Jump to content

Search the Community

Showing results for tags 'hacked'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 77 results

  1. When we talk about hacking, we usually think of a massive cyber attack on any financial institution. But, from recent hacks and data breach incidents, it seems the hackers have changed their targets. Recently, some crooks tried an not entirely new (and somewhat weird) trick to achieve their goal. These hackers hacked a US gas station to pilfer 600 gallons of fuel worth $1,800 and did so brazenly in the middle of the day. Hackers Hacked A Detroit Gas Station As initially disclosed on Wednesday, individuals hacked a Detroit, Michigan gas station to steal 600 gallons of gas. The Marathon gas station suffered this attack on June 23, 2018, when two men reached the pump for fuel. Reportedly, they took control of the pump at the gas station through a remote device, thus preventing the hack from being blocked by the clerk present at the station from his system. According to Fox2Detroit, the clerk, Aziz Awadh, said about the incident, “I tried to stop it here from the screen but the screen’s not working. I tried to stop it from the system; nothing working.” Awadh told that he was able to shut down the pump only after he found the emergency kit. He then called the police. However, until then, the hackers managed to drain a large volume of fuel. Police Asks For Help To Identify Culprits According to the initial Police investigations, the hackers used a unique remote device to take over the pump. The hackers are believed to have had 10 vehicles which they filled completely within 90 minutes. However, as the security cameras were working perfectly, those hackers have been captured in the video recording. While the investigations continue about the matter, the Detroit Police Department has requested the public to inform them if anyone gets to know anything about the thieves. < Here >
  2. Alt-currency's value tumbles amid malicious mining mishaps The Verge cryptocurrency has seen its value drop by 25 per cent after hackers exploiting a bug in the alt-coin's software forced its developers to hit the reset button and hard-fork the currency. Programmers on Wednesday confirmed that the fun-bux had been on the receiving end of a "small hash attack" that caused its value to drop from $0.07 to $0.05 per XVG. The developers claimed they had cleared up what was portrayed as a minor hiccup.
  3. Authorities in Russia have broken up a widespread scheme involving dozens of gas-station employees who used software programs on electronic gas pumps to con customers into paying for more fuel than then actually pumped into their tank. The scam shorted customers between 3-to-7 percent per gallon of gas pumped. On Saturday, Russian Federal Security Service (FSB) arrested hacker Denis Zayev in Stavropol, Russia on charges he created several software programs designed to swindler gas customers, according to multiple Russian media reports. The software was found only on gas stations located predominantly throughout the south of Russia. The FSB did not return email request for comment on this story. Zayev is accused of developing the software programs and selling them to rogue gas-station employees. Under the arraignment, both gas-station employees and Zayev received a cut of the money customers overpaid for gas. According to the FSB, the crime earned Zayev and gas station employees “hundreds of millions of rubles.” A translated report from news source Rosbalt said the malicious software was nearly impossible to detect by local inspectors and oil companies that monitor gasoline inventory remotely. According to the report, not only did pumps display false data, but also cash registers and back-end systems. Next, Zayev’s software was able to cloak sales data tied to the sale of a station’s illicit surplus gasoline. It’s unclear what tipped Russian authorities off to the scam. Hackers targeting gas stations isn’t new. In 2014, New York state authorities charged 13 men for using Bluetooth-enabled skimmers to steal more than $2 million from customers at gas stations across the Southern United States between 2012 and 2013. A 2015 Black Hat presentation by researchers Kyle Wilhoit and Stephen Hilt, also highlighted dangers of a growing number of internet-exposed gas pump monitoring systems in the U.S. They warned exposed SCADA systems could allow malicious actors to carry out DDoS attacks against pumps, register incorrect fill data and damage engines by manipulating pumps to serve diesel fuel instead of unleaded. Article
  4. A user at Resetera.com has announced that the hack version of PlayStation 4 (PS4 4.05) is now available and hence, the opportunity for targeting the highly sought-after Sony device is ripe. As per DanteLinkX, the user who posted about the hack, it is possible to load or dump PS4 files into ‘.pkg’ format and then load them on firmware version 4.05. Moreover, there are multiple dumps that are compatible with version 4.05 PS4 games and these are being distributed on the internet wildly. “Supposedly a hack for firmware 5.01 is on the way too,” said DanteLinkX. This new hack has been dubbed as PS4HEN. It has the capability of modifying the console at the software level to allow homebrew applications to be executed and run. In simple words, it converts the regular PS4 console into a developer’s kit. Hackers used PS4HEN to emulate PS2 games so as to boost PS4 library. Perhaps, people are now playing pirated PS4 games that too on compromised version of PS4. V 4.05, for instance, Doom VFR and Dead Rising 4. Furthermore, the PKG Kitchen tool allows games like GTA V, Uncharted 4 and similar others to be dumped online for users to play. However, the process of playing pirated system is not only complicated but detrimental to the machine itself. There are a number of free games available on PSN so you can opt for them but if you really intend to get your console hacked then we suggest that you wait for more information on the hacking tools and the consequences of their usage. A statement is due to be released by Sony regarding this issue but you need to remember that hacking PS4 will instantly render its warranty void and it would become impossible to sell your machine to local vendors. If you try to remove the hack even then you will be facing compatibility issues. You can learn more about the hack by following this link. https://www.hackread.com/playstation-4-hacked-to-run-ps2-emulation-homebrew-software/
  5. On Dec. 22, 2017, the Royal Canadian Mounted Police (RCMP) charged Jordan Evan Bloom of Thornhill, Ontario for trafficking in identity information, unauthorized use of a computer, mischief to data, and possession of property obtained by crime. Bloom is expected to make his first court appearance today. According to a statement from the RCMP, “Project Adoration” began in 2016 when the RCMP learned that LeakedSource.com was being hosted by servers located in Quebec. “This investigation is related to claims about a website operator alleged to have made hundreds of thousands of dollars selling personal information,” said Rafael Alvarado, the officer in charge of the RCMP Cybercrime Investigative Team. “The RCMP will continue to work diligently with our domestic and international law enforcement partners to prosecute online criminality.” In January 2017, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including three billion credentials for accounts at top sites like LinkedIn and Myspace. LeakedSource in October 2015 began selling access to passwords stolen in high-profile breaches. Enter any email address on the site’s search page and it would tell you if it had a password corresponding to that address. However, users had to select a payment plan before viewing any passwords. The RCMP alleges that Jordan Evan Bloom was responsible for administering the LeakedSource.com website, and earned approximately $247,000 from trafficking identity information. A February 2017 story here at KrebsOnSecurity examined clues that LeakedSource was administered by an individual in the United States. Multiple sources suggested that one of the administrators of LeakedSource also was the admin of abusewith[dot]us, a site unabashedly dedicated to helping people hack email and online gaming accounts. That story traced those clues back to a Michigan man who ultimately admitted to running Abusewith[dot]us, but who denied being the owner of LeakedSource. The RCMP said it had help in the investigation from The Dutch National Police and the FBI. The FBI could not be immediately reached for comment. Article
