemoved: CNBC_Gigya_Omniture.onConnectionRemoved,onLogin: CNBC_Gigya_Omniture.trackLoginEvent // call trackLoginEvent when Social Login finishes successfully,onLogout: CNBC_Gigya_Omniture.onLogout,showEmailButton:false,moreEnabledProviders: moreEnabledProviders

    View the Original article

     
  • jkabtech 11:01 pm on June 11, 2016 Permalink |
    Tags: 'death', Goodell, hacked, ,   

    NFL Twitter hacked, shares Goodell ‘death’ hoax 

    View the Original article

     
  • jkabtech 6:51 am on April 29, 2016 Permalink |
    Tags: , hacked, , ,   

    Report: 1.5 million Verizon customers hacked 

    itemsPerPage:1 ,itemsPerTransition:1 ,speed:500 ,swipable:true ,nextPrevLinks:true ,container: ‘multi_promo_103495731_1’ ,currentNodeClass: ‘currentNode’ ,lazyLoad: false ,lazyLoadNext: false,responsive:false

    View the Original article

     
  • jkabtech 1:20 am on March 29, 2016 Permalink |
    Tags: , hacked, , ,   

    Report: 1.5 million Verizon customers hacked 

    Thursday, 24 Mar 2016 | 4:22 PM ETCNBC.com

    A pedestrian talks on his cell phone while walking past the Verizon Communications Inc. headquarters in New York. Andrew Harrer | Bloomberg | Getty ImagesA pedestrian talks on his cell phone while walking past the Verizon Communications Inc. headquarters in New York.

    More than 1.5 million Verizon Enterprise customers had their contact information leaked on an underground cybercrime forum this week, according to cybersecurity blogger Brian Krebs.

    A security vulnerability, now fixed, provided an opening for the attacker, the business-to-business arm of the mobile and telecom giant told KrebsoOnSecurity. The breach involved basic contact information, not propriety network information, the company told Krebs.

    Prices of the customer data ranged from $10,000 to $100,000, Krebs reported.

    Verizon, used by almost all Fortune 500 companies, is widely known for its cybersecurity prowess, and releases an annual report on avoiding cyberthreats, Krebs wrote.

    Verizon told CNBC that impacted Verizon Enterprise customers are being notified, and no data about consumer customers was involved.

    For the full story, read more at KrebsOnSecurity.com.

    — CNBC’s Ryan Ruggiero contributed to this report.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 8:12 am on March 10, 2016 Permalink |
    Tags: , , hacked, , ,   

    Student who hacked college website escapes jail time, gets job offers 

    Ryan Pickren was only playing a prank, or so he thought until he was arrested and found himself in jail on Christmas Eve 2014, facing charges of “computer trespassing.”

    Now, a little more than a year later, charges against Pickren have been dropped, his arrest and record have been expunged, and Pickren is set to graduate in May 2017.

    How did Pickren’s fortunes turn around so completely, so quickly?

    As we reported last January after his arrest, Pickren, a computer engineering student at Georgia Tech, went looking for bugs in the website of the University of Georgia, the arch-rival to his own school, when he stumbled across a bug he could exploit for his prank.

    Pickren published his version of the story this week in a Facebook post.

    According to Pickren’s description of events, he was home with his family celebrating Thanksgiving, anticipating the following week’s football game between his school and its nemesis, when he decided to join in the 100-year tradition of pranks against the rival team (theoretically harmless hijinks, but often illegal in reality, such as stealing the opposing school’s mascot).

    Pickren discovered that he could tamper with the master calendar of the University of Georgia’s website with a simple HTTP POST request.

    HTTP form submissions sometimes simply encode the user-supplied data into the URL itself, typically following a question mark (“?”). In an HTTP POST, however, the user-supplied data is placed into the body of the request, rather than the URL itself. POSTs avoid any browser-imposed limits on the lengths of URLs.

    As Pickren tells it, he then made “the biggest mistake” of his young life:

    While sitting in my room waiting for Thanksgiving dinner, I decided that I was going to play a prank of my own. I pulled up the University of Georgia’s homepage and started poking around. A few minutes later I stumbled upon their master calendar for campus events. I will spare you the technical details, but I had a hunch that I could circumvent their approval process by carefully forming an HTTP POST request. At that moment, I made the biggest mistake of my life. I posted “Get Ass Kicked By GT” on UGA’s master calendar for the time of the annual football game.

    His prank was noticed by a reporter for the sports network ESPN, who tweeted about it, and other media picked up on the story.

    A few weeks later, Pickren got a phone call from university police, who were investigating the incident.

    In Pickren’s words:

    I was in shock. I didn’t even know this could be considered illegal. I didn’t steal anyone’s password, install malware, or take any personal data. I just found a bug in their site that allowed my seemingly harmless prank.

