Bangladesh’s central bank hopes to retrieve $30 million more of the $81 million stolen from its account at the New York Federal Reserve in February, two bank officials said on Monday. Hackers used stolen Bangladesh Bank credentials to try to send three dozen SWIFT messages to transfer nearly $1 billion from its Fed account. They Read more about Bangladesh hopes to recover $30 million more from $81m cyber heist[…]
Adultfriendfinder.com 339,774,493 users “World’s largest sex & swinger community” Cams.com 62,668,630 users “Where adults meet models for sex chat live through webcams” Penthouse.com 7,176,877 users Adult magazine akin to Playboy Stripshow.com 1,423,192 users Another 18+ webcam site iCams.com 1,135,731 users “Free Live Sex Cams” Unknown domain 35,372 users Total: 412,214,295 aff Source: AdultFriendFinder was hacked Read more about AdultFriendFinder was hacked, together with affiliates. 400m users data out there[…]
Remember the days back in the 90s when you could cripple someones Internet connection simply by issuing a few PING command like “ping -t [target]”? This type of attack was only successful if the victim was on a dial-up modem connection. However, it turns out that a similar form of ICMP flooding can still be Read more about BlackNurse: Ping of death is back, DoS using only a laptop[…]
With proof of concept. Of course, this requires “hacking” the originating bot back and only works if the bot is running over http, but still, better than nothing. Source: Invincea Labs
An extraordinary, focused attack on DNS provider Dyn continues to disrupt internet services for hundreds of companies, including online giants Twitter, Amazon, AirBnB, Spotify and others. The worldwide assault started at approximately 11am UTC on Friday. It was a massive denial-of-service blast that knocked Dyn’s DNS anycast servers offline, resulting in knock-on impacts across the Read more about DNS devastation: Top websites whacked offline as Dyn dies again[…]
Avtech is the second most popular search term in Shodan. According to Shodan, more than 130.000 Avtech devices are exposed to the internet. That’s because there are 14 serious unpatched vulnerabilities, the guide in the link goes through. Ensure the admin interface is not exposed to the internet, change the default admin password if you Read more about Avtech devices 14 serious unpatched vulnerabilities[…]
Online skimming is a new form of card fraud. In November 2015, the first case was reported. Upon investigating, I scanned a sample of 255K online stores globally and found 3501 stores to be skimmed. It is now ten months later. Are the culprits in jail yet? Not quite, here are the numbers of compromised Read more about 69% increase in hacked online stores stealing your credit card details from 2015[…]
VIDEO Chinese hackers have attacked Tesla electric cars from afar, using exploits that can activate brakes, unlock doors, and fold mirrors from up to 20 kilometres (12 miles) away while the cars are in motion. Keen Security Lab senior researchers Sen Nie, Ling Liu, and Wen Lu, along with director Samuel Lv, demonstrated the hacks Read more about Hackers hijack Tesla Model S from afar, while the cars are moving, control is scary[…]
The answer is simpler than you might think: The defense of an innocent, learning disabled, 15-year-old girl. In the criminal complaint, she’s called “Patient A,” but to me, she has a name, Justina Pelletier. Boston Children’s Hospital disagreed with her diagnosis. They said her symptoms were psychological. They made misleading statements on an affidavit, went Read more about Why I Knocked Boston Children’s Hospital Off The Internet: A Statement From Martin Gottesfeld[…]
The Russian government “directed the recent compromises of emails from US persons and institutions,” the US Department of Homeland Security and the Office of the Director of National Intelligence said on Friday, an accusation that gives formal recognition to a claim previously voiced through unnamed sources. In late July, The New York Times reported that Read more about US govt straight up accuses Russia of hacking DNC emails[…]
The problem occurred with Spotify Free, which lets people to stream music gratis in exchange for being played and shown adverts. One advertiser sneakily embedded nasty software code into its Spotify ads that hijacked browsers on macOS and Linux systems. We’re told the ads caused the computers’ default browsers to open up dodgy websites that Read more about Is this the real life? Is this just fantasy? Spotify serving malware, no escape from reality[…]
