Tagged: hacking Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:00 am on November 18, 2019 Permalink | Reply
    Tags: , Disney+, hacking, , ,   

    Disney+ accounts are under attack 

    Disney+ accounts are under attack

    Disney+ is the home streaming service brought to you by the Walt Disney Company. It just recently launched and is already seen as a competitor to Netflix. It was hugely successful upon its recent launch and it’s easy to understand why. Not only do they provide the famous Disney catalog but they also own many other entertainment properties such as the Marvel movies and former Fox-owned shows like The Simpsons. That’s not even taking the entire Star Wars franchise into account along with the new Star Wars ongoing series The Mandalorian. Of course, where there’s an online success there are people looking to take advantage of that success and Disney+ is no different.

    Within hours of the launch of Disney+, users were already complaining that they had been locked out of their accounts. These compromised accounts are now up for sale on some of the seedier parts of the web. The accounts are going for as little as $3-$11. Many of these accounts were paid for years in advance leaving those affected with little to no recourse. Basically, hackers were gaining access to the accounts with previously compromised email and password combinations. The hackers then change the login information, locking the account’s owner out before putting the account up for sale.

    If you have a Disney+ account and you’re using a password that you’ve used elsewhere, change your password right away. In general, you should never use the same password twice. As always, we recommend using one of the many free password managers out there. If you were thinking about enabling two-factor authentication on your Disney+ account, unfortunately, you can’t. Disney has yet to offer that feature on Dinsey+. You may also want to do a malware scan on your computer as that’s another popular way that scammers and hackers can obtain your passwords.

    You should be enjoying this service and not having to spend hours with customer service trying to get the issue resolved even if you can.

     
  • Geebo 9:00 am on November 5, 2019 Permalink | Reply
    Tags: , , hacking,   

    Are hackers spending your money on Facebook? 

    Are hackers spending your money on Facebook?

    Business owners, whether they may be big or small, often take out ads on Facebook. Considering Facebook’s massive reach, placing ads on Facebook is almost considered a no-brainer. In order for businesses to place these ads, they need to enter some kind of payment information on Facebook. That can be either a credit or debit card or some kind of online payment like PayPal. You don’t even have to be a business to place a Facebook ad as anybody can purchase an ad. Now, some hacked Facebook accounts have led to these ads being purchased without the knowledge of the account’s owner.

    CNET is reporting that they’ve received reports of hacked Facebook accounts being used to purchase questionable ads. The ads are then charged to the account of whoever’s account has been compromised while the hackers get their ads served for free. The ads tend to be for some kind of scam product where the hackers are just looking to gain the financial information of more victims. You don’t even have to have a Facebook business account for this to happen. If you’ve ever entered your payment information to Facebook for whatever reason, you could be in jeopardy if your account becomes compromised.

    To better protect yourself against an attack like this is to have a secure password used specifically for your Facebook account. Never use similar passwords for different accounts. While business accounts have to keep an eye out for fraudulent charges, personal accounts can remove their payment information from Facebook. On your Facebook account, click on the settings option then scroll down to the payment information option. Once you click on that you’ll have the option to remove your payment information.

     
  • Geebo 8:00 am on September 26, 2019 Permalink | Reply
    Tags: , hacking, , , , ,   

    When a smart home isn’t so smart 

    When a smart home isn't so smart

    Many people think that they are better securing their home by installing smart devices. These devices can range from anything from cameras to door locks and anything in between. These classes of smart devices are known as the internet of things or IoT for short. That means that these devices are connected to the internet so the user can control them from just about anywhere. The major drawback to IoT devices is that they can also be controlled by bad actors if the user isn’t careful.

    A couple in Milwaukee found that the hard way this week when someone was able to take control of some of their smart devices. The couple had a nest camera and thermostat installed. When one of them came home they found that the thermostat was set at 90 degrees. After that, someone started verbally harassing them through the speaker on their security camera. Even after the couple changed all their passwords the abuse continued until the devices were disconnected. The couple lays the blame at Nest, which is owned by Google, but the fault may lie elsewhere.

