Script kiddie Hackers publish personal data on thousands of US police officers and federal agents and have more in the pipeline

A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers, TechCrunch has learned. The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. Read more about Script kiddie Hackers publish personal data on thousands of US police officers and federal agents and have more in the pipeline[…]

Facebook Is Just Casually Asking Some New Users for Their Email Passwords [note – never give out your email password!!!!]

Facebook has been prompting some users registering for the first time to hand over the passwords to their email accounts, the Daily Beast reported on Tuesday—a practice that blares right past questionable and into “beyond sketchy” territory, security consultant Jake Williams told the Beast. A Twitter account using the handle @originalesushi first posted an image Read more about Facebook Is Just Casually Asking Some New Users for Their Email Passwords [note – never give out your email password!!!!][…]

Bezos’ Investigator Gavin de Becker Finds the Saudis Obtained the Amazon Chief’s Private Data (for the dick pic extortion thing a few weeks ago)

In January, the National Enquirer published a special edition that revealed an intimate relationship Bezos was having. He asked me to learn who provided his private texts to the Enquirer, and why. My office quickly identified the person whom the Enquirer had paid as a source: a man named Michael Sanchez, the now-estranged brother of Read more about Bezos’ Investigator Gavin de Becker Finds the Saudis Obtained the Amazon Chief’s Private Data (for the dick pic extortion thing a few weeks ago)[…]

A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments

NSO and a competitor, the Emirati firm DarkMatter, exemplify the proliferation of privatized spying. A monthslong examination by The New York Times, based on interviews with current and former hackers for governments and private companies and others as well as a review of documents, uncovered secret skirmishes in this burgeoning world of digital combat. A Read more about A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments[…]

Toyota Security Breach Exposes Personal Info of 3.1 Million Clients, could be part of Vietnam attack

The personal information of roughly 3.1 million Toyota customers may have been leaked following a security breach of multiple Toyota and Lexus sales subsidiaries, as detailed in a breach notification issued by the car maker today. As detailed in a press release published on Toyota’a global newsroom, unauthorized access was detected on the computing systems of Tokyo Sales Read more about Toyota Security Breach Exposes Personal Info of 3.1 Million Clients, could be part of Vietnam attack[…]

Man Pleads Guilty in $100 Million Scam of Facebook and Google – colleagues not yet found

A Lithuanian man admitted he helped trick Facebook Inc. and Alphabet Inc.’s Google into sending more than $100 million through a phishing scheme. Evaldas Rimasauskas, 50, pleaded guilty to one count of wire fraud before U.S. District Judge George Daniels on Wednesday under an agreement with prosecutors and will forfeit $49.7 million. Rimasauskas was extradited Read more about Man Pleads Guilty in $100 Million Scam of Facebook and Google – colleagues not yet found[…]

Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets – they had to be told by the FBI that they were hacked at all

Citrix today warned its customers that foreign hackers romped through its internal company network and stole corporate secrets. The enterprise software giant – which services businesses, the American military, and various US government agencies – said it was told by the FBI on Wednesday that miscreants had accessed Citrix’s IT systems and exfiltrated a significant Read more about Iranian hackers ransack Citrix, make off with 6TB+ of emails, biz docs, internal secrets – they had to be told by the FBI that they were hacked at all[…]

Biohackers Encoded Malware in a Strand of DNA

In new research they plan to present at the USENIX Security conference on Thursday, a group of researchers from the University of Washington has shown for the first time that it’s possible to encode malicious software into physical strands of DNA, so that when a gene sequencer analyzes it the resulting data becomes a program Read more about Biohackers Encoded Malware in a Strand of DNA[…]

Hackers Are Passing Around a Megaleak of 2.2 Billion Records

Earlier this month, security researcher Troy Hunt identified the first tranche of that mega-dump, named Collection #1 by its anonymous creator, a set of cobbled-together breached databases Hunt said represented 773 million unique usernames and passwords. Now other researchers have obtained and analyzed an additional vast database called Collections #2–5, which amounts to 845 gigabytes Read more about Hackers Are Passing Around a Megaleak of 2.2 Billion Records[…]

Personal data slurped in Airbus hack – but firm’s industrial smarts could be what crooks are after

Airbus has admitted that a “cyber incident” resulted in unidentified people getting their hands on “professional contact and IT identification details” of some Europe-based employees. The company said in a brief statement published late last night that the breach is “being thoroughly investigated by Airbus’ experts”. The company has its own infosec business unit, Stormguard. Read more about Personal data slurped in Airbus hack – but firm’s industrial smarts could be what crooks are after[…]

Custom firmware for lights allows you to control them with Homeassistant and more controllers

