Security News
On the first day of the Pwn2Own 2020 hacking competition, participants earned a total of $180,000 for demonstrating exploits targeting Windows 10, Ubuntu Desktop and macOS. Pwn2Own typically takes place at the CanSecWest cybersecurity conference in Vancouver, Canada, and participants have to attend in person. On the first day of Pwn2Own 2020, a team from the Georgia Tech Systems Software & Security Lab successfully executed code on macOS through Safari.
Most computer systems are still very easy to hack, due to a vulnerability in memory chips produced by Samsung, Micron and Hynix, according to a study by researchers from VUSec of the Vrije Universiteit Amsterdam. The vulnerability in question is called Rowhammer, a design flaw in the internal memory chips of a device that creates the vulnerability.
Criminals targeting other criminals is nothing new, but researchers have now uncovered a years-long campaign that trojanizes hacking tools in order to infect other hackers with njRAT. Just as trojanized mobile apps can be downloaded from app stores and installed by trusting users, so trojanized hacking tools are downloaded and installed by trusting hackers. The njRAT infection route in the campaign appears to be via cracked and trojanized hacking tools.
Zynga - maker of addictive online social games such as FarmVille, Mafia Wars, Café World and Zynga Poker - is facing a potential class action lawsuit over the September 2019 breach in which hackers got access to more than 218 million Words with Friends accounts. Zynga admitted to the breach at the time, saying that hackers got their hands on "Certain player account information" but that, at least during the early stages of its investigation, it didn't think any financial information was accessed.
Emerging technologies being adopted by cities - like facial recognition, smart-city technologies like smart lighting, and 5G-driven IoT - are opening up municipalities to even more security and privacy threats. Tara Seals: So I wanted to talk to you a little bit about smart cities and municipalities in general and some of the security threats that they're facing.
In a RSA 2020 simulation, the Red Team compromised email accounts, created deepfake videos and spread disinformation on Election Day in Adversaria. At RSA 2020, Cybereason assembled a group of journalists and other conference attendees to be the Red Team, in charge of creating just enough chaos to cause residents of the fictional city Adversaria to doubt the results of the election.
The FBI on Friday arrested a man linked to former U.S. Rep. Katie Hill's 2018 House campaign for allegedly orchestrating a series of cyberattacks on a rival candidate that shut down the campaign's website for 21 hours. The U.S. Attorney's Office in Los Angeles said Arthur Jan Dam, 32, of Santa Monica, California, surrendered and was taken into custody on a complaint that says his computer attacks in April and May 2018 cut off campaign donations for Democrat Bryan Caforio and contributed to his narrow loss to Hill in the primary election.
Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users. Until now, enabling the two-factor authentication in Ring devices was optional, which definitely would have prevented most Ring hacks, but of course, many never bothered to enable it.
Following several recent reports of hackers gaining access to people's internet-connected Ring doorbell and security cameras, Amazon yesterday announced to make two-factor authentication security feature mandatory for all Ring users. Until now, enabling the two-factor authentication in Ring devices was optional, which definitely would have prevented most Ring hacks, but of course, many never bothered to enable it.
The new requirement comes after Ring faced a backlash in December following a rash of disturbing hacks and security issues tied to the smart doorbell. While Amazon-owned Ring offered 2FA as an option to customers before, now the second layer of verification will be mandatory to all users.