Search Results for “CNN”

October 6, 2019

Kevin Collier / CNN

Kevin Collier / CNN
Attempted Hack Into Voting Mobile App Voatz in West Virginia May Have Been University of Michigan Student’s Attempt to Research Security Vulnerabilities

An attempted hack into a mobile voting app called Voatz used in West Virginia during the 2018 midterm elections may have been by an attempt by a student as a part of a University of Michigan election security course to research security vulnerabilities rather than an attempt to alter any votes, three people familiar with the matter told CNN. The app has been used in the state since 2018 to allow overseas and military voters to vote via smartphone. Mike Stuart, the US attorney for the Southern District of West Virginia, revealed at a press conference last week that an FBI investigation “is currently ongoing.” The office of West Virginia Secretary of State Mac Warner had previously communicated to Stuart that suspicious activity against the Voatz app came from IP addresses associated with the University of Michigan, a person familiar with the matter said. West Virginia is the only state that currently uses the Voatz system.

Related: The Register

Tweets:@kevincollier @donie @jasonleopold @weldpond @joebeone

The Register: FBI called in to investigate 2018 Mountain State mobile voting system hacking

@kevincollier: Scoop: The alleged attemption intrusion into the Voatz mobile blockchain voting app used in West Virginia — currently the subject of an FBI investigation — comes from an election security class at the University of Michigan.
@donie: Incredible reporting here from @jsvine and @kevincollier who got to the bottom of many of the millions of comments that were submitted to the FCC protesting #NetNeutrality.
@jasonleopold: There is a lot going on but please take the time to read this PHENOMENAL, EXPLOSIVE story by @jsvine & @kevincollierThe New Way To Hack Democracy: How Political Operators Are Impersonating Real Americans To Flood The Government With Fake Comments
@weldpond: If the company had a bug bounty program that allowed testing on non-live voting systems why target the live voting system?
@joebeone: Scoop from @kevincollier : "FBI investigating if attempted 2018 voting app hack was linked to Michigan college course"

October 1, 2019

Christina Maxouris and Konstantin Toropin / CNN

Christina Maxouris and Konstantin Toropin / CNN
Former Yahoo Software Engineer Pleads Guilty to Hacking 6,000 Yahoo Accounts, Including Those of Friends and Work Colleagues, Searching for Sexual Images and Videos

The US Attorney’s office in the Northern District of California said that a former Yahoo software engineer, Reyes Daniel Ruiz, pleaded guilty to hacking thousands of Yahoo users’ accounts and searching for private records. Ruiz was mostly interested in sexual images and videos of the account holders and admitted using the access he had to hack into about 6,000 Yahoo accounts, targeting younger women, including his personal friends, and work colleagues. Once he gained access to the Yahoo accounts, Ruiz compromised the iCloud, Facebook, Gmail, DropBox, and other online accounts of the Yahoo users in search of more private images and videos. He made copies of pictures and videos that he found and stored them at home. Ruiz was charged with one count of computer intrusion and one count of interception of a wire communication, but under the plea agreement pleaded guilty to just the computer intrusion charge. Ruiz has been released on a $200,000 bond and faces a sentencing hearing scheduled for February 3, 2020.

New York Post: Yahoo worker hacked user accounts to steal photos of ‘younger women’
San Francisco CBS Local : Ex-Yahoo Engineer Pleads Guilty To Hacking Thousands Of Accounts For Sexual Images, Videos
AP Top News: Engineer admits hacking Yahoo accounts searching for images
Justice.gov: Former Yahoo Software Engineer Pleads Guilty To Using Work Access To Hack Into Yahoo Users’ Personal Accounts
Reddit-hacking: Engineer admits hacking Yahoo accounts searching for images
ZDNet Security: Former Yahoo engineer pleads guilty to hacking user emails in search for porn
CBS News: Former Yahoo engineer admits hacking 6,000 accounts in search of sexual images

September 19, 2019

Samantha Murphy Kelly / CNN

Samantha Murphy Kelly / CNN
Facebook Launches $149 Portal TV Product With Camera and Smart Speaker Amid Privacy Backlash, Confirms Human Contractors Will Listen to Interactions

Embroiled in endless controversies over its privacy practices, Facebook announced it would take the concept of its Portal Product, a smart speaker with a screen, a step further with Portal TV, a $140 small black camera that can be clipped onto the top of users’ TVs or sit below them on a stand much like Roku or Apple TV. Despite marketing the device as “private by design,” Facebook confirmed that it may have contractors listen to recordings of user interactions with Portal TV and its other Portal devices, beginning when the wake word “Hey Portal” is spoken, in order to “improve the accuracy of voice services for everyone,” Andrew Bosworth, Facebook’s vice president of AR and VR, said the human reviews will be conducted by “trained vendors under very secure environments” and that users who are uncomfortable with this prospect can opt-out. Facebook also announced a redesigned 10-inch Portal at a reduced price ($179) and an 8-inch Portal Mini ($129).

