Jump to content
nsane.forums

Search the Community

Showing results for tags 'hacked'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 7 results

  1. Authorities in Russia have broken up a widespread scheme involving dozens of gas-station employees who used software programs on electronic gas pumps to con customers into paying for more fuel than then actually pumped into their tank. The scam shorted customers between 3-to-7 percent per gallon of gas pumped. On Saturday, Russian Federal Security Service (FSB) arrested hacker Denis Zayev in Stavropol, Russia on charges he created several software programs designed to swindler gas customers, according to multiple Russian media reports. The software was found only on gas stations located predominantly throughout the south of Russia. The FSB did not return email request for comment on this story. Zayev is accused of developing the software programs and selling them to rogue gas-station employees. Under the arraignment, both gas-station employees and Zayev received a cut of the money customers overpaid for gas. According to the FSB, the crime earned Zayev and gas station employees “hundreds of millions of rubles.” A translated report from news source Rosbalt said the malicious software was nearly impossible to detect by local inspectors and oil companies that monitor gasoline inventory remotely. According to the report, not only did pumps display false data, but also cash registers and back-end systems. Next, Zayev’s software was able to cloak sales data tied to the sale of a station’s illicit surplus gasoline. It’s unclear what tipped Russian authorities off to the scam. Hackers targeting gas stations isn’t new. In 2014, New York state authorities charged 13 men for using Bluetooth-enabled skimmers to steal more than $2 million from customers at gas stations across the Southern United States between 2012 and 2013. A 2015 Black Hat presentation by researchers Kyle Wilhoit and Stephen Hilt, also highlighted dangers of a growing number of internet-exposed gas pump monitoring systems in the U.S. They warned exposed SCADA systems could allow malicious actors to carry out DDoS attacks against pumps, register incorrect fill data and damage engines by manipulating pumps to serve diesel fuel instead of unleaded. Article
  2. A user at Resetera.com has announced that the hack version of PlayStation 4 (PS4 4.05) is now available and hence, the opportunity for targeting the highly sought-after Sony device is ripe. As per DanteLinkX, the user who posted about the hack, it is possible to load or dump PS4 files into ‘.pkg’ format and then load them on firmware version 4.05. Moreover, there are multiple dumps that are compatible with version 4.05 PS4 games and these are being distributed on the internet wildly. “Supposedly a hack for firmware 5.01 is on the way too,” said DanteLinkX. This new hack has been dubbed as PS4HEN. It has the capability of modifying the console at the software level to allow homebrew applications to be executed and run. In simple words, it converts the regular PS4 console into a developer’s kit. Hackers used PS4HEN to emulate PS2 games so as to boost PS4 library. Perhaps, people are now playing pirated PS4 games that too on compromised version of PS4. V 4.05, for instance, Doom VFR and Dead Rising 4. Furthermore, the PKG Kitchen tool allows games like GTA V, Uncharted 4 and similar others to be dumped online for users to play. However, the process of playing pirated system is not only complicated but detrimental to the machine itself. There are a number of free games available on PSN so you can opt for them but if you really intend to get your console hacked then we suggest that you wait for more information on the hacking tools and the consequences of their usage. A statement is due to be released by Sony regarding this issue but you need to remember that hacking PS4 will instantly render its warranty void and it would become impossible to sell your machine to local vendors. If you try to remove the hack even then you will be facing compatibility issues. You can learn more about the hack by following this link. https://www.hackread.com/playstation-4-hacked-to-run-ps2-emulation-homebrew-software/
  3. On Dec. 22, 2017, the Royal Canadian Mounted Police (RCMP) charged Jordan Evan Bloom of Thornhill, Ontario for trafficking in identity information, unauthorized use of a computer, mischief to data, and possession of property obtained by crime. Bloom is expected to make his first court appearance today. According to a statement from the RCMP, “Project Adoration” began in 2016 when the RCMP learned that LeakedSource.com was being hosted by servers located in Quebec. “This investigation is related to claims about a website operator alleged to have made hundreds of thousands of dollars selling personal information,” said Rafael Alvarado, the officer in charge of the RCMP Cybercrime Investigative Team. “The RCMP will continue to work diligently with our domestic and international law enforcement partners to prosecute online criminality.” In January 2017, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including three billion credentials for accounts at top sites like LinkedIn and Myspace. LeakedSource in October 2015 began selling access to passwords stolen in high-profile breaches. Enter any email address on the site’s search page and it would tell you if