Banks, credit card companies, and VPN providers are probably at the top of the list of organizations you really hope would have their security in order. NordVPN, the VPN company you've likely heard recommended by countless YouTubers, has confirmed one of its data centers was hacked over a year ago.
Take this with the proverbial grain of salt, but Bloomberg has published a detailed investigative report today alleging that a list of U.S. Companies, including Amazon and Apple, suffered a security intrusion via hardware infiltration. This isn't a hack in the software sense, it's a result of literal physical modification to server motherboards at the time of manufacturing by subcontractors in China, allegedly coerced by operatives working for the Chinese People’s Liberation Army — making this a potentially state-backed attack.
Popular e-commerce website Newegg is the latest victim of cyber attacking by Magecart, according to Volexity, a cyberthreat monitoring firm. Newegg is one in a string of high profile cyber attacks making use of the card skimming code which recently compromised British Airways, Ticketmaster, and Feedify. Most critically, customer names and complete card details were stolen using exploited code between August 16th and September 18th.
Several VEVO YouTube music channels were hacked earlier today, with multiple videos having their titles and thumbnails modified. Among the affected music videos was Luis Fonsi and Daddy Yankee's Despacito, which currently holds the title for YouTube's most viewed video of all time, coming in at over five billion views. Additional channels include ShakiraVEVO, TaylorSwiftVEVO, SelenaGomezVEVO, and many others.
According to American sportswear giant Under Armour, user data from its health app MyFitnessPal has been compromised. Data including the usernames, email addresses, and scrambled passwords from approximately 150 million accounts was stolen last month in one of the biggest attacks of its kind.
The last generation of Nexuses (Nexus? Nexsi?) were unfortunately plagued with hardware problems. The Nexus 6P suffered from early shutdowns due to a faulty battery sensors, and the 5X had the famous bootloop bug (which my own 5X eventually fell victim to). The 6P suffered from bootloops as well, to an extent, but now there's a possible fix for the problem on both phones.
The ability to unlock a device with your face is nothing new - Android had it back in 4.0 Ice Cream Sandwich. But recently, we've seen more complex eye unlocking technology crop up on consumer electronics, such as Windows Hello. The Galaxy Note7 and S8 included something similar, called the Iris Scanner.
Members of the Chaos Computer Club, Europe's largest association of hackers, claim they have broken the security of the S8's Iris scanner.
Can't wait for Android O? Neither can we, but you can at least make use of one feature a little early if you've got a mostly stock Nougat phone. The good people at XDA found that navigation bar customization was present in Nougat, and you can even use it without root. One enterprising developer has already pushed an app called Custom Navigation Bar that can make the necessary modifications.
Opera users who utilized the browser's cloud sync option may have had that synchronized data taken by hackers, according to the company. While the full extent of the breach isn't yet known, Opera fears that passwords saved in the browser's manager may have been exposed.
Have you seen Mr. Robot? The show is only three episodes in, but it's already shaping up to be a surprisingly awesome hacking drama. And I don't mean "hacking" in the CSI/NCIS/Scorpion "120WPM and 60 flashing windows" kind of hacking - the protagonist and his Anonymous-style compatriots use real methods and technology, mostly relying on a combination of known vulnerabilities, social engineering, and brute force attacks to play at being cyber-vigilantes. You should check it out - USA has the first three episodes available for free on its website.
The third episode features a pretty cool segment where (extremely mild spoiler alert) the antagonist gains physical access to an Android phone in order to digitally tap it.