US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day

One of the USA’s largest oil pipelines has been shut by ransomware, leading the nation’s Federal Motor Carrier Safety Administration to issue a regional emergency declaration permitting the transport of fuel by road. The Colonial Pipeline says it carries 100 million gallons a day of refined fuels between Houston, Texas, and New York Harbor, or Read more about US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day[…]

Tesla Cars Hacked Remotely From Drone via Zero-Click Exploit

[…] The attack, dubbed TBONE, involves exploitation of two vulnerabilities affecting ConnMan, an internet connection manager for embedded devices. An attacker can exploit these flaws to take full control of the infotainment system of a Tesla without any user interaction. A hacker who exploits the vulnerabilities can perform any task that a regular user could Read more about Tesla Cars Hacked Remotely From Drone via Zero-Click Exploit[…]

China behind another hack as U.S. cybersecurity issues mount

China is behind a newly discovered series of hacks against key targets in the U.S. government, private companies and the country’s critical infrastructure, cybersecurity firm Mandiant said Wednesday. The hack works by breaking into Pulse Secure, a program that businesses often use to let workers remotely connect to their offices. The company announced Tuesday how Read more about China behind another hack as U.S. cybersecurity issues mount[…]

Passwordstate password manager Hacked, Exposing Users’ Passwords for 28 Hours with automatic update

Passwordstate, the enterprise password manager offered by Australian software developer Click Studios, was hacked earlier this week, exposing the passwords of an undisclosed number of its clients for approximately 28 hours. The hack was carried out through an upgrade feature for the password manager and potentially harvested the passwords of those who carried out upgrades. Read more about Passwordstate password manager Hacked, Exposing Users’ Passwords for 28 Hours with automatic update[…]

A Hacker Got All My Texts for $16 – SMS forwarding is a real problem for 2fa

I didn’t expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received texts that were meant for me that he had intercepted. Later he took over Read more about A Hacker Got All My Texts for $16 – SMS forwarding is a real problem for 2fa[…]

US investigates code testing hack that could affect thousands of companies

[…] A recent breach has prompted fears of another SolarWinds-style hack that could have ramifications for numerous large companies. Reuters reports that federal officials are investigating a hack at Codecov, a code testing firm with 29,000 customers that include Proctor & Gamble, the Washington Post and tech companies like Atlassian and GoDaddy. The intrusion appears Read more about US investigates code testing hack that could affect thousands of companies[…]

Aussie biz Azimuth cracked San Bernardino shooter’s iPhone, ending Apple-FBI privacy standoff in 2015

Australian security firm Azimuth has been identified as the experts who managed to crack a mass shooter’s iPhone that was at the center of an encryption standoff between the FBI and Apple. Until this week it had largely been assumed that Israeli outfit Cellebrite was hired to forcibly unlock an encrypted iPhone 5C used by Read more about Aussie biz Azimuth cracked San Bernardino shooter’s iPhone, ending Apple-FBI privacy standoff in 2015[…]

Millions of passwords leaked by hacked webshop Allekabels.nl

Webshop Allekabels has leaked private data and passwords of millions of Dutch people. It may be the largest password data breach in the Netherlands ever. Allekabels’ stolen database, containing the private data of some 3.6 million people, was put up for sale on a hacker forum at the end of January for a sum of Read more about Millions of passwords leaked by hacked webshop Allekabels.nl[…]

SolarWinds hack was done by Kremlin’s APT29 crew, say UK and US

Russia’s infamous APT 29, aka Cozy Bear, was behind the SolarWinds Orion attack, the US and UK governments said today as America slapped sanctions on Russian infosec companies as well as expelling diplomats from that country’s US embassy. One of the sanctioned companies is Positive Technologies, familiar in the West for, among other things, in-depth Read more about SolarWinds hack was done by Kremlin’s APT29 crew, say UK and US[…]

FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins

The FBI deleted web shells installed by criminals on hundreds of Microsoft Exchange servers across the United States, it was revealed on Tuesday. The Feds were given approval by the courts to carry out the deletions, which occurred without first warning the servers’ owners, following the discovery and exploitation of critical vulnerabilities in the enterprise Read more about FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins[…]

Clubhouse Data Leak – 1.3M SQL Database Leaked Online. Wait, they had 1.3M users? Doubt it

Days after scraped data from more than a billion Facebook and LinkedIn profiles, collectively speaking, was put for sale online, it looks like now it’s Clubhouse’s turn. The upstart platform seems to have experienced the same fate, with an SQL database containing 1.3 million scraped Clubhouse user records leaked for free on a popular hacker Read more about Clubhouse Data Leak – 1.3M SQL Database Leaked Online. Wait, they had 1.3M users? Doubt it[…]

Your WhatsApp account can be suspended by anyone who has your phone number

It’s possible for an attacker to completely suspend your WhatsApp account, without any recourse for the individual user, and all they need is your phone number. At the time of writing there’s no solution for this issue. This newly-discovered flaw uses two separate vectors. The attacker installs WhatsApp on a new device and enters your Read more about Your WhatsApp account can be suspended by anyone who has your phone number[…]

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

We updated our personal data leak checker database with more than 780,000 email addresses associated with this leak. Use it to find out if your LinkedIn profile has been scraped by the threat actors. Days after a massive Facebook data leak made the headlines, it seems like we’re in for another one, this time involving Read more about Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof[…]

Clothes retailer Fatface: Someone’s broken in and accessed your personal data, including partial card payment details… Don’t tell anyone

