Subscribe: Softpedia News - Security
http://news.softpedia.com/newsRSS/Security-5.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
android  company  data  devices  fappening  google  hack  hackers  malware  nude photos  nude  online  photos  security  users 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Softpedia News - Security

Softpedia News / Security



Softpedia News / Security



Published: Sun, 24 Sep 2017 16:09:37 +0000

Last Build Date: Sun, 24 Sep 2017 16:09:37 +0000

Copyright: 2001 - 2014 Softpedia. All rights reserved.
 



CCleaner Malware Targeted Intel, Microsoft, Google, More in Industrial Espionage

Thu, 21 Sep 2017 07:19:00 +0000

The recently discovered CCleaner malware was much more severe than previously suspected, as researchers find that it was designed for industrial espionage in companies such as Google, Sony, Intel, Microsoft, and many others. The CCleaner developers announced a couple of days ago that their application was modified to collect data from users and to grant control to hackers. This happened with a particular version and before it was made available for download, which makes things all that more interesting. The infected version of CCleaner was available for download almost a month before the malware was discovered. The initial assessment was that the goal of the hackers was to gain access to computers and to gather data. All that information was sent to a server, but i...



CCleaner Compromised to Gather and Transmit Information About Its Users

Mon, 18 Sep 2017 12:07:00 +0000

Piriform, the company that makes the popular CCleaner application, just announced that their application was hijacked and used to gather information about its users and send it to an unknown party. Hackers usually prefer to penetrate insufficiently secured servers and get the data they want in that manner, but that usually means that webmasters and programmers were not doing their job. Compromising the code for an application to gather information about user’s devices before that app is distributed is on a different level. Piriform hasn’t said anything about how their systems were penetrated or how the executable was modified before launch, but they did reveal everything that’s been going on, and it’s not a pretty sight. In fact, if you read the short description of the event, it’s even more terrifying. “An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address...



Huge Bluetooth Attack Exposes 8 Billion Devices via Bluetooth on All Platforms

Thu, 14 Sep 2017 08:10:00 +0000

BlueBorne is a new way of attacking and getting complete control of the desktop, mobile, and IoT platforms using a Bluetooth vulnerability. Bluetooth is a communication and data exchanging standards that present in pretty much all of the today's devices. The total number is estimated at over eight billion, which means that there are a lot of targets out there ready to be hacked. The vulnerability has been identified by a company named Armis Labs, which has detailed all the ways a user can be hacked, no matter the platform they are using. This means that it doesn’t really matter if you’re on a Windows, Linux, or Mac OS, not to mention all the mobile variants. Basically, if you have a Bluetooth, you’re exposed. The best protection is updating the OS or closing the Bluetooth The BlueBorne attack vector allows a hacker to remotely enter your operating system without the need to have it paired or even to be set on dis...



Google Services, Gmail, YouTube Go Down Worldwide

Tue, 12 Sep 2017 15:50:00 +0000

Google’s services went down a few minutes ago, with Gmail, YouTube, Google Maps, and others currently unavailable to users in several regions. While no specifics are available right now, Google said in a reply on Twitter to someone who reported the outage that “we’re aware of this and looking into it.” Google directs users to the G Suite Status Dashboard, but for the time being, the service only points to an issue with Google Drive. The official Google Maps Twitter account also confirmed that “we’re aware of the issue and our team is working on a fix. Appreciate your patience.” Google says a fix is on its way As far as the regions that are affected go, it appears that particular issues have been reported in Russia, Central Europe, Japan, and the American East Coast. Right now, everything seems to be working correctly here in Romania and the same thing for users in Italy, Spain, and France. Issues are also being confirmed in the United Kingdom, t...



Google’s September 2017 Android Patches Fix Over 80 Vulnerabilities

Fri, 08 Sep 2017 09:35:00 +0000

Google has released this month’s security updates for its Android mobile OS, fixing a total of 81 vulnerabilities in the platform with two different packages. The company’s September 2017 patch rollout includes two security patch level strings, one of which is labeled as 2017-09-01 and the other one flagged as 2017-09-05. The second includes the fixes that are part of the first, but Google says that this way Android partners can quickly fix a subset of vulnerabilities on their devices. Specifically, the 2017-09-01 security patch level addresses 30 vulnerabilities, out of which no less than 10 are marked as critical and another 15 with a high security risk. Google says that the majority of Android versions are affected, including the newly-released Oreo. Google points out the most severe vulnerabilities could allow attackers to execute arbitrary code on an unpatched device using crafted files. Th...



