Tag: hack’
The Sims 4 cheats: Every cheat code and life hack you need
Signal users’ phone numbers exposed in major Twilio hack
On Monday, Signal, often viewed as the most secure messaging app, shared that a security breach of its phone number verification service provider affected 1,900 of its users. Due to the breach, these users’ phone numbers were exposed.
According to Signal’s post detailing the situation, the provider, Twilio, was targeted in a phishing attack. In Twilio’s own post explaining the situation, the company says it was a “sophisticated social engineering attack designed to steal employee credentials.” The attack was successful in obtaining credentials from some of Twilio’s employees. Twilio says that around 125 of its customers had data compromised during the attack. One of these affected customers is Signal.
On the bright side, Signal’s reputation as the most secure messaging app is intact thanks to its service being 100 percent end-to-end encrypted. Without access to a Signal user’s physical device, a bad actor could not access that user’s messaging history. So, any sensitive information that was shared within messages on Signal have not been compromised. Profile data, contact list, and other data also was not compromised, again, thanks to Signal’s design.
However, Signal warns that there were issues that arose for the users affected by the breach:
“For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio.”
According to Signal, one of those 1,900 users reported that their account was re-registered on another device without their authorization. Also, as Signal notes, most of its users were not affected at all by the security breach.
That there’s been fairly little fallout from this security breach is a testament to Signal’s security. But the breach is also a reminder of Signal’s one glaring flaw: the requirement that a user registers their phone number to use the messaging service. Signal has previously hinted that it will soon allow people to use usernames instead of their phone number, but there is currently no scheduled roll out for that feature.
Brazilian Crypto Investment Platform Bluebenx Stops Withdrawals Under Hack Allegations
“DeFi Hub of Polkadot” Suffers Major Hack
BlueBenx fires employees, halts funds withdrawal citing $32M hack
BlueBenx’s lawyer, Assuramaya Kuthumi, revealed that the attack resulted in the loss of $32 million, which many investors found hard to believe.
Man vs. Dish: How one researcher used a $25 homemade device to hack into Elon Musk’s Starlink system
With over 3,000 small satellites in orbit, Elon Musk‘s Starlink has created an excellent fleet orbiting Earth at the moment providing satellite internet access coverage in 36 countries. However, all it took was one Belgian cyber security researcher, a $25 homemade device, and a dream to reveal the first major security flaw in Starlink’s user terminals.
This past Thursday at the Black Hat security conference in Las Vegas, Belgian security researcher Lennert Wouters showcased how he hacked into the Starlink internet system using a homemade circuit board or modchip that cost around $25 to develop, WIRED reports.
To do this, WIRED explains, Wouters had to strip down the satellite dish, allowing him to attach a custom modchip using cheap, off-the-shelf parts. Once attached, the homemade printed circuit board launches a fault injection attack that bypasses Starlink’s security system, and allows access to control functions Starlink had intended to keep locked down.
“As an attacker, let’s say you wanted to attack the satellite itself,” Wouters explained to WIRED, “You could try to build your own system that allows you to talk to the satellite, but that’s quite difficult. So if you want to attack the satellites, you would like to go through the user terminal as that likely makes your life easier.”
Starlink’s system is divided into three major parts: The satellites, the gateways sending internet connections, and the user terminals referred to as “Dishy McFlatface” by Musk’s employees — the dishes people can buy, in other words. According to WIRED, Wouters’ research focused on the Dishy McFlatfaces.
Wouters revealed the vulnerability to SpaceX last year and the company paid him through its bug bounty program. Starlink, in response to Wouters’ showcase, published a six-page PDF explaining how it secures its systems along with a firmware update that “makes the attack harder, but not impossible, to execute.”
Since 2018, Starlink has slowly established itself in the industry and has become a vital tool in keeping Ukrainians connected during the Russian invasion. According to Musk in May, Starlink has so far thwarted all cyberattacks coming from Russia.
Solana Wallet Slope Says no Evidence Linking Security Flaw to $4 Million Hack
The Zoom installer let a researcher hack his way to root access on macOS
A security researcher has found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system.
Details of the exploit were released in a presentation given by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas on Friday. Some of the bugs involved have already been fixed by Zoom, but the researcher also presented one unpatched vulnerability that still affects systems now.
The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter their password on first adding the application to…