“BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 Read more about “BriansClub” Hack finds 26M Stolen Cards[…]

Back in March 2019, Amnesty International published a report that uncovered a targeted attack against journalists and human rights activists in Egypt. The victims even received an e-mail from Google warning them that government-backed attackers attempted to steal their passwords. According to the report, the attackers did not rely on traditional phishing methods or credential-stealing Read more about Egypt caught spying on journalists and human rights activists through malware and phishing[…]

The Iranian government has attempted to hack into hundreds of Office 365 email accounts belonging to politicians, government officials and journalists last month, Microsoft has warned. “We’ve recently seen significant cyber activity by a threat group we call Phosphorous, which we believe originates from Iran and is linked to the Iranian government,” Microsoft’s vice president Read more about Iran tried to hack hundreds of politicians, journalists email accounts last month, warns Microsoft[…]

Over the past few days, a massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community, a ZDNet investigation discovered following a tip from one of our readers. Several high-profile accounts from the YouTube creators car community have fallen victim to these attacks already. The list Read more about Massive wave of account hijacks hits YouTube car community creators, bypassing 2FA[…]

Online merchant fragrancedirect.co.uk has confirmed a miscreant broke into its systems and made off with a raft of customers’ personal data, including payment card details. The e-retailer, based in Macclesfield, England, wrote to punters this week to inform them of the digital burglary and the subsequent data leakage. “We recently discovered that some of our Read more about Card stealing MageCart infection swipes customers details and payment cards from fragrancedirect.co.uk[…]

Doordash is the latest of the “services you probably use, or at least have an account with” companies to suffer a large data breach. And while your passwords likely haven’t been compromised, it’s possible that your physical address is floating around in the Internet somewhere, among other identifying information. As Doordash wrote yesterday, an unknown Read more about Doordash  Food delivery services Latest Data Breach – 4.9m people have their physical addresses floating around the internet now[…]

Eurojust, the European Union agency that facilitates cooperation between EU prosectuors, had extended the invitation for a working meeting, the focus of which was on the probes into findings from Football Leaks, the largest data leak in history. But the meeting produced more controversy than expected. Ten countries have expressed interest in the gigantic trove Read more about Football Leaks: Possible Interest Conflict Dogs Probe[…]

The potential impact of the latest attack on iPhones is massive, not to mention hugely concerning for every user of Apple’s famous smartphone. That simply visiting a website can lead to your iPhone being hacked silently by some unknown party is worrying enough. But given that, according to Google researchers, it’s possible for the hackers Read more about up to 2% of all Apple iPhones Hacked, says Google, and Breaks ALL messaging Encryption as well as sending location data[…]

Luscious is a niche pornographic image site focused primarily on animated, user-uploaded content. Based on the research carried out by our team, the site has over 1 million registered users. Each user has a profile, the details of which could be accessed through our research. Private profiles allow users to upload, share, comment on, and Read more about Data Breach in Adult Site Luscious Compromises Privacy of All Users[…]

Jordan B. Peterson had his gmail account deactivated and I had the opportunity to inspect the bug report as a full-time employee. What I found was that Google had a technical vulnerability that, when exploited, would take any gmail account down. Certain unknown 3rd party actors are aware of this secret vulnerability and exploit it. Read more about Google’s AI can be manipulated into “accidentally” deactivating targetted user accounts[…]

The O.MG cable (or Offensive MG kit) from [MG] hides a backdoor inside the shell of a USB connector. Plug this cable into your computer and you’ll be the victim of remote attacks over WiFi. You might be asking what’s inside this tiny USB cable to make it susceptible to such attacks. That’s the trick: Read more about OMG Cable | Hackaday[…]

A hacker raided Capital One’s cloud storage buckets and stole personal information on 106 million credit card applicants in America and Canada. The swiped data includes 140,000 US social security numbers and 80,000 bank account numbers, we’re told, as well as one million Canadian social insurance numbers, plus names, addresses, phone numbers, dates of birth, Read more about Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants[…]

After nearly a decade in court, Google has agreed to pay $13 million in a class-action lawsuit alleging its Street View program collected people’s private data over wifi from 2007 to 2010. In addition to the moolah, the settlement—filed Friday in San Francisco—also calls for Google to destroy all the collected data and teach people Read more about Google to Pay only $13 Million for sniffing passwords and emails over your wifi using Street View cars between 2007 – 2010[…]