Samsung Paying Hackers Up to $200,000 to Breach Its Devices

Thu, 07 Sep 2017 10:01:00 +0000

Samsung is the latest company that launches a bug bounty program, with the South Koreans paying as much as $200,000 to whoever discovers a critical software vulnerability that would make it possible to compromise one of its devices. The found vulnerabilities must affect Samsung Mobile devices, services, applications developed and signed by Samsung or third-party companies that are specifically developed for Samsung. All devices need to be fully up-to-date and the impacted services must be currently active. The list of devices includes the most recent models, like the S8, S7, and Note 8, but also older models released in 2016, like the J3 and the A5. The Samsung Galaxy S6 is also included in the program. “We take security and privacy issues very seriously; and as an appreciation for helping Samsung Mobile improve the security of our products and minimizing risk to our end-consumers, we are offering a rewards program for eligible security vulnerability reports,” Sam...



OurMine Says It Hacked WikiLeaks, WikiLeaks Says No Hack at All

Fri, 01 Sep 2017 09:43:00 +0000

Hacking group OurMine has managed to hijack the official page of whistleblowing site WikiLeaks, but despite reports of a server hack, it turns out the attack was actually just a simple DNS spoof. The WikiLeaks homepage was replaced with a black background on Thursday, with hacking group OurMine leaving a message to mock the organization led by Julian Assange and Anonymous hackers for undermining its hacking abilities. “Hi, it’s OurMine ( Security Group ), don’t worry we are just testing your… blablablab, Oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you? Anonymous, remember when you tried to dox us with fake information for attacking wikileaks? There we go! One group beat you all!” the message posted by OurMine read. WikiLeaks: Servers not breached But despite claims that WikiLeaks suffered a breach of servers, the organization explained in a series of tweets that the defaced website was the result of a ...



New WikiLeaks Dump Uncovers CIA Malware Infecting Windows Boot Sector

Thu, 31 Aug 2017 11:28:00 +0000

WikiLeaks has just revealed another secret CIA project used to compromise Windows systems, this time targeting the operating system boot sector to then allow for deploying more payloads. Codenamed project Angelfire, the hacking tools were aimed at Windows XP and Windows 7 and consisted of 5 different tools that worked together to compromise a system. First of all, it’s Solartime, a malware component whose primary goal is to modify the boot sector to load a second module called Wolfcreek and consisting of a set of drivers that enable dumping other payloads like drivers and applications. A third component is called Keystone and was specifically deployed by the CIA because it allowed agents to deploy additional malware on the infected systems, while the fourth is called BadMFS and represented a file system storing all the other components encrypted and obfuscated. And the last one is Windows Transitory File System, which WikiLeaks says was designed as an alternative...



Instagram Confirms Hack of High-Profile Accounts Due to Security Bug

Thu, 31 Aug 2017 09:13:00 +0000

Instagram has confirmed that a security bug in the service allowed hackers to access and steal private information of high-profile users with verified accounts, including phone numbers. While no specifics were provided on the bug itself, Instagram said in a statement for TIME that exploiting the bug allowed hackers to access personal information of users, including the email addressed they configured with the service and phone numbers that were used for two-factor authentication. Instagram confirms that at least one hacker who discovered the bug used it to breach accounts and reach the personal information of high-profile users, but no specifics were provided as to who was targeted by the hack. “We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users' contact information — specifically email address and phone number — by ...



Google Bans 300 Infected Android Apps Used in WireX DDoS Attacks

Wed, 30 Aug 2017 08:39:00 +0000

Security researchers have uncovered new malware targeting Android devices, which are then being used as part of the WireX botnet to launch DDoS attacks against a series of targets. Content delivery network provider Akamai came across the malware when investigating an attack launched against a client in mid-August, revealing that the first signs of DDoS attacks based on the Android malware infection were spotted on August 2. The infection, however, was only in its early stages at that point, so the malware only became more prominent when the number of targets increased and more devices were compromised. The malware that’s used to infect Android devices has been injected into various apps from popular categories, including video players, ringtone tools, and resource managers, which are particularly searched for on Android. Once infected, a device was u...



