Archive for the ‘Hacks’ Category

Nostalgic social network ‘Timehop’ loses data from 21 million users

A service named “Timehop” that claims it is “reinventing reminiscing” – in part by linking posts from other social networks – probably wishes it could go back in time and reinvent its own security, because it has just confessed to losing data describing 21 million members and can’t guarantee that the perps didn’t slurp private […]

ProtonMail / ProtonVPN DDoS Attacks Are a Case Study of What Happens When You Mock Attackers

For the past two days, secure email provider ProtonMail has been fighting off DDoS attacks that have visibly affected the company’s services, causing short but frequent outages at regular intervals. “The attacks went on for several hours, although the outages were far more brief, usually several minutes at a time with the longest outage on […]

All-Radio 4.27 Portable Can’t Be Removed? Then Your PC is Severely Infected

Starting yesterday, there have been numerous reports of people’s Windows computers being infected with something called “All-Radio 4.27 Portable”. After researching this, it has been determined that seeing this program is a symptom of a much bigger problem on your computer. All-Radio 4.27 Portable If your computer is suddenly displaying the above program, then your […]

Adidas Reports Data Breach of a few million customers

Adidas AG ADDYY 2.03% said Thursday that a “few million” customers shopping on its U.S. website may have had their data exposed to an unauthorized party. Neither the specific number of users affected nor the time frame of the potential breach were immediately disclosed, but the German sportswear maker said it became aware of the […]

Ticketmaster Discloses Breach That Impacts Nearly 5 Percent of Its Customers

Ticketmaster on Wednesday disclosed a data breach reportedly caused by malware infecting a customer support system outsourced to an external company. In a statement, Ticketmaster said some of its customer data may have been accessed by an unknown intruder. Email notifications were sent to customers who purchased tickets between February and June 23, 2018, the […]

The Biggest Digital Heist in History Isn’t Over Yet: $1.2 b and still growing since 2013

Since late 2013, this band of cybercriminals has penetrated the digital inner sanctums of more than 100 banks in 40 nations, including Germany, Russia, Ukraine, and the U.S., and stolen about $1.2 billion, according to Europol, the European Union’s law enforcement agency. The string of thefts, collectively dubbed Carbanak—a mashup of a hacking program and […]

Hackers Stole Over $20 Million From Misconfigured Ethereum Clients

A group of hackers has stolen over $20 million worth of Ethereum from Ethereum-based apps and mining rigs, Chinese cyber-security firm Qihoo 360 Netlab reported today. The cause of these thefts is Ethereum software applications that have been configured to expose an RPC [Remote Procedure Call] interface on port 8545. The purpose of this interface […]

Ticketfly exposes data on 27m customers in hack

Ticketfly was the target of a malicious cyber attack last week In consultation with third-party forensic cybersecurity experts we can now confirm that credit and debit card information was not accessed. However, information including names, addresses, email addresses and phone numbers connected to approximately 27 million Ticketfly accounts was accessed. It’s important to note that […]

VPNFilter router malware is a lot worse than everyone thought

ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE: these are the vendors newly-named by Cisco’s Talos Intelligence as being exploited by the malware scum running the VPNFilter attacks, and the attack’s been spotted hitting endpoints behind vulnerable kit. As well as the expanded list of impacted devices, Talos warned that VPNFilter now attacks endpoints behind the […]

EFAIL: PGP and S/MIME (encrypted email) are no longer safe

EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails. Email is a plaintext communication medium whose communication paths are partly protected by TLS (TLS). For people in hostile environments (journalists, political activists, whistleblowers, …) who depend on the confidentiality of digital communication, this may not be […]

Thieves suck millions out of Mexican banks in transfer heist

Thieves siphoned hundreds of millions of pesos out of Mexican banks, including No. 2 Banorte, by creating phantom orders that wired funds to bogus accounts and promptly withdrew the money, two sources close to the government’s investigation said. Hackers sent hundreds of false orders to move amounts ranging from tens of thousands to hundreds of […]

UPnP joins the ‘just turn it off on consumer devices, already’ club

It’s not particularly difficult, particularly with Shodan to help. The required steps are: Discover targets on Shodan by searching for the rootDesc.xml file (Imperva found 1.3 million devices); Use HTTP to access rootDesc.xml; Modify the victim’s port forwarding rules (the researchers noted that this isn’t supposed to work, since port forwarding should be between internal […]

