Breaking News »

Latest Hacking News

Bug allows Hackers to open locked Biometric Fingerprint Doors


Researcher has uncovered various flaws in a Taiwan-based Chiyu Technology's fingerprint access controller which could allow hackers to easily open the locked doors.

The researcher, Maxim Rupp has said that the vulnerabilities allow the attacker to view and modify the existing configuration of the device without authentication by directly accessing known paths. 


The path (CVE-2015-2871) varies slightly depending on model and services available.

According to an advisory published on July 31, the paths for accessing communications, fingerprint and other setup pages vary depending on the model and the services that are available, CERT/CC.

“It has identified models BF-660C, BF-630, BF-630W as being vulnerable; other models may also be vulnerable. The CERT/CC has been unable to verify this information with the vendor. The CVSS score below is based on CVE-2015-2871,” the advisory read.

According to a story published in SecurityWeek, the researcher said that by gaining access to the controller’s fingerprint setup page, an attacker could modify settings, such as “security level” and “sensitivity,” to make it easier to open the door protected by the device. An attacker can also change the device’s network settings and disconnect it from the targeted organization’s network.

“The researcher has also found that some of the vulnerable biometric devices are accessible via the Internet, which allows an attacker to exploit the weakness remotely. An attacker might be able to carry out other actions as well once he gains access to the controller’s configuration pages, but the expert says he hasn’t conducted further tests,” the report read.

The researcher said that there were several other companies that which sold the same devices under a different brand.

The flaws were reported by the researcher to Chiyu Technology via CERT/CC on May 29. CERT/CC. However, the company concerned has not managed to get in touch with the manufacturer.

It is still unclear that when the company will fix the flaws in the fingerprint access controller.

Antivirus software maker Bitdefender hacked, customers data leaked


It has been proved that no one is safe here from hackers. Even the security firms, which are supposed to protect us, get hacked.

Recently, an award-winning antivirus software maker and security software company has been hacked.

As per news reports, Bitdefender customers’ usernames and passwords leaked during the attack. It has confirmed that its system was breached following rumors that someone was holding the Romanian firm to ransom. The company has failed to encrypt its customers’ login details.

After getting into the company’s information, the crooks demanded $15,000 in order to keep its customers’ details safe.

They threatened the company that they would reveal the swiped customer records. However, it is said that they have put some information online.

The company has informed that the issue has been solved and additional security measures have been taken to prevent its customers from hacking.

A password reset notice was sent to all potentially affected customers, representing less than 1 per cent of our SMB customers.

“This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted. Bitdefender takes security of its customers very seriously and any issue that might involve the security of our customers or the security of our servers is treated with the utmost urgency and seriousness,” the company explained.

PagerDuty hacked, update your password by Monday

After almost a month, PagerDuty, which provides alerting, on-call scheduling, escalation policies and incident tracking to increase uptime of your apps, servers, websites and databases, has confirmed that it detected an unauthorized intrusion on July 9 by an attacker who gained access to some information about their customers.

The PagerDuty has asked its users to set new strong passwords at this time. The users that do not reset their password by Monday, August 3rd at 12:00pm Pacific Time will be automatically logged out of the website and will receive an email prompting them to reset their password. At no time will alert delivery be affected by this process.

It posted on July 30 that within a few hours of the intrusion, its team stopped the attack. A leading cyber security forensics firm has been hired to investigate the attack.

“We immediately took steps to mitigate the issue, including enhancing our monitoring and detection capabilities, and further hardening our environment,” the blog read.

According to the company concerned, it has not found any evidence that corporate, technical, financial, or sensitive end user information, including phone numbers, was exposed by this incident.

“We do not collect customers’ social security numbers and we do not store or have access to customer credit card numbers. This incident also had no impact on our ability to provide services to our customers. We also notified law enforcement and are cooperating fully with their investigation into this matter,” the company added.

The company said that as per its investigation, the attacker bypassed multiple layers of authentication and gained unauthorized access to an administrative panel provided by one of our infrastructure providers. With this access, they were able to log into a replica of one of PagerDuty’s databases. The evidence indicates that the attacker gained access to users’ names, email addresses, hashed passwords and public calendar feed URLs.

The company has recommend that its customers to reset calendar feed URLs and revoke and re-add access to any mobile devices linked to their PagerDuty account.

“PagerDuty will never ask for your password or other sensitive information via email,” the company said.

Moonpig hacked, Emial IDs, passwords compromised


The online personalized card company, Moonpig, has blocked an unspecified number of accounts of customers after users’ details were published online.

According to the company’s website, customers’ email addresses, passwords and account balance had been made public. However, they stress that the source of passwords was not their site, but from other online sites where users use similar passwords.

“As a precautionary measure, we promptly closed our Moonpig site and apps to help us investigate and contain this issue. Following these investigations, we now have strong evidence that the customer email addresses and passwords we identified were taken previously from other third party websites, and not directly from Moonpig.com."

"This data was then used to access the account balances of some of our Moonpig.com customers. As a reminder, we do not store full credit card information ourselves so this data was not accessible in any event.”

Moonpig  has contacted affected customers, and advised  them to  reset their passwords and ensure that they are not reusing the same passwords anywhere else on the net

Vulnerability »

Malware Report »

Defacements »

Spam Report »