Tweets:@dhh @mrjabbott @iansherr @rycrist @stevekovach

Vox: The techlash isn’t big enough to stop Facebook from selling video chat devices for your living room
CNET: Facebook Portal would be great for my kid, but then I have to trust Facebook
Futurism: Facebook: Actually, We Do Listen to You Sometimes
San Francisco Chronicle: Facebook slashes price, size of Portal video calling device
AP Breaking News: Facebook slashes price, size of Portal video call gadget
WRAL Tech Wire: Facebook cuts price on video call gadget, also offers smaller size
channelnews: New Facebook Portal TV Seen As A Security Risk
Popular Science: Facebook’s new Portal video chat devices are smaller, cheaper, and facing stiffer competition
The Mac Observer: Facebook Launches New Surveillance Devices For Your Home
TechCrunch: Daily Crunch: Facebook announces Portal TV
Daily Mail : Facebook can watch you at home: Firm launches Portal devices that lets users video chat
Quartz: Facebook is launching new Portal smart displays. But why?
Android Central : Facebook’s new Portal TV brings smart video calling to your television
Investor’s Business Daily: Facebook Expands Streaming Wars, Takes A Bite Out Of Roku
MacRumors: Facebook Announces ‘Portal TV’ for Streaming Content and Holding Video Calls
BGR: Facebook’s new Portal TV turns your television into a video chat monitor
Trusted Reviews: Facebook swears Portal devices won’t spy, but will use data for adverts
Android Police: Facebook refreshes Portal family, adds new Mini model and camera-only option for TVs
Ubergizmo: Facebook Unveiled The Portal TV For $149
Engadget: Facebook’s $149 Portal TV turns your television into a giant smart display
Wired: The Facebook Portal Smart Speaker Is Back, Now With More AI
Facebook: Meet the New Portal Family: Smart Video Calling on Your TV and Anywhere in Your Home
The Verge: Facebook introduces Portal TV, a video chat camera accessory for your television
The Telegraph: Facebook Portal security concerns laid bare as company admits humans can listen in

@dhh: Oh great. Facebook Google, et al are spying on you through your smart TV as well. Wouldn't want to miss an opportunity to exploit every waken minute of the day for more data collection. Surveillance capitalism is the fucking worst.
@mrjabbott: If you buy this Facebook Portal TV thing I will never go to your house.
@iansherr: Facebook Portal would be great for my kid, but then I have to trust Facebook
@rycrist: Facebook Portal and your privacy: Here's everything you should think about before buying in. My latest explainer for @CNET
@stevekovach: Very weird $ROKU would fall on Facebook Portal news. Zero indication these devices are selling. Comcast streaming box more of threat since it comes from the company already providing internet to customers.

July 31, 2019

Kevin Collier / CNN

Kevin Collier / CNN
Other Victims of Capital One Hacker Might Include Vodafone, Infoblox, Ford, Michigan State University and Ohio Transportation Department

Accused Capital One hacker Paige Thompson left a string of clues in a Slack channel called netcrave regarding the other entities she may have hacked in addition to Capital One. Among the other organizations indicated in compressed hacked files in her channel postings were the Ohio Government Department of Transportation, Vodafone, California IT company Infoblox, Ford, and Michigan State University. All five of the organizations say they are investigating the matter but say they haven’t been hacked. At the time of announcing charges against Thompson for the Capital One breach, the Department of Justice said that other charges against her could be in the offing.

Forbes: DOJ Says Capital One Mega Breach Suspect Could Face More Charges—Did She Hack Multiple Companies?
Brian Krebs: Capital One Data Theft Impacts 106M People
TechCrunch: Capital One breach also hit other major companies, say researchers
Canadian Centre For Cyber Security News: Statement on the Capital One data breach
Tampa Bay Times : Morgan-& Morgan seeks class action status for lawsuit targeting Capital One data breach
Tech Insider: The massive Capital One data breach may have affected Ford, Vodafone, and other companies
CPO Magazine: Equifax $700 Million Data Breach Settlement a Sign of Things to Come
The Mac Observer: That Recent Data Breach Might Not Be Limited to Capital One
The Verge: The Capital One breach is more complicated than it looks