Oh, great, now there’s a SECOND remote Rowhammer exploit / Nethammer

Hard on the heels of the first network-based Rowhammer attack, some of the boffins involved in discovering Meltdown/Spectre have shown off their own technique for flipping bits using network requests. With a gigabit connection to the victim, the researchers reckon, they can induce security-critical bit flips using crafted quality-of-service packets. Last week, we reported on […]

USB drive that crashes Windows

PoC for a NTFS crash that I discovered, in various Windows versions Type of issue: denial of service. One can generate blue-screen-of-death using a handcrafted NTFS image. This Denial of Service type of attack, can be driven from user mode, limited user account or Administrator. It can even crash the system if it is in […]

Do you have a browser based bitcoin wallet? Check you’re not hacked if it’s JavaScript based

A significant number of past and current cryptocurrency products contain a JavaScript class named SecureRandom(), containing both entropy collection and a PRNG. The entropy collection and the RNG itself are both deficient to the degree that key material can be recovered by a third party with medium complexity. There are a substantial number of variations […]

Card Data Stolen From 5 Million Saks and Lord & Taylor Customers

Saks has been hacked — adding to the already formidable challenges faced by the luxury retailer. A well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor, according to a cybersecurity research firm that specializes in tracking stolen financial data. […]

EU businesses take 175 days to detect breaches vs global averge of 101 days

European organisations are taking longer to detect breaches than their counterparts in North America, according to a study by FireEye. Organisations in EMEA are taking almost six months (175 days) to detect an intruder in their networks, which is rather more than the 102 days that the firm found when asking the same questions last […]

Delta, Best Buy, and Sears Customers May Have Had Personal Info Stolen in Hack of [24]7.ai chat system

Hundreds of thousands of online shoppers may have had their name, address, and credit information stolen by hackers thanks to a security issue with the online customer service software from [24]7.ai. Customers that shopped online at Delta, Sears, Kmart, and Best Buy could have been affected thanks to malware that was infecting [24]7.ai’s online chat […]

Sodexo Filmology attacked, kills service, tells users: good luck!

Sodexo Filmology said it had informed the Information Commissioner’s Office and a specialist forensic investigation team. “We would advise all employees who have used the site between 19th March-3rd April to cancel their payment cards and check their payment card statements,” it said. “These incidents have been caused by a targeted attack on the system […]

Orbitz Says Legacy Travel Site Likely Hacked, Affecting 880K

Orbitz says one of its older websites may have been hacked, potentially exposing the personal information of people who made purchases online between Jan. 1, 2016 and Dec. 22, 2017. The current Orbitz.com website was not involved in the incident. Orbitz is now owned by Expedia Inc. of Belleview, Washington. Orbitz said Tuesday about 880,000 […]

Tesla’s Amazon Cloud Account Hacked to Mine Cryptocurrency

An unidentified hacker or hackers broke into a Tesla-owned Amazon cloud account and used it to “mine” cryptocurrency, security researchers said. The breach also exposed proprietary data for the electric carmaker. The researchers, who worked for RedLock, a 3-year-old cybersecurity startup, said they discovered the intrusion last month while trying to determine which organization left […]

World’s biggest DDoS attack record broken after just five days using poorly configured memcache servers

Last week, the code repository GitHub was taken off air in a 1.3Tbps denial of service attack. We predicted then that there would be more such attacks and it seems we were right. Arbor Networks is now reporting that a US service provider suffered a 1.7Tbps attack earlier this month. In this case, there were […]

Air gapping PCs won’t stop data sharing thanks to sneaky speakers

Computer speakers and headphones make passable microphones and can be used to receive data via ultrasound and send signals back, making the practice of air gapping sensitive computer systems less secure. In an academic paper published on Friday through preprint service ArXiv, researchers from Israel’s Ben-Gurion University of the Negev describe a novel data exfiltration […]

Phishing and Attempted Stealing Incident on Binance VIA / BTC coins not only stopped, but costs hackers money

On Mar 7, UTC 14:58-14:59, within this 2 minute period, the VIA/BTC market experienced abnormal trading activity. Our automatic risk management system was triggered, and all withdrawals were halted immediately. This was part of a large scale phishing and stealing attempt. So far: All funds are safe and no funds have been stolen. The hackers […]

Russians behind bars in US after nicking $300m+ in credit-card hacks

Two Russian criminals have been sent down in America after pleading guilty to helping run the largest credit-card hacking scam in US history.Muscovites Vladimir Drinkman, 37, and Dmitriy Smilianets, 34, ran a massive criminal ring that spent months hacking companies to get hold of credit and debit card information. They then sold it online to […]

 
Skip to toolbar