it had a password corresponding to that address. However, users had to select a payment plan before viewing any passwords. The RCMP alleges that Jordan Evan Bloom was responsible for administering the LeakedSource.com website, and earned approximately $247,000 from trafficking identity information. A February 2017 story here at KrebsOnSecurity examined clues that LeakedSource was administered by an individual in the United States. Multiple sources suggested that one of the administrators of LeakedSource also was the admin of abusewith[dot]us, a site unabashedly dedicated to helping people hack email and online gaming accounts. That story traced those clues back to a Michigan man who ultimately admitted to running Abusewith[dot]us, but who denied being the owner of LeakedSource. The RCMP said it had help in the investigation from The Dutch National Police and the FBI. The FBI could not be immediately reached for comment. Article
  4. If you are a OnePlus customer and bought their products through their website between mid-November 2017 and January 11, 2018, chances are that your credit card data has been stolen. OnePlus, the Chinese smartphone manufacturer has acknowledged that its website was hacked and breached by hackers who stole credit card data belonging to around 40,000 customers. Background On January 15th, 2017, HackRead published an in-depth report on OnePlus customers complaining about credit card fraud and claiming that their cards had been used to make purchases without their knowledge and permission after shopping through the OnePlus website (OnePlus.net) between October and December 2017. In reply, OnePlus had denied that their checkout page was hacked or breached. However, according to Fidus InfoSecurity Limited, a British cybersecurity agency, OnePlus checkout was using Magento eCommerce platform that was in the news lately for containing a critical bug that could be exploited to take over any website. Remember, the same bug was used by a Coinhive user to hack BlackBerry mobile website and place Monero cryptocurrency mining code. Furthermore, Fidus pointed out several loopholes in the OnePlus website and concluded that there is a chance OnePlus website could be compromised by placing Javascript and modifying the Cc.php file which requires shell access to the server and indicates a serious compromise. OnePlus admits it suffered data breach Earlier today (January 19th, 2017), according to the official forum post by OnePlus’ staff member Mingyu it has been acknowledged that the company did suffer a hack attack in which hackers infected a malicious script into the company’s payment page code and siphoned out credit card data. One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card information from customers who were entering the data on OnePlus.net. However, OnePlus maintains that customers who used saved credit cards or paid via the “Credit Card via PayPal” and those who bought OnePlus products via PayPal should not be affected. OnePlus also sent emails to potentially affected customers informing that their credit card data including card numbers, expiry date, and security codes were stolen between mid-November 2017 and January 11, 2018. Moreover, the company has contacted law enforcement authorities in regions it operates in and offered free credit monitoring to affected customers. “We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed the community, and it pains us to let you down.” “We are working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future,” said Mingyu. source
  5. As the price of Bitcoin and other cryptocurrencies is surging, the cybercriminal community is exploring the opportunity to steal user funds as every now and then there are incidents involving hackers targeting unsuspecting investors by hacking an exchange and a wallet. The latest victim of a hack attack against cryptocurrencies is the web-based BlackWallet used in storing Stellar Lumens (XLM). Reportedly, hackers successfully targeted BlackWallet this weekend (January 13th) and stole $444,000 in XLM. How hackers hacked BlackWallet The incident has been confirmed by the admin and creator of Blackwallet and an official statement has also been posted on Reddit according to which hackers compromised the hosting account of BlackWallet’s website (BlackWallet.co) then hijacked its DNS (Domain Name Servers) and redirected to a fake website that looked exactly like Blackwallet’s. Following the change, the moment an unsuspected user signed in on the fake website their funds would go straight to the wallet owned by hackers. Moreover, hackers placed a code that with every sign in, would move 20 Lumens (that are needed to keep the wallet intact) to their account. In total, hackers were able to transfer Stellar Lumens (XLM) worth $444,000 majority of which went to SDF and Bittrex cryptocurrency exchange where hackers will probably convert the stolen funds without getting their identity exposed. According to a Tweet by Kevin Beaumont‏, an IT security researcher who examined the code placed by hackers “The DNS hijack of Blackwallet injected code if you had over 20 Lumens it pushes them to a different wallet.” What is next The creator of BlackWallet, on the other hand, has asked hosting firm to disable their account. They have also contacted SDF and Bittrex to freeze the stolen funds however it is unclear if both parties will be able to cooperate or whether there has been any response from them. The BlackWallet admin is also suggesting customers immediately transfer their funds to some other wallet in the event they entered their key on blackwallet. Users can transfer their funds using the stellar account viewer. At the time of publishing this article, BlackWallet’s website was offline and displaying a 403 error. To read previous data breaches and hack attacks against cryptocurrency wallets and exchanges follow this link. source
