A new ransomlock variant, which mainly affects the US, tricks users into calling a toll-free number to reactivate their Windows computer. […] Victims of this threat can unlock their computer using the code: 8716098676542789 Source: New ransomware mimics Microsoft activation window | Symantec Connect Community It also turns out that calling the support number on Read more about New ransomware mimics Microsoft activation window[…]
The thermostat in question has a large LCD display, runs the operating system Linux, and has an SD card that allows users to load custom settings or wallpapers. The researchers found that the thermostat didn’t really check what kind of files it was running and executing. In theory, this would allow a malicious hacker to Read more about White hat Hackers Make the First-Ever Ransomware for Smart Thermostats[…]
In a proof-of-concept video the boffins place a phone in an empty conference room three metres (10 feet) from a speaker. Commands are issued that sound to like a drowning dalek to Vulture South’s ears. That garbling makes the commands difficult for humans to understand but passable for Siri and her ilk. The attackers activate Read more about Drowning Dalek commands Siri in voice-rec hack attack[…]
Wendy’s said hackers were able to steal customers’ credit and debit card information at 1,025 of its U.S. restaurants, far more than it originally thought. The hamburger chain said Thursday hackers were able to obtain card numbers, names, expiration dates and codes on the card, beginning in late fall. Some customers’ cards were used to Read more about Wendy’s Says More Than 1,000 Restaurants Affected by Hack[…]
MouseJack is a collection of security vulnerabilities affecting non-Bluetooth wireless mice and keyboards. Spanning seven vendors, these vulnerabilities enable an attacker to type arbitrary commands into a victim’s computer from up to 100 meters away using a $15 USB dongle.
Is it a bug or is it a backdoor? is exposed to a UEFI bug that can be exploited to disable firmware write-protection. If the claims made by Dmytro Oleksiuk at Github are correct, an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, Read more about Intel based PCs with BIOS vuln[…]
An anonymous hacker managed to obtain an enormous number of user credentials in June 2013 from fallen social networking giant MySpace — some 427 million passwords, belonging to approx. 360 million users. In May 2016, a person started selling that database of passwords on the dark web. Now, the entire database is available online for Read more about You can now browse through 427 million stolen MySpace passwords[…]
The PC maker has started writing to customers [PDF] warning that their personal records were siphoned off from its online store by crooks between May 12, 2015 and April 28, 2016. Acer did not say how many customers had their details swiped. The lost data includes customer names, addresses, card numbers, and three-digit security verification Read more about Acer leaks payment cards in e-store hack[…]
Researchers have uncovered an underground marketplace selling information on over 70,000 compromised servers based around the globe. Russia-based Kaspersky Lab has revealed today that the online forum, named xDedic, seems to be operated by a Russian-speaking organisation and allows hackers to pay for undetectable access to a wide range of servers, including those owned by Read more about Buy one of 70K hacked servers from $6, get control kit with it[…]
Bitdefender vulnerability researcher Radu Caragea presented today at the Hack In The Box Amsterdam conference a novel way to extract TLS keys from virtual machines, using an out-of-guest approach. The new technique works to detect the creation of TLS session keys in memory as the virtual machine is running. The presentation covers a novel technique Read more about TeLeScope can decrypt your TLS traffic realtime if on a hypervised machine (which most people are nowadays)[…]
the database shows email addresses, passwords that were hashed and salted passwords with MD5 (an algorithm that nowadays is easy to crack), as well as a user’s IP address (which in some cases can determine location), and the site that the record was taken from. Source: Exclusive: Hundreds of forums hacked, leaking millions of users’ Read more about Hundreds of VerticalScope forums hacked, leaking 45 million user accounts[…]
Troy Hunt, a security researcher who maintains the data breach awareness portal Have I Been Pwned, recently obtained a copy of the stolen data set. Hunt told Motherboard that the data contained 65,469,298 unique emails and passwords. Source: Hackers Stole 65 Million Passwords From Tumblr, New Analysis Reveals | Motherboard
Once the magic card is inserted, the malware is ready to interact with two different types of cards, each with different functions: 1.Card type 1 – request commands through the interface 2.Card type 2 – execute the command hardcoded in the Track2 After the card is ejected, the user will be presented with a form, Read more about Skimer ATM Malware takes it to a new level[…]
TOKYO (Kyodo) — A total of 1.4 billion yen ($12.7 million) in cash has been stolen from some 1,400 automated teller machines in convenience stores across Japan in the space of two hours earlier this month, investigative sources said Sunday. Police suspect that the cash was withdrawn at ATMs using counterfeit credit cards containing account Read more about 1.4 bil. yen stolen from 1,400 convenience store ATMs across Japan[…]
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/may/gsmgprs-traffic-interception-for-penetration-testing-engagements/ An excellent howto on gsm gprs listening and setting up your own 4g / 2g base to intercept traffic
Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thousands of “ghost drivers” that can monitor the drivers around them—an exploit that could be used to track Waze users in real-time. They proved it to me by tracking my own movements around San Francisco and Las Vegas Read more about If you use Waze, hackers can stalk you, add thousands of ghost cars to divert your traffic[…]
_ _ _ ____ _ _ | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | _ | (_| | (__| < | |_) | (_| | (__|
A trove of leaked information, purported to be the entire Turkish citizenship database, has been leaked. The leaked info appears to contain names, addresses and ID numbers of more than 49 million citizens. If confirmed the leak would become one of the biggest privacy breaches, by number of records, ever. Source: Did hacktivists really just Read more about Did hacktivists really just expose half of Turkey’s entire population to ID theft?[…]
The team, led by Mohammad Al Faruque, director of UCI’s Advanced Integrated Cyber-Physical Systems Lab, showed that a device as ordinary and ubiquitous as a smartphone can be placed next to a machine and capture acoustic signals that carry information about the precise movements of the printer’s nozzle. The recording can then be used to Read more about 3D printed items can be reversed engineered using a smartphone to listen to the sound of the printing proces[…]
“These (mechanics) tool have the codes to read and write firmware and if it is compromised by a malicious car it can modify the firmware of other cars that come in afterwards,” Smith told Vulture South at the Nullcon security conference in Goa, India. Smith’s mechanic malware compromises of learning, simulation, and attack modes. Learning Read more about Pwn all cars by using the car mechanic PC as an attack vector[…]
The hackers breached Bangladesh Bank’s systems and stole its credentials for payment transfers, two senior officials at the bank said. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank’s account there to entities in the Philippines and Sri Lanka, the officials said. Read more about How a hacker’s typo helped stop a billion dollar bank heist[…]
The Vodafone network does not generate random TMSI numbers, which allows you to copy them and thereby listen in to other ongoing conversations. The network won’t throw off duplicates. If you have an IMSI catcher you can exploit this. It does, however, put the phone into conference call mode, which shows up on the screen. Read more about Vodafone network allows you to copy yourself into someone elses conversation[…]
Today at the Security Analyst Summit, researchers from Kaspersky Lab Global Research & Analysis Team unveiled details on two new criminal operations that have borrowed heavily from targeted nation-state attacks, and also shared an update on a resurgent Carbanak gang, which last year, it was reported, had allegedly stolen upwards of $1 billion from more Read more about Carbanak 2.0, Metel, GCMAN Borrow from APT Attacks[…]
As promised, hacker publishes personal information of 20,000 FBI agents, allegedly stolen from a hacked Department of Justice computer. Source: Hacker Publishes Personal Info of 20,000 FBI Agents | Motherboard