Breaking News »

Latest Hacking News

Hacker's tweet led FBI to issue warning for airlines in US

In response to the claims and reports of the recent United Airlines incident, The US Federal Bureau of Investigation has issued a warning to all the airlines to be on the lookout for hackers. It follows an onboard tweet from Chris Roberts, pro hacker and the founder of One World Labs.

Roberts, a researcher specializing in the security of commercial airplanes, was detained by FBI (Federal Bureau of Investigation) agents while deplaning his United Airlines flight from Denver to Syracuse, New York. This action was taken after he tweeted a joke about taking control of the plane’s engine-indicating and crew-alerting system, which provides flight crews with information in real-time about an aircraft’s functions, including temperatures of various equipment, fuel flow and quantity, and oil-pressure.

The computer expert tweeted: “Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? 'PASS OXYGEN ON' Anyone ? :)”. This apparently caught the attention of Federal authorities who confiscated Robert’s iPad, MacBook Pro, and storage devices after questioning him for four hours.


Roberts stated that he was perturbed by the actions of the US law enforcement as he has been demonstrating vulnerabilities in the avionics system used on modern airplanes and telling CNN that he could connect a computer under his seat to view data from the aircraft’s engines, fuel and flight-management systems. And he is not the only one, according to an article by Forbes, Thomas Lim, head of security consultancy Cose Inc, has repeatedly been checked going through airports in recent years. On a flight from New York to Taipei, he was searched of all his belongings at the airport in Anchorage.

United Airlines has now banned Chris Roberts from all its flights.

Moreover, in a notification reported by the Wired Magazine, the FBI advised airlines to report any suspicious activity i.e. passengers connecting unknown wires and cables, or tampering or the forced removal of covers to network connection ports, along with reporting any evidence of suspicious behaviour concerning aviation wireless signals, including social media messages with threatening references to onboard network systems, automatic dependent surveillance systems (ADS-B), aircraft communications addressing and reporting systems (ACARS) and air traffic control networks.

WordPress 4.1.2 version released, fixes critical security bugs


Wordpress 4.1.2 is the latest version of WordPress to be released to the public. A critical security release for all previous versions, WordPress 4.1.2 fixes as much as four other security issues.
The earlier versions of WordPress including version 4.1.1 were affected by a serious critical cross-scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams and Andrew Nacin of the WordPress security team.

Discovered by Michael Kapfer and Sebastian Kraemer of HSASec, files with invalid or unsafe names could be uploaded in version 4.1 and higher.

In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as a part of a social engineering attack. It was discovered by Jakub Zoczek.  

Some plugins were vulnerable to an SQL injection vulnerability. Four hardening changes, including better validation of post titles within the Dashboard were discovered by J.D.Grimes, Divyesh Prajapati, Allan Collins, Marc-Alexandre Montpas and Jeff Bowen.

To download WordPress 4.1.2, the update can be updated automatically from the Dashboard and simply click “Update Now”. Sites that support automatic background updates are already updating to WordPress 4.1.2.

Researchers discover fingerprint flaw on Samsung Galaxy S5


Photo Courtesy: Mobilesyrup website
Despite the various efforts made to secure biometric information on Samsung Galaxy S5 by the Android phone makers, hackers can still take copies of fingerprint which is used to unlock the phone set, said researchers.

Tao Wei and Yulong Zhang, researchers at FireEye, a security firm, said that even though there is a separate secure enclave for the information on the phone, it is possible to grab the biometric data before it reaches that safe area which allows hackers to copy people’s fingerprints for further attacks.

Wei and Zhang, who conducted research on Galaxy S5 including other unnamed Android devices, will be presenting their findings at the RSA conference on April 24.

The researchers said that in order to clone the fingerprints, the hackers don’t have to break the protected zone where the data is stored. They just have to collect data from the device’s fingerprint sensor.

According to them, any hacker can easily clone fingerprints from the phone sets. They have to get user-level access and run a program as root. They wouldn’t need to go deeper on Samsung Galaxy S5 because the malware needs only system-level access.

And once the hackers break the operating system of the phone, they can easily read the fingerprint sensor. Then, the hackers get the data from which they can generate an image of fingerprint. After that, those hackers can do whatever they want.

After finding the flaw on the phone, the researchers had contacted Samsung. However, they did not get any updates or measures to fix the vulnerability from the company.

They said that it is better to update Android version in order to get protected from this vulnerability because it is not resident on Android 5.0 or later versions.

"Samsung takes consumer privacy and data security very seriously. We are currently investigating FireEye’s claims,” said a spokesperson for Samsung via email to Forbes.

Although, there are various security concerns about biometric, it is going to be the primary form of authentication on mobile phones.

It is said that Microsoft is testing out a range of biometric options for its upcoming Windows 10 operating system. 

However, Wei and Zhang said they only tested Android devices as of now.

They said that not all of the Android phones below 5.0 with fingerprint authentication were affected but this vulnerability is likely to spread among other phone companies as well.  Like HTC One Max, Motorola Atrix, Samsung Galaxy Note 4 and Edge, Galaxy S6, and Huawei Ascend Mate 7.

“We only tested a limited number of devices. While we expect the issue is more widespread, we are not sure,” the FireEye spokesperson said in an email to Forbes

GTA V users accounts have not been hacked but change passwords to ensure safety


In a response to a number of reports from Grand Theft Auto V (GTA V) users who said their Social Club accounts have been hacked and even modified, Rockstar Games Social Club (RGSC), a hub for GTA V and other games, has confirmed that the accounts have not been hacked.

However, the user can change his/her password in order to prevent his/her account from hacking in the future.

After receiving numbers of complaints about hacking, which did not allow the users to log in to their accounts and they cannot play games, via twitter the authority concerned sent a statement to Kotaku Australia.

According to the statement, their accounts have not been hacked. It seems that some unknown users or website tried to access another’s user accounts using email and password combinations. However, the company is in the process of repairing the affected account in to the original. It also suggested the users not to share their Social Club account username and password to other multiple websites. They should keep different passwords and usernames for their different accounts.

“We are responding to customers, whose accounts got affected, to reinstate full user access within 24 hours of contacting Customer Support. Please keep looking at the Rockstar Support website for more information and updates,” mentioned in the statement.

Earlier, it was said that more than 2500 GTA V users account have been hacked. People were facing problem in drivers, download speeds from Steam, FPS hiccups while playing games.

Similarly, many users complained as the RGSC took a lot of time to take any initiative.

A GTA V user wrote on the Rockstar Support page, “I purchased the game before it got released and got my pre-order bonus. Everything was great until Wednesday night, when I received an email saying that my email address and password on social account has been changed.”

He added that he immediately emailed Rockstar Support. When he did not get any reply, he called the support team.  They gave him a ticket number 3579087 and said it was escalated. Since then, he hasn’t received any information on how long will it take to get back his account.

Vulnerability »

Malware Report »

Defacements »

Spam Report »