October 4, 2019

Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch
Microsoft Says ‘Phosphorous’ Threat Group Linked to Iranian Government Targeted Unnamed 2020 U.S. Presidential Candidate’s Email Account Along With 2,700 Other Email Accounts

Microsoft said that it has seen a threat group linked to the Iranian government, which it calls Phosphorous but is also known as APT 35, target an unnamed 2020 U.S. presidential candidate. In a 30-day period between August and September of this year, Phosphorous made more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers that are “associated” with a presidential campaign, current and former U.S. government officials, journalists and prominent Iranians living outside the country. Four of the accounts not associated with the U.S. presidential campaign or current and former U.S. government officials were compromised in the effort. The attacks, which Microsoft described as not sophisticated, attempted to use a “significant amount of personal information” to game password reset or account recovery features and try to take over some targeted accounts. Some of the attacks entailed gathering and targeting user phone numbers.

Tweets:@Bing_Chris @Olivia_Gazis @W7VOA @tonyromm @adrianweckler @g_ratnam @shanav @jseldin @gregotto @jamestutt @magmill95 @alexwardvox

@Bing_Chris: "The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran"
@Olivia_Gazis: .@Microsoft says it has detected hackers linked to the Iranian government targeting at least one U.S. presidential campaign:
@W7VOA: Cyber activity from #Iran and linked to that government detected by @Microsoft.
@tonyromm: A campaign linked to the Iranian government attempted to identify, attack and breach email addresses belonging to U.S. presidential campaigns, government officials and journalists, according to new data unveiled by Microsoft
@adrianweckler: Microsoft head of security posts blog saying Iranian govt-backed hackers attacked email accounts of journalists and an unnamed US presidential campaign
@g_ratnam: A group called Phosphorous, believed to be tied to Iran, has targeted 2700 email accounts associated with US presidential campaigns, US officials, journalists and others, per @Microsoft . 241 of those were then attacked.
@shanav: NEW: Microsoft says Iranian APT group Phosphorous, with ties to Iran's government, has worked to get past two-factor authentication and reset passwords for a U.S. presidential campaign, as well as current and former U.S. gov officials and journalists.
@jseldin: "Microsoft has notified the customers related to these investigations and threats and has worked as requested with those whose accounts were compromised to secure them" per @TomBurt45More here:
@gregotto: NEW: Microsoft found an Iranian group going after microsoft email accounts tied to a presidential campaign, current and former gov, and journalists
@jamestutt: Today we are sharing details of significant cyber activity from a threat group we call Phosphorous, believed to originate in Iran with links to the Iranian govt. More here: https://blogs.microsoft.com/on-the-issues/2019/10/04/recent-cyberattacks-require-us-all-to-be-vigilant/
@magmill95: Big cyber news today: Microsoft announced that it tracked an Iranian-linked threat group over 30 days attempt to identify and attack consumer email accounts linked to Microsoft customers, including an unnamed U.S. presidential campaign and U.S. officials:
@alexwardvox: .@Microsoft's @TomBurt45 : "Today we’re sharing that we’ve recently seen significant cyber activity by a threat group we call Phosphorous, which we believe originates from Iran and is linked to the Iranian government."

August 31, 2019

Brian Barrett / Wired

Brian Barrett / Wired
Anonymous Hacker Compromised Twitter CEO Jack Dorsey’s Account Through SIM Swapping and Tweeted String of Racist Messages, Bomb Threats

An anonymous hacker took over Twitter CEO Jack Dorsey’s account for 20 minutes and used it to send out a string of racist messages and bomb threats. A group that calls itself the “Chuckle Gang,” which has broken into other high-profile Twitter accounts before, apparently broke into the @jack account at 3:45 pm and sent out dozens of tweets and retweets. Other who have been attacked by these hackers blamed so-called SIM swap attacks, with a particular focus on AT&T and Twitter confirmed that Dorsey’s breach was a SIM swap as well. It’s unclear, however, how Dorsey was able to regain access to his account so quickly if the attack was a result of a SIM swap.

July 29, 2019

Emily Flitter and Karen Weise / New York Times

Emily Flitter and Karen Weise / New York Times
Firewall Misconfiguration by Capital One Allowed Hacker to Steal Millions of Credit Applications, Social Security and Bank Account Numbers Affecting More Than 100 Million People in North America

In one of the largest cases of bank data theft ever, software engineer Paige Thompson hacked into a server holding customer information for Capital One, exploiting a firewall misconfiguration in the bank’s network to steal millions of credit card applications, federal prosecutors say. Thompson, who used the online handle “erratic” was the organizer of a group on Meetup, a social network, called Seattle Warez Kiddies, described as a gathering for “anybody with an appreciation for distributed systems, programming, hacking, cracking.” The F.B.I. noticed her activity on Meetup and used it to trace her other online activities, eventually linking her to posts describing the data theft on Twitter and the Slack messaging service. Thompson stole 140,000 U.S. Social Security numbers and 77,000 bank account numbers, along with one million Canadian social insurance numbers affecting more than 100 million people in the United States and Canada. A“firewall misconfiguration” by the bank had allowed Ms. Thompson to communicate with the server where Capital One was storing its information and, eventually, gain access to customer files, an FBI agent investigating the case said in court documents. Ms. Thompson worked as a systems engineer at Amazon from 2015 to 2016.

