Archive for the ‘Hacks’ Category
Do you have a browser based bitcoin wallet? Check you’re not hacked if it’s JavaScript based
A significant number of past and current cryptocurrency products contain a JavaScript class named SecureRandom(), containing both entropy collection and a PRNG. The entropy collection and the RNG itself are both deficient to the degree that key material can be recovered by a third party with medium complexity. There are a substantial number of variations […]
Card Data Stolen From 5 Million Saks and Lord & Taylor Customers
Saks has been hacked — adding to the already formidable challenges faced by the luxury retailer. A well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor, according to a cybersecurity research firm that specializes in tracking stolen financial data. […]
EU businesses take 175 days to detect breaches vs global averge of 101 days
European organisations are taking longer to detect breaches than their counterparts in North America, according to a study by FireEye. Organisations in EMEA are taking almost six months (175 days) to detect an intruder in their networks, which is rather more than the 102 days that the firm found when asking the same questions last […]
Delta, Best Buy, and Sears Customers May Have Had Personal Info Stolen in Hack of [24]7.ai chat system
Hundreds of thousands of online shoppers may have had their name, address, and credit information stolen by hackers thanks to a security issue with the online customer service software from [24]7.ai. Customers that shopped online at Delta, Sears, Kmart, and Best Buy could have been affected thanks to malware that was infecting [24]7.ai’s online chat […]
Sodexo Filmology attacked, kills service, tells users: good luck!
Sodexo Filmology said it had informed the Information Commissioner’s Office and a specialist forensic investigation team. “We would advise all employees who have used the site between 19th March-3rd April to cancel their payment cards and check their payment card statements,” it said. “These incidents have been caused by a targeted attack on the system […]
Orbitz Says Legacy Travel Site Likely Hacked, Affecting 880K
Orbitz says one of its older websites may have been hacked, potentially exposing the personal information of people who made purchases online between Jan. 1, 2016 and Dec. 22, 2017. The current Orbitz.com website was not involved in the incident. Orbitz is now owned by Expedia Inc. of Belleview, Washington. Orbitz said Tuesday about 880,000 […]
Tesla’s Amazon Cloud Account Hacked to Mine Cryptocurrency
An unidentified hacker or hackers broke into a Tesla-owned Amazon cloud account and used it to “mine” cryptocurrency, security researchers said. The breach also exposed proprietary data for the electric carmaker. The researchers, who worked for RedLock, a 3-year-old cybersecurity startup, said they discovered the intrusion last month while trying to determine which organization left […]
World’s biggest DDoS attack record broken after just five days using poorly configured memcache servers
Last week, the code repository GitHub was taken off air in a 1.3Tbps denial of service attack. We predicted then that there would be more such attacks and it seems we were right. Arbor Networks is now reporting that a US service provider suffered a 1.7Tbps attack earlier this month. In this case, there were […]
Air gapping PCs won’t stop data sharing thanks to sneaky speakers
Computer speakers and headphones make passable microphones and can be used to receive data via ultrasound and send signals back, making the practice of air gapping sensitive computer systems less secure. In an academic paper published on Friday through preprint service ArXiv, researchers from Israel’s Ben-Gurion University of the Negev describe a novel data exfiltration […]
Phishing and Attempted Stealing Incident on Binance VIA / BTC coins not only stopped, but costs hackers money
On Mar 7, UTC 14:58-14:59, within this 2 minute period, the VIA/BTC market experienced abnormal trading activity. Our automatic risk management system was triggered, and all withdrawals were halted immediately. This was part of a large scale phishing and stealing attempt. So far: All funds are safe and no funds have been stolen. The hackers […]
Russians behind bars in US after nicking $300m+ in credit-card hacks
Two Russian criminals have been sent down in America after pleading guilty to helping run the largest credit-card hacking scam in US history.Muscovites Vladimir Drinkman, 37, and Dmitriy Smilianets, 34, ran a massive criminal ring that spent months hacking companies to get hold of credit and debit card information. They then sold it online to […]
A Hacker Has Wiped a Spyware Company’s Servers—Again