    It’s not hard to hack into IoT devices if the users are using the same password or weak passwords to secure their network and devices. Also, as we discussed with the recent YouTube hack, two-factor authentication (2FA) should also be enabled on these devices. While 2FA has its own flaws, it’s more secure than using an easily guessed password. These devices are designed to help protect your home, but if you’re not using 2FA it’s like having the most expensive lock that you just leave the key in.

     
  • Geebo 8:00 am on September 24, 2019 Permalink | Reply
    Tags: , hacking, , ,   

    What you can learn from the massive YouTube hack 

    What you can learn from the massive YouTube hack

    Recently, a large number of YouTube channels with substantial subscriber counts had been hijacked by hackers. This way the hackers can sell the accounts to bad actors who can then potentially claim a channel with a large built-in subscriber base. It’s not easy to cultivate a successful YouTube channel. Some creators have spent years carefully growing their audience in a highly competitive market. To possibly see it all disappear in an instant could be a devastating blow to any moderately successful channel.

    The plot against some of YouTube’s creators was a coordinated phishing attack. Authentic looking emails were sent to creators asking them to log into their accounts. Like most phishing attacks, the creators were then directed to phony login pages where the hackers could steal their login credentials. The hackers could then assign the channels to new owners, locking the creators out of their channels. What’s particularly troubling about this attack is that it allegedly bypassed what’s known as two-factor authentication. 2FA, as it’s known, is the process of requiring a user to securely log in to their accounts using a two-step process that usually involves signing in with their log-in credentials then verifying their access request by replying to a text message. it’s believed that the hackers were able to intercept the 2FA messages.

    If you’re not using 2FA, you should be. While it’s not unhackable it does go a long way in stopping someone from accessing your sensitive accounts. While SMS text messages are the most common form of 2FA, they’re not the most secure, however, there are alternatives. One way of protecting yourself is by purchasing a hardware key that works on both your computer or phone that you have to have in your possession to access your accounts. There are also software approaches to 2FA like Google Authenticator or Microsoft Authenticator, both of which are free.

    Some of these YouTube creators may have lost their life’s work. With a more secure 2FA option you may not have to worry about losing anything important that you access online.

     
  • Geebo 8:05 am on August 14, 2019 Permalink | Reply
    Tags: , defcon, FAA, hacking, lightning cables, , O.MG Cables, trade war   

    FAA bans Apple product from flights 

    FAA bans Apple product from flights

    Apple has carefully cultivated a reputation for itself of producing a number of reliable products. This week, the company that Steve Jobs made famous has taken some hits to that reputation.

    First, the Federal Aviation Administration (FAA) has banned certain Apple laptops from being carried on US flights due to battery issues. The laptops in question are 15-inch MacBook Pros sold between September 2015 and February 2017 as they have been the target of a recall. The recall was issued due to the fact that in some MacBooks the battery has overheated and caused a fire hazard.

    This isn’t the first time that the FAA has banned a device from being carried aborad planes. Back in 2016, the Samsung Note 7 smartphone was banned from all flights for a similar reason. This was a huge blow to Samsung’s reputation and it has taken the phone manufacturer a while to regain consumer confidence. Will Apple see a similar backlash from frustrated travelers being told they can’t bring their MacBooks on board? It’s unlikely as Apple has such a dedicated userbase that they’ll probably just purchase updated MacBooks from Apple if need be.

    However, that’s not the only technical issue that Apple has had this week. At the cybersecurity conference known as DefCon, a security researcher unveiled an Apple charging cable that could potentially hijack an Apple device. The cables, called O.MG Cables, look like a normal Apple lightning cable that are used to charge Apple devices. However, these cables have malicious devices installed in them that could be used to hijack Apple devices from your iPhone to your MacBook. So, the moral here is to make sure that you use your own charging cable and don’t use just any charging cable you see lying around, especially if you’re at DefCon.

    Lastly, Apple has been hit with an import tariff starting September 1st. In the ongoing trade war China, the Trump Administration will put a 10 percent import tax on smartwatches, fitness trackers, smart speakers, and Bluetooth headphones. Since Apple relies heavily on Chinese manufacturing, this will have a significant effect on their bottom line. Even though Apple could probably absorb the tariff it’s more than likely that they’ll pass these expenses on to the consumer.

