Researchers at Sucuri said attacks against a zero-day vulnerability in Joomla, which has been patched, have accelerated since the weekend.
Tag Archives: Hacks
Twitter Warns Some users of Nation-State Attacks
Some Twitter users are being warned that their accounts may be involved in state-sponsored hacks.
Digital toy company hack exposes information and risks kids’ privacy
Internet-connected toys gather data on the user and have weak security compared to other computer products.
Digital devices and toys like cameras, smartwatches, and tablets may be on your child’s Christmas wish list. But more parents are having second thoughts about placing these items under the tree, because Internet-connected toys gather data on the user and have weak security compared to other computer products.
6 million children’s accounts taken by a hacker
This weakness was made very public during the Black Friday shopping bonanza, when a Hong Kong-based digital toy company called VTech lost databases of more than 6 million children and almost 5 million connected parental accounts to a hacker.
By putting the databases together the hacker was able to retrieve personally identifiable information like children’s names, ages, and genders, and even pictures and chat logs were found. Parents’ names, email addresses, secret questions and answers, IP addresses, encrypted passwords, and mailing addresses were also accessed. Supposedly the breach did not include credit card or financial account information exposure.
The hacker responsible for breaking into the VTech databases told Motherboard that his only intention was to expose the company’s inadequate security practices. There has been no indication or evidence that the data has been put up for sale on hacker forums.
“Profiting from database dumps is not something I do,” the hacker told Lorenzo Franceschi-Bicchierai, a staff writer at VICE Motherboard. “I just want issues made aware of and fixed.”
The company has taken several of its sites and services offline after the breach and hired a security company to improve data security.
Do parents have anything to worry about?
Most parents probably have no idea that their children’s data can be compromised, or that there is even anything to worry about. But the danger with stealing even basic pieces of information from a child, is that cybercrooks can begin early to build profiles, setting up the young child for identity theft or other nefarious activities in the future.
“Nowadays it sometimes happens that sophisticated fraudsters use children’s data later on, when they come of age, and establish a credit record or ‘credit footprint’ without the child even knowing it,” Diarmuid Thoma, from security firm Trustev, told ZDNet after the hack was exposed.
The Identity Project, a website which educates people about identity theft, share some potential real-life consequences when a child’s identity gets stolen.
- 1. Young adults could be denied the first credit card they apply for because their credit history will show odd behavior.
- 2. Their first medical emergency can have incorrect information, because cybercrooks have used it for medical services.
- 3. Their DMV records may be tied to criminal activity, which could complicate their license application.
- 4. They will be denied a college loan to pay for school.
- 5. They will be denied their first apartment and utilities because their credit check fails.
Should parents stop buying internet-connected toys?
With this type of breach made public, parents will now realize the danger that internet-connected toys at home, and even educational technology used at school, may pose to their children in the future because of the lack of security today.
Refraining from purchasing digital items will actually get harder as the Internet of Things universe expands.
We have already become used to sharing personal information in order to get a better experience, so until children’s online protection improves, parents will have to balance the importance of the information they are willing to give up against the benefits of having it used by a company that provides services (think Google or shopping sites) and factor in the level of risk they are willing to tolerate.
image via http://digisns.com/
Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.
Internet Root Name Servers Survive Unusual DDoS Attack
An unusual DDoS amplification attack was carried out 10 days ago against many of the Internet’s 13 root name servers, the authoritative servers used to resolve IP addresses.
China APT Gang Targets Hong Kong Media via Dropbox
A Chinese APT gang is targeting Hong Kong media outlets with backdoors that connect to legitimate Dropbox accounts.
One BadBarcode Spoils Whole Bunch
At PacSec 2015, researchers demonstrated attacks using poisoned barcodes scanned by numerous keyboard wedge barcode scanners to open a shell on a machine and virtually type control commands.
One BadBarcode Spoils Whole Bunch
At PacSec 2015, researchers demonstrated attacks using poisoned barcodes scanned by numerous keyboard wedge barcode scanners to open a shell on a machine and virtually type control commands.
Arrest Made in TalkTalk Hack
TalkTalk CEO Dido Harding said someone purporting to be the hackers who attacked the U.K. telecom demanded a ransom to keep them from publishing the stolen data.
Novel NTP Attacks Roll Back Time
Researchers at Boston University have published new attacks against the Network Time Protocol (NTP) that jeopardize the security of numerous online activities.
Netgear Publishes Patched Firmware for Routers Under Attack
After a pair of very public disclosures in the last two weeks, Netgear published new firmware for vulnerabilities in its routers that have been publicly exploited.