Iranian Hackers Beat Encrypted Apps like Telegram, WhatsApp – since 2014

Iranian hackers, most likely employees or affiliates of the government, have been running a vast cyberespionage operation equipped with surveillance tools that can outsmart encrypted messaging systems — a capability Iran was not previously known to possess, according to two digital security reports released Friday. The operation not only targets domestic dissidents, religious and ethnic Read more about Iranian Hackers Beat Encrypted Apps like Telegram, WhatsApp – since 2014[…]

European Police Malware Could Harvest GPS, Messages, Passwords, More from Encrochat devices

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest “all data stored within the device,” and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard. The document adds more Read more about European Police Malware Could Harvest GPS, Messages, Passwords, More from Encrochat devices[…]

Eterbase cryptocurrency exchange hacked and $5.4 million stolen

Cryptocurrency exchange Eterbase last week admitted hackers broke into its computers and made off with other people’s coins, said to be worth $5.4m. The plug was pulled on the digital dosh exchange as a result, though it may return at some point: it claims to have enough capital to surmount the cyber-heist. Investigations by staff Read more about Eterbase cryptocurrency exchange hacked and $5.4 million stolen[…]

European ISPs report mysterious wave of DDoS attacks

More than a dozen internet service providers (ISPs) across Europe have reported DDoS attacks that targeted their DNS infrastructure. The list of ISPs that suffered attacks over the past week includes Belgium’s EDP, France’s Bouygues Télécom, FDN, K-net, SFR, and the Netherlands’ Caiway, Delta, FreedomNet, Online.nl, Signet, and Tweak.nl. Attacks lasted no longer than a day and were all eventually mitigated, but ISP services were Read more about European ISPs report mysterious wave of DDoS attacks[…]

The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy

In July 2017, Tesla CEO Elon Musk got on stage at the National Governors Association in Rhode Island and confirmed that a “fleet-wide hack” is one of Tesla’s biggest concerns as the automaker moves to autonomous vehicles. He even presented a strange scenario that could happen in an autonomous future: “In principle, if someone was able Read more about The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy[…]

Ex-Uber chief security officer charged, accused of covering up theft of personal info from databases by hackers

Uber’s chief security officer, Joe Sullivan broke the law by hushing up the theft of millions of people’s details from the app maker’s databases by hackers, prosecutors say. Sullivan, 52, formerly of eBay, Facebook, and PayPal, was today charged with obstruction of justice and misprision – concealing knowledge of a crime from law enforcement – Read more about Ex-Uber chief security officer charged, accused of covering up theft of personal info from databases by hackers[…]

Zoombomber crashes court hearing on Twitter hack with Pornhub video, Judge obviously not qualified for this case

Zoombombers today disrupted a court hearing involving the Florida teen accused of masterminding a takeover of high-profile Twitter accounts, forcing the judge to stop the hearing. “During the hearing, the judge and attorneys were interrupted several times with people shouting racial slurs, playing music, and showing pornographic images,” ABC Action News in Tampa Bay wrote. A Read more about Zoombomber crashes court hearing on Twitter hack with Pornhub video, Judge obviously not qualified for this case[…]

How > 23% of Tor Relays are Maliciously Exploiting Users and stealing BTC in 2020 seemingly run by 1 actor

In December 2019 I wrote about The Growing Problem of Malicious Relays on the Tor Network with the motivation to rise awareness and to improve the situation over time. Unfortunately instead of improving, things have become even worse, specifically when it comes to malicious Tor exit relay activity. Tor exit relays are the last hop Read more about How > 23% of Tor Relays are Maliciously Exploiting Users and stealing BTC in 2020 seemingly run by 1 actor[…]

Hacker leaks passwords for 900+ enterprise Pulse VPN servers

A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. According to a review, Read more about Hacker leaks passwords for 900+ enterprise Pulse VPN servers[…]

Hackers are defacing loads of high profile Reddit channels with pro-Trump messages

A massive hack has hit Reddit today after tens of Reddit channels have been hacked and defaced to show messages in support of Donald Trump’s reelection campaign. The hacks are still ongoing at the time of writing, but we were told Reddit’s security team is aware of the issue and has already begun restoring defaced Read more about Hackers are defacing loads of high profile Reddit channels with pro-Trump messages[…]

Hackers Broke Into Real News Sites to Plant Fake Stories

On Wednesday, security firm FireEye released a report on a disinformation-focused group it’s calling Ghostwriter. The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they’ve posted fake content on everything from social media to pro-Russian news websites. Read more about Hackers Broke Into Real News Sites to Plant Fake Stories[…]

US govt says Chinese duo hacked, stole blueprints from just about everyone and then extorted cash.

