Multiple “CIA failures” led to theft of agency’s top-secret hacking tools

[ad_1] Enlarge / CIA headquarters. In early 2017, WikiLeaks began publishing details of top-secret CIA hacking tools that researchers soon confirmed were part of a large tranche of confidential documents stolen from one of the agency’s isolated, high-security networks. The leak—comprising as much as 34 terabytes of information and representing the CIA’s biggest data loss…

Machine-learning clusters in Azure hijacked to mine cryptocurrency

[ad_1] Attackers recently hijacked powerful machine-learning clusters inside Microsoft’s Azure cloud-computing service so that they could mine cryptocurrency at the expense of the customers who rented them, the company said Wednesday. The nodes, which were misconfigured by customers, made the perfect target for so-called cryptojacking schemes. Machine-learning tasks typically require vast amounts of computing resources.…

Hackers for hire targeted hundreds of institutions, says report

[ad_1] Getty Images A hackers-for-hire group dubbed “Dark Basin” has targeted thousands of individuals and hundreds of institutions around the world, including advocacy groups, journalists, elected officials, lawyers, hedge funds, and companies, according to the Internet watchdog Citizen Lab. Researchers discovered almost 28,000 webpages created by hackers for personalized “spear phishing” attacks designed to steal…

An advanced and unconventional hack is targeting industrial firms

[ad_1] Enlarge / Binary code, illustration. Attackers are putting considerable skill and effort into penetrating industrial companies in multiple countries, with hacks that use multiple evasion mechanisms, an innovative encryption scheme, and exploits that are customized for each target with pinpoint accuracy. The attacks begin with emails that are customized for each target, a researcher…

Russian hackers are exploiting bug that gives control of US servers

[ad_1] A Russian hacking group tied to power-grid attacks in Ukraine, the world’s most destructive data wiper worm, and other nefarious Kremlin operations is exploiting a vulnerability that allows it to take control of computers operated by the US government and its partners. In an advisory published on Thursday, the US National Security Agency said…

Hacker buys old Tesla parts on eBay, finds them full of user data

[ad_1] Enlarge / Inside a Tesla. Tesla infotainment systems are a marvel to behold. Among other things, they display Netflix or Youtube videos, run Spotify, connect to Wi-Fi, and of course store phone numbers of contacts. But those benefits require storing heaps of personal information that an amateur researcher found can reveal owners’ most sensitive…

Citing BGP hijacks and hack attacks, feds want China Telecom out of the US

[ad_1] Citing the misrouting of US Internet traffic, malicious hacking, and control by the Chinese government, a group of US executive agencies is recommending the FCC revoke the license authorizing China Telecom to provide international telecommunications services to and from the United States. The recommendation comes amid an escalation in tensions between the US and…

Attackers can bypass fingerprint authentication with an ~80% success rate

[ad_1] For a long time, using fingerprints to authenticate customers to computer systems, networks, and restricted areas was (with a number of notable exceptions) principally restricted to giant and well-resourced organizations that used specialised and costly gear. That all modified in 2013 when Apple launched TouchID. Within a number of years, fingerprint-based validation grew to…