hacks

Google rolls out initiative to help hacked sites

It's not pretty when a Web site gets a "this site may be compromised" or "this site may harm your computer" status note. Many webmasters and Web site owners can be at a loss of what to do in these situations.

For this reason, Google has launched "Help for Hacked Sites" informational series, which has a dozen articles and videos aimed to help people avoid having their sites hacked and also teach them how to gain back control of compromised sites.

"Every day, cybercriminals compromise thousands of websites. Hacks are often invisible … Read more

Microsoft's latest patches address new USB hack

A new kind of vulnerability popped up recently, one that lets hackers stick a USB thumb drive into a computer -- even if it's logged-off or locked -- type out a bit of attack code and steal whatever data they want.

In an effort to avoid this type of cyberattack, Microsoft issued its monthly software patches today and included a fix for this Windows vulnerability called MS13-027. This vulnerability lets a hacker get into the computer with a thumb drive and take over administrative privileges.

"When the Windows USB device drivers enumerate the device, parsing a specially crafted … Read more

Apple, Facebook hackers hit car and candy companies too

More details have been revealed about the massive cyberattack that hit several tech companies last month. Not only were Apple, Facebook, Microsoft, and Twitter hit -- but other industries' computer systems were also hacked, including prominent car manufacturers, U.S. government agencies, and a candy company.

According to The Security Ledger, people familiar with the matter said that hackers infiltrated computer networks by using at least three third-party "watering hole" Web sites, which made it possible for hackers to put malware on those companies' computers.

"The breadth of types of services and entities targeted does not reflect … Read more

Researchers win $100,000 for Chrome hack that leaves Windows vulnerable

Security researchers at MWR Labs have won a $100,000 prize at the Pwn2Own hacking competition in Vancouver.

The researchers showed off their hack yesterday as they took a fully patched version of the Google Chrome browser, hacked it, and then took control of Windows 7. According to the researchers, when a Chrome user visits a malicious Web page, it's possible for the page's creator to exploit a vulnerability that allows for code execution in the sandboxed renderer process. From there, the team exploited a kernel vulnerability in Windows 7 to gain elevated privileges and execute commands.

Here's what the researchers were able to achieve:… Read more

Jailed hacker allowed into IT class, hacks prison computers

They're arguing now about who let it happen, but happen it did, with entertaining consequences.

Somehow Nicholas Webber found himself in an IT class while in jail. He's serving five years for creating a site called GhostMarket, which allowed those interested in creating computer viruses, partaking of stolen IDs and enjoying private credit card data to congregate.

He was caught using hacked personal information to buy everything from iPods to luxury hotel stays.

One might have thought that an IT class would have been quite dull for him. One might also have thought that inviting him to an … Read more

Upcoming iOS update likely to kneecap Evasi0n jailbreak

One of the most popular jailbreaking tools for iOS could be snuffed out as part of an upcoming software update from Apple.

iOS 6.1.3, which Apple gave to developers for testing last week, reportedly keeps Evasi0n from being installed, leaving would-be jailbreakers in a lurch.

Evasi0n came out earlier this month and gives iPhone, iPod, and iPad owners deeper access to the software on their devices than Apple allows. The two key benefits for those who install it is that you can make significant changes to basic system software, as well as add additional apps through third-party software … Read more

NBC Web site back up after hack attack

NBC's Web site is up and running again after being knocked offline by a cyberattack for several hours yesterday.

The NBC site was the victim of a form of malware known as the Citadel Trojan. This specific strain targets companies in an attempt to steal usernames, passwords and other sensitive data. People who visit sites infected by the trojan can find their own PCs infected as well.

In the past, Citadel typically attacked banks and financial firms but has since expanded its reach to a wider range of organizations.

NBC, which is part of cable giant Comcast, is still trying to figure out how the attack occurred, … Read more

Zendesk hack snares user data from Twitter, Tumblr, Pinterest

At a time when it seems no company is immune from hackers, user information from three high-profile social-networking sites has been compromised due to a hack at another company.

Customer support service Zendesk revealed today that it had been the victim of a security breach and that information from three of its clients had been downloaded. As first reported by Wired, those three clients are Twitter, Pinterest, and Tumblr.

Zendesk revealed the hack in a company blog post today that said the vulnerability was immediately identified and patched:

Our ongoing investigation indicates that the hacker had access to the support … Read more

Forum site gives more details on Apple and Facebook hacks

The popular forum site that hackers used to access employee computers at Apple and Facebook gave more details today on how the cyberattack happened.

The site's owner Ian Sefferman confirmed previous reports that hackers injected JavaScript into his site, iPhonedevsdk, and were then able to use a previously unknown exploit to access certain user's computers. He also said that the cyberattack most likely ended on January 30, 2013.

Apple revealed yesterday that hackers targeted computers used by its employees, but that "there was no evidence that any data left Apple." In a statement, the company said … Read more