On Tuesday, the US Department of Justice charged two Chinese nationals with allegedly hacking hundreds of organizations and individuals in America and elsewhere to steal confidential corporate secrets on behalf of Beijing for more than a decade. The pilfered files are said to be worth hundreds of millions of dollars, and in some cases, it Read more about US govt says Chinese duo hacked, stole blueprints from just about everyone and then extorted cash.[…]

Twitter hack latest: Up to 36 compromised accounts had their private messages read – including a Dutch politician’s

Twitter has admitted that the naughty folk who hijacked verified accounts last week read a portion of hacked users’ direct messages. Among the 36 Twitter users whose direct messages (DMs), email addresses and phone numbers were definitely accessed by account hijackers last week was one Dutch politician, the microblogging platform said overnight. “We believe that Read more about Twitter hack latest: Up to 36 compromised accounts had their private messages read – including a Dutch politician’s[…]

BadPower Attack Can Trick Power Bricks into Starting a Fire

In a study published by Xuanwu Labs (which is owned by Chinese tech giant Tencent), researchers detailed the BadPower hack which works by manipulating the firmware inside fast charge power adapters. Normally, when a phone is connected to a power brick with support for fast charging, the phone and the power adapter communicate with each Read more about BadPower Attack Can Trick Power Bricks into Starting a Fire[…]

FYI Russia is totally hacking the West’s labs in search of COVID-19 vaccine files, say UK, US, Canada cyber-spies. So is China and Iran.

Russian hackers at the state’s FSB spy agency have been caught breaking into Western institutions working on potential vaccines for the COVID-19 coronavirus in hope of stealing said research. That’s according to the British National Cyber Security Centre and America’s NSA today. The Kremlin-backed APT29 crew, also known by a variety of other names such Read more about FYI Russia is totally hacking the West’s labs in search of COVID-19 vaccine files, say UK, US, Canada cyber-spies. So is China and Iran.[…]

Secret Trump order gives CIA more powers to launch cyberattacks with less oversight

The Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets since winning a secret victory in 2018 when President Trump signed what amounts to a sweeping authorization for such activities, according to former U.S. officials with direct knowledge of the matter. The secret authorization, known as a presidential Read more about Secret Trump order gives CIA more powers to launch cyberattacks with less oversight[…]

Twitter says hack of key staff led to celebrity, politician, biz account hijack mega-spree

Twitter has offered its initial analysis of the Wednesday mass hijacking of prominent twits’ accounts – and suggested it all kicked off after its staff fell for social engineering. Judging from leaked screenshots of Twitter’s internal systems circulating online and seen by El Reg, it appears one or more miscreants were able to gain direct Read more about Twitter says hack of key staff led to celebrity, politician, biz account hijack mega-spree[…]

Guilty: Russian miscreant who hacked LinkedIn, Dropbox, Formspring, stole 200-million-plus account records

The Russian hacker accused of raiding LinkedIn, Dropbox and Formspring, and obtaining data on 213 million user accounts, has been found guilty. On Friday, Yevgeniy Nikulin was convicted [PDF] by a San Francisco jury of committing computer intrusion, data theft, and other charges [PDF] relating to the databases he broke into and siphoned off in Read more about Guilty: Russian miscreant who hacked LinkedIn, Dropbox, Formspring, stole 200-million-plus account records[…]

Collabera hacked: IT staffing’n’services giant hit by ransomware, employee personal data stolen

Hackers infiltrated Collabera, siphoned off at least some employees’ personal information, and infected the US-based IT consultancy giant’s systems with ransomware. We understand this swiped data included workers’ names, addresses, contact and social security numbers, dates of birth, employment benefits, and passport and immigration visa details. Basically, everything needed for identity theft. The recruitment’n’staffing biz, Read more about Collabera hacked: IT staffing’n’services giant hit by ransomware, employee personal data stolen[…]

‘BlueLeaks’ Exposes Files, personal and banking details, emails from Hundreds of Police Departments spanning 24 years

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection — nearly 270 Read more about ‘BlueLeaks’ Exposes Files, personal and banking details, emails from Hundreds of Police Departments spanning 24 years[…]

Super secretive Russian disinfo operation discovered dating back to 2014

Social media research group Graphika published today a 120-page report [PDF] unmasking a new Russian information operation of which very little has been known so far. Codenamed Secondary Infektion, the group is different from the Internet Research Agency (IRA), the Sankt Petersburg company (troll farm) that has interfered in the US 2016 presidential election. Graphika Read more about Super secretive Russian disinfo operation discovered dating back to 2014[…]

From the crew behind the Sony Pictures hack comes Operation Interception: An aerospace cyber-attack thriller

Threat intel researchers have uncovered a phishing and malware campaign that targeted “a large European aerospace company” and which was run by the same North Koreans behind the hack of Sony Pictures. While there are quite a few European aerospace firms, Slovakian infosec biz ESET was more concerned with the phishing ‘n’ malware campaign it Read more about From the crew behind the Sony Pictures hack comes Operation Interception: An aerospace cyber-attack thriller[…]

Spies Can Eavesdrop by Watching a Light Bulb’s Vibrations

The list of sophisticated eavesdropping techniques has grown steadily over years: wiretaps, hacked phones, bugs in the wall—even bouncing lasers off of a building’s glass to pick up conversations inside. Now add another tool for audio spies: Any light bulb in a room that might be visible from a window. Researchers from Israeli’s Ben-Gurion University Read more about Spies Can Eavesdrop by Watching a Light Bulb’s Vibrations[…]

Obscure Indian cyber firm spied on politicians, investors worldwide

New Delhi-based BellTroX InfoTech Services targeted government officials in Europe, gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short seller Muddy Waters, according to three former employees, outside researchers, and a trail of online evidence. Aspects of BellTroX’s hacking spree aimed at American targets are Read more about Obscure Indian cyber firm spied on politicians, investors worldwide[…]