  6. If you are a OnePlus customer and bought their products through their website between mid-November 2017 and January 11, 2018, chances are that your credit card data has been stolen. OnePlus, the Chinese smartphone manufacturer has acknowledged that its website was hacked and breached by hackers who stole credit card data belonging to around 40,000 customers. Background On January 15th, 2017, HackRead published an in-depth report on OnePlus customers complaining about credit card fraud and claiming that their cards had been used to make purchases without their knowledge and permission after shopping through the OnePlus website (OnePlus.net) between October and December 2017. In reply, OnePlus had denied that their checkout page was hacked or breached. However, according to Fidus InfoSecurity Limited, a British cybersecurity agency, OnePlus checkout was using Magento eCommerce platform that was in the news lately for containing a critical bug that could be exploited to take over any website. Remember, the same bug was used by a Coinhive user to hack BlackBerry mobile website and place Monero cryptocurrency mining code. Furthermore, Fidus pointed out several loopholes in the OnePlus website and concluded that there is a chance OnePlus website could be compromised by placing Javascript and modifying the Cc.php file which requires shell access to the server and indicates a serious compromise. OnePlus admits it suffered data breach Earlier today (January 19th, 2017), according to the official forum post by OnePlus’ staff member Mingyu it has been acknowledged that the company did suffer a hack attack in which hackers infected a malicious script into the company’s payment page code and siphoned out credit card data. One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card information from customers who were entering the data on OnePlus.net. However, OnePlus maintains that customers who used saved credit cards or paid via the “Credit Card via PayPal” and those who bought OnePlus products via PayPal should not be affected. OnePlus also sent emails to potentially affected customers informing that their credit card data including card numbers, expiry date, and security codes were stolen between mid-November 2017 and January 11, 2018. Moreover, the company has contacted law enforcement authorities in regions it operates in and offered free credit monitoring to affected customers. “We cannot apologize enough for letting something like this happen. We are eternally grateful to have such a vigilant and informed the community, and it pains us to let you down.” “We are working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit. All these measures will help us prevent such incidents from happening in the future,” said Mingyu. source
  7. As the price of Bitcoin and other cryptocurrencies is surging, the cybercriminal community is exploring the opportunity to steal user funds as every now and then there are incidents involving hackers targeting unsuspecting investors by hacking an exchange and a wallet. The latest victim of a hack attack against cryptocurrencies is the web-based BlackWallet used in storing Stellar Lumens (XLM). Reportedly, hackers successfully targeted BlackWallet this weekend (January 13th) and stole $444,000 in XLM. How hackers hacked BlackWallet The incident has been confirmed by the admin and creator of Blackwallet and an official statement has also been posted on Reddit according to which hackers compromised the hosting account of BlackWallet’s website (BlackWallet.co) then hijacked its DNS (Domain Name Servers) and redirected to a fake website that looked exactly like Blackwallet’s. Following the change, the moment an unsuspected user signed in on the fake website their funds would go straight to the wallet owned by hackers. Moreover, hackers placed a code that with every sign in, would move 20 Lumens (that are needed to keep the wallet intact) to their account. In total, hackers were able to transfer Stellar Lumens (XLM) worth $444,000 majority of which went to SDF and Bittrex cryptocurrency exchange where hackers will probably convert the stolen funds without getting their identity exposed. According to a Tweet by Kevin Beaumont‏, an IT security researcher who examined the code placed by hackers “The DNS hijack of Blackwallet injected code if you had over 20 Lumens it pushes them to a different wallet.” What is next The creator of BlackWallet, on the other hand, has asked hosting firm to disable their account. They have also contacted SDF and Bittrex to freeze the stolen funds however it is unclear if both parties will be able to cooperate or whether there has been any response from them. The BlackWallet admin is also suggesting customers immediately transfer their funds to some other wallet in the event they entered their key on blackwallet. Users can transfer their funds using the stellar account viewer. At the time of publishing this article, BlackWallet’s website was offline and displaying a 403 error. To read previous data breaches and hack attacks against cryptocurrency wallets and exchanges follow this link. source
  8. Extortion can also be funny when it happens to the bad guys, and there's one extortion attempt going on right now that will put a big smile on your face. The victim is Basetools.ws, an underground hacking forum that allows users to trade stolen credit card information, profile data, and spamming tools. The site boasts to have over 150,000 users and over 20,000 tools listed in its forums. Earlier this week, on Tuesday, an anonymous user appears to have breached the site, and uploaded samples of its database online, along with a ransom demand. The attacker is asking for $50,000 or he'll share data on the site's administrator with US authorities, such as the FBI, DHS, DOJ, and the DOT (Department of Treasury). To prove the validity of his claims, the hacker shared an image of the Basetools admin panel and an image containing the site admin's login details and IP address. In addition, the hacker also dumped tools that Basetools users were selling on the site, such as login credentials for C-Panel accounts; login credentials for shells, backdoors, and spambots hosted on hacked sites; credentials for RDP servers; server SSH credentials, user data leaked from various breaches at legitimate sites, and many other more. As soon as the ransom demand and accompanying data was published online, the Basetools portal went offline and entered maintenance mode. "Yeah, the fact that site is down right now certainly doesn't look good for them," security researcher Dylan Katz told Bleeping Computer today regarding the possibility of the ransom demand being a fake breach. Nonetheless, "50k is a pretty steep ransom, seeing as the damange has already been done," Katz added. But financial gain is not the only motivation behind this hack. According to other text included in the ransom demand, the hacker also appears to have carried out the hack out of revenge, claiming the site's operator has been manipulating stats. "Basetools.pw is manipulating EARNING STATS & RESELLER STATS, Owner of this market has opened a reseller with name RedHat which always stays in First Place," the text reads. Lots of sensitive data leaked online Despite the "small potatoes" feel that you get when reading about a breach at a hackers' forum, this security incident is quite of note. All the Basetools seller data that was supposedly being sold on the forums before the hack is now online and easily accessible to anyone. This means that credentials for thousands of servers are now in easy reach to anyone who knows where to look for it. Other hackers could take over these servers and deploy them in spam, malware hosting, or other malicious campaigns. The owners of these services will need to be notified so they can change credentials and clean up affected systems. Furthermore, Katz has also identified user data that appears to come from services that have not previously announced they suffered a data breach. These services will also need to be notified so they can investigate any potential breaches, and reset passwords for affected accounts. Katz is currently processing the leaked data and intends to reach out to some of the affected parties. Article
