ash machines in the US are being hacked to spew hundreds of dollar bills – a type of theft dubbed “jackpotting” because the ATMs look like slot machines paying out winnings.A gang of miscreants have managed to steal more than $1m from ATMs using this attack, according to a senior US Secret Service official speaking Read more about Crooks make US ATMs spew million-plus bucks in ‘jackpotting’ hacks[…]
https://github.com/NullArray/AutoSploitAs the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform specific search query such as; Apache, IIS, etc, upon which a list of candidates will be retrieved. After this operation has Read more about AutoSploit searches shodan for weak machines and metasploit to hack them for you[…]
At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago – Read more about Skygofree: Serious offensive Android malware, since 2014[…]
The crooks had infected the network of Hancock Health, in Indiana, with the Samsam software nasty, which scrambled files and demanded payment to recover the documents. The criminals broke in around 9.30pm on January 11 after finding a box with an exploitable Remote Desktop Protocol (RDP) server, and inject their ransomware into connected computers. Medical Read more about Hospital injects $60,000 into crims’ coffers to cure malware infection[…]
BCC and MediaMarkt are large electronics stores in NL. Ziggo is a large internet ISP. By linking to fake pages through marktplaats.nl (the Dutch ebay / Craigslist equivalent) people were able to shop for products on the fake sites, which were never delivered. Using a chat interface, the crims tried to gain access to the Read more about 300 Dutch customers fell for fake popular website ring. Perps picked up and given a few months of prison time.[…]
The exploit allowed hackers to request a password reset for a target account and then click the generated link without opening the email it had been sent in. How was this possible? Theories circulated, buoyed by posts on Hacker Noon and The Next Web. It was the r/bitcoin users out to cause trouble; Or was Read more about How a Reddit Email Vulnerability Led to Thousands in Stolen Bitcoin Cash[…]
It took just Rs 500, paid through Paytm, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may Read more about Rs 500, 10 minutes, and you have access to billion Aadhaar (Indian social security) details[…]
Malware discovered by Symantec researchers sneakily spoofs Uber’s Android app and harvests users’ passwords, allowing attackers to take over the effected users’ accounts. The malware isn’t widespread, though, and most Uber users are not effected. […] In order to steal a user’s login information, the malware pops up on-screen regularly and prompts the user to Read more about Rare Malware Targeting Uber’s Android App Uncovered[…]
The basic principle behind this attack is that sound waves introduce mechanical vibrations into an HDD’s data-storage platters. If the sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect.Because hard drives store vasts amounts of information inside small areas of each platter, they are programmed to stop Read more about Acoustic Attacks on HDDs cause them to shut down[…]
A breach at Forever 21 left customer payment card information exposed to hackers, the retailer confirmed Thursday. The company didn’t specify how many customers had information stolen, but said various point of sales terminals were affected between April 3 and November 18, 2017. Hackers collected credit card numbers, expiration dates, verification codes and sometimes cardholder Read more about Forever 21: Yes, hackers breached our payment system for half of 2017[…]
t is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.The fix is to separate the kernel’s memory completely from user Read more about ‘Kernel memory leaking’ Intel / ARM processor design flaw forces Linux, Windows, OSX redesign, massive slowdowns to be expected[…]
A Romanian man and woman are accused of hacking into the outdoor surveillance system deployed by Washington DC police, which they used to distribute ransomware.The two suspects are named Mihai Alexandru Isvanca and Eveline Cismaru, Romanian nationals, both arrested last week by Romanian authorities part of Operation Bakovia that culminated with the arrest of five Read more about Hackers Used DC Police Surveillance System to Distribute Ransomware[…]
Nissan Canada’s vehicle-financing wing has been hacked, putting personal information on as many as 1.13 million customers in the hands of miscreants. […] According to Nissan Canada, the exposed data includes at least customer names, addresses, vehicle makes and models, vehicle identification numbers (VINs), credit scores, loan amounts and monthly payment figures. “We are still Read more about Nissan Canada Finance hacked, up to 1.1m Canucks exposed[…]