Tweets:@zackwhittaker @briankrebs @cnbcnow @gregotto @yoda @RepKatiePorter @zackwhittaker @Wired @BleepingComputer @kimzetter @dnvolz @BleepingComputer @McGrewSecurity @weldpond @h0tdish @hacks4pancakes @RayRedacted @catcalvinla @malwarejake @somanyshrimp @TorresLuzardo

@zackwhittaker: Wow. Capital One discloses massive data breach: 100M in US, 6M in Canada. One person in FBI custody. Credit files, applications, the lot. Hard to see this as anything other than Equifax 2.0. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@briankrebs: Nice write up. Yes, this appears to be her resume. Worked at Amazon 2015-2016
@cnbcnow: BREAKING: Capital One says data breach has “affected approximately 100M individuals in the United States & approximately 6M in Canada” but “no credit card account numbers or log-in credentials were“ taken and “99% of Social Security numbers” weren’t stolen
@gregotto: According to the FBI, a firewall misconfiguration was partly responsible for allowing Thompson to access the Capital One cloud storage
@yoda: what kind of wordsmith fuckery is this???
@RepKatiePorter: One week *to the day* after Equifax announced its settlement terms. It’s clear corporations won’t clean up their acts on their own. We need to create an enforceable federal data privacy standard, so I’m drafting that bill.
@zackwhittaker: Incredible. Capital One's data breach site is titled "Facts."And yet it also pulls this bullshit by saying that no Social Security numbers were breached... except for all the Social Security numbers that were breached.Fuck you, Capital One.
@Wired: On Monday, the FBI and Capital One disclosed a data breach of 106 million credit card applications, one of the biggest breaches of a major financial institution ever.And now someone has been arrested in connection with the crime:
@BleepingComputer: The suspect allegedly posted about her accessing of Capital One's data on GitHub. A security researcher saw her post and contacted Capital One.
@kimzetter: This Capital One breach definitely has more going on to it than the headlines suggest. Perhaps not a coordinated vuln disclosure gone wrong ?but something is def weird about it - she used Tor to access the data but then publicly posted the data to an account with her name?
@dnvolz: The arrested suspect behind the hack, Paige Thompson, is a former employee of Amazon Web Services, according to people familiar with the matter. She is accused of breaching a misconfigured Capitol One firewall to access data stored in AWS. via @nicole_hong
@BleepingComputer: This breach was discovered by a security researcher who responsibly disclosed a vulnerability to Capital One. After investigating the vulnerability, Capital One discovered that an unauthorized user accessed their systems and data between March 22 and 23, 2019.
@McGrewSecurity: Located the Capital One hacker's twitter (also thanks to those that backchanneled on the topic). Clearly they were/are in a bad state mentally/emotionally. I've deleted the earlier tweets about her. I hope they find some peace.
@weldpond: The FBI said the suspect, Paige A. Thompson, was apprehended after she “made statements on social media for evidencing the fact that she has information of Capital One, and that she recognizes that she has acted illegally,”
@h0tdish: Insider/ex employee threats and those who willingly commit crimes, creating, selling malware or stealing info via exploit/breach ARE NOT hero's & anyone who frames it that way has to explain why they're not currently launching a legal $ raiser for her but did for other criminals.
@hacks4pancakes: I feel a great disturbance in the Force, like dozens of Capital One cybersecurity analysts who were screaming futilely for into the wind for years were suddenly silenced.
@RayRedacted: I have removed all of my OSINT posts about the Capital One hacker, because it is clear that she is suffering from mental illness.Mental illness does not discriminate. It can affect anyone. I truly hope she gets the help she needs.
@catcalvinla: At this point, I’m getting like two breach notices a day. Who DOESN’T have my info?
@malwarejake: Takeaways from #CapitalOne: 1. Having a disclosure program may have saved them. I'm FAR less likely to report to an org that lacks a disclosure policy. (link: http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043) press.capitalone.com/phoenix.zhtml?…
@somanyshrimp: Losing your personal information in a massive data breach is just a thing that happens now, like 110 degree days and regular mass shootings
@TorresLuzardo: I'm trying to come up with an analogy but there's really no topping this.No SSNs were stolen except 140,000 of them.

