Hackers demand $6M from largest retail currency dealer in ransomware attack
Travelex, the world's largest retail currency dealer, has been targeted in a ransomware attack, with hackers reportedly demanding a payment of $6 million so the company can regain control of its systems. They’re also threatening to publish customer data if Travelex fails to pay the ransom.
Cyberattack forces 38,000 students to physically stand in line for new passwords
A university in Germany is handing out new email passwords printed on pieces of paper to its 38,000 students after its servers were hit by hackers. Students are being asked to line up outside the university gym to collect their new passwords in a process that could take five days to complete.
U.S. automakers were leading targets of hackers in 2018, FBI says
The Federal Bureau of Investigation has issued a report to select private companies that automakers were the leading targets for hackers during 2018. This is not a new threat but it is an increasing one that has spurred recalls by several automakers, the law enforcement agency says.
Police arrest suspect in hack of Twitter CEO Jack Dorsey’s account
Police have arrested a suspect in connection with a hack in August that saw Twitter CEO Jack Dorsey’s own Twitter account compromised. The suspect is reportedly a former member of the Chuckling Squad, a hacking group known to use SIM swapping, the method by which Dorsey’s account was taken over.
T-Mobile hack may have affected around a million customers
Around a million T-Mobile customers have reportedly been caught up in a security breach in which hackers made off with customer information that includes name, billing address, phone number, account number. The hack comes just over a year after another one hit around 2 million T-Mobile customers.
Macy’s confirms hackers stole customer data from its website
Macy's says a small number of people who shopped on its website in October 2019 may have had their data stolen by hackers. Customers are being advised to check their statements for suspicious activity. The stolen data includes name, home address, phone number, email address, and payment card number.
Oh great, now our smart speakers can attack us with harmful sounds
A security researcher has said it’s surprisingly easy to take over Wi-Fi and Bluetooth speakers and get them to emit harmful sounds. With a few lines of code and a vulnerable device, Matt Wixey said it’s possible to play sounds that can annoy and intimidate those within earshot, or even damage their hearing.
LAPD says personal data of thousands of officers nabbed in breach
The police don't only investigate data breaches. It suffers them, too. A recent hack targeting thousands of LAPD officers and job applicants stole data that included names, dates of birth, partial Social Security numbers, and email addresses and passwords used by the applicants.
TrickBot returns with new attack that compromised 250 million email addresses
TrickBot returns with a new attack that teams up the malware with an email-based infection and distribution module dubbed TrickBooster. An investigation into TrickBooster's servers discovered a database with 250 million compromised email accounts, including from US government departments.
Marriott faces $123M fine for huge data breach that targeted millions of guests
Hotel giant Marriott is facing a $123 million fine for a data breach discovered in 2018 that affected 339 million of its Starwood customers. The fine comes just a day after British Airways was hit with a record $230 million penalty for a data breach that affected half a million of its customers.
British Airways hit with a massive fine for 2018 data breach
British Airways has been hit with a $230 million fine for a security breach in 2018 that saw hackers steal personal data belonging to around 500,000 of its customers. The airline has apologized and improved its online security, adding that it has received no reports of the data being used by criminals.
NASA hacked: 500 MB of mission data stolen through a Raspberry Pi computer
NASA's Jet Propulsion Laboratory was hacked last year by an attacker who used a Raspberry Pi computer to gain access to its systems. The hacker took advantage of the network's weaknesses to steal 500 MB of data from one of its major mission systems, while remaining undetected for 10 months.
Radiohead releases 18 hours of material to torpedo hacker’s ransom demand
A hacker who stole 18 hours' worth of unreleased Radiohead recordings was reportedly demanding $150,000 in exchange for its return. But to scupper the scam — and to offer something unexpected to fans — the band decided to release the material, with the proceeds going to a climate-action cause.
Flipboard hack prompts password reset for millions of users
Flipboard says it has been hit by hackers, resulting in the theft of personal data of some of its 145 million users. The company is still investigating the incident to find out precisely how many people are affected, but as a precautionary measure it’s prompting its community to create new passwords.
Hackers demanding bitcoin payments for code held hostage from GitHub and GitLab
Hackers extracted all the source code from certain GitHub, GitLab, and Bitbucket repositories, leaving behind a ransom note demanding bitcoin. It remains unclear how the hackers were able to access the accounts, but an investigation suggested that credentials were compromised from third-party exposures.
Own an Asus computer? Malware might be hiding in your system
If you own of an Asus computer, your system might have been infected by malware distributed from the tool you typically use to update your computer BIOS and install other security patches. That's all according to a new report from researchers at the Russian-based cybersecurity company, Kaspersky Lab.
Security flaws in 4G and 5G networks could expose your phone calls and location
A group of academics from the University of Iowa has discovered three flaws in both 4G and 5G networks which could allow attackers to intercept phone calls and track the location of smartphones. Published in a recent report, this is believed to be the first major vulnerability in 4G and 5G networks in recent times.
