Three Chinese were charged for stealing 407 GB of sensitive data and trade secrets by sending "spearphishing" emails to computers in western Pennsylvania and around the world.
They were also accused of exploiting vulnerabilities in computer systems and using malware to gain access to confidential business and commercial information, work product, and sensitive employee information including usernames and passwords.
Imgur security breach probably happened because of an older hashing algorithm. The stolen passwords were scrambled with older SHA-256 hashing algorithm which could be easily cracked using brute force attacks.
Imgur stated of encrypting passwords of users in database, with the outdated SHA-256 which is quite feasible to be broken.
If you use Facebook as a backup drive to store important and often personal photos/videos, then drop this habit. A newly discovered Facebook vulnerability could let anyone with some technical know-how to delete any or all photos you posted on the social networking website.
This is because Facebook's Graph API wasn't checking permissions properly. If you sent a request to the Graph API to delete another user's photo album and toss your own Facebook for Android token as the required stamp of approval, it'd blindly accept it and the album would vanish.
Bloomberg has revealed that the company concealed for more than a year a massive data breach that exposed sensitive records of millions of drivers and customers. The stolen information included names, email addresses and mobile phone numbers of Uber users around the world, and the names and license numbers of 600,000 U.S. drivers.
Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.
Experts found 482 of the top 50,000 websites use session replay scripts. You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use "session replay" scripts.
Hundreds of homepages, including those of Microsoft, Adobe and Wordpress, Spotify, Skype use secret code, called 'session replay' scripts, to monitor your online activity.
This could be used by third parties to reveal everything from credit card details to medical complaints, as well as putting you at risk of identity theft and online scams.
If you are an android user, then you are also among the billions of users whose smartphone is secretly gathering location data and sending it back to Google.
Android devices have been sending location information about nearby cell towers to Google since the beginning of 2017, with Google getting pinged every time a user entered the range of a new tower. Even if the user actively turned off location services, Google can still access their location and movements without their knowledge.
Cars on the road may already being targeted by hackers and it is feared that vehicles built after 2005 are vulnerable to be controlled remotely, although models up to 17 years old could also be affected.
The government is now being urged to create laws that would force car manufacturers to constantly provide software updates for their vehicles.
Carsten Maple, professor of cyber engineering at the University of Warwick, said: "We’ve already seen vehicles used as weapons. Cybersecurity researchers must ensure systems are engineered to stop new attacks."
If you are inquisitive by nature and dream to become a successful bug bounty hunter, the first thing you need is consistent, if not constant, attention. As IT security is becoming the talk of the town, more and more companies are focusing on conducting Bug Bounty programs to make their software more secure.Read Details