Security News
The online proctoring service ProctorTrack has disabled access to their service after its parent company was hacked. ProctorTrack is one such solution by Verificient that is used by numerous universities, including Rutgers, University of Western Ontario, Ohio University, Illinois State University, Purdue University, and MIT. Verificient and ProctorTrack was hacked.
Hackney Council in East London has declared that it was hit by a "Cyberattack" - but both the authority and officials from the National Cyber Security Centre remain tight-lipped about what actually happened. In a statement published on the council website this morning, local mayor Philip Glanville said: "Hackney Council has been the target of a serious cyberattack, which is affecting many of our services and IT systems."
Hack-for-hire group BAHAMUT managed to build a fake online empire to leverage in cyber-espionage operations targeting the Middle East and other regions around the world, BlackBerry reports. "BlackBerry assesses that the InPage zero-day exploit first identified by Kaspersky in 2016 and given CVE-2017-12824 but never attributed, was in fact used by BAHAMUT. We also assess that it was first developed by a Chinese threat group in 2009 for use in targeting a group in diaspora perceived to be a potential threat to the power of the Chinese Communist Party," BlackBerry notes in a new report.
A security flaw allowing attackers to remotely snoop in on victims' private conversations was found to stem from an unexpected device - their TV remotes. The flaw stems from Comcast's XR11, a popular voice-activated remote control for cable TV, which has more than 18 million units deployed across the U.S. The remote enables users to say the channel or content they want to watch rather than keying in the channel number or typing to search.
According to the 2020 Insider Threat Report by Cybersecurity Insiders, the biggest enabler of insider attacks is the fact that in 61% of incidents the perpetrator had elevated access privileges to sensitive data and applications. Traditional perimeter security will not protect against over privileged insiders that want to access critical data.
Government and financial service sectors globally are the most hack-resistant industries in 2020, according to Synack. Government and financial services scored 15 percent and 11 percent higher, respectively, than all other industries in 2020.
The alleged breach was first flagged by the #oRemyy account on Twitter, and was quickly amplified by others, who claimed that accounts were being taken over and credentials changed, so that the legitimate users couldn't recover them. "Yeah it's legit guys. Change your Activision account passwords immediately. Apparently over 500,000 accounts have been breached already and it's still ongoing," one user going by "Okami" tweeted.
Dunkin' Donuts today settled a lawsuit in which it was accused of hushing up the fact hackers siphoned its customers' personal information from its systems in 2015. "Long before the New York Attorney General filed suit in this matter, Dunkin' had voluntarily implemented or enhanced the security measures identified in today's settlement," Dunkin' said in a statement to The Register.
The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses. In a joint statement, the FBI and Homeland Security's Cybersecurity and Infrastructure Security Agency on Monday claimed Beijing's miscreants have exploited or attempted to exploit bugs including those in Microsoft Exchange Server, the F5 Big-IP remote takeover vulnerability, Pulse Secure's VPN's remote code flaw and the Citrix VPN directory traversal hole.
A "Hack-proof" smart padlock with security based on blockchain technology could be defeated by a simple Bluetooth replay attack - or a 1kg lump hammer. Its unique selling point is that the padlock can be locked and unlocked using an app that transmits over a Bluetooth Low Energy connection, rather than a physical key or combination lock.