A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. According to a review, Read more about Hacker leaks passwords for 900+ enterprise Pulse VPN servers[…]
A massive hack has hit Reddit today after tens of Reddit channels have been hacked and defaced to show messages in support of Donald Trump’s reelection campaign. The hacks are still ongoing at the time of writing, but we were told Reddit’s security team is aware of the issue and has already begun restoring defaced Read more about Hackers are defacing loads of high profile Reddit channels with pro-Trump messages[…]
On Wednesday, security firm FireEye released a report on a disinformation-focused group it’s calling Ghostwriter. The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they’ve posted fake content on everything from social media to pro-Russian news websites. Read more about Hackers Broke Into Real News Sites to Plant Fake Stories[…]
On Tuesday, the US Department of Justice charged two Chinese nationals with allegedly hacking hundreds of organizations and individuals in America and elsewhere to steal confidential corporate secrets on behalf of Beijing for more than a decade. The pilfered files are said to be worth hundreds of millions of dollars, and in some cases, it Read more about US govt says Chinese duo hacked, stole blueprints from just about everyone and then extorted cash.[…]
Twitter has admitted that the naughty folk who hijacked verified accounts last week read a portion of hacked users’ direct messages. Among the 36 Twitter users whose direct messages (DMs), email addresses and phone numbers were definitely accessed by account hijackers last week was one Dutch politician, the microblogging platform said overnight. “We believe that Read more about Twitter hack latest: Up to 36 compromised accounts had their private messages read – including a Dutch politician’s[…]
In a study published by Xuanwu Labs (which is owned by Chinese tech giant Tencent), researchers detailed the BadPower hack which works by manipulating the firmware inside fast charge power adapters. Normally, when a phone is connected to a power brick with support for fast charging, the phone and the power adapter communicate with each Read more about BadPower Attack Can Trick Power Bricks into Starting a Fire[…]
Russian hackers at the state’s FSB spy agency have been caught breaking into Western institutions working on potential vaccines for the COVID-19 coronavirus in hope of stealing said research. That’s according to the British National Cyber Security Centre and America’s NSA today. The Kremlin-backed APT29 crew, also known by a variety of other names such Read more about FYI Russia is totally hacking the West’s labs in search of COVID-19 vaccine files, say UK, US, Canada cyber-spies. So is China and Iran.[…]
The Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets since winning a secret victory in 2018 when President Trump signed what amounts to a sweeping authorization for such activities, according to former U.S. officials with direct knowledge of the matter. The secret authorization, known as a presidential Read more about Secret Trump order gives CIA more powers to launch cyberattacks with less oversight[…]
Twitter has offered its initial analysis of the Wednesday mass hijacking of prominent twits’ accounts – and suggested it all kicked off after its staff fell for social engineering. Judging from leaked screenshots of Twitter’s internal systems circulating online and seen by El Reg, it appears one or more miscreants were able to gain direct Read more about Twitter says hack of key staff led to celebrity, politician, biz account hijack mega-spree[…]
The Russian hacker accused of raiding LinkedIn, Dropbox and Formspring, and obtaining data on 213 million user accounts, has been found guilty. On Friday, Yevgeniy Nikulin was convicted [PDF] by a San Francisco jury of committing computer intrusion, data theft, and other charges [PDF] relating to the databases he broke into and siphoned off in Read more about Guilty: Russian miscreant who hacked LinkedIn, Dropbox, Formspring, stole 200-million-plus account records[…]
Hackers infiltrated Collabera, siphoned off at least some employees’ personal information, and infected the US-based IT consultancy giant’s systems with ransomware. We understand this swiped data included workers’ names, addresses, contact and social security numbers, dates of birth, employment benefits, and passport and immigration visa details. Basically, everything needed for identity theft. The recruitment’n’staffing biz, Read more about Collabera hacked: IT staffing’n’services giant hit by ransomware, employee personal data stolen[…]
Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection — nearly 270 Read more about ‘BlueLeaks’ Exposes Files, personal and banking details, emails from Hundreds of Police Departments spanning 24 years[…]
Social media research group Graphika published today a 120-page report [PDF] unmasking a new Russian information operation of which very little has been known so far. Codenamed Secondary Infektion, the group is different from the Internet Research Agency (IRA), the Sankt Petersburg company (troll farm) that has interfered in the US 2016 presidential election. Graphika Read more about Super secretive Russian disinfo operation discovered dating back to 2014[…]
