Chinese security firm says CIA hacked Chinese targets for the past 11 years

China’s largest cyber-security vendor has published today a report accusing the CIA of hacking Chinese companies and government agencies for more than 11 years. The report, authored by Qihoo 360, claims the CIA hacked targets in China’s aviation industry, scientific research institutions, petroleum industry, Internet companies, and government agencies. CIA hacking operations took place between Read more about Chinese security firm says CIA hacked Chinese targets for the past 11 years[…]

Details of 10.6 million Vegas MGM hotel guests posted on a hacking forum

The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week. Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the Read more about Details of 10.6 million Vegas MGM hotel guests posted on a hacking forum[…]

Confusing car autopilots using projections

The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems (ADASs) and autopilots of semi/fully autonomous cars to validate their virtual perception regarding the physical environment surrounding the car with a third party, has been exploited in various attacks suggested by researchers. Since the application of these attacks comes with a Read more about Confusing car autopilots using projections[…]

Twitter had a flaw allowing the discovery of phone numbers attached to accounts en masse. And it’s been used in the wild multiple times.

Twitter has admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of twits en masse, which could lead to their de-anonymization. In an advisory on Monday, the social network noted it had “became aware that someone was using a large network of fake accounts to exploit our Read more about Twitter had a flaw allowing the discovery of phone numbers attached to accounts en masse. And it’s been used in the wild multiple times.[…]

UN didn’t patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it, accident waiting to happen

The United Nations’ European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants’ fingertips. Incredibly, the organization decided to cover it up without informing those affected nor the public. […] A senior IT official dubbed the attack a “major meltdown,” in which personnel records – as well as Read more about UN didn’t patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it, accident waiting to happen[…]

In ‘Sophisticated’ Incident, Dozens of U.N. Servers Hacked including their active directory server

An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says that dozens of servers were “compromised” at offices in Geneva and Vienna. Those include the U.N. human rights office, which has often been a lightning rod of criticism from autocratic governments for its calling-out of Read more about In ‘Sophisticated’ Incident, Dozens of U.N. Servers Hacked including their active directory server[…]

These VIPs May Want to Make Sure Mohammed bin Salman Didn’t Hack Them

In early 2018, Saudi Crown Prince Mohammed bin Salman took a sweeping tour of the U.S. as part of a strategy to rebrand Saudi Arabia’s ruling monarchy as a modernizing force and pull off his “Vision 2030” plan—hobnobbing with a list of corporate execs and politicians that reads like a who’s who list of the Read more about These VIPs May Want to Make Sure Mohammed bin Salman Didn’t Hack Them[…]

Hackers Are Breaking Directly Into Telecom Companies using RDP to Take Over Customer Phone Numbers themselves

Hackers are now getting telecom employees to run software that lets the hackers directly reach into the internal systems of U.S. telecom companies to take over customer cell phone numbers, Motherboard has learned. Multiple sources in and familiar with the SIM swapping community as well as screenshots shared with Motherboard suggest at least AT&T, T-Mobile, Read more about Hackers Are Breaking Directly Into Telecom Companies using RDP to Take Over Customer Phone Numbers themselves[…]

Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’

An explosive leak of tens of thousands of documents from the defunct data firm Cambridge Analytica is set to expose the inner workings of the company that collapsed after the Observer revealed it had misappropriated 87 million Facebook profiles. More than 100,000 documents relating to work in 68 countries that will lay bare the global Read more about Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’[…]

Bol.com partner Toppie Speelgoed loses 10000 Belgian and Dutch customer records, now for sale on hacker forum

Personal information and what they bought, where it was delivered to. De gegevens van vermoedelijk bijna 10.000 Belgische en Nederlandse klanten die een paar jaar geleden online speelgoed kochten, worden door een hacker te koop aangeboden op het internet. Dat blijkt uit onderzoek van VRT NWS. Het gaat om persoonlijke gegevens en bepaalde aankopen van Read more about Bol.com partner Toppie Speelgoed loses 10000 Belgian and Dutch customer records, now for sale on hacker forum[…]

Using LimeGPS to spoof a fake location to any GPS device inside the room

This page details experiences using LimeSDR to simulate GPS. Note, update (Aug 15, 2017) – The center frequency should be corrected below to 1575.42MHz. It would marginally work with the original 1545.42 but 1575.42 is rock solid gps sim performance. These experiments were inspired by the excellent procedure written up here [1]. We want to Read more about Using LimeGPS to spoof a fake location to any GPS device inside the room[…]

Princesses make terrible passwords – quite possible Disney+ hacks related to this being your password.

