Chinas Winnti group stayed under the radar for a decade by aiming for Linux servers

A group of hackers operating as an offshoot of China’s Winnti group managed to stay undetected for more than a decade by going open source. A report from BlackBerry outlines how the group, actually a collection of five smaller crews of hackers thought to be state-sponsored, assembled in the wake of Winnti and exploited Linux Read more about Chinas Winnti group stayed under the radar for a decade by aiming for Linux servers[…]

A hacker has wiped, defaced more than 15,000 Elasticsearch servers

For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame. According to security researcher John Wethington, one of the people who Read more about A hacker has wiped, defaced more than 15,000 Elasticsearch servers[…]

Marriott Hotels hacked AGAIN: Two compromised employee logins abused to siphon off guests’ personal info

Marriott Hotels has suffered its second data spillage in as many years after an “unexpected amount” of guests’ data was accessed through two compromised employee logins, the under-fire chain has confirmed. The size of the latest data exposure has not been disclosed, though Marriott admitted it seemed to have started in January 2020 and was Read more about Marriott Hotels hacked AGAIN: Two compromised employee logins abused to siphon off guests’ personal info[…]

Hacker hijacks all Microsoft and CCC YouTube accounts to broadcast crypto Ponzi scam

A hacker has hijacked all of Microsoft’s official YouTube accounts and is broadcasting a cryptocurrency Ponzi scam to the company’s subscribers, ZDNet has learned from one of our readers. The hacks appear to have occurred about 13 hours ago, according to our source. The hijacked accounts are still streaming at the time of writing, despite Read more about Hacker hijacks all Microsoft and CCC YouTube accounts to broadcast crypto Ponzi scam[…]

Hackers target WHO as cyberattacks double

WHO Chief Information Security Officer Flavio Aggio said the identity of the hackers was unclear and the effort was unsuccessful. But he warned that hacking attempts against the agency and its partners have soared as they battle to contain the coronavirus, which has killed more than 15,000 worldwide. The attempted break-in at the WHO was Read more about Hackers target WHO as cyberattacks double[…]

Chinese security firm says CIA hacked Chinese targets for the past 11 years

China’s largest cyber-security vendor has published today a report accusing the CIA of hacking Chinese companies and government agencies for more than 11 years. The report, authored by Qihoo 360, claims the CIA hacked targets in China’s aviation industry, scientific research institutions, petroleum industry, Internet companies, and government agencies. CIA hacking operations took place between Read more about Chinese security firm says CIA hacked Chinese targets for the past 11 years[…]

Details of 10.6 million Vegas MGM hotel guests posted on a hacking forum

The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week. Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the Read more about Details of 10.6 million Vegas MGM hotel guests posted on a hacking forum[…]

Confusing car autopilots using projections

The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems (ADASs) and autopilots of semi/fully autonomous cars to validate their virtual perception regarding the physical environment surrounding the car with a third party, has been exploited in various attacks suggested by researchers. Since the application of these attacks comes with a Read more about Confusing car autopilots using projections[…]

Twitter had a flaw allowing the discovery of phone numbers attached to accounts en masse. And it’s been used in the wild multiple times.

Twitter has admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of twits en masse, which could lead to their de-anonymization. In an advisory on Monday, the social network noted it had “became aware that someone was using a large network of fake accounts to exploit our Read more about Twitter had a flaw allowing the discovery of phone numbers attached to accounts en masse. And it’s been used in the wild multiple times.[…]

UN didn’t patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it, accident waiting to happen

The United Nations’ European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants’ fingertips. Incredibly, the organization decided to cover it up without informing those affected nor the public. […] A senior IT official dubbed the attack a “major meltdown,” in which personnel records – as well as Read more about UN didn’t patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it, accident waiting to happen[…]

In ‘Sophisticated’ Incident, Dozens of U.N. Servers Hacked including their active directory server

An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says that dozens of servers were “compromised” at offices in Geneva and Vienna. Those include the U.N. human rights office, which has often been a lightning rod of criticism from autocratic governments for its calling-out of Read more about In ‘Sophisticated’ Incident, Dozens of U.N. Servers Hacked including their active directory server[…]

These VIPs May Want to Make Sure Mohammed bin Salman Didn’t Hack Them

In early 2018, Saudi Crown Prince Mohammed bin Salman took a sweeping tour of the U.S. as part of a strategy to rebrand Saudi Arabia’s ruling monarchy as a modernizing force and pull off his “Vision 2030” plan—hobnobbing with a list of corporate execs and politicians that reads like a who’s who list of the Read more about These VIPs May Want to Make Sure Mohammed bin Salman Didn’t Hack Them[…]

Hackers Are Breaking Directly Into Telecom Companies using RDP to Take Over Customer Phone Numbers themselves