British clothes retailer Fatface has infuriated some customers by telling them “an unauthorised third party” gained access to systems holding their data earlier this year, and then asking them to keep news of the blunder to themselves. Several people wrote into The Register to let us know about the personal data leak, with reader Terry Read more about Clothes retailer Fatface: Someone’s broken in and accessed your personal data, including partial card payment details… Don’t tell anyone[…]

Guns.Com Got Hacked – personal data available on forum

Watch out, firearm lovers. The subtly-named guns.com, a place where Americans can go to pick out whatever stylish boomstick they like and have it shipped straight to their neck of the woods, seems to have a pretty awful data breach on its hands. Back in January, a hacker temporarily disabled the company’s website, interfering with Read more about Guns.Com Got Hacked – personal data available on forum[…]

A Crash Course On Sniffing & Inserting commands into Bluetooth Low Energy

Bluetooth Low Energy (BLE) is everywhere these days. If you fire up a scanner on your phone and walk around the neighborhood, we’d be willing to bet you’d pick up dozens if not hundreds of devices. By extension, from fitness bands to light bulbs, it’s equally likely that you’re going to want to talk to Read more about A Crash Course On Sniffing & Inserting commands into Bluetooth Low Energy[…]

Dutch ISPs and Webhoster TransIP hit by DDOS

Several internet companies repelled DDOS attacks on Monday night. Among them are at least three Internet providers Freedom Internet, Tweak and Kabelnoord. Web hosting company TransIP also faced a DDOS attack targeting so-called name servers on Monday. While averting this attack and resolving its consequences, the company was hit by a second, more violent attack Read more about Dutch ISPs and Webhoster TransIP hit by DDOS[…]

Cracking of Sky CC app dealt major blow to organised crime

The cracking of the expensive messaging app, called “Sky ECC,” was what allowed over 1,500 police officers across Belgium to be simultaneously deployed in at least 200 raids, many of which were centred around Antwerp and involved special forces. Investigators succeeded in cracking Sky ECC at the end of last year, according to reporting by Read more about Cracking of Sky CC app dealt major blow to organised crime[…]

Hackers Looted Passenger Data From Some of the Biggest Airlines through Supplier SITA

SITA, a data firm that works with some of the world’s largest airlines, announced Thursday that it had been the victim of a “highly sophisticated cyberattack,” the likes of which compromised information on hundreds of thousands of airline passengers all over the world. The attack, which occurred in February, targeted data stored on SITA’s Passenger Service Read more about Hackers Looted Passenger Data From Some of the Biggest Airlines through Supplier SITA[…]

The “Crazy Huge Hack” of Microsoft, Explained – it dwarfs SolarWinds

Last week, Microsoft announced that the on-premises version of its widely used email and calendaring product Exchange had several previously undisclosed security flaws. These flaws, the company said, were being used by foreign threat actors to hack into the networks of U.S. businesses and governments, primarily to steal large troves of email data. Since then, Read more about The “Crazy Huge Hack” of Microsoft, Explained – it dwarfs SolarWinds[…]

Hackers Target Surveillance Firm, Exposing thousands Live Camera Feeds at Tesla, Cloudflare, Hospitals, Jails, Police, etc etc etc in anti-surveillance ideology

A hacker group claims to have broken into the networks of cloud-based surveillance startup Verkada, gaining unfiltered access to thousands and thousands of live security camera feeds in the process. The hack first gained public attention Tuesday afternoon, when a Twitter user who goes by the name “Tillie” began leaking purported images of the hack Read more about Hackers Target Surveillance Firm, Exposing thousands Live Camera Feeds at Tesla, Cloudflare, Hospitals, Jails, Police, etc etc etc in anti-surveillance ideology[…]

Russian Cracker / Cybercrime Forums Hacked

n the latest in a string of “hits” on Russian dark web forums, the prominent crime site Maza appears to have been hacked by someone earlier this week. This is kind of big news since Maza (previously called “Mazafaka”) has long been a destination for all assortment of criminal activity, including malware distribution, money laundering, Read more about Russian Cracker / Cybercrime Forums Hacked[…]

Hackers exploit websites to give them excellent SEO before deploying malware

According to Sophos, the so-called search engine “deoptimization” method includes both SEO tricks and the abuse of human psychology to push websites that have been compromised up Google’s rankings. […] In a blog post on Monday, the cybersecurity team said the technique, dubbed “Gootloader,” involves deployment of the infection framework for the Gootkit Remote Access Read more about Hackers exploit websites to give them excellent SEO before deploying malware[…]

First Fully Weaponized Spectre Exploit Discovered Online

A fully weaponized exploit for the Spectre CPU vulnerability was uploaded on the malware-scanning website VirusTotal last month, marking the first time a working exploit capable of doing actual damage has entered the public domain. The exploit was discovered by French security researcher Julien Voisin. It targets Spectre, a major vulnerability that was disclosed in Read more about First Fully Weaponized Spectre Exploit Discovered Online[…]

Far-Right Platform Gab Has Been Hacked, Private Data and all – not encrypted in the backend

When Twitter banned Donald Trump and a slew of other far-right users in January, many of them became digital refugees, migrating to sites like Parler and Gab to find a home that wouldn’t moderate their hate speech and disinformation. Days later, Parler was hacked, and then it was dropped by Amazon web hosting, knocking the Read more about Far-Right Platform Gab Has Been Hacked, Private Data and all – not encrypted in the backend[…]