Marriott asking guests for data to see if they were victims of the Starwood hack
Marriott has created an online form to help you find out if your data was stolen in the massive Starwood hack that came to light at the end of 2018. But take note, it requires you to submit a bunch of personal details. The massive breach affected more than 300 million guests.
500px reveals almost 15 million users are caught up in security breach
Almost 15 million members of portfolio website 500px have been caught up in a security breach, the company said on Tuesday. The hack occurred in 2018 but was only discovered last week. As a precautionary measure, users are being told to change their 500px password as soon as possible.
‘Fortnite’ security flaw let hackers spy on players through microphones
A security vulnerability found in Fortnite allowed hackers to gain access to other players' accounts, potentially letting them spy on conversations from in-game microphone chatter. The flaw has since been fixed, according to Epic Games, but was possible by clicking on malicious links.
Quora hit by data breach affecting around 100 million users
Question-and-answer website Quora has been targeted by hackers. The company says that data belonging to 100 million of its users may have been stolen in the security breach. The hack is still under investigation, and Quora is now in the process of contacting affected users by email.
It’s time to change your password again as Dell reveals attempted hack
Computer giant Dell said on Wednesday, November 28 that it recently spotted an attempt by hackers to steal customer data. The cybercriminals are believed to have gone after personal information, though the firm doesn't believe any credit card information was taken. The investigation is ongoing.
Yahoo agrees to pay $50M in damages for biggest-ever data breach
Yahoo has agreed to pay $50 million in damages for a huge security breach in 2013 that hit all three billion of its user accounts globally. If the settlement is approved by a court next month, U.S.-based users affected by the biggest-ever data hack will be able to claim a portion of the funds.
Hackers target major airline in data breach affecting nearly 10M customers
A major international airline has been targeted by hackers, with personal data belonging to nearly 10 million of its customers stolen. Cathay Pacific, which operates out of Hong Kong, says that it so far has no evidence that the data has been misused, and is now in the process of contacting those affected.
Uber agrees to pay $148 million for 2016 hack and cover-up
Uber has agreed to pay $148 million for failing to immediately come clean about a 2016 hack that resulted in the theft of personal data belonging to 57 million of its riders and drivers worldwide. Uber had hoped to cover up the security breach and paid the hackers $100,000 to destroy the stolen data.
British Airways data hack hits 380,000 recent customers
Another day, another hack. This latest one affects 380,000 British Airways customers who recently used its website or app to book a flight or vacation. Customers' personal and financial details are believed to have been stolen, with those affected urged to contact their banks and credit card providers.
Attacker stole user data from Reddit through employee accounts
An official update posted by Reddit reveals that an attacker broke into a few systems on the company’s network and stole user data. The theft consisted of a 2007 database backup containing salted hashed passwords along with “some” current email addresses. Reddit is currently working with law enforcement.
Earn up to $10,000 by squashing printer-based bugs in HP’s bounty program
HP is calling an “industry first” in launching a print security bug bounty program providing rewards up to $10,000. It’s backed by Bugcrowd, a crowdsourced security platform that manages bug bounties, vulnerability disclosures, and more. The program will focus on bugs related to printers.
SamSam ransomware has generated $5.9 million from victims since 2015
Sophos reports that the SamSam ransomware has done more financial damage than previously believed, generating $5.9 million from its victims since it appeared in December 2015. Hackers use SamSam in attacks about once per day, but the typical web surfer will likely never experience its devastation.
Frustrated ‘Splatoon 2’ player hijacks leaderboard to call out cheaters
A frustrated Splatoon 2 player recently hijacked the game's leaderboards to call out Nintendo for its lack of anti-cheat protection in the game. Cheaters have become prevalent in the Switch exclusive over the last few months and threaten to ruin the game for those playing it fairly.
Netgear router bug let hackers steal classified documents on drones, tanks
Documents from the U.S. Air Force and U.S. Army were stolen by a hacker who used a simple exploit on a Netgear router after finding that its admin password had not been changed from the default. Those documents were then offered up for sale on the dark web alongside aerial drone footage and training manuals.
Hackers can purchase government login credentials for cheap on the dark web
McAfee recently discovered that hackers have access to many organizations that have weak credentials when using Microsoft’s Remote Desktop component in Windows-based systems. Access to these organizations can be bought for little money through specific shops on the dark web.
Nintendo starts banning Switch hackers from online services
Nintendo is starting to ban users who hack the Nintendo Switch. The ban removes the ability to enter the eShop, play multiplayer games, and use social features, though you can still receive game updates. The bans come after a major and unpatchable exploit was discovered in the Switch's hardware.
‘PlayerUnknown’s Battlegrounds’ hacking tool developers arrested in China
Developers of hacking tools for use in the game PlayerUnknown's Battlegrounds have been arrested in China and fined more than $5 million. Their programs were found to have contained Trojan horse software, potentially exposing the personal information of those who used the programs to cheat at the game.