Threat intel researchers have uncovered a phishing and malware campaign that targeted “a large European aerospace company” and which was run by the same North Koreans behind the hack of Sony Pictures. While there are quite a few European aerospace firms, Slovakian infosec biz ESET was more concerned with the phishing ‘n’ malware campaign it Read more about From the crew behind the Sony Pictures hack comes Operation Interception: An aerospace cyber-attack thriller[…]
The list of sophisticated eavesdropping techniques has grown steadily over years: wiretaps, hacked phones, bugs in the wall—even bouncing lasers off of a building’s glass to pick up conversations inside. Now add another tool for audio spies: Any light bulb in a room that might be visible from a window. Researchers from Israeli’s Ben-Gurion University Read more about Spies Can Eavesdrop by Watching a Light Bulb’s Vibrations[…]
New Delhi-based BellTroX InfoTech Services targeted government officials in Europe, gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short seller Muddy Waters, according to three former employees, outside researchers, and a trail of online evidence. Aspects of BellTroX’s hacking spree aimed at American targets are Read more about Obscure Indian cyber firm spied on politicians, investors worldwide[…]
Victims of the Easyjet hack are now being told their entire travel itineraries were accessed by hackers who helped themselves to nine million people’s personal details stored by the budget airline. As reported earlier this week, the data was stolen from the airline between October 2019 and January this year. Easyjet kept quiet about the Read more about It wasn’t just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victims[…]
I was reticent to write this blog post because it leaves a lot of questions unanswered, questions that we should be able to answer. It’s about a data breach with almost 90GB of personal information in it across tens of millions of records – including mine. Here’s what I know: Back in Feb, Dehashed reached Read more about The Unattributable “db8151dd” Data Breach with 22M people in it turns out to be Covve hack[…]
Multiple supercomputers across Europe have been infected this week with cryptocurrency mining malware and have shut down to investigate the intrusions. Security incidents have been reported in the UK, Germany, and Switzerland, while a similar intrusion is rumored to have also happened at a high-performance computing center located in Spain. The first report of an Read more about Supercomputers hacked across Europe to mine cryptocurrency[…]
Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact details, and other information belonging to superstars, including Madonna, Christina Aguilera, Sir Elton John, Run DMC, Bruce Springsteen, Read more about Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’[…]
Two security researchers have published today details about a vulnerability in the Windows printing service that they say impacts all Windows versions going back to Windows NT 4, released in 1996. The vulnerability, which they codenamed PrintDemon, is located in Windows Print Spooler, the primary Windows component responsible for managing print operations. The service can Read more about PrintDemon vulnerability impacts all Windows versions | ZDNet[…]
Thunderspy targets devices with a Thunderbolt port. If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep. Thunderspy is stealth, meaning that you cannot find any traces Read more about 5 minutes with a Thunderbolt machine leaves it completely open using Thunderspy – evil maids don’t need much knowledge[…]
a hacker group created a fake icons hosting website in order to disguise malicious code meant to steal payment card data from hacked websites. The operation is what security researchers refer to these days as a web skimming, e-skimming, or a Magecart attack. Hackers breach websites and then hide malicious code on its pages, code Read more about Hackers hide web skimmer behind a website’s favicon[…]
The details of 44 million Pakistani mobile subscribers have leaked online this week, ZDNet has learned. The leak comes after a hacker tried to sell a package containing 115 million Pakistani mobile user records last month for a price of $2.1 million in bitcoin. ZDNet has obtained copies of both data sets. We received the Read more about Details of 44m Pakistani mobile users leaked online, part of bigger 115m cache[…]
Christopher Bouzy, the founder of bot tracking platform Bot Sentinel, conducted a Twitter analysis for Business Insider and found bots and trolls are using hashtags like #ReOpenNC, #ReopenAmericaNow, #StopTheMadness, #ENDTHESHUTDOWN, and #OperationGridlock to spread disinformation. According to Bouzy, the bots and trolls are spreading conspiracy theories about Democrats wanting to hurt the economy to make Read more about Trolls, bots flooding social media with anti-quarantine disinformation[…]