  6. Extortion can also be funny when it happens to the bad guys, and there's one extortion attempt going on right now that will put a big smile on your face. The victim is Basetools.ws, an underground hacking forum that allows users to trade stolen credit card information, profile data, and spamming tools. The site boasts to have over 150,000 users and over 20,000 tools listed in its forums. Earlier this week, on Tuesday, an anonymous user appears to have breached the site, and uploaded samples of its database online, along with a ransom demand. The attacker is asking for $50,000 or he'll share data on the site's administrator with US authorities, such as the FBI, DHS, DOJ, and the DOT (Department of Treasury). To prove the validity of his claims, the hacker shared an image of the Basetools admin panel and an image containing the site admin's login details and IP address. In addition, the hacker also dumped tools that Basetools users were selling on the site, such as login credentials for C-Panel accounts; login credentials for shells, backdoors, and spambots hosted on hacked sites; credentials for RDP servers; server SSH credentials, user data leaked from various breaches at legitimate sites, and many other more. As soon as the ransom demand and accompanying data was published online, the Basetools portal went offline and entered maintenance mode. "Yeah, the fact that site is down right now certainly doesn't look good for them," security researcher Dylan Katz told Bleeping Computer today regarding the possibility of the ransom demand being a fake breach. Nonetheless, "50k is a pretty steep ransom, seeing as the damange has already been done," Katz added. But financial gain is not the only motivation behind this hack. According to other text included in the ransom demand, the hacker also appears to have carried out the hack out of revenge, claiming the site's operator has been manipulating stats. "Basetools.pw is manipulating EARNING STATS & RESELLER STATS, Owner of this market has opened a reseller with name RedHat which always stays in First Place," the text reads. Lots of sensitive data leaked online Despite the "small potatoes" feel that you get when reading about a breach at a hackers' forum, this security incident is quite of note. All the Basetools seller data that was supposedly being sold on the forums before the hack is now online and easily accessible to anyone. This means that credentials for thousands of servers are now in easy reach to anyone who knows where to look for it. Other hackers could take over these servers and deploy them in spam, malware hosting, or other malicious campaigns. The owners of these services will need to be notified so they can change credentials and clean up affected systems. Furthermore, Katz has also identified user data that appears to come from services that have not previously announced they suffered a data breach. These services will also need to be notified so they can investigate any potential breaches, and reset passwords for affected accounts. Katz is currently processing the leaked data and intends to reach out to some of the affected parties. Article
  7. Hackers broke into British company Piriform’s free software for optimizing computer performance last month potentially allowing them to control the devices of more than two million users, the company and independent researchers said on Monday. The malicious program was slipped into legitimate software called CCleaner, which is downloaded for personal computers and Android phones as often as five million times a week. It cleans up junk programs and advertising cookies to speed up devices. CCleaner is the main product made by London’s Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner. A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s (CSCO.O) Talos unit said. Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software. “There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program. In a blog post, Piriform confirmed that two programs released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud. Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12. A new, uncompromised version of CCleaner was released the same day and a clean version of CCleaner Cloud was released on Sept. 15, it said. The nature of the attack code suggests that the hacker won access to a machine used to create CCleaner, Williams said. CCleaner does not update automatically, so each person who has installed the problematic version will need to delete it and install a fresh version, he said. Williams said that Talos detected the issue at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs. Piriform said it had worked with U.S. law enforcement to shut down a server located in the United States to which traffic was set to be directed. It said the server was closed down on Sept. 15 “before any known harm was done”. Source
×