Last year, a vigilante hacker broke into the servers of a company that sells spyware to everyday consumers and wiped their servers, deleting photos captured from monitored devices. A year later, the hacker has done it again. Thursday, the hacker said he started wiping some cloud servers that belong to Retina-X Studios, a Florida-based company […]
Telegram desktop app exploited for malware, cryptocurrency mining
Telegram has fixed a security flaw in its desktop app that hackers spent several months exploiting to install remote-control malware and cryptocurrency miners on vulnerable Windows PCs.The programming cockup was spotted by researchers at Kaspersky in October. It is believed miscreants have been leveraging the bug since at least March. The vulnerability stems from how […]
At least 4200 popular and large websites hijacked by hidden crypto-mining code after popular plugin pwned
Thousands of websites around the world – from the UK’s NHS and ICO to the US government’s court system – were today secretly mining crypto-coins on netizens’ web browsers for miscreants unknown. The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or […]
The Equifax hack could be worse than we thought
In its original announcement of the hack, the company had revealed that some driver’s license numbers were exposed. The new documents show that the license state and issue date might have also been compromised. Equifax spokesperson Meredith Griffanti told CNNMoney Friday that the original list of vulnerable personal information was never intended to represent the […]
Bug in Grammarly browser extension exposes virtually everything a user ever writes
The Grammarly browser extension, which has about 22 million users, exposes its authentication tokens to all websites, allowing any to access all the user’s data without permission, according to a bug report from Google Project Zero’s Tavis Ormandy. The high-severity bug was discovered on Friday and fixed early Monday morning, “a really impressive response time,” […]
Crooks make US ATMs spew million-plus bucks in ‘jackpotting’ hacks
ash machines in the US are being hacked to spew hundreds of dollar bills – a type of theft dubbed “jackpotting” because the ATMs look like slot machines paying out winnings.A gang of miscreants have managed to steal more than $1m from ATMs using this attack, according to a senior US Secret Service official speaking […]
AutoSploit searches shodan for weak machines and metasploit to hack them for you
https://github.com/NullArray/AutoSploitAs the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform specific search query such as; Apache, IIS, etc, upon which a list of candidates will be retrieved. After this operation has […]
Skygofree: Serious offensive Android malware, since 2014
At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago – […]
Hospital injects $60,000 into crims’ coffers to cure malware infection
The crooks had infected the network of Hancock Health, in Indiana, with the Samsam software nasty, which scrambled files and demanded payment to recover the documents. The criminals broke in around 9.30pm on January 11 after finding a box with an exploitable Remote Desktop Protocol (RDP) server, and inject their ransomware into connected computers. Medical […]
300 Dutch customers fell for fake popular website ring. Perps picked up and given a few months of prison time.
BCC and MediaMarkt are large electronics stores in NL. Ziggo is a large internet ISP. By linking to fake pages through marktplaats.nl (the Dutch ebay / Craigslist equivalent) people were able to shop for products on the fake sites, which were never delivered. Using a chat interface, the crims tried to gain access to the […]
How a Reddit Email Vulnerability Led to Thousands in Stolen Bitcoin Cash
The exploit allowed hackers to request a password reset for a target account and then click the generated link without opening the email it had been sent in. How was this possible? Theories circulated, buoyed by posts on Hacker Noon and The Next Web. It was the r/bitcoin users out to cause trouble; Or was […]
Rs 500, 10 minutes, and you have access to billion Aadhaar (Indian social security) details
It took just Rs 500, paid through Paytm, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may […]
Rare Malware Targeting Uber’s Android App Uncovered
Malware discovered by Symantec researchers sneakily spoofs Uber’s Android app and harvests users’ passwords, allowing attackers to take over the effected users’ accounts. The malware isn’t widespread, though, and most Uber users are not effected. […] In order to steal a user’s login information, the malware pops up on-screen regularly and prompts the user to […]
