GoDaddy Managed WordPress compromised, 1.2m peoples data exposed – sftp, ssl keys, admin passwords, etc

GoDaddy has admitted to America’s financial watchdog that one or more miscreants broke into its systems and potentially accessed a huge amount of customer data, from email addresses to SSL private keys. In a filing on Monday to the SEC, the internet giant said that on November 17 it discovered an “unauthorized third-party” had been Read more about GoDaddy Managed WordPress compromised, 1.2m peoples data exposed – sftp, ssl keys, admin passwords, etc[…]

Project Collects ‘Every’ NFT In One Giant 20TB Download

Hours ago, a website appeared online with the express purpose of hosting a nearly 20TB torrent (that’s terabytes, folks, the big boys of digital data measurement) containing every NFT available through the Ethereum and Solana blockchains. The NFT Bay, whose name and overall design riff on iconic torrent database The Pirate Bay, is the work Read more about Project Collects ‘Every’ NFT In One Giant 20TB Download[…]

Canadian teen arrested for stealing $36.5m of cryptocurrency

A Canadian teenager has been arrested for allegedly stealing $37 million worth of cryptocurrency ($46M Canadian) via a SIM swap scam, making it the largest virtual cash heist affecting a single person yet, according to police. Together with the FBI and the US Secret Service Electronic Crimes Task Force, Hamilton Police in the Canadian province Read more about Canadian teen arrested for stealing $36.5m of cryptocurrency[…]

Amazon textbook rental service scammed for $1.5m

A 36-year-old man from Portage, Michigan, was arrested on Thursday for allegedly renting thousands of textbooks from Amazon and selling them rather than returning them. […] Also indicted were three alleged co-conspirators: Gregory Mark Gleesing, 43, and Lovedeep Singh Dhanoa, 25, both from Portage, Michigan, and Paul Steven Larson, 32, from Kalamazoo, Michigan From January Read more about Amazon textbook rental service scammed for $1.5m[…]

FBI email servers were hacked to target a security researcher

The FBI appears to have been used as a pawn in a fight between hackers and security researchers. According to Bleeping Computer, the FBI has confirmed intruders compromised its email servers early today (November 13th) to send fake messages claiming recipients had fallen prone to data breaches. The emails tried to pin the non-existent attacks Read more about FBI email servers were hacked to target a security researcher[…]

ChaosDB Explained: Azure’s Cosmos DB Vulnerability Walkthrough – how to pwn all MS Azure’s hosted databases for all customers – also shows value of responsible disclosure

This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers. In August 2021, we disclosed to Microsoft a new vulnerability in Cosmos DB that ultimately allowed us Read more about ChaosDB Explained: Azure’s Cosmos DB Vulnerability Walkthrough – how to pwn all MS Azure’s hosted databases for all customers – also shows value of responsible disclosure[…]

Got Anything To Talk About? These Dutch Hackers Want You To Say It To Them

As we head into another Northern Hemisphere pandemic winter and hope that things won’t be quite as bad this year, next summer seems an extremely long time away in the future. But it will be upon us sooner than we might think, and along with it will we hope come a resumption of full-scale hacker Read more about Got Anything To Talk About? These Dutch Hackers Want You To Say It To Them[…]

Robinhood Hack Compromises Millions of Customer Email Addresses

Someone recently hacked and attempted to extort Robinhood, the popular investment and trading platform, gaining access to millions of customers’ email addresses and full names in the process. The platform revealed the security incident in a blog post published Monday, assuring users that nobody had lost any money as a result of the incident. “An Read more about Robinhood Hack Compromises Millions of Customer Email Addresses[…]

Hackers steal $130 million from Cream Finance; the company’s 3rd hack this year

Hackers have stolen an estimated $130 million worth of cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations. The incident, detected earlier today by blockchain security firms PeckShield and SlowMist, was confirmed by the Cream Finance team earlier today. The attackers are believed to have found a vulnerability Read more about Hackers steal $130 million from Cream Finance; the company’s 3rd hack this year[…]

Hacker steals government ID database for Argentina’s entire population

A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles. The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons. The agency is a crucial cog Read more about Hacker steals government ID database for Argentina’s entire population[…]

Cybercrime Group Has Hacked Telecoms All Over the World since at least 2016

[…]A hacker gang, […] has been infiltrating telecoms throughout the world to steal phone records, text messages, and associated metadata directly from carrier users. That’s according to a new report from cybersecurity firm CrowdStrike, which published a technical analysis of the mysterious group’s hacking campaign on Tuesday. The report, which goes into a significant amount Read more about Cybercrime Group Has Hacked Telecoms All Over the World since at least 2016[…]

LANtenna attack reveals Ethernet cable traffic contents from a distance

An Israeli researcher has demonstrated that LAN cables’ radio frequency emissions can be read by using a $30 off-the-shelf setup, potentially opening the door to fully developed cable-sniffing attacks. Mordechai Guri of Israel’s Ben Gurion University of the Negev described the disarmingly simple technique to The Register, which consists of putting an ordinary radio antenna Read more about LANtenna attack reveals Ethernet cable traffic contents from a distance[…]

Woman Allegedly Hacked Flight School, Cleared Planes With Maintenance Issues to Fly

