Showing posts with label #hack. Show all posts
Showing posts with label #hack. Show all posts

Thursday, August 21, 2025

Security / IT Director Alert: Browser-Based AI Agents

Browser-Based AI Agents: The Silent Security Threat Unfolding

Some of the most revolutionary advances in artificial intelligence include browser-based AI agents, which are self-sustaining software tools integrated into web browsers that act on behalf of individuals. Because these agents have access to email, calendars, file drives, and business applications, they have the potential to turbocharge productivity. From scheduling meetings to processing emails and surfing sites, they are transforming how we interact with the internet. 

But while their abilities increase, so does the risk: threats to browser-based AI agents is not hypothetical; it already exists.

Cybercriminals are increasingly using AI agents to stage highly advanced attacks that are intelligent, adaptive, and capable of attacking systems at scale. Programmed to simulate human decision-making, AI agents can be manipulated to execute malicious functions without the user’s awarenessmore

Sunday, August 10, 2025

Looks Like a Smoke Detector - Hackers Say Audio Bug - Brilliant for Building Security

A pair of hackers found that a vape detector often found in high school bathrooms contained microphones—and security weaknesses that could allow someone to turn it into a secret listening device...

...the Halo 3C goes beyond detecting smoke and vaping—including a distinct feature for discerning THC vaping in particular. It also has a microphone for listening out for “aggression,” gunshots, and keywords such as someone calling for help...

Now, after months of reverse engineering and security testing, Vasquez-Garcia and a fellow hacker he’s partnered with who goes by the pseudonym “Nyx,” have shown that it’s possible to hack one of those Halo 3C gadgets—which they’ve taken to calling by the nickname “snitch puck”—and take full control of it...

At the Defcon hacker conference today, they plan to show that by exploiting just a few relatively simple security vulnerabilities, any hacker on the same network could have hijacked a Halo 3C to turn it into a real-time audio eavesdropping bug, disabled its detection capabilities, created fake alerts for vaping or gunshots, or even played whatever sound or audio they chose out of the device’s speaker.

Motorola said it has since developed a firmware update to address those security flaws that will automatically push to cloud-connected devices by Friday...

“To the credit of the company, the microphones sound great,” says Nyx. “From up on the ceiling, you could totally listen to what somebody was saying, and we’ve made this happen.”

Motorola told the hackers in an email that it has worked on a new firmware update that should fix the vulnerabilities. But the hackers argue that doesn’t, and can’t, address the underlying concern: that a gadget loaded with hidden microphones is installed in schools around the country. Motorola also advertises its Halo sensors for use in public housing—including inside residents’ homes—according to marketing material. more

Hacking issues aside, this is a brilliant device to enhance building security. Here is a video showing one feature. Many additional videos are on YouTube.com.

Hackers Love These 7 Smart Home Devices

Although everyone wants a convenient home, there’s little that’s less convenient than a hacked smart home appliance.
When it comes to the best smart home devices, the hard and fast rule is: if it’s connected to Wi-Fi you’re going to need to make sure it's secured because there’s going to be a way to hack it.

The good news is that once you've figured out how to lock down one, it's pretty easy to repeat the process for the rest of them. Here's a list of seven of the most vulnerable smart devices in your home, and the steps you can take to make sure they're more secure than they are right now...
  1. Wi-Fi Routers
  2. Security Cameras
  3. Baby Monitors
  4. Smart Speakers
  5. Video Doorbells
  6. Smart Thermostats
  7. Smart Appliances
Counterespionage recommendations from the article are here.
And, do not forget about robot vacuums, refrigerators, washing machines, and anything that can automatically order from Amazon.

Hackers Found Backdoor in High-Security Safes—Opens in Seconds

Security researchers found two techniques to crack at least eight brands of electronic safes—used to secure everything from guns to narcotics.


James Rowley and Mark Omo got curious about a scandal in the world of electronic safes...

In the process, they'd find something far bigger: another form of backdoor intended to let authorized locksmiths open not just Liberty Safe devices, but the high-security Securam Prologic locks used in many of Liberty’s safes and those of at least seven other brands. 

More alarmingly, they discovered a way for a hacker to exploit that backdoor—intended to be accessible only with the manufacturer's help—to open a safe on their own in seconds. 

In the midst of their research, they also found another security vulnerability in many newer versions of Securam's locks that would allow a digital safecracker to insert a tool into a hidden port in the lock and instantly obtain a safe’s unlock code. more

Saturday, July 19, 2025

Data Leak Exposes IDs of UK Spies

Cover is also blown for thousands of Afghan allies as UK government scrambles to respond.


A major data breach has blown the cover off more than 100 British officials—including MI6 agents and Special Air Service members—while also exposing thousands of Afghan allies to potential Taliban reprisals. 

The breach, which occurred in February 2022 but was only discovered more than a year later, spilled personal details from a sensitive database meant to help Afghans who supported the UK during its 20-year campaign in Afghanistan, per the BBC. more

Thursday, June 19, 2025

Heineken and Shell Linked to Massive Espionage Scandal in Italy

Dutch beer brewer Heineken and Anglo-Dutch fossil energy company Shell have been linked to a major espionage scandal ongoing in Italy. The Italian company Equalize is accused of stealing and selling tax data and police information on Italian politicians and businessmen, among others, to its customers. Heineken and Shell were among those customers, NRC reports.

On paper, Equalize provides services like business intelligence and reputation management. It conducts research into the reliability of suppliers, the position of competitors, or misconduct by customers’ staff. Under the counter, Equalize also sold confidential data gained from hacking into police systems, the Italian tax authorities’ systems, and the reporting center for suspicious bank transactions, according to the Italian authorities. The company also had informants within Italian government organizations. more


Wednesday, May 7, 2025

How Apple's Network can be a Potential Tracking Tool

George Mason University researchers recently uncovered a way for hackers to track the location of nearly any computer or mobile device.
Named "nRootTag" by the team, the attack uses a device’s Bluetooth address combined with Apple's Find My network to essentially turn target devices into unwitting homing beacons. 

"It's like transforming any laptop, phone, or even gaming console into an Apple AirTag - without the owner ever realizing it," said Junming Chen, lead author of the study. "And the hacker can do it all remotely, from thousands of miles away, with just a few dollars." 

The team of Qiang Zeng and Lannan Luo—both associate professors in the Department of Computer Science—and PhD students Chen and Xiaoyue Ma found the attack works by tricking Apple's Find My network into thinking the target device is a lost AirTag. AirTag sends Bluetooth messages to nearby Apple devices, which then anonymously relay its location via Apple Cloud to the owner for tracking. Their attack method can turn a device—whether it's a desktop, smartphone, or IoT device—into an "AirTag" without Apple's permission, at which point the network begins tracking. 

In experiments, they were able to pinpoint a stationary computer's location to within 10 feet, accurately track a moving e-bike's route through a city, and even reconstruct the exact flight path and identify the flight number of a gaming console brought onboard an airplane. Zeng gave an alarming example: “While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this.more

Friday, April 4, 2025

Threat Actors Allegedly Selling SnowDog RAT Malware With Control Panel on Hacker Forums

A new Remote Access Trojan (RAT) dubbed “SnowDog RAT” is malicious software purportedly marketed for $300 per month. It appears to have been specifically developed for corporate espionage and targeted attacks on business environments.

The malware advertisement, discovered on Thursday, April 3, 2025, describes sophisticated capabilities that could threaten organizations worldwide.

According to a ThreatMon post shared on X, the advertisement claims that SnowDog RAT offers an extensive array of intrusion and persistence features that make it particularly dangerous. more

Lawsuit Alleges Pharmacist Hacked Hundreds of Computers to Watch Women Undress

A recently filed class action lawsuit accuses a former pharmacist at the University of Maryland Medical Center of having hacked into hundreds of computers.

Court documents say Matthew Bathula targeted at least 80 of his coworkers, most of whom are women pharmacists, residents, and other medical professionals.

Bathula allegedly accessed their computers using passwords and usernames extracted from UMMC computers and was able to gain access to their personal email, texts, photo libraries, and "private and sensitive electronically stored information."

He also allegedly downloaded partially nude photographs and recordings, photographs, and recordings depicting the women breastfeeding their children.

The complaint states Bathula activated internet-enabled cameras in patient treatment rooms to watch and record his coworkers he knew to be pumping breast milk at work and accessed home security cameras remotely to spy on the women in their homes, recording all of them in multiple stages of undress, in private family interactions, and having intercourse with their husbands.

Bathula accessed at least 400 computers, per court documents, and the active spying went on for at least a decade. more

Monday, November 4, 2024

Chinese Spooks Hacking US Mobile Users in Real Time

Millions of US mobile users could be vulnerable to Chinese government spooks who are apparently desperate to know when they are picking up their snowflakes from school and where they order their pizza...

The US intelligence community briefed six current or former senior US officials about the attack. The Chinese hackers believed to be linked to Beijing's Ministry of State Security, have infiltrated the private wiretapping and surveillance system that American telecom companies built exclusively for US federal law enforcement agencies.

The US government believes the hackers likely still have access to the system. Since the breach was first detected in August, the US government and the telecom companies involved have said very little publicly, leaving the public to rely on details trickling out through leaks.

The lawful-access system breached by the Salt Typhoon hackers was established by telecom carriers after the terrorist attacks of September 11, 2001. It allows federal law enforcement officials to execute legal warrants for records of Americans' phone activity or to wiretap them in real-time, depending on the warrant.

Many of these cases are authorised under the Foreign Intelligence Surveillance Act (FISA), which investigates foreign spying involving contact with US citizens. The system is also used for legal wiretaps related to domestic crimes. more

Student Finds 'Hacker-like' Approach to Bypass Cell Phone Security

Forensic investigators face significant challenges in securing crucial data from criminals' phones.
University of Amsterdam PhD candidate Aya Fukami has identified hardware vulnerabilities in phones to bypass the security of modern devices, allowing her to extract data from phones in a way that was previously not possible...

"Traditional methods of hacking or scraping data from phones still often yield only encrypted data. Researchers then face great difficulty making that encrypted data usable," Fukami says. "It's a process that also takes a long time and doesn't always result in usable evidence."

To overcome this, Fukami explored ways to bypass vulnerabilities in phone system security. And she succeeded. more

Monday, October 7, 2024

Chinese Hackers Breached US Court Wiretap Systems

Chinese hackers accessed the networks of U.S. broadband providers and obtained information from systems the federal government uses for court-authorized wiretapping
, the Wall Street Journal reported on Saturday.

Verizon Communications, AT&T and Lumen Technologies), are among the telecoms companies whose networks were breached by the recently discovered intrusion, the newspaper said, citing people familiar with the matter.

The hackers might have held access for months to network infrastructure used by the companies to cooperate with court-authorized U.S. requests for communications data, the Journal said. It said the hackers had also accessed other tranches of internet traffic. more

Friday, August 2, 2024

A $500 Open Source Tool Lets Anyone Hack Computer Chips With Lasers

IN MODERN MICROCHIPS, where some transistors have been shrunk to less than a 10th of the size of a Covid-19 virus, it doesn't take much to mess with the minuscule electrical charges that serve as the 0s and 1s underpinning all computing. 

A few photons from a stray beam of light can be enough to knock those electrons out of place and glitch a computer's programming. Or that same optical glitching can be achieved more purposefully—say, with a very precisely targeted and well timed blast from a laser. Now that physics-bending feat of computer exploitation is about to become available to far more hardware hackers than ever before.

At the Black Hat cybersecurity conference in Las Vegas next week, Sam Beaumont and Larry “Patch” Trowell, both hackers at the security firm NetSPI, plan to present a new laser hacking device they're calling the RayV Lite. 

Their tool, whose design and component list they plan to release open source, aims to let anyone achieve arcane laser-based tricks to reverse engineer chips, trigger their vulnerabilities, and expose their secrets—methods that have historically only been available to researchers inside of well-funded companies, academic labs, and government agencies. more

Tuesday, July 30, 2024

Karma Files: Multi-platform Spyware Provider Spytech Gets Hacked

Second spyware provider hacked this month...
Minnesota-based spyware provider Spytech has been hacked, with files stolen from the company's servers containing detailed device activity logs from a global pool of mostly Windows PCs but also some Macs, Chromebooks, and even Android devices. 

The total number of spyware victims impacted by Spytech and noted by TechCrunch analyzing the scale of the breach is "more than 10,000 devices since 2013,"
and this cross-platform invasion of privacy stretches across the entire globe, including the US, EU, the Middle East, Africa, Asia, and Australia. 

Spytech provides a brand of spyware best known as "stalkerware" since it's typically installed by a person with physical access to the victim's device. more

Monday, July 1, 2024

Lawsuit Claim: Shopping App Temu - “Dangerous Malware,” Spying on Your Texts

Temu—the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it—is "dangerous malware" that's secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit filed Tuesday.

Griffin cited research and media reports exposing Temu's allegedly nefarious design, which "purposely" allows Temu to "gain unrestricted access to a user's phone operating system, including, but not limited to, a user's camera, specific location, contacts, text messages, documents, and other applications."

"Temu is designed to make this expansive access undetected, even by sophisticated users," Griffin's complaint said. "Once installed, Temu can recompile itself and change properties, including overriding the data privacy settings users believe they have in place." more

TeamViewer Confirms Cyberattack

TeamViewer, the prominent provider of remote access tools, has confirmed a significant cyberattack on its corporate network. 

This attack has been attributed to APT29, a hacking group allegedly linked to Russian intelligence. The breach, discovered on June 26, involved compromised credentials of an employee account, marking another sophisticated cyber-espionage campaign executed by state-sponsored hackers.


According to TeamViewer’s investigation, the breach began with the compromise of credentials from a standard employee account within their corporate IT environment. 

The company has emphasized that the attack was contained within its corporate network, assuring that their internal network and customer systems are separate...Despite these assurances, the company’s investigation is ongoing. more

Friday, June 14, 2024

Beware the Spies in Disguise

Unethical hackers are often hired by companies for corporate espionage: to infiltrate the IT systems of rival organizations to steal sensitive information, trade secrets, and strategic plans. The information can provide a competitive advantage or be sold for financial gain.

Although getting in touch with these hackers is comparatively easier, they have now resorted to anonymous modes of messaging through discreet texting applications that do not store metadata. Such apps use encrypted chat rooms, which makes it difficult for authorities to trace communications.

The internet is also filled with tutorials providing step-by-step guides for many kinds of unethical hacking tasks, which are often used by tech-savvy anti-social elements.

On the other hand, hacking into social media accounts threatens the individual privacy of creators and is often used for blackmail and extortion. more

This is a major problem on LinkedIn. 
Here are some of the come-ons I receive...
  • It's nice to meet new people. Can we talk?
  • Hello, it's a pleasure to contact you. Your resume and skills are excellent. I hope to make friends with you.
  • I am Sophia, I checked your profile. I saw that your professional field is the talent we are looking for, which will be of great help to the new project I am about to start. If you are interested. You can leave your phone number and contact information, and I will arrange a time with you for a detailed conversation and make an appointment for a telephone conference. When is it convenient for you?
  • After reading your resume and work experience, I found that you are a very talented person! can we talk?
  • I think your field of work is great. Can we exchange ideas and learn from each other?
Spy Tip: Remember your Stranger Danger training.

Monday, May 27, 2024

NASCAR Radio Comms Hacked - “That Was Some Weird Sh*t”

Unwelcome Participant Eavesdropping on Bubba Wallace...


Remember the 2023 All-Star Race? The No. 23 team and specifically its driver, Bubba Wallace, experienced a bad situation. Somebody hacked into the team’s radio channel and delivered a derogatory message...Although NASCAR investigated the incident, the mysterious voice remained unknown.

A similar situation seems to have propped up at the 2024 Coca-Cola 600 race, but devoid of the hurtful comments. While Bubba Wallace was prying for the lead in stage 2, an unfamiliar voice popped in between his communication with his pit team. The 23XI Racing driver was surprised yet fascinated by this occurrence.

Earlier in 2024, the No. 23 team’s radio buffered during the race at Talladega Superspeedway. As it turned out, not only Bubba Wallace but also other drivers faced a similar problem. Joe Gibbs Racing’s No. 19 driver Martin Truex Jr was audibly frustrated: “All our radios are f***ed up right now.”

Now another mysterious glitch has surfaced in Charlotte, with unfamiliar voices on Wallace’s radio. We can only wait till the end of the weather-delayed race to delve deeper into this curious matter. more
......
Care to eavesdrop yourself? "DOWNLOAD NASCAR MOBILE APP and click on Buy Premium link in the navigation to subscribe for full access on mobile devices." more 
Or... do what that mysterious voice did... Buy a cheap 2-way radio.

Friday, February 23, 2024

Dump of Chinese Hacking Documents - A Window into Surveillance

Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor
linked to the nation’s top policing agency and other parts of its government — a trove that catalogs apparent hacking activity and tools to spy on both Chinese and foreigners...

The dump of scores of documents late last week and subsequent investigation were confirmed by two employees of I-Soon, known as Anxun in Mandarin, which has ties to the powerful Ministry of Public Security... They reveal, in detail, methods used by Chinese authorities used to surveil dissidents overseas, hack other nations and promote pro-Beijing narratives on social media. more

Thursday, February 8, 2024

Van Eck Redux: Hackers Can Spy on Cameras Through Walls

Capturing real-time video through walls isn’t hard if you have an antenna and a little bit of engineering know-how. It could be a massive threat to billions of security and phone cameras... 
Kevin Fu, a professor of electrical and computer engineering at Northeastern who specializes in cybersecurity, has figured out a way to eavesdrop on most modern cameras, from home security cameras and dash cams to the camera on your phone. Called EM Eye, short for Electromagnetic Eye, the technique can capture the video from another person’s camera through walls in real time. It redefines the idea of a Peeping Tom...

Results vary on how far away someone would have to be in order to eavesdrop on these different devices. For some, a peeping Tom would have to be less than 1 foot away; for others, they could be as far away as 16 feet...

Fu says. “Maybe you don’t want to put this [camera] on your wall you share with your neighbor.” more
Van Eck  Interesting, but no need for the average person to worry.