Unlike adversarial models that attack AIs “from the inside”, attacks developed for black boxes could be used against closed system like autonomous cars, security (facial recognition, for example), or speech recognition (Alexa or Cortana).The tool, called Foolbox, is currently under review for presentation at next year’s International Conference on Learning Representations (kicking off at the Read more about Another AI attack, this time against ‘black box’ machine learning[…]
Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models.Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.HP said more than 460 models of laptop were affected by the “potential security vulnerability”.It Read more about HP laptops found to have hidden keylogger – BBC News[…]
CyberX demonstrated how to inject specially-crafted ladder logic code into a Siemens S7-1200 PLC. The code uses memory copy operations to generate frequency-modulated RF signals slightly below the AM band (340kHz-420kHz), with the modulation representing encoded data.The emitted RF signals are a byproduct of repeatedly writing to PLC memory in a specific way.Once transmitted the Read more about Airgapping via PLC[…]
The group has conducted more than 20 successful attacks on financial institutions and legal firms in the USA, UK and Russia in the last two months alone, according to Russian incident response firm Group-IB. MoneyTaker has primarily targeted card processing systems, including the AWS CBR (Russian Interbank System) and purportedly SWIFT (US).In addition to banks, Read more about New Ruski hacker clan exposed: They’re called MoneyTaker, and they’re gonna take your money • The Register[…]
Penetration tester Sabri Haddouche has reintroduced the world to email source spoofing, bypassing spam filters and protections like Domain-based Message Authentication, Reporting and Conformance (DMARC), thereby posing a risk to anyone running a vulnerable and unpatched mail client.What he’s found is that more than 30 mail clients including Apple Mail, Thunderbird, various Windows clients, Yahoo! Read more about Mailsploit: It’s 2017, and you can spoof the ‘from’ in email to fool filters[…]
New submitter Chir breaks the news to us that the NiceHash crypto-mining marketplace has been hacked. The crypto mining pool broke the news on Reddit, where users suggest that as many as 4,736.42 BTC — an amount worth more than $62 million at current prices — has been stolen. The NiceHash team is urging users Read more about NiceHash Hacked, $62 Million of Bitcoin May Be Stolen[…]
Uber’s ride-sharing service has given birth to some of the most creative criminal scams to date, including using a GPS-spoofing app to rip off riders in Nigeria, and even ginning up fake drivers by using stolen identities.Add to those this nefariously genius operation: Cybercriminals, many working in Russia, have created their own illegitimate taxi services Read more about The Underground Uber Networks Driven by Russian Hackers[…]
PayPal says that one of the companies it recently acquired suffered a security incident during which an attacker appears to have accessed servers that stored information for 1.6 million customers.The victim of the security breach is TIO Networks, a Canadian company that runs a network of over 60,000 utility and bills payment kiosks across North Read more about PayPal Says 1.6 Million Customer Details Stolen in Breach at Canadian Subsidiary[…]
In a sustained campaign, Voits managed to get the login details and passwords for 1,600 county employees, including for the Xjail computer system that is used to track inmates. By March he had the logins to the prison management system and tried to amend the records of one inmate to arrange their early release. His Read more about Prison hacker who tried to free friend now likely to join him inside[…]
Pawnbroking and secondhand goods outlet Cash Converters has suffered a data breach. Customers were notified of the leak on Thursday by email, samples of which have been posted on social media. Cash Converters said it had discovered that a third party gained unauthorised access to customer data within the company’s UK webshop. Credit card data Read more about Pawnbroker pwnd: Cash Converters says hacker slurped customer data[…]
the individuals were able to download files containing a significant amount of other information, including: The names and driver’s license numbers of around 600,000 drivers in the United States. Drivers can learn more here. Some personal information of 57 million Uber users around the world, including the drivers described above. This information included names, email Read more about Uber loses personal info on 600K drivers and 57M users in 2016. Pays hackers $100K in hope they delete it. Forgets to mention this in apology.[…]
FireEye’s Innovation and Custom Engineering (ICE) team released a tool today called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI (Figure 1 shows the dashboard) to create, view, and manage tasks. Simply deploy a GoCrack server along with a worker on Read more about Introducing GoCrack: A Managed distributed Password Cracking Tool[…]