A 17-year-old resident of Georgia in the US was arrested for hacking private phones and stealing explicit photos of children. He then posted the photos on illegal adult websites. According to 9News, Michael William Cook, of Acworth, Georgia, targeted people under 18. He sent his victims a text message that appeared to originate from a photography company (Maxi Focus Photography) and invited users to install...

A new flaw in cookie handling that makes log-ins persistent has been discovered by security researcher Rishi Narang. When a user logs into an account, the server sends a cookie – a small piece of text – that holds his session ID and tells the server he successfully passed authentication and should be served content without a further log-in prompt when navigating between pages. Cookies are set to expire, eit...

Researchers at Spider.io discovered a ‘human-like’ botnet counting over 120,000 infected systems, and costing advertisers more than $6 million a month, according to Spider.io. Chameleon is the first botnet to directly impact display advertisers rather than text-link advertisers. “At least 7 million distinct ad-exchange cookies are associated with the botnet per month,” the researchers said. "Advertisers are...

A hacker created a worldwide map of more than 100,000 vulnerable devices after “playing around” with a scripting tool. The “Carna” botnet was named after the Roman goddess that protected inner organs because it was “a good choice for a bot that runs mostly on embedded routers.” Carna ran from June to October last year and was allegedly never detected. Many of the open machines were based on Linux and allowe...

Xbox Live accounts of Microsoft employees were breached via “several stringed social engineering techniques,” the company said. Although the breach didn’t relate to a vulnerability in Microsoft’s systems, the company is investigating the incident by working with law enforcement and the companies used in the social engineering scheme. By obtaining social security numbers of the targeted employees, hackers we...

Several broadcasters and banks in South Korea were hacked in one of the country’s largest cyber-attacks, and fingers are once again pointed at neighbors to the north, according to The Guardian. The computer networks of KBS, MBC and YTN, and those of the Shinhan and Nonghyup banks were targeted in a simultaneous cyber-attack, which is still under investigation. While television networks were not seriously af...

A newly discovered flaw in the Origin distribution platform could allow cyber-criminals to install malware on machines regardless of the operating system. The technique was documented in a paper by security researchers Luigi Auriemma and Donato Ferranta presented at the BlackHat conference in Amsterdam. This is the same team of researchers who found a similar vulnerability in the Steam browser protocol last...

High-end DSLR cameras come with a multitude of features for sharing pictures, but do they really reveal the contents only to their owners? According to security researchers Daniel Mende and Pascal Turbing, digital cameras such as the Canon EOS 1DX can be manipulated to take pictures and upload them without the user’s explicit consent. This particular camera model comes with a built-in server called WFT (Wir...

A new computer espionage tool built on the $35 Raspberry Pi microcomputer has been detailed in a presentation at this year’s BlackHat conference in Amsterdam. This highly-advanced hardware keylogger is small enough to fit into a laptop docking station and powerful enough to intercept keystrokes, sniff network traffic, take screenshots, and more. The Raspberry PI is a credit card-sized computer with a 700 MH...

Computer and furniture leasing company Aaron’s took 185,000 e-mails with highly sensitive information from its customers via spyware installed on the leased machines. The spyware application provided by DesignerWare came preinstalled on the laptops leased through Aaron’s. It was designed to allow the rental company to kill the laptop remotely if customers fell beyond payment, but also was able to record key...