  9. Hackers broke into British company Piriform’s free software for optimizing computer performance last month potentially allowing them to control the devices of more than two million users, the company and independent researchers said on Monday. The malicious program was slipped into legitimate software called CCleaner, which is downloaded for personal computers and Android phones as often as five million times a week. It cleans up junk programs and advertising cookies to speed up devices. CCleaner is the main product made by London’s Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. At the time of the acquisition, the company said 130 million people used CCleaner. A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s (CSCO.O) Talos unit said. Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software. “There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program. In a blog post, Piriform confirmed that two programs released in August were compromised. It advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to download new versions. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud. Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12. A new, uncompromised version of CCleaner was released the same day and a clean version of CCleaner Cloud was released on Sept. 15, it said. The nature of the attack code suggests that the hacker won access to a machine used to create CCleaner, Williams said. CCleaner does not update automatically, so each person who has installed the problematic version will need to delete it and install a fresh version, he said. Williams said that Talos detected the issue at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs. Piriform said it had worked with U.S. law enforcement to shut down a server located in the United States to which traffic was set to be directed. It said the server was closed down on Sept. 15 “before any known harm was done”. Source
  10. Hackers have stolen proprietary information from the media giant HBO. The leak includes a confidential outline for the fourth episode of the current Game of Thrones season, and episodes of Ballers, Barry, Insecure, and Room 104 are among the loot. The Game of Thrones leak doesn't include the full episode, but there are plenty of spoilers (none are mentioned in this article). It appears that yet another large media outlet has fallen victim to a high-profile hack. After Sony and, indirectly, Netflix, hackers have now compromised the network of the American cable and television network HBO. Sunday evening a mysterious email was sent to reporters, announcing the prominent breach. “Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones……!!!!!!” the email read. While several reports were published, the first by Entertainment Weekly, the actual leaked files were not widely available on the usual pirate sites. However, a few hours ago a website appeared online that claims to hold the ‘treasure trove.’ Winter-leak.com, a reference to the famous Game of Thrones “Winter is Coming” phrase, does indeed list several files that appear to come from HBO. “In a complicate operation, we successfully penetrated in to the HBO Internal Network, Emails, technical platforms, and database and got precious and confidential stuff that blaze your eyes,” the hacker, or hackers write on their website. The hackers claim to have 1.5 terabytes of data from the company. So far, previously unreleased episodes of Ballers, Barry, Insecure and Room 104 are featured on the site. However, there are also three separate archives listed, with over a terabyte of data. Most prominent, perhaps, is a preliminary outline of the fourth episode of the current Game of Thrones season, which will air this coming Sunday. At TorrentFreak, we always strive to find proof for reported leaks, and from what we’ve seen and gathered, it does indeed appear to be the real deal. The Game of Thrones information, for example, lists a preliminary outline of the fourth episode of season 7, including many spoilers. As can be seen below, the outline itself is watermarked by the hackers, with the tagline “HBO is falling.” Perhaps even more unusual, the leak also includes a video, featuring Game of Thrones images, the leaders, and a textual outline of the episode. As with the outline, the videos are available for the third and fourth episode of season 7. HBO’s chairman and CEO, Richard Plepler, has confirmed that the company’s infrastructure was breached, but didn’t mention what information was accessed. He sent an email to employees a few hours ago, informing them about the “cyber incident.” “As most of you have probably heard by now, there has been a cyber incident directed at the company which has resulted in some stolen proprietary information, including some of our programming,” he wrote. “Any intrusion of this nature is obviously disruptive, unsettling, and disturbing for all of us. I can assure you that senior leadership and our extraordinary technology team, along with outside experts, are working round the clock to protect our collective interests.” The full contents of the leaks have yet to be analyzed. It’s doubtful that any Game of Thrones episodes will leak, but there’s likely to be a lot of confidential information in the copied data, which HBO would otherwise prefer to keep to itself. HBO has already mentioned that it’s doing everything in its power to prevent the leaks from spreading any further. In addition, they are also working with law enforcement to track down the people responsible. TorrentFreak
  11. Mukesh Ambani telco says data safe; probe ordered Reliance Jio hacked: Reliance has said that the database is safe and that a probe has been ordered to find out what exactly had happened. Reliance Jio hacked: The company has said that the database is safe and that a probe has been ordered to find out what exactly had happened. (PTI) Reliance Jio hacked: In a major setback to Mukesh Ambani led Reliance Industries today, it has been revealed that its new telco arm Reliance Jio database has been hacked. The company has said that the database is safe and that a probe has been ordered t find out what exactly had happened. The numbers involved are as high as 120 mn, but their exact status is not known yet and this could well turn out to be the biggest data breach ever in India. According to a statement released by Reliance Jio spokesperson, “We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken. After the alleged breach, the data of customers has been uploaded on magicapk.com website, according to Indian Express Online. Among the first to report the hacking was Fonearena.com. IE spoke to Editor Varun Krish who expressed his shock at being able to find the particulars of his and those of his colleagues accounts available. The website concerned is open for search and if anyone puts in a query about any Reliance Jio account, the details are instantly made available. The traffic on the site has surged so much it is crashing frequently. Worryingly, according to Fonearena, Aadhaar numbers are being made available too. Article source
  12. Microsoft has filed a lawsuit against a Chinese company that operates an online service that sells virtual gaming currencies, accusing the company of hacking into Xbox accounts and illegally purchasing game coins via the account owners' credit card. According to court documents obtained by Bleeping Computer, Microsoft discovered the scheme last December, when its employees stumbled upon the iGSKY website, where visitors could purchase gaming currency for various console games, some of which were exclusive to the Xbox platform. iGSKY was hacking into accounts using leaked credentials In order to determine the source of these gaming coins, Microsoft's staff performed six test transactions. Following these transactions, Microsoft's investigators discovered that the site's operators — a company named Gameest International Network Sales, Co. Ltd. — had illegally accessed the accounts of other Xbox users from where they purchased gaming currency using the payment card attached to that account. Microsoft concluded that there was no breach of its systems, but the Chinese company had reused credentials leaked in data breaches at other services. In some cases, iGSKY accessed accounts directly, in other cases, they reset the owner's password, after presumably taking control of his email. iGSKY would then transfer these coins to the Xbox account of the person buying "cheap" gaming currency from its platform. The iGSKY platform boasted it could provide cheap gaming currency for the following games: ArcheAge, Black Desert, Blade and Soul, CSGO, Dofus, Dofus Touch, FIFA 14, FIFA 15, FIFA 16, FIFA 17, Forza Horizon 3, Grand Theft Auto V, Mabinogi, Madden NFL 17, Maple Story, MU Legend, MU Origin, NBA 2K17, NBA Live Mobile, NHL 17, Pokémon GO, Revelation Online, Riders of Icarus, Rocket League, TERA, Tree of Savior, Trove, Twin Saga, and Wildstar. Prices for various of these gaming currency packages where almost half of their real prices on Microsoft's site. iGSKY customers used PayPal or direct payment card transactions to handle payments for their illegal activity, leaving a trail that Microsoft could track. Hackers stole over $2 million in gaming currency After investigating past incidents, Microsoft says it discovered nearly $2 million in fraudulent purchases of virtual gaming currencies. The OS maker said it issued refunds for all these transactions. Microsoft has filed a lawsuit in a California court, and a judge has already frozen the Chinese company's PayPal assets. Microsoft's investigators are still working on unmasking the people behind Gameest, iGSKY's operators. Source