If you used the same password for an account that was previously breached as you did for your Disney+ password, a bad actor could gain access. Furthermore, hackers with stolen datasets at their fingertips could easily filter on key terms to find the Disney fans. Just look how many times the 12 Disney princesses showed Read more about Princesses make terrible passwords – quite possible Disney+ hacks related to this being your password.[…]

Cayman Bank Targeted By Phineas Fisher Confirms it Was Hacked – 2 TB of data can be searched through now, find the money launderers

On Sunday, Motherboard reported that the hacker or hackers known as Phineas Fisher targeted a bank, stole money and documents, and is offering other hackers $100,000 to carry out politically motivated hacks. Now, the bank Phineas Fisher targeted, Cayman National Bank from the Isle of Man, confirmed it has suffered a data breach. “It is Read more about Cayman Bank Targeted By Phineas Fisher Confirms it Was Hacked – 2 TB of data can be searched through now, find the money launderers[…]

Trick or treating Android Emoji keyboard app makes millions of unauthorized purchases $18m blocked

$18 million of fraudulent charges from the app blocked by malware security platform Secure-D London, October 31st, 2019  – A popular Android keyboard app, ai.type, downloaded more than 40 million times and included in the Google Play app store, has been caught making millions of unauthorized purchases of premium digital content, researchers at mobile technology company Read more about Trick or treating Android Emoji keyboard app makes millions of unauthorized purchases $18m blocked[…]

“BriansClub” Hack finds 26M Stolen Cards

“BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 Read more about “BriansClub” Hack finds 26M Stolen Cards[…]

Egypt caught spying on journalists and human rights activists through malware and phishing

Back in March 2019, Amnesty International published a report that uncovered a targeted attack against journalists and human rights activists in Egypt. The victims even received an e-mail from Google warning them that government-backed attackers attempted to steal their passwords. According to the report, the attackers did not rely on traditional phishing methods or credential-stealing Read more about Egypt caught spying on journalists and human rights activists through malware and phishing[…]

Iran tried to hack hundreds of politicians, journalists email accounts last month, warns Microsoft

The Iranian government has attempted to hack into hundreds of Office 365 email accounts belonging to politicians, government officials and journalists last month, Microsoft has warned. “We’ve recently seen significant cyber activity by a threat group we call Phosphorous, which we believe originates from Iran and is linked to the Iranian government,” Microsoft’s vice president Read more about Iran tried to hack hundreds of politicians, journalists email accounts last month, warns Microsoft[…]

Massive wave of account hijacks hits YouTube car community creators, bypassing 2FA

Over the past few days, a massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community, a ZDNet investigation discovered following a tip from one of our readers. Several high-profile accounts from the YouTube creators car community have fallen victim to these attacks already. The list Read more about Massive wave of account hijacks hits YouTube car community creators, bypassing 2FA[…]

Card stealing MageCart infection swipes customers details and payment cards from fragrancedirect.co.uk

Online merchant fragrancedirect.co.uk has confirmed a miscreant broke into its systems and made off with a raft of customers’ personal data, including payment card details. The e-retailer, based in Macclesfield, England, wrote to punters this week to inform them of the digital burglary and the subsequent data leakage. “We recently discovered that some of our Read more about Card stealing MageCart infection swipes customers details and payment cards from fragrancedirect.co.uk[…]

Doordash  Food delivery services Latest Data Breach – 4.9m people have their physical addresses floating around the internet now

Doordash is the latest of the “services you probably use, or at least have an account with” companies to suffer a large data breach. And while your passwords likely haven’t been compromised, it’s possible that your physical address is floating around in the Internet somewhere, among other identifying information. As Doordash wrote yesterday, an unknown Read more about Doordash  Food delivery services Latest Data Breach – 4.9m people have their physical addresses floating around the internet now[…]

Football Leaks: Possible Interest Conflict Dogs Probe

Eurojust, the European Union agency that facilitates cooperation between EU prosectuors, had extended the invitation for a working meeting, the focus of which was on the probes into findings from Football Leaks, the largest data leak in history. But the meeting produced more controversy than expected. Ten countries have expressed interest in the gigantic trove Read more about Football Leaks: Possible Interest Conflict Dogs Probe[…]

up to 2% of all Apple iPhones Hacked, says Google, and Breaks ALL messaging Encryption as well as sending location data

The potential impact of the latest attack on iPhones is massive, not to mention hugely concerning for every user of Apple’s famous smartphone. That simply visiting a website can lead to your iPhone being hacked silently by some unknown party is worrying enough. But given that, according to Google researchers, it’s possible for the hackers Read more about up to 2% of all Apple iPhones Hacked, says Google, and Breaks ALL messaging Encryption as well as sending location data[…]

Data Breach in Adult Site Luscious Compromises Privacy of All Users

Luscious is a niche pornographic image site focused primarily on animated, user-uploaded content. Based on the research carried out by our team, the site has over 1 million registered users. Each user has a profile, the details of which could be accessed through our research. Private profiles allow users to upload, share, comment on, and Read more about Data Breach in Adult Site Luscious Compromises Privacy of All Users[…]

Google’s AI can be manipulated into “accidentally” deactivating targetted user accounts

Jordan B. Peterson had his gmail account deactivated and I had the opportunity to inspect the bug report as a full-time employee. What I found was that Google had a technical vulnerability that, when exploited, would take any gmail account down. Certain unknown 3rd party actors are aware of this secret vulnerability and exploit it. Read more about Google’s AI can be manipulated into “accidentally” deactivating targetted user accounts[…]