Sonoff B1, lights and shades 12 Replies Six months ago I was reviewing the AiThinker AiLight, a great looking light bulb with an embedded ESP8266EX microcontroller, driven by a MY9291 LED driver. Just before summer IteadStudio released it’s Sonoff B1 [Itead.cc] light bulb, heavily inspired (probably same manufacturer) by the AiLight, at least on the Read more about Custom firmware for lights allows you to control them with Homeassistant and more controllers[…]

WPML WordPress plugin hacked, possibly by angry former employee

WPML (or WP MultiLingual), the most popular WordPress plugin for translating and serving WordPress sites in multiple languages. According to its website, WPML has over 600,000 paying customers and is one of the very few WordPress plugins that is so reputable that it doesn’t need to advertise itself with a free version on the official Read more about WPML WordPress plugin hacked, possibly by angry former employee[…]

The 773 Million Record “Collection #1” Data Breach

Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. It’s made up of many different individual data breaches from literally thousands of different sources. (And yes, fellow techies, that’s a sizeable amount more than a 32-bit integer can hold.) In total, there are 1,160,253,228 unique combinations of email addresses and passwords. Read more about The 773 Million Record “Collection #1” Data Breach[…]

International stock trading scheme hacked into SEC database EDGAR – again

Federal prosecutors unveiled charges in an international stock-trading scheme that involved hacking into the Securities and Exchange Commission’s EDGAR corporate filing system. The scheme allegedly netted $4.1 million for fraudsters from the U.S., Russia and Ukraine. Using 157 corporate earnings announcements, the group was able to execute trades on material nonpublic information. Most of those Read more about International stock trading scheme hacked into SEC database EDGAR – again[…]

North Korean Hackers Gain Access to Chilean ATMs Through Skype

The one thing no one expects on a job interview is North Korean hackers picking up on the other line. But that’s apparently exactly what happened to a hapless employee at Redbanc, the company that handles Chile’s ATM network. The bizarre story was reported in trendTIC, a Chilean tech site. A Redbanc employee found a Read more about North Korean Hackers Gain Access to Chilean ATMs Through Skype[…]

South Korea says mystery hackers cracked advanced weapons servers

The South Korea Ministry of National Defense says 10 of its internal PCs have been compromised by North Korea unknown hackers . Korea’s Dong-A Ilbo reports that the targeted machines belonged to the ministry’s Defense Acquisition Program Administration, the office in charge of military procurement. The report notes that the breached machines would have held Read more about South Korea says mystery hackers cracked advanced weapons servers[…]

202 Million private Chinese resumes exposed

On December 28th, Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof, analyzed the data stream of BinaryEdge search engine and identified an open and unprotected MongoDB instance: The same IP also appeared in Shodan search results: Upon closer inspection, an 854 GB sized MongoDB database was left unattended, with Read more about 202 Million private Chinese resumes exposed[…]

Modlishka allows for very easy fishing / MITM

You basically just put it on a local domain, point people there and it forwards the traffic up and down to the target website – so no templates, no warnings. It will also push through two factor authentication requests and answers. Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns Read more about Modlishka allows for very easy fishing / MITM[…]

Can’t unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass

A newly disclosed vulnerability in Skype for Android could be exploited by miscreants to bypass an Android phone’s passcode screen to view photos, contacts, and even launch browser windows. Bug-hunter Florian Kunushevci today told The Register the security flaw, which has been reported to Microsoft, allows the person in possession of someone’s phone to receive Read more about Can’t unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass[…]

Researcher Distributes Tool That Enables Mass-Hijacking of Google Chromecast Devices

Uploaded to Github on Thursday, a tool called Crashcast enables the almost instantaneous takeover all of Chromecast streaming devices left accessible online by mistake. This same misconfiguration issue was taken advantage of by the hacker duo Hacker Giraffe and j3ws3r earlier this week to broadcast a message in support of the YouTube star Felix Kjellberg, Read more about Researcher Distributes Tool That Enables Mass-Hijacking of Google Chromecast Devices[…]

Equifax how-it-was-mega-hacked damning dossier lands, in all of its infuriating glory

A US Congressional report outlining the breakdowns that led to the 2017 theft of 148 million personal records from Equifax has revealed a stunning catalog of failure. The 96-page report (PDF) from the Committee of Oversight and Government Reform found that the 2017 network breach could have easily been prevented had the company taken basic Read more about Equifax how-it-was-mega-hacked damning dossier lands, in all of its infuriating glory[…]

Hack of 100 Million Quora Users Could Be Worse Than it Sounds

On Monday, the question and answer site Quora announced that a third-party was able to gain access to virtually every data point the company keeps on 100 million users. Even if you don’t recall having a Quora account, you might want to make sure. In a blog post, Quora CEO Adam D’Angelo explained that the Read more about Hack of 100 Million Quora Users Could Be Worse Than it Sounds[…]