A woman allegedly hacked into the systems of a flight training school in Florida to delete and tamper with information related to the school’s airplanes. In some cases, planes that previously had maintenance issues had been “cleared” to fly, according to a police report. The hack, according to the school’s CEO, could have put pilots Read more about Woman Allegedly Hacked Flight School, Cleared Planes With Maintenance Issues to Fly[…]

Microsoft said it mitigated a 2.4 Tbps DDoS attack, the largest ever

Microsoft said its Azure cloud service mitigated a 2.4 terabytes per second (Tbps) distributed denial of service attack this year, at the end of August, representing the largest DDoS attack recorded to date. Amir Dahan, Senior Program Manager for Azure Networking, said the attack was carried out using a botnet of approximately 70,000 bots primarily Read more about Microsoft said it mitigated a 2.4 Tbps DDoS attack, the largest ever[…]

Neiman Marcus Breach Exposes Data Of 4.6 Million Users

Another day, another massive privacy breach nobody will do much about. This time it’s Neiman Marcus, which issued a statement indicating that the personal data of roughly 4.6 million U.S. consumers was exposed thanks to a previously undisclosed data breach that occurred last year. According to the company, the data exposed included login in information, Read more about Neiman Marcus Breach Exposes Data Of 4.6 Million Users[…]

The entirety of Twitch has reportedly been leaked – change your password!

An anonymous hacker claims to have leaked the entirety of Twitch, including its source code and user payout information. The user posted a 125GB torrent link to 4chan on Wednesday, stating that the leak was intended to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic Read more about The entirety of Twitch has reportedly been leaked – change your password![…]

Company That Routes Billions of Text Messages Quietly Says It Was Hacked – for years (you know, the messages we now use for 2FA)

A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide. The company, Read more about Company That Routes Billions of Text Messages Quietly Says It Was Hacked – for years (you know, the messages we now use for 2FA)[…]

Hackers Rob Thousands Coinbase Customers through SMS MFA Flaw – discloses today, happened around the IPO

Coinbase, a major U.S.-based bitcoin and cryptocurrency exchange, disclosed today that a hacker was able to bypass the company’s SMS multi-factor authentication mechanism and steal funds from 6,000 users, Bleeping Computer reported. The breach of Coinbase customers’ accounts happened between March and May 20, 2021, in a hacking campaign that combined phishing scams and a Read more about Hackers Rob Thousands Coinbase Customers through SMS MFA Flaw – discloses today, happened around the IPO[…]

New GriftHorse malware has infected more than 10 million Android phones

Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis. Discovered by mobile security firm Zimperium, the new GriftHorse malware has been distributed via benign-looking apps uploaded Read more about New GriftHorse malware has infected more than 10 million Android phones[…]

110,000 Affected by Epik Breach – Including Those Who Trusted Epik to Hide Their Identity as hate mongerers

Epik’s massive data breach is already affecting lives. Today the Washington Post describes a real estate agent in Pompano Beach who urged buyers on Facebook to move to “the most beautiful State.” His name and personal details “were found on invoices suggesting he had once paid for websites with names such as racisminc.com, whitesencyclopedia.com, christiansagainstisrael.com Read more about 110,000 Affected by Epik Breach – Including Those Who Trusted Epik to Hide Their Identity as hate mongerers[…]

Hackers leak LinkedIn 700 million June data scrape

A collection containing data about more than 700 million users, believed to have been scraped from LinkedIn, was leaked online this week after hackers previously tried to sell it earlier this year in June. The collection, obtained by The Record from a source, is currently being shared in private Telegram channels in the form of a torrent file Read more about Hackers leak LinkedIn 700 million June data scrape[…]

FBI Had REvil’s Kaseya Ransomware Decryption Key for Weeks

The Kaseya ransomware attack, which occurred in July and affected as many as 1,500 companies worldwide, was a big, destructive mess—one of the largest and most unwieldy of its kind in recent memory. But new information shows the FBI could have lightened the blow victims suffered but chose not to. A new report from the Read more about FBI Had REvil’s Kaseya Ransomware Decryption Key for Weeks[…]

Alaska discloses ‘sophisticated’ nation-state cyberattack on health service

Alaska discloses ‘sophisticated’ nation-state cyberattack on health service A nation-state cyber-espionage group has gained access to the IT network of the Alaska Department of Health and Social Service (DHSS), the agency said last week. The attack, which is still being investigated, was discovered on May 2, earlier this year, by a security firm, which notified Read more about Alaska discloses ‘sophisticated’ nation-state cyberattack on health service[…]

Hackers leak passwords for 500,000 Fortinet VPN accounts

A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid. […] The list of Fortinet credentials was Read more about Hackers leak passwords for 500,000 Fortinet VPN accounts[…]

FTC bans spyware maker SpyFone, and orders it to notify hacked victims

The Federal Trade Commission has unanimously voted to ban the spyware maker SpyFone and its chief executive Scott Zuckerman from the surveillance industry, the first order of its kind, after the agency accused the company of harvesting mobile data on thousands of people and leaving it on the open internet. The agency said SpyFone “secretly Read more about FTC bans spyware maker SpyFone, and orders it to notify hacked victims[…]