Selena Gomez Hacked, Justin Bieber Nude Photos Posted Online

Wed, 30 Aug 2017 07:28:00 +0000

Selena Gomez is the latest celebrity that got hacked, with a bunch of nude photos of Justin Bieber posted on the singer’s Instagram account. While the majority of celeb hacks targeted iCloud accounts as part of the famous Fappening saga, in the case of Selena Gomez the target was her Instagram account, which somehow got breached on Monday. No leak took place this time, as it typically happened in the Fappening scandal, but the hacker did post a bunch of nude photos of Justin Bieber that were quickly removed after the singer regained access to account. The nude photos, however, are not part of a stolen photo dump, as they were previously posted online in 2015 when Selena Gomez and Justin Bieber were dating. Censored photos were at that point published by several blogs and tabloids, but uncensored versions also reache...



Buying an Apple MacBook for Just $1 Is Actually Possible Due to a Security Flaw

Mon, 28 Aug 2017 09:25:00 +0000

Buying super-expensive devices like Apple’s MacBook with just $1 is actually something that can be done due to a vulnerability in SAP POS systems, a research published by security firm ERPScan demonstrates. The company has detailed in a YouTube video how a security flaw in the SAP POS Xpress Server can be abused to modify the price of a specific product, intercept payments, and collect financial information such as the details of a card that’s being used at a specific time. The vulnerability resides in the SAP POS Xpress Server which handles the payments made through in-store SAP POS systems and the research shows that an attack has big chances to be successful because the implementation misses multiple authorization checks on the server side. Patches already released The security firm says that in order for a hacker to breach the SAP POS system, the attack must be launched from the same...



Chinese Internet Users Forced to Reveal Real Names When Posting Online

Mon, 28 Aug 2017 07:19:00 +0000

Remaining anonymous while browsing the web in China is a concept that’s pretty much dead, as the country has just released new regulations that would require Internet users to reveal their real names when posting comments online. Until now, users were forced to disclose their identity when connecting to a number of popular services like WeChat, Weibo, and use mobile phone numbers, but with this new set of rules, forums and smaller services would have to enforce the same requirement as well. Quartz writes that according to the new regulations, websites and services would have to investigate any user who might be using a fake identity and store all the data for government inspection should it be required. Users posting comments online are not allowed to oppose the principles of China’s constitution or damage the national honor and interests, the ne...



NHS Board Infected by Malware, Hospital Systems Taken Offline

Mon, 28 Aug 2017 06:42:00 +0000

The UK National Health Service (NHS) has once again been the victim of cybercriminals, as the systems operated by one board ended up infected with malware on Friday. The Lanarkshire board revealed on Friday that computers operating the staff rostering and the phone systems at several hospitals, namely Hairmyres Hospital, Monklands Hospital, and Wishaw General Hospital in Scotland, suffered a new malware attack. The board called for patients to visit the emergency departments only if absolutely necessary, promising to reschedule appointments once systems were clean and back up and running. “Due to NHS Lanarkshire IT issues, the staff bank system and telephone are offline and currently unavailable. EOL is still available, therefore please check this for available shifts over next 72 hours as a priority. Any cancellations should contact the main hospital switchboard as per usual process,” a statement issued on



iPhone, Android App Sarahah Quietly Uploads Phone Contacts to Company Servers

Mon, 28 Aug 2017 05:57:00 +0000

Sarahah is an application that has become a hit in a matter of months, and while many Android and iOS users rushed to install it, many of them didn’t have a clue that their phone contacts are being silently uploaded to the company’s servers. The discovery was made by security analyst Zachary Julian and reported by The Intercept, which wrote that the same behavior happens on both Android and iOS once users provide the app with access to the contact list. While an app requesting access to the phonebook is not unusual if the app in question does provide a feature that works with contacts, not the same thing can be said about Sarahah. No such functionality is available right now, but the developer says it’s exactly this reason why the company actually uploads the phone contacts to the company’s servers. Update to remove phone contact collection feature...