  13. OVER THE PAST year, the Kremlin’s strategy of weaponizing leaks to meddle with democracies around the world has become increasingly clear, first in the US and more recently in France. But a new report by a group of security researchers digs into another layer of those so-called influence operations: how Russian hackers alter documents within those releases of hacked material, planting disinformation alongside legitimate leaks. A new report from researchers at the Citizen Lab group at the University of Toronto’s Munk School of Public Affairs documents a wide-ranging hacking campaign, with ties to known Russian hacker groups. The effort targeted more than 200 individuals, ranging from Russian media to a former Russian prime minister to Russian opposition groups, and assorted government and military personnel from Ukraine to Vietnam. Noteworthy among the leaks: A Russia-focused journalist and author whose emails were not only stolen but altered before their release. Once they appeared on a Russian hactivist site, Russian state media used the disinformation to concoct a CIA conspiracy. The case could provide the clearest evidence yet that Russian hackers have evolved their tactics from merely releasing embarrassing true information to planting false leaks among those facts. “Russia has a long history of experience with disinformation,” says Ron Deibert, the political science professor who led Citizen Lab’s research into the newly uncovered hacking spree. “This is the first case of which I am aware that compares tainted documents to originals associated with a cyber espionage campaign.” Source Subjective Interpretation of Reliability and Accuracy Scales for Evaluating Military Intelligence Emails of Russian Critic Tainted Before Release
  14. UPDATE: 9 p.m. EDT — In a statement to International Business Times regarding the hacking of some user accounts, Spotify said Tuesday evening: “We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.” UPDATE: 7 a.m. EDT — According to some other hackers and people familiar with such matters, the Spotify hack is actually just a dump of resused passwords, and the lack of complex passwords in the list was mentioned as one of the proofs for the claim. If true, and your account details are in that list, it is all the more reason for you to change your password to a complex, secure one. And you should do that not only on Spotify, but for all your online accounts. Original story: Late Monday night, a hacking group revealed the login credentials of thousands of Spotify accounts. In its announcement on Twitter, the Leak Boat said it was 9,000 accounts, but the page that listed all the account details had information of fewer than 6,500 Spotify subscribers. The group, which has previously released hacked accounts from various websites, as well as private videos and photographs of several celebrities, posted the information on a publicly available website. To check the authenticity of the claim, the International Business Times tried a few randomly chosen username and password combinations, and they all gave access to the Spotify subscribers’ accounts. To know if your account was among the 6,410 that are listed on this public page, head over to it and check for your username. If you find your login information on the page, and don’t want it compromised any further, we recommend you change your password immediately. And if you use the same login credentials, especially the same password, on any other websites, we recommend you change those too. Otherwise, you run the risk of having your other online accounts being compromised as well. The Spotify users hacked Monday night are from all over the world. International Business Times has reached out to Spotify for comment, but the music streaming service has yet to respond. Following the Spotify leak, the Leak Boat also invoked recently ousted FBI Director James Comey, in a sarcastic bid to reassure anyone worried by its activities. Members of the Leak Boat seem to have been busy Monday night. They also released a few login credentials for wizard101.com, a website to play a wizard game. The group said it was for kids to enjoy. If you have an account on the website, you can check if you were compromised by checking for your login details on this page. If your account was hacked, you should consider changing your password not just on wizard101.com but on all other websites where you use the same password. Shortly before leaking the Spotify accounts, the group, whose Twitter handle is @SecTeamSix_, said it was considering starting a “Lulzcalypse” — a reference to starting an apocalyptic storm of leaks, only for laughs, at least as seen from its point of view. In later tweets, the group referred to it as a “Leakocalypse,” presumably not finding it all so funny any more. But the very next tweet after the “Lulzocalypse” one from the group said it would release 10 more private videos and/or photographs of celebrities, if it reached 600 followers on the social media platform. The group had 490 followers on Twitter at the time this story was written. Article source
  15. The Outlaw Dark Web market has shut down this week under mysterious circumstances, and while admins said the site closed down after a hack, many believe this was just another exit scam. Outlaw was a veteran of the Dark Web marketplaces, founded way back in 2013. The site was never the most popular destination for online criminals but had a steady following. The market's reputation flourished after the death of Silk Road and after competitors never managed to survive past a few months. The marketplace sold all your regular Dark Web illegal products, from drugs to weapons, and from data dumps to stolen electronics. One of the site's unique features was something called "dead drop," where clients had the option to pick up products from sellers or predetermined spots. Outlaw went down Tuesday and never recovered Outlaw's presence on the Dark Web ended this week. Earlier this week, the website went down, and a message was plastered on its homepage that read: This website has been hacked, the wallet stolen. it’s over. goodbye outlaw market… According to a service that scans the Dark Web, the market was last seen online on Tuesday, May 16. On Friday, one of the site's lower-level admins published a message on Pastebin and Reddit with more details about what happened. The message's text is reproduced below, without the two PGP keys. Hi all As many of you have seen or heard, OUTLAW was recently hacked. Many of you will think that 'the admins ran off with the coins', something I personally think is absolutely not the case. We were always as honest as possible, however apparently it couldn't last. I myself haven't been in contact with the main admins after the site got taken down, so I do not know any specifics. Unfortunately they are very hard (read: impossible) to reach outside the market. For those of you who lost funds, we apologize. Our new TLCE system paid funds out almost as FE, so that might have reduced the amount of funds that were kept on our site. If you set up auto-payout, customers shouldn't have had any funds on the site either. I'm not sure whether EVERYTHING was stolen, and if not, how the admins would be planning on refunding. If anyone stored the OUTLAW BitMessage addresses, please inform me! I guess now's your time to ask questions on how things really went down behind the scenes... Kind regards The message doesn't elaborate how the hack happened. Furthermore, because this message wasn't published by the site's top admins, many believed this was just another exit scam — a scheme often encountered on Dark Web markets where admins close down the site and leave with the Bitcoin stored in customer escrow accounts. "Sounds like Bitcoin [price] got high enough and they wanted to get paid," one Reddit user pointed out yesterday. Earlier in the week, Bitcoin price was around $1,800. Today, Bitcoin has gone over $2,000 for the first time. Outlaw low-level admin stands by "hack" explanation Nonetheless, in an interview published today with a cryptomarket researcher that goes by the nickname of 2CTFM, the same low-level admin who announced the hack said the market never stored that many funds and the admins couldn't have taken more than $20,000. "Last thing I knew on the market was that over $20k that was stuck over that weekend was just released and paid out," the admin said. "They’re either the dumbest exit scammers I know of, or it was not an exit scam at all." "Last weekend the main admins worked hours and hours to solve an issue with the [Bitcoin] mixer which caused many payouts to be stuck. That’s not something you’d do if you were planning on exit scamming," the admin also added. "The only possible thing that could have happened is that they were somehow doxxed and thought by themselves '[expletive] everything, we’re done'." Dark Web markets get hacked all the time In recent years, hackers have targeted Dark Web marketplaces, either to steal their funds or to find bugs they could use to coerce admins into paying ransoms. For example, AlphaBay rewarded a hacker for finding one such bug earlier in January this year, while a month later, the Hansa Dark Web marketplace opened a bug bounty program with rewards up to $10,000 per privately reported bug. Earlier this month, Slovakian authorities shut down the Bloomsfield Dark Web marketplace, arresting two individuals, including the site's top admin. Source
  16. A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Current smart TV hacks aren't not really "dangerous" Until now, all smart TV exploits relied on attackers having physical access to the device, in order to plug in an USB that executes malicious code. Other attacks relied on social engineering, meaning attackers had to trick users into installing a malicious app on their TV. Even the mighty CIA developed a hacking tool named "Weeping Angel," which could take over Samsung smart TVs and turn them into spying devices. But despite its considerable human and financial resources, the CIA and its operators needed physical access to install Weeping Angel, which made it less likely to be used in mass attacks, and was only feasible if deployed on one target at a time, during carefully-planned operations. Because of the many constraints that come with physical and social engineering attacks, Scheel didn't consider any of them as truly dangerous, and decided to create his own. Scheel's attack is remote, no user interaction needed Scheel's method, which he recently presented at a security conference, is different because the attacker can execute it from a remote location, without user interaction, and runs in the TV's background processes, meaning users won't notice when an attacker compromises their TVs. The researcher told Bleeping Computer via email that he developed this technique without knowing about the CIA's Weeping Angel toolkit, which makes his work even more impressing. Furthermore, Scheel says that "about 90% of the TVs sold in the last years are potential victims of similar attacks," highlighting a major flaw in the infrastructure surrounding smart TVs all over the globe. At the center of Scheel's attack is Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable providers and smart TV makers that "harmonizes" classic broadcast, IPTV, and broadband delivery systems. TV transmission signal technologies like DVB-T, DVB-C, or IPTV all support HbbTV. Scheel says that anyone can set up a custom DVB-T transmitter with equipment priced between $50-$150, and start broadcasting a DVB-T signal. Rogue TV signals could deliver malicious HbbTV commands By design, any nearby TV will connect to the stronger signal. Since cable providers send their signals from tens or hundreds of miles away, attacks using rogue DVB-T signals could be mounted on nearby houses, a neighborhood, or small city. Furthermore, an attack could be carried out by mounting the DVB-T transmitter on a drone, targeting a specific room in a building, or flying over an entire city. According to Scheel, the problem is that the HbbTV standard, carried by DVB-T signals and supported by all smart TVS, allows the sending of commands that tell smart TVs to access and load a website in the background. Knowing this, Scheel developed two exploits he hosted on his own website, which when loaded in the TV's built-in browser would execute malicious code, gain root access, and effectively take over the device. For his first exploit, Scheel used CVE-2015-3090, which is one of the Flash zero-days leaked in the Hacking Team 2015 incident. After coding and successfully testing the exploit, Scheel realized that not all smart TV browsers come with the Flash Player plugin enabled by default. Because of this, Scheel developed a second exploit, which exploited an older vulnerability in the Array.prototype.sort() JavaScript function, support by all browsers, even by those shipped with smart TVs. This second exploit allowed him to escalate access from the user's browser to the underlying smart TV firmware, doing the same thing as the first (Flash) attack, but without relying on the presence of the Flash plugin. Attack is almost untraceable Scheel says his attack benefits from the way the smart TV ecosystem has developed. The researcher is referring to the fact that there are much fewer smart TV models on the market and a much higher homogeneity between their operating systems, than compared with personal computers, meaning an attacker could target a wide range of TVs without having to create different versions of his exploit. Furthermore, because delivering smart TV firmware updates isn't a streamlined process, security flaws remain in the wild for years, or in some cases, forever, despite the fact that TV vendors fixed issues many years before. But the best feature of his attack, which makes his discovery extremely dangerous, is the fact that DVB-T, the transmission method for HbbTV commands, is a uni-directional signal, meaning data flows from the attacker to the victim only. This makes the attack traceable only if the attacker is caught transmitting the rogue HbbTV signal in real-time. According to Scheel, an attacker can activate his HbbTV transmitter for one minute, deliver the exploit, and then shut it off for good. Forensics experts investigating the hack would have no way of tracing back the attack to its source over DVB-T unless the attacker started broadcasting again. It's almost impossible to clean infected smart TVs Because the attack takes minutes to execute and the user doesn't notice anything, Scheel's discovery is a technique that's tailor-made for nation-state surveillance operations. The recent WikiLeaks revealed an active interest in hacking embedded (IoT) devices on the CIA's part. In addition, any backdoors added through this method are almost impossible to remove, as the attacker could sabotage any firmware update mechanism and remain on the device until users got rid of their smart TVs. Furthermore, Scheel says factory reset operations didn't help for the devices he tested, and the backdoor he developed remained on the TVs. The researcher says that such a backdoor could be used to run IoT DDoS botnets, use the smart TVs as relay points for attacks on enterprise networks, spy on users via the TV's microphone and camera, steal data stored on the TV, inject ads on the TV (sabotage competitors on the smart TV market), and many other actions. In his presentation, Scheel says that he doesn’t understand the HbbTV security concept. "For me, it's really dangerous to use such an untrusted signal to do something really critical," the researcher said. "In website security, calling a different website would be classified as a vulnerability." But apparently not in smart TVs. Attacks via DVB-C and IPTV are also possible Scheel says he tested his attack with rogue HbbTV commands via DVB-T signals only, but, in theory, the attack should also work over DVB-C (Digital Video Broadcasting - Cable) and IPTV channels as well. The problem of sending rogue HbbTV commands is not anything new. According to Scheel, researchers from Columbia University spotted this issue in 2015, but they were largely ignored by the HbbTV Consortium because they did not include an exploit that hacked the smart TV, which would have guaranteed an adequate response. The researcher has presented his attack at the EBU (European Broadcasting Union) Media Cyber Security Seminar held in Geneva, Switzerland, last month. A video of his presentation, which also includes demonstrations for both DVB-T attacks and proposed mitigations, is embedded below. Source
  17. On Friday, April 7, the FBI arrested Zhengquan Zhang, a 31-year-old IT engineer, who now stands accused of installing malware on his employer's servers to steal proprietary source. Zhang started working for his former employer, KCG Holdings, Inc., in March 2010, first in its New York branch, and then its San Francisco offices. During his stint with the company, a Wall Street securities firm, Zhang worked as a DevOps engineer and was later promoted to a supervisor role, in charge of several other engineers. Among Zhang's duties, according to his LinkedIn page and an FBI affidavit, the suspect was tasked with managing the source code of KCG's trading platform and the trading algorithms the company used to automate some of its financial transactions. Access to this repository was granted only to approved employees and based on encryption keys that decrypted the source code based on each employee's access level. Zhang's hacking uncovered last month On Saturday, March 25, a quantitive analyst working for KCG from home logged in remotely into his work computer. Shortly after, the analyst was disconnected from his session, and on re-opening the connection, the analyst says he discovered that someone had accessed his computer and opened a folder that held his archived email messages. During the following hours, while trying to work, the same analyst was disconnected several times from his account. Understanding that something was wrong, the analyst logged the attacker's unique identifier used to connect to his work computer. The next day, the analyst provided this identifier to the company's security team, who quickly tied it to Zhang's computer. KCG admins revoked Zhang's access, called in authorities, and started an official investigation. Zhang stole proprietary source code This investigation revealed that starting December 2016, when Zhang was promoted to his supervisor role, the suspect installed malware on the company's servers to record credentials for other users. After a review of Zhang's entire activity, KCG says it found evidence that Zhang had used these credentials to access and steal parts of the source code of the company's trading platform and trading algorithms. Zhang was able to successfully steal this source code without triggering any security alerts because in December 2016, when he was promoted to a supervisor role, he also got access to the company's Unix-based network infrastructure. Because of this, he was able to identify and avoid proxy servers tasked with sniffing network traffic. Because these servers were managed by a third-party company, Zhang rerouted traffic to backup proxy servers, managed by KCG, to hide the data transfers that exfiltrated the proprietary source code to a remote server. Zhang confessed to fellow employee After KCG cut off Zhang's access to all his work accounts on Sunday, the next day, on Monday, Zhang admitted his wrongdoings in an email sent to a KCG employee, Zhang's former supervisor. According to the email, obtained by the FBI, Zhang said he knew this [blocking of his accounts] "would happen because [of] what I did in the past few days and Saturday." "I am still questioning myself why I did that," Zhang added. In the email, Zhang admitted to planting malware on the company's servers and remotely accessing the accounts of several other KCG employees, besides the quantitive analyst who initially detected his actions. Zhang says he feared for his job The email then continued with Zhang explaining to the other KCG employee that he took these extreme actions because he heard of a potential acquisition and feared he would lose his job after the acquisition's completion. He started hacking other employees looking for more information on the company's plans. Yet, this doesn't explain why he stole the company's source code. On Friday, April 7, Virtu Financial, Inc. agreed to purchase KCG for almost $1.4 billion. The Department of Justice charged Zhang with one count of theft of trade secrets, which carries a maximum sentence of 10 years in prison and a maximum fine of $250,000 or twice the gross gain or loss from the offense. Source
  18. Five inmates from the Marion Correctional Institution (MCI) built two computers from spare parts, hid them in the ceiling of a training room closet, and used them to hack into the prison's network. Their actions were discovered in July 2015, when the prison's IT staff switched internal proxy servers from Microsoft to WebSense (now part of Forcepoint). These servers, designed to monitor and report suspicious traffic, immediately started reporting issues. Prison IT staff started receiving weird alerts In the beginning, MCI admins received reports that the user account, belonging to a prison contractor, was exceeding daily traffic quotas. While other employees had also surpassed their daily traffic threshold, the problem was that these reports were coming in the days when that employee was off duty. Things got weirder a few days later when admins received reports that the same employee was attempting to avoid the traffic monitoring proxies. At this point, the prison's IT staff decided to investigate further. Their suspicion that something was wrong was confirmed moments later when they traced back the traffic to a computer with the name "-lab9-", a name inconsistent with the prison's internal computer naming scheme. Computers hid in a closet's ceiling The prison staff started an investigation and tracked suspicious network traffic to port 16 of a switch located in the prison's P3 training room. Network hub located in MCI Training Room P3 [ODRC] When they got to the switch, IT staffers followed the network cable plugged into port 16 to a nearby closet, and up into the ceiling. Removing the ceiling tiles, prison employees found two fully-working computers, placed on two pieces of plywood. Location in ceiling where the computers were found [ODRC] Inmates used parts from prison's recycling program According to a report released yesterday by the Ohio Department of Rehabilitation and Correction's (ODRC), the agency says it identified the five prisoners who built the PCs. The five inmates managed to build their two PCs because they were part of the prison's Green Initiative program where they worked in trash management and electronics recycling. Inmates hacked prison network A forensic analysis of the hard drives found in the two PCs found legitimate software, hacking tools, and traces of illegal activities. According to the Office of the Ohio Inspector General, the two hard drives contained: According to investigators, the inmates used these tools to capture network traffic, move laterally in the prison's network, crack passwords for active user accounts, and use these accounts to access the prison's network. They used this access to collect personal information for other inmates, apply for credit cards in the names of other inmates, and issued passes for other inmates. Prison staff shares some of the blame Following the discovery of these tools and inmates actions, the ODRC moved the suspects to other institutions in November 2015. The Office of the Ohio Inspector General also found that MCI staffers were also at fault. First for failing to supervise inmates (who built two frickin' computers while in prison), and second for failure to force employees to change passwords every 90 days. The findings from this investigation have been forwarded to the Marion County Prosecutor’s Office and the Ohio Ethics Commission for consideration of any punishments. Source
  19. jbleck

    Hacked - Cassa Edile Toscana

    This is what http://www.cert.toscana.it/ looks like atm... This is supposed to be an italian institution for the region Toscana. I need to pay my taxes damnit!!