    Unfortunately for Pickren, the claim that “I didn’t think I was doing anything wrong” was already unacceptable to US courts as an excuse for computer misuse as long ago as the 1980s.

    So, on Christmas Eve, Pickren was informed there was a warrant for his arrest and he was to turn himself in to face computer trespassing charges, which in Georgia carries a maximum penalty of 15 years in prison and a $50,000 fine.

    Fortunately for Pickren, the judge and district attorney were not interested in prosecuting him to the full extent of the law, and he was let off easy – he would write an apology letter and perform some community service, and after 12 months of being a good citizen, his debt to society would be paid.

    As Pickren explained:

    I completed my community service for TechBridge, an Atlanta based non-profit organization that provides technical support to other non-profits. While volunteering, I developed security tools to help them protect their clients from hackers. Yes, there was some irony in the service, but it was indeed the best way for me to use my skills to give back to the community.

    Pickren says he hopes his story serves as a lesson to others, showing other young cyber-punks “the possible repercussions of cyber pranks.”

    Pickren’s story has a happy ending – he’s even had job offers as a result of his new-found fame.

    Other hackers haven’t been so fortunate.

    A hacker in Turkey was recently sentenced to 334 years in prison for setting up phishing websites to steal bank customer details.

    That’s a much more serious crime than what Pickren did – sort of like the difference between robbing hundreds of people and spray-painting graffiti on one person’s house.

    These are two opposite extremes, but was justice served in Pickren’s case?

    Did the punishment fit the crime?

    Let us know your thoughts in the comments below.

    Follow @NakedSecurity

    Follow @JohnZorabedian

    Image of chalkboard drawing of hacked computer courtesy of Shutterstock.com.

    View the original article here

     
  • jkabtech 7:50 pm on March 3, 2016 Permalink |
    Tags: hacked,   

    iPhone Hacked to run NES 

    Apple wanted the iPhone to be a closed system. With a bit of creative coding that has all changed. If you want to play some NES games, all you need is a iPhone and you are good to go! Have a look at the Google Code page for the iPhone NES Emulator for more details.

    Video after the jump.

    “A native NES emulator for the iPhone, currently using the InfoNES core. Presently there is no sound, and the emulator is a little slow (most likely due to the way I’m drawing onto the screen). And the control is a bit iffy (using an image of an actual controller, while cute, sucks).

    ROMs need to be placed in /var/root/Media/ROMs/NES ”

    Via: Tuaw and Digg

    View the original article here

     
  • jkabtech 4:08 am on March 3, 2016 Permalink |
    Tags: Businessman, hacked, jailed, , revenge   

    Businessman who hacked 900 phones as “revenge” is jailed 

    Imagine that you’re a network security company, and you’re in the middle of a demonstration to a prestigious customer in the insurance industry – a customer who is worth £80,000 a year in business.

    Imagine that you want to show how quickly and efficiently you could remotely wipe a mobile device to render it useless to a crook, for example after it was reported lost or stolen.

    And now imagine that an estranged former business partner managed to hack into your network, perhaps using legitimate-looking credentials set up when he was still an insider, to stage a sort of “demo-within-a-demo” of his own, right in the middle of your demo…

    …so that not only the test device got wiped, but also a further 900 of your important customer’s mobile phones.

    That’s not too far away from what happened in May 2014 to a company called Esselar, thanks to the vengeful attitude of one of the company’s orginal founders who had recently fallen out with his erstwhile partners and exited the business.

    (The customer, insurance giant Aviva, apparently cancelled the contract as a result.)

    According to a BBC report, the estranged business partner, Richard Neale, just picked up an 18-month jail term this week for this and other cybercrime offences against the UK’s Computer Misuse Act.

    Neale apparently also took over his former company’s Twitter account and changed the logo to a “Heartbleed” by way of advertising the company’s insecurity, which is a particularly bad look for a network security consultancy.

    He also he also used a fake account left behind inside the company to mess with his former colleagues by fraudulently rejecting their expense claims.

    The BBC notes that Neale’s legal representative categorised these crimes as “foolish and childish” and as “causing mischief” based on festering resentment.

    We’d call deliberately wiping some 900 mobile devices belonging to a trusted and trusting customer goes well beyond “foolish and childish”, and we’d suggest that Neale can consider himself fortunate not to have earned a longer sentence.

    A little vigilance goes a long way:

    Use a standard, formal process to remove or to disable the accounts of anyone who leaves, whether on good terms or bad. Regularly review accounts that have remote access to prevent “sleeper accounts” being created for later misuse. Consider requiring two-factor authentication for all remote access so you have two ways to lock out a departing user. Regularly change passwords on social media accounts if you have been forced to share the same account and password with multiple staff. Regularly review your remote access logs in case you notice unusual or unwanted access – you definitely won’t spot anomalies if you don’t look.

    Follow @NakedSecurity

    Follow @duckblog

    View the original article here

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel
%d bloggers like this: