A 19-year-old completely self-taught hacker from Argentina has just been recognized as the first bug bounty hacker to earn more than $1 million in bounty payout awards, according to HackerOne. Santiago Lopez, the hacker, who uses the handle @try_to_hack, has been discovering and disclosing vulnerabilities through HackerOne’s bug bounty program since 2015. In 2016, he earned
The 2018 Holiday shopping season was the biggest on record for e-commerce, with nearly $126 billion in online sales. But as e-commerce continues to expand, the demand for warehouse workers is growing faster than the labor supply and creating an increased need for automation. Given its dominance in e-commerce and the massive scale of its business, there’s no surprise
by Lisa Vaas Cellebrite phone-cracking devices, beloved by law enforcement, are available at bargain-basement prices on eBay, so you can get a gander at all the devices that the police have presumably been able to squeeze for data. Here’s a second-hand Cellebrite UFED device showing off its capabilities, courtesy of security researcher Matthew Hickey: Cellebrite
This eerie image is connected to the alleged Momo challenge causing panic among parents. Editor’s Note: This blog post includes disturbing content and mentions of suicide. Internet challenges have been going on for years. They can be fun and harmless, or they can be dim-witted and even deadly. The latest challenge referred to as the
The service became notorious for its use by ne’er-do-wells looking to make a quick buck by hijacking the processing power of victim machines to generate virtual money Coinhive, a cryptocurrency mining service that rose to infamy after it began to be co-opted for cryptojacking campaigns in 2017, is shutting down. In a short blog post
Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct memory access (DMA)-based attacks let an attacker compromise a targeted computer in a matter of
The Gillmor Gang — Frank Radice, Denis Pombriant, Michael Markman, Keith Teare, and Steve Gillmor . Recorded live Saturday March 2, 2019. Netflix and the mining of social capital, bingewashing and the new prime time, how AOC asks the right questions. Produced and directed by Tina Chase Gillmor @tinagillmor @fradice, @denispombriant, @mickeleh, @kteare, @stevegillmor Liner
Artificial intelligence continues to evolve, but most IT systems still need human intervention to stay operational. Threat actors face the same issue when controlling their malware. Consider the malware cyber kill chain. Its components have remained the same, but when you dig into the details, many aspects have changed, requiring enterprises to update their protections.
Even though misconfigurations in public clouds create risks to enterprise security, a new study found that more than half of IT professionals do not really understand the risks inherent in public cloud misconfigurations as well as they understand risks within their traditional IT environments. The 2019 State of Enterprise Cloud and Container Adoption and Security
This year’s Mobile World Congress — the CES for Android device makers — was awash with 5G handsets. The world’s No.1 smartphone seller by marketshare, Samsung, got out ahead with a standalone launch event in San Francisco, showing off two 5G devices, just before fast-following Android rivals popped out their own 5G phones at launch
by Mark Stockley Some ideas are so good at getting people to spread them that they go viral. There doesn’t have to be any design, purpose or merit in an idea to make it spread. It doesn’t have to be good, interesting, helpful, useful or true, in fact it can even be a very bad,
The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to occur, the user must typically execute the malware by double-clicking on the .jar file that usually arrives as an email attachment. Generally, infection begins if the user has the Java Runtime Environment installed.
The organization was the victim of a water-hole attack, likely attributable to the APT LuckyMouse group The International Civil Aviation Organization (ICAO) was a victim of a large-scale cyberattack back in 2016. Indeed, in November of that year, a cyber-intelligence analyst at Lockheed Martin contacted the international organization after finding that cybercriminals took control of
Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim’s device. With over 1.5 billion users worldwide, SHAREit is a popular file sharing application for Android, iOS, Windows and Mac that has been designed to help
Hello and welcome to an Equity Shot, a short-form episode of the show where we dive into a single breaking news story. Guess what we’re talking about today?! It’s Lyft . You guessed correctly. The Lyft S-1 is the very first major S-1 event of 2019. As you might recall, the government shutdown gummed the
When you think about disaster recovery strategy, much of the context for planning revolves around the types of disasters you want to protect against. Natural disasters, IT failures and power outages usually top the list of threats. However, moving forward, the idea that a cyberattack may occur is likely going to take a more dominant
The state of Massachusetts is reportedly facing increased cyber threats from adversaries who are trying to steal sensitive information, according to the Gloucester Daily Times. In an interview with Stephanie Helm, director of the MassCyberCenter, State House reporter Christian M. Wade learned that the state’s computer systems as well as Massachusetts businesses and individuals are
In Lyft’s S-1 this morning, the company laid out the potential consequences for converting its drivers from independent contractors to W-2 employees. This, of course, has been an ongoing conversation within the gig economy. Those who work as 1099 contractors can set their own schedules, and decide when, where and how much they want to
by John E Dunn Researchers have spotted an unusual ‘trackware’ attack triggered by viewing a PDF inside the Chrome browser. Security company EdgeSpot said it noticed suspicious PDFs, which seem to have been circulating since 2017, sending HTTP POST traffic to the tracking site readnotify.com. The behaviour only happened when a user viewed a PDF
The time has come to say goodbye to Barcelona as we wrap up our time here at Mobile World Congress (MWC). Although it’s hard to believe that the show is already over, MWC 2019 managed to deliver a slew of showstoppers that captured our attention. Here are some of my main takeaways from the event:
The first virtual concert to take place inside a video game attracted interest not only from players but also from scammers, who tried to take advantage of the huge event by tricking users into buying tickets even though the concert was free At the start of February first ever concert to take place inside a
Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive’s service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites. For a brief
Tesla made a flurry of announcements this afternoon with the highlight being the company’s reveal of its $35k Model 3. That reveal grabbed the most headlines, but updates to the Model S and Model X lines brought the costs of high-end models down with maxed out Performance + Ludicrous Mode versions of the S and
Cryptocurrency mining tool Coinhive has decided to shut up shop, although not because of its rampant abuse by hackers over the past two years. The team behind the Monero miner revealed all in a brief post on Tuesday, claiming that the 18-month project had come to an end as it was no longer economically viable.
Founders. This is your shot. TechCrunch is officially in the hunt for the most disruptive startups for this year’s Startup Battlefield at TechCrunch Disrupt San Francisco 2019. Startups can apply here to compete on our world-famous stage for a $100,000 equity-free prize and the coveted Disrupt Cup. With more than 10,000 attendees, hundreds of press
by John E Dunn Researchers have revealed how malicious Thunderbolt and PCI Express (PCIe) peripherals could be used to compromise computers running macOS, Windows, Linux and FreeBSD. Nicknamed ‘Thunderclap’ in a presentation at last week’s Network and Distributed System Security Symposium (NDSS), the vulnerability has to do with Direct Memory Access (DMA), a standard technique
This time last year, we said that 2018 would be the year of mobile malware. Today at MWC, we’re calling 2019 the year of everywhere malware. In their quest for profit, criminals are constantly forced to shift their tactics and adapt to a changing mobile market. Take crypto-mining, for example. A year ago this was
Worse, attackers have already been spotted targeting the flaw to deliver cryptocurrency miners and other payloads Days after the team behind Drupal urged website admins to apply an update patching a highly critical vulnerability in the content management system (CMS) platform, threat actors were spotted exploiting the loophole in the wild. The remote code execution
The world of cybersecurity is fast-paced and ever-changing. New attacks are unleashed every day, and companies around the world lose millions of dollars as a result. The only thing standing in the way of cybercrime is a small army of ethical hackers. These cybersecurity experts are employed to find weaknesses before they can be exploited.
Go-Jek is extending its reach in Southeast Asia after its Thailand-based unit made its official launch, which included the addition of a new food delivery service. Get, which is the name for Go-Jek business in Thailand, started out last year offering motorbike taxi on-demand services to a limited part of Thai capital city Bangkok, now