Hackers Accessed Security Cams Inside Tesla and Beyond

Hackers Accessed Security Cams Inside Tesla and Beyond

Microsoft-Owned GitHub Takes Down Exchange Server ExploitSecurity researchers warned this week that a full, public proof-of-concept exploit for recently-patched Microsoft Exchange Server vulnerabilities would further roil a hacking frenzy that had already escalated in recent days.

Malware Is Now Targeting Apple’s New M1 Processor

Malware Is Now Targeting Apple’s New M1 Processor

Longtime Mac security researcher Patrick Wardle published findings on Wednesday about a Safari adware extension that was originally written to run on Intel x86 chips, but has now been redeveloped specifically for M1.

Facebook Ad Services Let Anyone Target US Military Personnel

Facebook Ad Services Let Anyone Target US Military Personnel

But independent security researcher Andrea Downing says the stakes are much higher should active duty members of the US military—many of whom would likely get caught up in broader Facebook targeting of this sort—face misinformation online that could impact their understanding of world events or expose them to scams.

Cops Disrupt Emotet, the Internet's ‘Most Dangerous Malware’

Cops Disrupt Emotet, the Internet's ‘Most Dangerous Malware’

The global effort, known as Operation Ladybird, coordinated with private security researchers to disrupt and take over Emotet's command-and-control infrastructure—located in more than 90 countries, according to Ukrainian police—while simultaneously arresting at least two of the cybercriminal crew's Ukrainian members.

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

There will be more news to come about the SolarWinds supply chain attack and possible other elements of the extensive campaign, but in the meantime officials, security practitioners, and researchers are all puzzling over questions of where to draw the line on global espionage and how to deter destructive and otherwise unacceptable hacking.

This Bluetooth Attack Can Steal a Tesla Model X in Minutes

This Bluetooth Attack Can Steal a Tesla Model X in Minutes

But one security researcher has shown how vulnerabilities in the Tesla Model X's keyless entry system allow a different sort of update: A hacker could rewrite the firmware of a key fob via Bluetooth connection, lift an unlock code from the fob, and use it to steal a Model X in just a matter of minutes.

Did a Security Researcher Guess Trump’s Twitter Password?

Did a Security Researcher Guess Trump’s Twitter Password?

Earlier this week, Dutch security researcher Victor Gevers told De Volkskrant that he had recently accessed Donald Trump's Twitter account simply by guessing the password: maga2020!A few days later, he says, he saw that Trump's Twitter account had added two-factor authentication, freezing him out.

How 30 Lines of Code Blew Up a 27-Ton Generator

How 30 Lines of Code Blew Up a 27-Ton Generator

And when one cybersecurity researcher named Mike Assante dug into the details of that attack, he recognized a grid-hacking idea invented not by Russian hackers, but by the United State government, and tested a decade earlier.

Facebook Shut Down Malware That Hijacked Accounts to Run Ads

Facebook Shut Down Malware That Hijacked Accounts to Run Ads

Today at the digital Virus Bulletin security conference, Facebook researchers presented a detailed picture of how the malware, dubbed SilentFade, actually works and some of its novel methods, including proactively blocking a user's notifications so the victim wouldn't be aware that anything was amiss.

Hackers Could Use IoT Botnets to Manipulate Energy Markets

Hackers Could Use IoT Botnets to Manipulate Energy Markets

At the Black Hat security conference on Wednesday, the researchers will present their findings, which suggest that high-wattage IoT botnets—made up of power-guzzling devices like air conditioners, car chargers, and smart thermostats—could be deployed strategically to increase demand at certain times in any of the nine private energy markets around the US.

Rite Aid Used Facial Recognition in Stores for Nearly a Decade

Rite Aid Used Facial Recognition in Stores for Nearly a Decade

There are still plenty of details outstanding about how they might have pulled it off, but court documents show how a trail of bitcoin and IP addresses led investigators to the alleged hackers .A Garmin ransomware hack disrupted more than just workouts during a days-long outage; security researchers see it as part of a troubling trend of "big game hunting" among ransomware groups .

Apple’s Hackable iPhones Are Finally Here

Apple’s Hackable iPhones Are Finally Here

Plus, most jailbreaks only work on outdated hardware and old versions of the firmware, Apple argues, because the vulnerabilities used to achieve jailbreaks get patched.iOS-focused security researchers told WIRED on Wednesday that the new devices will be useful in many ways.

Who Pulled Off the Twitter Hack?

Who Pulled Off the Twitter Hack?

And we took a fresh look at an old debate: whether TikTok actually poses a security threat to the US.Russian hackers are targeting Covid-19 vaccine research .

The Anatomy of a Cisco Counterfeit Shows Its Dangerous Potential

The Anatomy of a Cisco Counterfeit Shows Its Dangerous Potential

The units F-Secure analyzed posed as Cisco Catalyst 2960-X Series switches—trusted devices that connect computers on an internal network to route data between them.In their analysis, the F-Secure researchers found subtle cosmetic differences between the counterfeit devices and a genuine Cisco 2960-X Series switch used for reference.

