Ad: Manage updates with the Download App
ie8 fix

hacker

Two charged in theft of $40K from hacked Subway keypads

Two California men have been indicted for allegedly hacking point-of-sale terminals at Subway shops to steal at least $40,000.

Prosecutors accused Shahin Abdollahi, aka "Sean Holdt," and Jeffrey Thomas Wilkinson of hacking at least 13 point-of-sale (POS) terminals to install software that fraudulently loaded at least $40,000 onto Subway gift cards, according to an indictment unsealed in Boston on Friday (see below). The pair then allegedly used the cards to make purchases at Subway shops and sold them on eBay and Craigslist.

Abdollahi owned a Subway franchise in Southern California from 2005 to 2008 and later … Read more

FBI investigating how sensitive celebrity data landed on Web

Some hacker or hackers has it out for a handful of celebrities, politicians, and law enforcement officials, including First Lady Michelle Obama, Vice President Joe Biden, and pop singer Beyonce.

Collected onto one Web site -- called "The Secret Files" -- is a slew of financial and personal information on these public figures. The data is so sensitive that it has sparked investigations by the FBI and other law enforcement agencies.

The U.S. Department of Justice announced yesterday that the government agencies are looking into how www.exposed.su obtained the Social Security numbers, credit reports, telephone … Read more

Denial-of-service attack takes down JP Morgan Chase sites

The Web sites for banking giant JP Morgan Chase are offline this afternoon as the result of a distributed-denial-of-service attack, a representative told CNET.

The site's usual banking tools and content were replaced this afternoon with a message that said:

Our website is temporarily down, but our branches and Mobile Apps are available. Please try again later. The representative couldn't say how long the site had been down or how long it would be until service was resumed.

Hackers have ratcheted up their assaults on financial institutions in recent months, using DDoS attacks to take down Wells Fargo, … Read more

Oracle issues emergency Java update to patch vulnerabilities

In response to discovering that hackers were actively exploiting two vulnerabilities in Java running in Web browsers, Oracle has released an emergency patch that it says should deal with the problem.

"These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password," Oracle wrote in a security alert today. "For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and … Read more

Dropbox users getting spammed, might be from earlier hack

It looks like Dropbox may be grappling with some leftover issues from hackers' access into the system last July.

Over the past 24 hours, users have been posting on the file-sharing site's forum, saying that they're being hit with spam e-mails sent to e-mail accounts used only for Dropbox.

"My Dropbox specific email has been receiving spam since the 20th of February," Daniel B. wrote today. Richard F. wrote, "I have an internal to my company email address that I used for Dropbox only and I am getting the same fake paypal scam emails. This … Read more

China blames U.S. for most cyberattacks against military Web sites

China has accused the U.S. for most of the cyberattacks launched against its military networks.

In a statement released today, China's Ministry of National Defense said that cyberattacks against its military sites have increased over the past few years. Based on checks of IP addresses, the Defense Ministry claimed an average of 144,000 cyberattacks per month last year, according to Reuters.

And it fingered the U.S. for almost 63 percent of them.

The allegations from Beijing come hot on the heels of a recent report from U.S. security firm Mandiant, linking the Chinese army to cyberattacksRead more

Overseas hackers nab more than 1TB of data daily

The idea of governments waging futuristic cyberbattles and online espionage campaigns actually isn't too farfetched. A new study released today by Team Cymru basically says as much.

The study, shared exclusively with The Verge, says that overseas hackers are stealing as much as one terabyte of data per day from governments, businesses, militaries, and academic facilities. Apparently, the hackers are using a network of 500 computer servers.

According to a lengthy article by The Verge, Team Cymru concludes that the hackers are so sophisticated and are running such massive campaigns that they must be state-sponsored. "This is Internet … Read more

Hacker says security flaw let him access any Facebook profile

A security hacker recently found a flaw in a Facebook system that allowed developers to access anyone's Facebook account through app permissions.

Though Facebook has fixed this issue, Nir Goldshlager, a Web application security specialist who looks for these types of flaws professionally, found more app authorization bugs that need fixing, according to his blog. App permissions are what developers use to access the user data needed to run their apps. Users give them access permission when they install the apps.

"I found a couple more OAuth flaws in Facebook, just waiting for a fix to post about … Read more

Zendesk hack snares user data from Twitter, Tumblr, Pinterest

At a time when it seems no company is immune from hackers, user information from three high-profile social-networking sites has been compromised due to a hack at another company.

Customer support service Zendesk revealed today that it had been the victim of a security breach and that information from three of its clients had been downloaded. As first reported by Wired, those three clients are Twitter, Pinterest, and Tumblr.

Zendesk revealed the hack in a company blog post today that said the vulnerability was immediately identified and patched:

Our ongoing investigation indicates that the hacker had access to the support … Read more

Apple, Facebook, Twitter hacks said to hail from Eastern Europe

While many security experts have been pointing the blame at China for the recent wave of cyberattacks on U.S. companies and newspapers, Bloomberg reports that some of the malware attacks actually may be coming from Eastern Europe.

Investigators familiar with the matter told Bloomberg they believe a cybercriminal group based in either Russia or Eastern Europe is carrying out the high-level attacks to steal company secrets, research, and intellectual property, which could then be sold on the black market.

Evidence that the attacks may be coming from Eastern Europe is the type of malware being used by the hackers, … Read more