Hackers are now getting telecom employees to run software that lets the hackers directly reach into the internal systems of U.S. telecom companies to take over customer cell phone numbers, Motherboard has learned. Multiple sources in and familiar with the SIM swapping community as well as screenshots shared with Motherboard suggest at least AT&T, T-Mobile, Read more about Hackers Are Breaking Directly Into Telecom Companies using RDP to Take Over Customer Phone Numbers themselves[…]

Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’

An explosive leak of tens of thousands of documents from the defunct data firm Cambridge Analytica is set to expose the inner workings of the company that collapsed after the Observer revealed it had misappropriated 87 million Facebook profiles. More than 100,000 documents relating to work in 68 countries that will lay bare the global Read more about Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’[…]

Bol.com partner Toppie Speelgoed loses 10000 Belgian and Dutch customer records, now for sale on hacker forum

Personal information and what they bought, where it was delivered to. De gegevens van vermoedelijk bijna 10.000 Belgische en Nederlandse klanten die een paar jaar geleden online speelgoed kochten, worden door een hacker te koop aangeboden op het internet. Dat blijkt uit onderzoek van VRT NWS. Het gaat om persoonlijke gegevens en bepaalde aankopen van Read more about Bol.com partner Toppie Speelgoed loses 10000 Belgian and Dutch customer records, now for sale on hacker forum[…]

Using LimeGPS to spoof a fake location to any GPS device inside the room

This page details experiences using LimeSDR to simulate GPS. Note, update (Aug 15, 2017) – The center frequency should be corrected below to 1575.42MHz. It would marginally work with the original 1545.42 but 1575.42 is rock solid gps sim performance. These experiments were inspired by the excellent procedure written up here [1]. We want to Read more about Using LimeGPS to spoof a fake location to any GPS device inside the room[…]

Princesses make terrible passwords – quite possible Disney+ hacks related to this being your password.

If you used the same password for an account that was previously breached as you did for your Disney+ password, a bad actor could gain access. Furthermore, hackers with stolen datasets at their fingertips could easily filter on key terms to find the Disney fans. Just look how many times the 12 Disney princesses showed Read more about Princesses make terrible passwords – quite possible Disney+ hacks related to this being your password.[…]

Cayman Bank Targeted By Phineas Fisher Confirms it Was Hacked – 2 TB of data can be searched through now, find the money launderers

On Sunday, Motherboard reported that the hacker or hackers known as Phineas Fisher targeted a bank, stole money and documents, and is offering other hackers $100,000 to carry out politically motivated hacks. Now, the bank Phineas Fisher targeted, Cayman National Bank from the Isle of Man, confirmed it has suffered a data breach. “It is Read more about Cayman Bank Targeted By Phineas Fisher Confirms it Was Hacked – 2 TB of data can be searched through now, find the money launderers[…]

Trick or treating Android Emoji keyboard app makes millions of unauthorized purchases $18m blocked

$18 million of fraudulent charges from the app blocked by malware security platform Secure-D London, October 31st, 2019  – A popular Android keyboard app, ai.type, downloaded more than 40 million times and included in the Google Play app store, has been caught making millions of unauthorized purchases of premium digital content, researchers at mobile technology company Read more about Trick or treating Android Emoji keyboard app makes millions of unauthorized purchases $18m blocked[…]

“BriansClub” Hack finds 26M Stolen Cards

“BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 Read more about “BriansClub” Hack finds 26M Stolen Cards[…]

Egypt caught spying on journalists and human rights activists through malware and phishing

Back in March 2019, Amnesty International published a report that uncovered a targeted attack against journalists and human rights activists in Egypt. The victims even received an e-mail from Google warning them that government-backed attackers attempted to steal their passwords. According to the report, the attackers did not rely on traditional phishing methods or credential-stealing Read more about Egypt caught spying on journalists and human rights activists through malware and phishing[…]

Iran tried to hack hundreds of politicians, journalists email accounts last month, warns Microsoft

The Iranian government has attempted to hack into hundreds of Office 365 email accounts belonging to politicians, government officials and journalists last month, Microsoft has warned. “We’ve recently seen significant cyber activity by a threat group we call Phosphorous, which we believe originates from Iran and is linked to the Iranian government,” Microsoft’s vice president Read more about Iran tried to hack hundreds of politicians, journalists email accounts last month, warns Microsoft[…]

Massive wave of account hijacks hits YouTube car community creators, bypassing 2FA

Over the past few days, a massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community, a ZDNet investigation discovered following a tip from one of our readers. Several high-profile accounts from the YouTube creators car community have fallen victim to these attacks already. The list Read more about Massive wave of account hijacks hits YouTube car community creators, bypassing 2FA[…]