     
  • Geebo 8:00 am on June 21, 2019 Permalink | Reply
    Tags: e-scooters, electric vehicles, hacking, , Regulus, , Tesla Model 3,   

    Teslas hacked and more electric vehicle news! 

    Teslas hacked and more electric vehicle news!

    If you’re in the market for a Tesla Model 3 and want to take advantage of its Enhanced Autopilot feature, you may want to think again. A team of cybersecurity researchers known as Regulus claims that they have been able to hack into a Tesla Model 3 and essentially take remote control of the car while on autopilot. Regulus performed this experiment in a closed location and were successfully able to cause the car to malfunction with parts that can be bought off the shelf. While it’s doubtful that these attacks will become widespread immediately, it does show that autonomous vehicles may not be ready for primetime just yet as many of its proponents claim.

    The State of New York is getting ready to pass legislation that would make electric scooters and bicycles available for rent in their state. However, it will be up to the individual municipalities to determine where the scooters can be ridden and left out for rent. What remains to be seen is how they will be embraced by residents of the Empire State. In many communities such as Seattle and Austin, Texas, many residents have found them to be a public nuisance have taken to throwing the scooters in lakes and rivers. While New York City Mayor Bill de Blasio is supporting the new legislation, it will be interesting to see if scooters in the Five Boroughs end up in the Hudson River.

    Lastly, if you own an electric or hybrid vehicle and live in the state of Utah, you may be paying more out of pocket. While only 2% of vehicles in Utah are electric or a hybrid, the state is looking to make up for the loss in revenue when it comes to the highway tax that the state makes off of gasoline sales. Under a voluntary program starting in January, the state would want to charge electric and hybrid drivers 1.5 cents for every mile driven. While a tax like this seems inevitable with many drivers moving on to electric vehicles it will be interesting to see how states enforce such a tax once electric vehicles become more commonplace.

     
  • Geebo 9:00 am on October 18, 2018 Permalink | Reply
    Tags: , , hacking   

    Latest Facebook hack was not politically motivated. The real explanation is worse. 

    Latest Facebook hack was not politically motivated. The real explanation is worse.

    It was back in late September, which was not all that long ago, when it was announced that Facebook was hacked to the tune of 50 million accounts. The hack not only exposed user information but allowed the hackers access to what’s been referred to as ‘access tokens’, which theoretically would allow the hackers to gain access to other platforms which use Facebook as a login. While Facebook is now claiming the number of accounts hacked was closer to 30 million, it was believed the attack was carried out by state-sponsored agents. Now, Facebook is walking back on that claim and the new claim isn’t much better.

    According to yesterday’s report from the Wall Street Journal, brought here via Business Insider, an anonymous Facebook insider has said that the hack was conducted by your run of the mill spam hackers. These hackers are the type who are in it for the money rather than any political ideal. Among some of the information that was taken from Facebook were birthdates, phone numbers, search history of Facebook users.

    In my opinion, it’s worse that Facebook was hacked by a group of spam hackers rather than a foreign power. To me, this means that Facebook’s security is lacking in a basic way since they can’t keep out the hackers who sell your information to email spammers and phone scammers. An attack from a world power can almost be understood against a platform that is as massive as Facebook. However, Facebook’s security should be above nickel and dime attacks like this that are more akin to the stereotypical hacker who lives in their parents’ basement.

    A saying that’s been going around in tech circles lately is that the only safe Facebook account is a deleted Facebook account.

     
  • Geebo 9:30 am on June 21, 2018 Permalink | Reply
    Tags: Global Emancipation Network, hacking,   

    Are online vigilantes needed to fight human trafficking? 

    Are online vigilantes needed to fight human trafficking?

    In fiction, vigilantes are a very entertaining subject. From movies like Boondock Saints to characters like Batman, fictional vigilantes bring justice to those who think they’re above the law. However, historically vigilantes in the real world have been nothing more than lynch mobs looking to further their own agenda. Much like their historical counterparts, online vigilantes tend to be virtual lynch mobs who more often than not target the wrong person as the victim of their ire and end up hurting innocent people in the process. One of the more infamous examples of that was when a Reddit group identified the wrong man as the Boston Marathon bomber. However, one group of white hat hackers are using their technical expertise to fight against human trafficking.