January 3, 2017

Matt Peckham / Time

Matt Peckham / Time
CNN Uses Fallout 4 Game to Demonstrate How Russians Can Hack Things

The never-ending and oft-embarrassing challenge of depicting the complex world of hacking has a new, much-mocked example in CNN’s use of the mini-hacking game Fallout 4 in an attempt to visually display how Russia might engage in malicious hacking activity. Fallout 4 owner Bethesda Game Studios took the awkward visual in stride, using it slyly in a tweet to pretend that it will be used in the upcoming season of Mr. Robot.

Tech Times: ‘Fallout 4’ Computer Terminal Screenshot Used By CNN To Show Russian Hacking
Fast Company: CNN mocked for using Fallout 4 to illustrate story on Russian hacking
TechSpot: CNN uses Fallout 4 to illustrate Russian hacking activities; Bethesda responds with mocking tweets
Sputnik International: Fake News: CNN Uses Screenshots from Fallout 4 to Depict Russian Hackers
Forbes – Tech: Bethesda Should Make Russian-Hacker-Themed ‘Fallout 4’ DLC After CNN Gaffe
Gizmodo: Kotaku CNN Shows Fallout Computer Terminal In A Video About Russian Hacking | io9 Greet the New Year
CNET News: CNN uses Fallout 4 screenshot in report on Russian hacking – CNET

August 30, 2019

Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security
Remote Data Backup Service Used by Dental Offices Across the U.S. Hit by Ransomware Attack

Remote data backup service PerCSoft, used by hundreds of dental offices across the U.S., is struggling to restore access to client systems after falling victim to a ransomware attack. PerCSoft is a cloud management provider for Digital Dental Record (DDR), which operates an online data backup service called DDS Safe that archives medical records, charts, insurance documents and other personal information for various dental offices across the United States. The ransomware attack hit PerCSoft on the morning of Monday, August 26, and encrypted dental records for some but not all of the practices that rely on DDS Safe. Some reports suggest PerCSoft paid the ransom and some reports suggest the decryptor provided by the attacker did not work.

ZDNet: Ransomware hits hundreds of dentist offices in the US
CNN.com – Politics: Hundreds of dental offices crippled by ransomware attack
Glock Takes Stock: Ransomware Bites Dental Data Backup Firm
HealthITSecurity: Ransomware Attack on Digital Dental Records Impacts Many Providers
TechSpot: Ransomware attack affects hundreds of dentist offices in the US
BleepingComputer.com: Sodinokibi Ransomware Encrypts Records of Hundreds of Dental Practices
PCMag.com: Ransomware Attack Hits 400 Dental Offices Across the US
Engadget: Dentist offices across the U.S. hit with ransomware

September 1, 2019

Margaret Harding McGill / Politico

Margaret Harding McGill / Politico
Google Reportedly to Pay $150 to $200 Million FTC Fine to Settle Children’s YouTube Privacy Violations

In what could be the largest civil penalty ever obtained in a children’s privacy case, the Federal Trade Commission (FTC) has voted to fine Google $150 million to $200 million to settle accusations that its YouTube subsidiary illegally collected personal information about children, according to a person familiar with the matter. The FTC voted 3-2 along party lines to approve the settlement, sending it over to the Justice Department as part of the review process. The previous record fine was a $5.7 million levy against the owners of TikTok earlier this year.

The Hindu – News: Google to pay out $150-200m over YouTube privacy claims: reports
Telecomlive.com: Google to pay out $150-200m over YouTube privacy claims: Report
Gizmodo: Google Agrees to Pay Up to $200 Million to Settle FTC Youtube Investigation: Report
The Financial Express: Google to pay out $150-200 million over YouTube privacy claims: Reports
NDTV Gadgets360.com: YouTube Said to Be Fined Up to $200 Million Over Children’s Privacy Violations
TechSpot: Google reportedly agrees to pay up to $200M to settle FTC YouTube investigation
Wall Street Journal: Google to Pay Millions in Fines Over Children’s Privacy Issues at YouTube
CNN: Google reportedly agrees to pay at least $150 million to settle FTC probe into YouTube
Reuters: Google to pay up to $200 million to FTC on YouTube probe: source
CNET: Google could pay up $200M to settle FTC investigation into YouTube, report says
New York Times: YouTube Said to Be Fined Up to $200 Million for Children’s Privacy Violations

1
2
3
4
5
6
…
34
Older