The world’s largest distributed denial of service (DDoS) attack has been clocked from the same network of 152,463 compromised low-powered cameras and internet-of-things devices which punted a media outlet off the internet. Last days, we got lot of huge DDoS. Here, the list of “bigger that 100Gbps” only. You can see the simultaneous DDoS are Read more about 152k cameras in 990Gbps record-breaking dual DDoS[…]
The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and Read more about Yahoo suffers largest leak of all time: 550m users[…]
It has been an odd day for Newsweek – its main site was taken offline after it published a story claiming a company owned by Republican presidential candidate Donald Trump broke an embargo against doing deals with Cuba. The magazine first thought that the sheer volume of interest in its scoop was the cause for Read more about Criticize Donald Trump, get your site smashed offline from Russia[…]
In a paper [PDF] presented in August at the 25th Annual Usenix Security Symposium, researchers at École Polytechnique Fédérale de Lausanne, Cornell University, and The University of North Carolina at Chapel Hill showed that machine learning models can be stolen and that basic security measures don’t really mitigate attacks. Machine learning models may, for example, Read more about AI Machine-learning models vulnerable to reverse engineering[…]
systemd fails an assertion in manager_invoke_notify_message when a zero-length message is received over /run/systemd/notify. This allows a local user to perform a denial-of-service attack against PID 1.Proof-of-concept:NOTIFY_SOCKET=/run/systemd/notify systemd-notify “” Source: Assertion failure when PID 1 receives a zero-length message over notify socket · Issue #4234 · systemd/systemd · GitHub
By creating config files you can escalate through the mysqld_safe script using malloc_lib Source: Bad news: MySQL can dish out root access to cunning miscreants
ClixSense, a site which pays users to view ads and take surveys, was the victim of a massive data breach compromising around 6.6 million user accounts. Usually when there’s a data breach of this size, the information stolen contains usernames, passwords, and some other personal information, but due to the nature of ClixSense and the Read more about Over 6 million ClixSense users compromised by data breach[…]
Perhaps feeling a little bent out of shape about how much shit their country caught for running a massive, Cold War-style doping program for Olympic athletes, a group of Russian hackers have obtained confidential documents that they claim prove American Olympians are also big fat cheaters. The only problem is that the leaked documents don’t Read more about Russian Hackers Get Into World Anti-Doping Agency Data, Find Nothing Incriminating[…]
How hackers broke into millions of US govt personnel files Source: Read the damning dossier on the security stupidity that let China ransack OPM’s systems
By placing the smartphone next to a printer, if you know the type of printer, you can listen to it and hear what it’s printing. Then you can reassemble 94% of the original design. Source: Scientists’ sneaky smartphone software steals 3D printer designs
It’s hard to detect because once it infects it deletes the files and lays dormant in memory. It executes now and again to find and infect other hosts and can be used as part of a botnet. Malwaremustdie
HITB Florian Lukavsky hacks criminals profiting from out-of-control multi-billion dollar CEO wire transfer scams… and they hate him for it. The director of SEC Consult’s Singapore office has made a name striking back at so-called “whaling” scammers by sending malicious Word documents that breach their Windows 10 boxes and pass on identity information to police. Read more about Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops[…]
If I plug in a device that masquerades as a USB Ethernet adapter and has a computer on the other end, can I capture credentials from a system, even when locked out (yes, logged in, just locked). (..or do even more, but we’ll save that for another time, this post is already too long) Source: Read more about Use a USB dongle to emulate a nic and get credentials from locked windows machines[…]
One in five firms that pay ransom fail to get their data back, according to new research from Trend Micro. A poll of IT managers at 300 UK businesses sponsored by Trend Micro found that 44 per cent of UK businesses have been infected by ransomware in the last two years. The study also found Read more about When you’ve paid the ransom but you don’t get your data back[…]