“In April 2019, the social planning website for managing online invitations Evite identified a data breach of their systems. Upon investigation, they found unauthorised access to a database archive dating back to 2013. The exposed data included a total of 101 million unique email addresses, most belonging to recipients of invitations. Members of the service also Read more about Evite Invites Over 100 Million People to Their Data Breach – with cleartext passwords[…]

Japan-based cryptocurrency exchange Bitpoint announced it lost 3.5 billion yen (roughly $32 million) worth of cryptocurrency assets after a hack that happened late yesterday, July 11. The exchange suspended all deposits and withdrawals this morning to investigate the hack, it said in a press release. Thoroughly compromised In a more detailed document released by RemixPoint, Read more about Bitpoint cryptocurrency exchange hacked for $32 million[…]

In new research published Tuesday and shared with TechCrunch, Dardaman and Wheeler found three security flaws which, when chained together, could be abused to open a front door with a smart lock. Smart home technology has come under increasing scrutiny in the past year. Although convenient to some, security experts have long warned that adding Read more about Zipato Zipamicro smart home hub totally pwned[…]

Hackers infiltrated the networks of at least ten cellular telcos around the world, and remained hidden for years, as part of a long-running tightly targeted surveillance operation, The Register has learned. This espionage campaign is still ongoing, it is claimed. Cyber-spy hunters at US security firm Cybereason told El Reg on Monday the miscreants responsible Read more about Telcos around the world were so severely pwned, they didn’t notice the hackers setting up VPN points[…]

Chris Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, issued a statement on June 22 following similar warnings from private American cybersecurity firms. Krebs, whose recently renamed agency is tasked with protecting American critical infrastructure, said CISA is “aware of a recent rise in malicious cyber activity” against American Read more about U.S. and Iran’s Hackers Are Trading Blows[…]

A member of the Facebook Wink Users Group discovered that after selling his Nest cam, he was still able to access images from his old camera—except it wasn’t a feed of his property. Instead, he was tapping into the feed of the new owner, via his Wink account. As the original owner, he had connected Read more about Buyer Beware: Used Nest Cams Can Let People Spy on You[…]

Clinical lab testing titan Quest Diagnostics acknowledged in a press release on Monday that an “unauthorized user” had gained access to personal information on around 11.9 million customers, including some financial and medical data. Per NBC News, news of the breach comes via way of a Securities and Exchange Commission filing in which Quest wrote Read more about Lab Testing Giant Quest Diagnostics Says Data Breach May Have Hit Nearly 12 Million Patients[…]

Owners of Supra Smart Cloud TVs are in danger of getting some unwanted programming: it’s possible for miscreants or malware on your Wi-Fi network to switch whatever you’re watching for video of their or its choosing. Bug-hunter Dhiraj Mishra laid claim to CVE-2019-12477, a remote file inclusion zero-day vulnerability that allows anyone with local network Read more about Supra smart TVs allow anyone on wifi network to switch video to whatever they want[…]

The Australian National University (ANU) today copped to a fresh breach in which intruders gained access to “significant amounts” of data stretching back 19 years. The top-ranked Oz uni said it noticed about a fortnight ago that hackers had got their claws on staff, visitor and student data, including names, addresses, dates of birth, phone Read more about Strewth: Hackers slurp 19 years of Oz student data in uni’s second breach within a year[…]

With about $600 and a few tools, hackers could fake the radio signals used by commercial airplanes to navigate and land safely, according to new research. In a paper and demonstration from researchers at Northeastern University in Boston, a software defined radio — a non-traditional radio that uses software instead of hardware for many components Read more about Radio signals used for ILS plane landings can easily be spoofed using tools amounting to just $600[…]

ASUS’ update mechanism has once again been abused to install malware that backdoors PCs, researchers from Eset reported earlier this week. The researchers, who continue to investigate the incident, said they believe the attacks are the result of router-level man-in-the-middle attacks that exploit insecure HTTP connections between end users and ASUS servers, along with incomplete Read more about Hackers abuse ASUS cloud service to install backdoor on users’ PCs – again[…]