The 2017 Fappening: List of Celebrities Whose Nude Pics Got Leaked This Week

Sat, 26 Aug 2017 17:44:00 +0000

The original Fappening scandal that happened in 2014 is getting a new reboot this year, as several celebrities got hacked recently, with their nude photos being posted online this week despite threats of legal action against whoever publishes and helps spread the X-rated content. After Modern Family star Sarah Hyland got hacked and her nude photos were posted online by an unnamed hacker in July, false claims of an imminent leak involving Kylie Jenner and Victoria Justice also surfaced, though in this case no pics ended up online. But ...



Mobile App Allows Anyone to Create Android Malware with No Coding Experience

Fri, 25 Aug 2017 22:20:00 +0000

The number of threats targeting Android devices is growing at a worrying pace, and one of the reasons for this is that it’s becoming increasingly easier to write malware for Google’s mobile platform. Living proof is what Symantec security expert Dinesh Venkatesan describes as a Trojan Development Kit (TDK), which is currently available in China and allowing anyone to create Android malware without any coding experience. The whole thing can be done with an Android APK that can be downloaded freely from various Chinese forums, though it’s important to note that in order to generate the malware, users need to connect with the developer and issue a one-time payment. Using the app, customers can build a ransomware APK that can be customized with their own message to be displayed on the locked screen of the infected Android device, a user-defined key to unlo...



WikiLeaks Reveals CIA Hack to Spy on the FBI, Department of Homeland Security

Fri, 25 Aug 2017 08:25:00 +0000

WikiLeaks has just revealed another hacking tool developed by the CIA, but this time the agency wasn’t targeted companies or consumers in the United States, but other intelligence partners like the NSA, the FBI, and the Department of Homeland Security. Called ExpressLane, the project was created to help the CIA access information that other intel agencies were refusing to share, like biometric data. The CIA was providing partner agencies with technical support services for a biometric collection system, and as part of the collaboration, other intel departments, like the NSA and the FBI, agreed to share biometric data with the CIA. But in case any of these partners refused to provide all the data they collected, the CIA had a backup plan. ExpressLane was delivered as a software update for the said biometric data collection solution, so whenever the update was deployed, it also checked for any information the agency in question was hiding. Data stolen on US...



The 2017 Fappening: Nicole Scherzinger, Dakota Johnson Nude Pics Leaked

Thu, 24 Aug 2017 09:50:00 +0000

The list of celebrities that are getting hacked as part of what it slowly turns out to be a new episode of the Fappening saga is continuously growing, and today we can add two more stars whose X-rated photos ended up online. Singer and former Pussycat Doll Nicole Scherzinger and Fifty Shades of Grey star Dakota Johnson have both been targeted by hackers who managed to breach their accounts and steal pics. Neither of them commented on the hack, and it’s not clear just yet if they are willing to take legal action against websites publishing the photos, but more information in this regard is expected shortly. In some of the pictures, Dakota Johnson is seen naked in the shower with who appears to be actress Addison Timlin, as well as by a pool with several female friends. Nicole Scherzinger is pictured on a beach, as well as in what seems to be her bed. More celebrities hacked this week While this is clearly a massiv...



Company Willing to Pay $500,000 for WhatsApp Hacks

Thu, 24 Aug 2017 09:03:00 +0000

A company called Zerodium has announced an offer that hackers could hardly refuse: $500,000 for exploits in WhatsApp and Signal, two popular mobile messaging apps with hundreds of millions of users across the world. What the firm is seeking is remote code execution and local privilege escalation vulnerabilities in the two applications, asking for a working hack to pay the $500,000 reward. And while such an offer could be worrying for users running these apps on their mobile devices, Zerodium is unlikely to turn to these tools to attack users. Instead, what it does is resell zero-day exploits to various organizations, including what could be governments, even though the company doesn’t specifically reveal who buys the hacks. “ZERODIUM customers are major corporations in defense, technology, and finance, in need of advanced zero-day protection, as well as government organizations in need of specific and tailored cybersecurity capabilities,” the company says on its w...