  20. A group of highly talented and well resourced hackers are spying on the Israeli Defense Force by hacking into the personal smartphones of individual soldiers, according to newly released research by Lookoutand Kaspersky. More than a 100 Israeli servicemen are believed to have been effectively targeted with the spyware. Dubbed ViperRAT, the clandestine hacking collective was found actively hijacking soldiers’ Android-based smartphones to remotely siphon images and audio directly from the devices. By compromising dozens of mobile devices, researchers say that the hackers were able to successfully establish an expansive espionage campaign. Highly sophisticated malware allowed the attackers to control each phone’s microphone and camera. In effect, the hackers were able to eavesdrop on soldiers’ conversations and also peer into live camera footage — wherever an affected smartphone’s camera would be pointed, that vantage point could have also been viewable to the hackers. In addition, the malware forces the smartphone to transfer geolocation, call log, and cellphone tower information, network and device metadata, personal photos, SMS messages, internet browsing and application download history, to a mysterious server. A vast majority — roughly 97 percent — of the total 8,929 files that were exfiltrated by the hackers via IDF phones were identified by Lookout researchers as being encrypted images, which were taken using the phone’s own camera. The IDF worked closely together with private industry, including Kaspersky Labs, to investigate this incident, which first gained notoriety several months ago when a cohort of fake users on a popular dating application began sending malicious links to Israeli servicemen. At the time, it was theorized that Hamas was behind these attacks. It is now clear that this elaborate social engineering scheme was part of a much larger espionage effort driven by a far more advanced actor. “Hamas is not widely known for having a sophisticated mobile capability, which makes it unlikely they are directly responsible for ViperRAT,” a Lookout blog post reads. “ViperRAT has been operational for quite some time, with what appears to be a test application that surfaced in late 2015. Many of the default strings in this application are in Arabic, including the name. It is unclear whether this means early samples were targeting Arabic speakers or if the developers behind it are fluent in Arabic. This leads us to believe this is another actor.” Lookout’s research team found that ViperRat used several different mechanisms to infect devices. With the dating application honeypot, soldiers were encouraged by what appeared to be a young woman to download a trojanized version of two different, typically legitimate chat applications, SR Chat and YeeCall Pro. Other Android smartphone applications common to Israeli citizens and available in the Google Play store — including a billiards game, an Israeli Love Songs player, and a Move To iOS app — where found to contain hidden ViperRat malware. Source
  21. Ticketing company Ticketmaster is being accused in a lawsuit of using information provided by a former employee of a rival company to hack into that rival's databases In documents from a California federal court published on Wednesday, Ticketmaster is accused of hiring away an executive from CrowdSurge (a company which merged with Songkick). That executive allegedly kept tens of thousands of internal company documents from his former employer, and gained unauthorised access to CrowdSurge's internal systems, the suit claims. We first heard about the case via Variety, and you can read the new court filing in full below. Ticketmaster did not immediately respond to Business Insider's request for comment on the allegations. The executive, Stephen Mead, was allegedly asked "to use his knowledge of CrowdSurge’s internal systems to improperly access those systems for purposes of monitoring CrowdSurge’s potential and actual artist- clients, staying abreast of what CrowdSurge was doing and, ultimately, to 'cut [CrowdSurge] off at the knees.'" The documents continue to allege that Mead was "willing and eager to share the requested confidential CrowdSurge information with Zaidi and others at Ticketmaster because Mead’s goal, like those of Defendants generally, was to 'bring down the hammer on CrowdSurge.'" Mead allegedly had kept 85,000 documents after leaving CrowdSurge, including "confidential weekly head of department reports containing valuable, non-public strategic and financial information; dozens of usernames and passwords to confidential CrowdSurge tools; client lists; presentations to CrowdSurge’s Board of Directors; contracts; and internal corporate business plans and strategies." In one alleged email quoted by the court filing, Mead apparently tells other executives: "So ahead of our call later today I’ve pulled together some info from CS that might be useful as insight into their operations." He also allegedly provided login details that allowed Ticketmaster executives to improperly access CrowdSurge's systems. An alleged email quotes him as warning about not drawing attention to their activities: "I must stress that as this is access to a live CS tool I would be careful in what you click on as it would be best not the [sic] giveaway that we are snooping around," it said. In a statement, Ticketmaster told Variety: "Songkick has been forced to conjure up a new set of dubious arguments and theories, resulting in the amended complaint they recently filed ... Songkick’s amended complaint is based on the alleged misappropriation of information that Songkick did not even try to keep secret, in some cases could not have kept secret, and in some cases shared with artist managers that work for Live Nation. The claims have no legal merit and Live Nation and Ticketmaster will continue to vigorously defend this case." Here's the full court filing: https://drive.google.com/file/d/0B5buBct5cGDZandwOFhOUUJ0MVE/view By Rob Price http://www.businessinsider.de/ticketmaster-accused-hacking-rival-crowdsurge-antitrust-case-2017-2?r=UK&IR=T
  22. Trend Micro confirms a content spoofing vulnerability allowed fake articles onto its blog and says firms should respond honestly and swiftly In an era of unprecedented cyberthreats, many organisations turn to security firms for guidance on how to prevent and respond to incidents, and to their researchers for information about the latest threats. But just to illustrate that you can never be too careful, cybersecurity specialist Trend Micro has confirmed that one of the blogs it uses to communicate with customers was itself the victim of a content spoofing attack. The culprits exploited a vulnerability in WordPress to inject fake content onto the blog before it was removed by Trend Micro and the bug fixed. Trend Micro’s RSS feed Trend Micro attack Global head of security research Rik Ferguson confirmed the ‘low level’ incident to Silicon and said it goes to show how breaches are an unfortunate fact of life and that companies should be judged on how they respond. “We got reports from many researchers, regarding attacks using this vector and we deployed a custom policy to block the attacks,” he explained. “Unfortunately there are many different URLs attackers can use to carry out the same attack, so a couple of fake ‘articles’ ended up posted on CounterMeasures. We have responded and shut down the vulnerability completely to resolve the issue. “Just serves to demonstrate something that I have often repeated in presentations, we are all a potential victim of digital attacks and we can’t afford to take our eyes off the ball at any time. The best way to respond to any attack of this nature is with honesty and alacrity, and that’s what we have endeavoured to do. “Of course technology and best practice can mitigate the vast majority of intrusion attempts, but when one is successful, even one as low-level as this, you are more defined by how you respond than you are by the fact that it happened.” One notable content spoofing attack hijacked router DNS settings to intercept Google Analytics tags and replace them with pornography and adverts. By Steve McCaskill http://www.silicon.co.uk/security/trendmicro-blog-security-205197
  23. That did not take long! Windows 10 Cloud has not been revealed officially yet, but someone managed to hack the operating system already to run legacy Win32 programs on it. Windows 10 Cloud leaked earlier this month, and first impressions revealed that it looked like a revival of Microsoft's -- failed -- Windows RT operating system. Windows RT was released alongside Windows 8 as a low cost solution. Microsoft's marketing back then did a bad job at highlighting to customers that Windows RT would not run Win32 programs- Windows 10 Cloud looked to be in the same boat initially when the first ISO of it leaked on the Internet. It was revealed then however that users can upgrade the operating system to Windows 10 Pro, and that Windows 10 Cloud may be free. via Longhorn Note: Microsoft has not confirmed any of this yet. It is possible that things may change along the way. The leaked version of Windows 10 Cloud supports Windows Store apps and legacy Win32 programs that Microsoft whitelisted. Any Win32 program not on that list, and there are several that ship with Windows 10 Cloud that don't, won't run by default but will throw an error message instead: The app you're trying to install isn't designed for Windows Cloud. Windows Cloud helps protect your PC by running on Windows Store apps. Still want to install the app? See How. The last sentence of the notification that users see when they try to run programs that are not whitelisted provides them with an option to upgrade the operating system to Windows 10 Pro. This highlights one of the major difference to Windows RT, which did not ship with such an option. The upgrade option, and the fact that Windows 10 Cloud runs on x86 processors indicated strongly that Microsoft must have implemented a software restriction that prevents legacy Win32 programs from running on the operating system. Jürgen Born suspects that Device Guard is used in Windows 10 Cloud to allow or block applications and programs based on signatures. A Twitter user by the name of Longhorn posted a screenshot yesterday that showed Google Chrome and the Desktop App Converter running on a Windows 10 Cloud machine. He managed to hack the restrictions of Windows 10 Cloud to run Google Chrome and the Desktop App Converter on a Windows 10 Cloud device. The user did not reveal how it was done. Information about the protection and how to circumvent it were published on the user's blog. At the end, Windows Cloud is nothing more or less than a Professional variant with UMCI enforced. At the end, Windows Cloud is nothing more or less than a Professional variant with UMCI enforced. As such, its compatibility with existing Windows software* is only and solely prevented by having UMCI enabled and active. While command, powershell, regedit and other core Windows features that give users control over the operating system are blocked, Linux Bash is not apparently. This allowed him to enable test signing of programs, and run a handful of other commands to get the legacy Win32 programs to run on Windows 10 Cloud Provided that the screenshot is not fake, it shows that the built-in protection is not as protective as Microsoft would hope it to be. Microsoft has not announced Windows Cloud officially yet. Considering that it is still in development, it can be that Bash support will be dropped in future builds. Since the methods used to get Chrome and the Desktop App Converter to run were not revealed, we don't know how complex of an operation the hack is. Article source
  24. Hackers infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts, according to the police and the city’s technology office. City officials said ransomware left police cameras unable to record between Jan. 12 and Jan. 15. The cyberattack affected 123 of 187 network video recorders in a closed-circuit TV system for public spaces across the city, the officials said late Friday. Brian Ebert, a Secret Service official, said the safety of the public or protectees was never jeopardized. Archana Vemulapalli, the city’s Chief Technology Officer, said the city paid no ransom and resolved the problem by taking the devices offline, removing all software and restarting the system at each site. An investigation into the source of the hack continues, said Vemulapalli, who said the intrusion was confined to the police CCTV cameras that monitor public areas and did not extend deeper into D.C. computer networks. Ransomware is malware that is said to be proliferating. It infects computers, often when users click on a link or open an attachment in an email. It then encrypts files or otherwise locks users out until they pay. The D.C. hack appeared to be an extortion effort that”was localized” and did not affect criminal investigations, city officials said. On Jan. 12 D.C. police noticed four camera sites were not functioning properly and told OCTO. The technology office found two forms of ransomware in the four recording devices and launched a citywide sweep of the network where they found more infected sites, said Vemulapalli. The network video recorders are connected to as many as four cameras at each site, she said. “There was no access from these devices into our environment,” Vemulapalli said. Interim Police Chief Peter Newsham said that police worked with OCTO but that the incident was limited to about 48 hours He said there was “no significant impact” overall. City officials declined to say who they suspected in the attack. Source
  25. Hacker Steals 900 GB of Cellebrite Data This is part of an ongoing Motherboard series on the proliferation of phone cracking technology, the people behind it, and who is buying it. Follow along here. The hackers have been hacked. Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products. The breach is the latest chapter in a growing trend of hackers taking matters into their own hands, and stealing information from companies that specialize in surveillance or hacking technologies. Cellebrite is an Israeli company whose main product, a typically laptop-sized device called the Universal Forensic Extraction Device (UFED), can rip data from thousands of different models of mobile phones. That data can include SMS messages, emails, call logs, and much more, as long as the UFED user is in physical possession of the phone. Cellebrite is popular with US federal and state law enforcement, and, according to the hacked data, possibly also with authoritarian regimes such as Russia, the United Arab Emirates, and Turkey. The data appears to have been taken, at least in part, from servers related to Cellebrite's website. The cache includes alleged usernames and passwords for logging into Cellebrite databases connected to the company's my.cellebrite domain. This section of the site is used by customers to, among other things, access new software versions. Motherboard verified the email addresses in the cache by attempting to create accounts on Cellebrite's customer login portal. In the majority of cases, this was not possible because the email address was already in use. A customer included in the data confirmed some of their details. The dump also contains what appears to be evidence files from seized mobile phones, and logs from Cellebrite devices. According to the hacker, and judging by timestamps on some of the files, some of the data may have been pulled from Cellebrite servers last year. “Cellebrite recently experienced unauthorized access to an external web server,” the company said in a statement on Thursday after Motherboard informed it of the breach. “The company is conducting an investigation to determine the extent of the breach. The impacted server included a legacy database backup of my.Cellebrite, the company’s end user license management system. The company had previously migrated to a new user accounts system. Presently, it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system,” the statement continues. Cellebrite advised customers to change their passwords as a precaution, and added that it is working with relevant authorities to assist in their investigation. Access to Cellebrite's systems has been traded among a select few in IRC chat rooms, according to the hacker. “To be honest, had it not been for the recent stance taken by Western governments no one would have known but us,” the hacker told Motherboard. The hacker expressed disdain for recent changes in surveillance legislation. In 2014 a hacker calling themselves “PhineasFisher” publicly released 40GB of data from surveillance company Gamma International. Gamma makes intrusion software that can remotely switch on a target's webcam, siphon off their emails, and much more. The following year, PhineasFisher targeted Italian company Hacking Team, and published a trove of emails and other internal documents from the company. Although the terms of this Cellebrite breach are somewhat different—the hacker has not dumped the files online for anyone to download—similarities seem to remain, especially in the hacker's vigilante motivation. The hacker, however, remained vague as to the true extent of what they had done to Cellebrite's systems. “I can't say too much about what has been done,” the hacker told Motherboard. “It's one thing to slap them, it's a very different thing to take pictures of [their] balls hanging out.” Source
×