    The Global Emancipation Network is far from a group of ragtag hackers united by a common goal. It was founded by a computer scientist whose resume includes stints with the US Department of Defense, Microsoft, and NASA. The GEN collects information from all over the internet and the dark web in order to share this data with law enforcement agencies all over the world.

    As GEN points out, many law enforcement agencies from around the world either can not or will not devote the necessary resources needed to effectively fight human trafficking. GEN hopes to fill that gap with the information they collect. While it’s a harsh reality, it’s a shame that their services are needed in the first place. However, it’s refreshing to see such a well-organized volunteer community doing the dirty work that needs to be done to help rescue the millions of victims of human trafficking in all of its forms.

     
  • Geebo 8:59 am on October 16, 2017 Permalink | Reply
    Tags: hacking, KRACK,   

    Exploit makes all Wi-Fi vulnerable. Is it time to panic? 

    Exploit makes all Wi-Fi vulnerable. Is it time to panic?

    A leading security expert recently discovered an exploit in the algorithm that keeps most Wi-Fi devices secure. The exploit, named KRACK, allows a bad actor to hijack your Wi-Fi and tunnel in to any of your Wi-Fi enabled devices. This means that your private information could be compromised or any sort of malware could be injected into your devices. Here’s all the guts of how the exploit works.

    This makes any Wi-Fi enabled device vulnerable. That means it can effect phones, tablets, PCs, whether they run Windows, Android, iOS, MacOS and even Linux. So what can you do? Unfortunately, mostly wait. This exploit is so new that most distributors have not pushed any updates yet to fix the exploit. That’s not even taking into consideration that a lot of distributors, especially router manufacturers, never even update the firmware of their devices. The same goes for a lot of Android phone manufacturers too. You can use a virtual private network (VPN) to be more secure, however, they can be costly and some VPN providers can be shady themselves. For PCs and laptops you can go back to using your ethernet cables.

    If any good news can come from this exploit it’s that someone has to be within distance of your Wi-Fi source to be able to launch an attack. So if you’re at home, someone would have to be in range of your home router to try to hijack your signal. Businesses will be more vulnerable as a hacker will have better access to try to hijack that signal. Hopefully, manufacturers, distributors and providers will realize just how massive this vulnerability is and will issue patches as soon as possible. If you have additional questions and concerns you can go to krackattacks.com.

     
  • Geebo 9:52 am on March 16, 2017 Permalink | Reply
    Tags: hacking, ,   

    So what exactly did the Russian hackers get from Yahoo? 

    So what exactly did the Russian hackers get from Yahoo

    As was posted yesterday, the Department of Justice did indict four hackers believed to be involved with the massive data breaches that have plagued Yahoo over the past few years. The alleged hackers have been identified as Dmitry Aleksandrovich Dokuchaev, 33, Igor Anatolyevich Sushchin, 43, Alexsey Alexseyevich Belan, 29, and Karim Baratov, 22. Dokuchaev and Sushchin are said to be Russian intelligence agents while Belan and Baratov were hired by the aforementioned agents. The only one of the four to be arrested was Baratov since he was living in Canada at the time of his arrest. The other three suspects are currently in Russia which does not have an extradition treaty with the United States.

    So while the hacks exposed hundreds of millions of Yahoo accounts, only a minority of those accounts turned out to be valuable to the hackers. Among those accounts were those of Russian journalists and cybersecurity experts. Considering Russia’s track record of allegedly targeting and suppressing opposition against the regime this should come as no surprise. Outside of Russia, targets included a Nevada gaming official, a high-ranking executive in a US airline and the CTO of a French transportation company.

    For the average Yahoo Mail user this means that you probably weren’t targeted by the Russians and your Aunt Betty’s recipe for peach cobbler is probably safe, however, it is recommended that you update your password if you haven’t done so in a while or consider moving to a more secure platform that hasn’t been hacked to the tune of 500 million users.

    On the geopolitical scale these hacks could be seen as the start of a new type of cold war where the battlefield is through cyberspace rather than blocs of puppet governments. While the battle may be contained to a confined virtual space that doesn’t make the possible outcomes any less concerning.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel