Tag: hackers | Page 3

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds (Video)

April 16, 2024/in Computer Security

https://www.vecteezy.com/photo/24543747-hand-using-keycard-for-smart-digital-door-lock-while-open-or-close-the-door-at-home-or-apartment-nfc-technology-fingerprint-scan-pin-number-smartphone-and-contactless-lifestyle-concepts

When thousands of security researchers descend on Las Vegas every August for what’s come to be known as “hacker summer camp,” the back-to-back Black Hat and Defcon hacker conferences, it’s a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city’s elaborate array of casino and hospitality technology.

But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room, competing in a suite crowded with their laptops and cans of Red Bull to find digital vulnerabilities in every one of the room’s gadgets, from its TV to its bedside VoIP phone.

One team of hackers spent those days focused on the lock on the room’s door, perhaps its most sensitive piece of technology of all. Now, more than a year and a half later, they’re finally bringing to light the results of that work: a technique they discovered that would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.

By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it.

“Two quick taps and we open the door,” says Wouters, a researcher in the…

Source…

Gmail And YouTube Hackers Bypass Google’s 2FA Account Security

April 12, 2024/in Computer Security

Hackers are taking over Google accounts despite 2FA protection

SOPA Images/LightRocket via Getty Images

Desperate Gmail and YouTube users are turning to official and unofficial Google support forums after hackers take over their accounts, bypassing two-factor authentication security and then locking them out. Time and time again, the attackers appear to be part of a cryptocurrency scam supposedly giving away Ripple’s XRP to those responding.

Google Users Take To Support Forums As 2FA Hackers Target Gmail And YouTube Accounts

If you scan the various support forums for Google products such as Gmail and YouTube, including Google’s own official forums and those on Reddit, you will always see desperate people asking about account recovery. These usually relate to someone forgetting the password, having their phone stolen, changing telephone numbers and so on. However, when you see a pattern emerging of people whose accounts have been hacked despite having 2FA activated and being unable to recover their accounts, you know something out of the ordinary is happening.

“They changed the two-factor authentication… account recovery is not working and sends me on a loop.”

“The hackers changed the password and the phone number and also edited the two-factor authentication settings.”

“My account, which was 2FA authenticated, can’t login, password-box says in password changed 25 hrs ago. Cannot recover because the genius hacker has changed the recovery email to the same email, and deleted my number too.”

Aside from the number of accounts compromised despite having 2FA protection in place, there appears to be another common denominator in the form of Ripple Labs cryptocurrency—or, rather, scams leveraging XRP.

Ripple Labs Issues XRP Cryptocurrency Scam Warning

Ripple has taken to X in an attempt to spread awareness of the increasing spate of attacks against Gmail and YouTube accounts which are then used to entrap readers and viewers with a variety of scams. The most…

Source…

Hackers Exploit Bug In Magento To Access Payment Data On Ecommerce Sites

April 10, 2024/in Computer Security

(MENAFN– Investor Brand Network) A critical flaw in the open-source e-commerce platform Magento has allowed hackers to make backdoors into e-commerce websites and
steal payment data . Computer software company Adobe Inc. describes the error,
CVE-2024-2072 ,
as the“improper neutralization of special elements” that could allow attackers to make arbitrary code executions without any user interaction.

Adobe addressed the vulnerability on Feb. 13, 2024, as part of a batch of security updates while e-commerce security company Sansec announced that it…

Rise of Zero-Day Vulnerabilities: Enterprise Software Now a Prime Target for Hackers With 64% YoY Surge

April 10, 2024/in Internet Security

In the fast-paced world of cybersecurity, “zero-day” vulnerabilities loom as a formidable challenge for tech giants investing billions in enhancing user experiences. These vulnerabilities are mostly software flaws that developers fail to detect, leaving no immediate patches or fixes available to protect against potential exploitation. According to a recent report, “Google’s Threat Analysis Group,” the year 2023 witnessed a significant rise in the exploitation of zero-day vulnerabilities.

To be precise, the exploitation of zero-day vulnerabilities increased a notable 56.5% YoY, from 62 in 2022 to 97 in 2023. However, this number fell short of the record set in 2021, when 106 zero-day vulnerabilities were observed being exploited.

The surge in vulnerability exploitation suggests that hackers are becoming more aggressive and adept at discovering and using vulnerabilities to launch cyberattacks.

As these vulnerabilities are exploited, Commercial Surveillance Vendors (CSVs) emerge as key players in the cyber threat ecosystem. In 2023, CSVs were responsible for 75% of known zero-day exploits targeting Google products and Android ecosystem devices, comprising 13 out of 17 vulnerabilities. These CSVs specialize in selling spyware capabilities to government clients for surveillance activities.

Out of the 37 zero-day vulnerabilities exploited in browsers and mobile devices in 2023, more than 60% were attributed to Commercial Surveillance Vendors (CSVs).

Attackers have also increased their efforts to exploit vulnerabilities within third-party components and libraries. This strategy was chosen because exploiting these vulnerabilities could potentially impact multiple products simultaneously.

Threat actors across various motivations actively sought out vulnerabilities in products or components that offered broad access to multiple targets, reflecting a scalable and effective approach to launching attacks.

It is important to note that there was a whopping 64% YoY increase in the number of vulnerabilities targeted by hackers in enterprise-specific technologies during 2023. This trend was further evidenced by the widening range of enterprise vendors targeted since at least 2019,…

Source…

Tag Archive for: hackers

Google Users Take To Support Forums As 2FA Hackers Target Gmail And YouTube Accounts

Ripple Labs Issues XRP Cryptocurrency Scam Warning