The Fappening: Miley Cyrus, Victoria’s Secret Angel Stella Maxwell Hug Pics Leak

Wed, 23 Aug 2017 09:52:00 +0000

The 2017 Fappening is all but confirmed, as X-rated photos of more and more celebrities reach the web after what are likely to be successful hack attacks targeting their smartphones. This time, private photos of Miley Cyrus have reached the web, showing the American singer cuddling up naked next to Victoria’s Secret Angel Stella Maxwell. The photos are part of a larger dump showing Miley Cyrus and are believed to come from the singer’s smartphone. Details about the hack are not available, but the photos are likely to be kind of old, as Stella Maxwell is currently dating Kristen Stewart. Miley Cyrus and the Victoria’s Secret model were a couple back in 2015, but as of late 2016, the Angel has been dating Stewart. It’s not known if the leaked photos are part of a dump stolen from Miley’s phone as part of a previous hack or if this is a new hack and the pics were still there on her device. Another iCloud hack? At t...



Ukrainian Security Firm Warns of Another Massive Global Cyberattack

Wed, 23 Aug 2017 07:58:00 +0000

A new wave of cyberattacks could be launched as soon as this week, Ukrainian security firm ISSP warns, pointing out that the main objective would be taking down networks on August 24 when Ukraine celebrates the Independence Day. ISSP says in a notification posted on its website (translation needed) that it discovered malware on the website belonging to the parent company of Crystal Finance Millennium, an accounting software broadly used across the country by several companies and government departments. The malware, which doesn’t have a name just yet, has been spotted on the website and could be used to push the infection to clients using the said software. At the time of publishing this article, the page is down, as it appears to have been suspended by the hosting company, likely in an attempt to block the spread of malware. The security firm says there’s a chance a large-scale attack starts on August 24 ...



Google Bans 500 Android Apps Due to Spyware Infection

Wed, 23 Aug 2017 06:12:00 +0000

Security company Lookout discovered that no less than 500 Android apps that were published in the Google Play Store integrated an advertising software development kit called Igexin allowing cybercriminals to deploy malware and spy on users. Lookout explains that these apps, whose names were not revealed, surpassed 100 million downloads in the Google Play Store and were part of very popular categories, like games targeted at teens, weather apps, Internet radio, photo editors, educational, health and fitness, travel, and emoji. Google has already removed the apps from the Play Store, which means that users are secure at this point, while those who have already installed apps that looks suspicious and which could be infected with the said malware are recommended to scan their devices with dedicated security software. Not all versions of the SDK compromised Using an SDK to compromise Android...



LG Takes Systems Offline Due to WannaCry Infection

Tue, 22 Aug 2017 11:43:00 +0000

South Korean electronics manufacturer LG is the latest big name hit by ransomware, as part of the network operated by the company in the domestic market was shut down earlier this month due to WannaCry infection. First spotted in May this year, WannaCry is a form of ransomware exploiting a Windows vulnerability that has already been patched by Microsoft shortly after the outburst. The software giant has even shipped emergency patches for Windows XP in an attempt to keep users protected, so the only thing system administrators need to do is deploy the latest updates to block the infection. This never happened on LG’s systems, however, and a self-service kiosk operated by the company in South Korea has recently been compromised with WannaCry. Still not known how WannaCry reached computers While it’s not known how many computers in LG’s network were compromised, the company decided to shut down a number of systems to prevent the ransomware from spre...



The 2017 Fappening: Lindsey Vonn, Miley Cyrus, Kristen Stewart Nude Pics Leaked

Tue, 22 Aug 2017 09:45:00 +0000

Nude photos of several celebrities have been posted online, including Kristen Stewart, Miley Cyrus, Tiger Woods, and Katharine McPhee, with the last two threatening to sue everyone who decides to publish them on their websites. The list of hacked stars whose pictures ended up online also includes Lindsey Vonn and Stella Maxwell, as well as Anne Hathaway, who got hacked a few days ago and her photos were also posted online. Once again, it’s not exactly clear how the hackers managed to extract the X-rated photos from the devices belonging to these celebrities, but there’s a chance it all happened due to weak passwords or successful phishing attacks that had the stars provide their credentials on fake websites looking legitimate. The original Fappening scandal, which took place in 2014 and impacted a long list of celebrities, was based on ...