Julian Assange Faces New Conspiracy Allegations

Julian Assange Faces New Conspiracy Allegations

Security researchers have long insisted, though, that there is no technical way to build a backdoor in encryption for law enforcement that won't fundamentally undermine the protection.But Evil Corp's activity is notable, because the group was indicted by the Justice Department in December for hacking.

The Internet Avoided a Minor Disaster Last Week

The Internet Avoided a Minor Disaster Last Week

An arm of the nonprofit Internet Security Research Group, Let’s Encrypt is a so-called certificate authority that lets websites implement encrypted connections at no cost.Let's Encrypt uses software called Boulder to make sure that it's allowed to issue a certificate to a site.

The Long Path out of the Vulnerability Disclosure Dark Ages

The Long Path out of the Vulnerability Disclosure Dark Ages

In 2003 security researcher Katie Moussouris was working at the enterprise security firm @stake —which would later be acquired by Symantec—when she spotted a bad flaw in an encrypted flash drive from Lexar.

India's Data Protection Bill Threatens Global Cybersecurity

India's Data Protection Bill Threatens Global Cybersecurity

It is in the clear interest of policymakers, organizations, and the public to receive feedback from security researchers directly, instead of risking the information reaching other potentially malicious parties.

The 25 Most Dangerous Vulnerabilities, According to DHS

The 25 Most Dangerous Vulnerabilities, According to DHS

Security researcher Oliver Hough found a database with information related to 51,000 customer service interactions, which included some personally identifiable information and full online chats.

Facebook Sweetens Deal for Hackers to Catch Security Bugs

Facebook Sweetens Deal for Hackers to Catch Security Bugs

Last year, the company began paying bounties for certain bugs researchers might find in third-party services that integrate with Facebook.“Reports submitted to us thanks to security researchers allow us to learn from their insights," says Dan Gurfinkel, who heads Facebook's bug bounty program.

Some Voting Machines Still Have Decade-Old Vulnerabilities

Some Voting Machines Still Have Decade-Old Vulnerabilities

This afternoon, its organizers released findings from this year's event—including urgent vulnerabilities from a decade ago that still plague voting machines currently in use.Participants vetted dozens of voting machines at Defcon this year, including a prototype model built on secure, verified hardware through a Defense Advanced Research Projects Agency program.

How Safari and iMessage Have Made iPhones Less Secure

How Safari and iMessage Have Made iPhones Less Secure

"If you want to compromise an iPhone, these are the best ways to do it," says independent security researcher Linus Henze of the two apps.

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

But Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.

Watch a Drone Take Over a Nearby Smart TV

Watch a Drone Take Over a Nearby Smart TV

At the Defcon hacker conference today, independent security researcher Pedro Cabrera showed off in a series of hacking proofs-of-concept attacks how modern TVs—and particularly Smart TVs that use the internet-connected HbbTV standard implemented in his native Spain, across Europe, and much of the rest of the world—remain vulnerable to hackers.

Election Systems Are Even More Vulnerable Than We Thought

Election Systems Are Even More Vulnerable Than We Thought

But a group of security researchers told Motherboard this week they found what look like election infrastructure online in 10 states, including swing states like Wisconsin, Michigan, and Florida.

Hackers Can Break Into an iPhone Just by Sending a Text

Hackers Can Break Into an iPhone Just by Sending a Text

Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.Silvanovich, who worked on the research with fellow Project Zero member Samuel Groß, got interested in interaction-less bugs because of a recent, dramatic WhatsApp vulnerability that allowed nation-state spies to compromise a phone just by calling it—even if the recipient didn’t answer the call.

Browser Extensions Scraped Data From Millions of People

Browser Extensions Scraped Data From Millions of People

Ars Technica reporter Dan Goodin brings the news of a major new privacy failure recently unearthed by security researchers: widely used Chrome and Firefox browser extensions scraped and sold the data of more than 4.1 million people, until the researcher alerted Google and Mozilla.

A Likely Chinese Hacker Crew Targeted 10 Phone Carriers to Steal Metadata

A Likely Chinese Hacker Crew Targeted 10 Phone Carriers to Steal Metadata

Cybereason says that the company found no evidence that the hackers stole the actual content of communications from victims, but the firm's principal security researcher Amit Serper argues that the metadata alone—device and SIM identifiers, call records, and which cell tower a phone connected to at any given time—can provide a frighteningly high-resolution picture of a target's life.

Tricky Scam Plants Phishing Links in Your Google Calendar

Tricky Scam Plants Phishing Links in Your Google Calendar

Scammers are taking advantage of default calendar settings to try to trick users into clicking malicious links. "For the calendar attack, the scammers use a prepared email list to send their fraudulent invitations," says Maria Vergelis, a security researcher at Kaspersky who has been following the method.

Cellebrite Now Says It Can Unlock Any iPhone for Cops

Cellebrite Now Says It Can Unlock Any iPhone for Cops

Cellebrite, too, has likely possessed the ability to unlock iOS 12.3 devices prior to this announcement, says Dan Guido, the founder of the New York-based security firm Trail of Bits and a longtime iOS-focused security researcher.

More