The 2017 Fappening: Nude Photos of Anne Hathaway Leaked

Tue, 22 Aug 2017 07:22:00 +0000

Nude photos of Anne Hathaway have made the rounds the past week after a hacker allegedly managed to hack the American actress in what appears to be a follow-up to the Fappening saga that took place in 2014. Not much has been said about the hack itself, but there are reports that several images were posted on Twitter and reddit, before being removed for obvious reasons. The photos, however, are being reposted on other image sharing websites, as it was the case of other stolen pics from various celebrities across the world. As compared to other stars whose private photos were posted online following a breach of their accounts, Anne Hathaway has remained tight-lipped for the time being, without any confirmation whether she contacted law enforcement or if she’s considering legal action against the hackers or the websites that publ...



Anonymous Hacks NHS System, Data of 1.2 Million Patients Allegedly Exposed

Mon, 21 Aug 2017 11:54:00 +0000

The NHS has once again been the target of hackers, this time with a member of the famous group Anonymous managing to breach the appointment booking system and expose details of 1.2 million patients. SwiftQueue, who handles appointments of eight NHS trusts, confirmed the hack, but said that only some 32,500 “lines of administrative data” had been exposed following the breach. This includes personal details of patients, like names, dates of birth, phone numbers, and email addresses. On the other hand, SwiftQueue says that no medical records have been accessed, and passwords are entirely secure because they’re encrypted. “We recently became aware of a cyber attack which affected a small subset of administrative data sets, with the breach fixed within three hours. There were 32,501 lines of administrative data, some of it test data which related to ‘dummy’ patients. We are in the process of informing the patients affected,” the company says. Anonymous: We sto...



The 2017 Fappening: Danielle Lloyd Hacked, Nude Photos Leaked Online

Mon, 21 Aug 2017 05:56:00 +0000

​The Fappening saga continues, this time with former Miss England and Miss Great Britain Danielle Lloyd, whose iCloud account got breached by an unknown hacker. While little has been said about the breach itself, it turns out that the hacker or the hackers managed to access photos stored in the celebrity’s iCloud account, which means the pictures were taken with an iPhone and then uploaded into the cloud. Similar hacks targeting iCloud accounts of several celebrities, including Jennifer Lawrence, Miley Cyrus, and Emma Watson, took place in 2014 as part of the famous scandal called Fappening and which led to a substantial collection of nude photos getting leaked online. A representative for Danielle Lloyd told The Sun that law enforcement has already been contacted to investigate the breach and stop the photos from spreading online, though it’s the...



PlayStation Accounts Hacked, PSN Database Allegedly Stolen

Mon, 21 Aug 2017 05:07:00 +0000

The official Twitter and Facebook PlayStation accounts were compromised late Sunday by hacking group OurMine, with the attackers claiming they had managed to get access to a PSN database. While no leaks have happened since the breach was announced, OurMine hackers claim they won’t be releasing any details online, meaning that users should be fine unless the attackers change their mind. For the time being, however, a password reset could be a good idea to remain secure. OurMine hackers posted several messages on the official Twitter and Facebook PlayStation accounts, all of which have already been deleted, presumably after Sony regained access to the compromised accounts. One of the tweets, which is no longer available right now, confirmed there are no plans to leak PSN details. “No, we aren’t going to share it, we are a security group. If you work at PlayStation, then please go to our website,” the group tweeted from the official PlayStation account, calling for S...



Jennifer Lawrence Afraid of New “Fappening”

Thu, 10 Aug 2017 07:45:00 +0000

Jennifer Lawrence admitted in a recent interview that she’s afraid of being hacked once again, as more reports of a 2017 Fappening keep making the headlines. The 26-year-old actress was one of the celebrities whose personal accounts got compromised in 2014, with her nude photos ended up being posted online. And in an interview with Vogue (via Metro), Jennifer Lawrence says she’s very worried that another hack leading to other images being posted online could happen any minute now. “I think people saw (the hacking) for what it was, which was a sex crime, but that feeling, I haven’t been able to get rid of it. Having your privacy violated constantly isn’t a problem if you’re perfect. But if you’re human, it’s terrifying. When my publicist calls me, I’m like, ‘Oh, my God, what is it?’. Even when it...