A data dump purported to contain 60 million Dropbox user IDs [and passwords] is the real thing, with the company confirming it to The Register, and independent verification from security researcher Troy Hunt.
Source: Dropbox: 2012 credentials file is real
At its then peak, Angler was behind a whopping 40 percent of all exploit kit infections having compromised nearly 100,000 websites and tens of millions of users, generating some US$34 million annually for its authors.
Source: Angler’s obituary: Super exploit kit was the work of Russia’s Lurk group
The explanation is first rate and will allow anyone to perform a non-technical man in the middle attack, going from eavesdropping to exploitation.
Source: Tinder Social Engineering Attack – HERT
Infowars, created by famed radio host and conspiracy theorist Alex Jones, produces radio, documentaries and written pieces. The dumped data relates to Prison Planet TV, which gives paying subscribers access to a variety of Infowars content. The data includes email addresses, usernames, and poorly hashed passwords.
The administrator of breach notification site Databases.Land provided a copy of 100,223 records to Motherboard for verification purposes. Vigilante.PW, another breach notification service, also has the Infowars dump listed on its site, and says the data comes from 2014. However, every record appears to have been included twice in the data, making the actual number of user accounts closer to 50,000.
Source: Tens of Thousands of Infowars Accounts Hacked
The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.
The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections.
Source: FBI says foreign hackers penetrated state election systems [Video]
On Monday, a hacking group calling itself the “ShadowBrokers” announced an auction for what it claimed were “cyber weapons” made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide.
The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA’s virtual fingerprints and clearly originates from the agency.
Source: The NSA Leak Is Real, Snowden Documents Confirm
Protecting GPS From Spoofers Is Critical to the Future of Navigation – IEEE Spectrum
‘DiskFiltration,’ a covert channel which facilitates the leakage of data from an air-gapped compute via acoustic signals emitted from its hard disk drive (HDD). Our method is unique in that, unlike other acoustic covert channels, it doesn’t require the presence of speakers or audio hardware in the air-gapped computer. A malware installed on a compromised machine can generate acoustic emissions at specific audio frequencies by controlling the movements of the HDD’s actuator arm. Digital Information can be modulated over the acoustic signals and then be picked up by a nearby receiver (e.g., smartphone, smartwatch, laptop, etc.)
Doesn’t work for SSDs 🙂
The hack can be used by thieves to wirelessly unlock as many as 100 million VW cars, each at the press of a button. Almost every vehicle the Volkswagen group has sold for the past 20 years – including cars badged under the Audi and Skoda brands – is potentially vulnerable, say the researchers. The problem stems from VW’s reliance on a “few, global master keys.”
Source: Thieves can wirelessly unlock up to 100 million Volkswagens, each at the press of a button
The web interface contains a number of critical vulnerabilities that can be abused by unauthenticated attackers. These consist of monitoring backdoors left in the PHP files that are supposed to be used by NUUO’s engineers, hardcoded credentials, poorly sanitised input and a buffer overflow which can be abused to achieve code execution on NUUO’s devices as root, and on NETGEAR as the admin user.
Source: Full Disclosure: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance
That’s a disaster! And the manufacturers are not responding!
A new ransomlock variant, which mainly affects the US, tricks users into calling a toll-free number to reactivate their Windows computer.
[…]
Victims of this threat can unlock their computer using the code: 8716098676542789
Source: New ransomware mimics Microsoft activation window | Symantec Connect Community
It also turns out that calling the support number on the screen no longer has people picking up.
The thermostat in question has a large LCD display, runs the operating system Linux, and has an SD card that allows users to load custom settings or wallpapers. The researchers found that the thermostat didn’t really check what kind of files it was running and executing. In theory, this would allow a malicious hacker to hide malware into an application or what looks like a picture and trick users to transfer it on the thermostat, making it run automatically.
Source: Hackers Make the First-Ever Ransomware for Smart Thermostats
In a proof-of-concept video the boffins place a phone in an empty conference room three metres (10 feet) from a speaker. Commands are issued that sound to like a drowning dalek to Vulture South’s ears. That garbling makes the commands difficult for humans to understand but passable for Siri and her ilk.
The attackers activate airplane mode (a denial of service attack), and open website xkcd.com which they write in the paper could be substituted for a phishing or malware download site.
Source: Drowning Dalek commands Siri in voice-rec hack attack
Wendy’s said hackers were able to steal customers’ credit and debit card information at 1,025 of its U.S. restaurants, far more than it originally thought.
The hamburger chain said Thursday hackers were able to obtain card numbers, names, expiration dates and codes on the card, beginning in late fall. Some customers’ cards were used to make fraudulent purchases at other stores.
Wendy’s Co. urged customers to check their accounts for any fraudulent purchases.
The Dublin, Ohio, company first announced it was investigating a possible hack in January. In May, it said malware was found in fewer than 300 restaurants. About a month later, it said two types of malware were found and the number of restaurants affected was “considerably higher.”
There are more than 5,700 Wendy’s restaurants in the U.S.
Customers can see which locations were affected through the Wendy’s website . The company said it is offering free one-year credit monitoring to people who paid with a card at any of those restaurants.
Source: Wendy’s Says More Than 1,000 Restaurants Affected by Hack
Is it a bug or is it a backdoor?
is exposed to a UEFI bug that can be exploited to disable firmware write-protection.
If the claims made by Dmytro Oleksiuk at Github are correct, an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise.”
The reason Oleksiuk believes other vendors are also vulnerable is that the buggy code is inherited from Intel. He writes that the SystemSmmRuntimeRt was copied from Intel reference code.
Source: Lenovo scrambling to get a fix for BIOS vuln
Also confirmed on HP pavilions
An anonymous hacker managed to obtain an enormous number of user credentials in June 2013 from fallen social networking giant MySpace — some 427 million passwords, belonging to approx. 360 million users. In May 2016, a person started selling that database of passwords on the dark web. Now, the entire database is available online for free.
Source: You can now browse through 427 million stolen MySpace passwords
The password for the file is KLub8pT&iU$8oBY(*$NOiu
The PC maker has started writing to customers [PDF] warning that their personal records were siphoned off from its online store by crooks between May 12, 2015 and April 28, 2016.
Acer did not say how many customers had their details swiped.
The lost data includes customer names, addresses, card numbers, and three-digit security verification codes on the backs of the cards. Acer says that no passwords or social security numbers were obtained by the thieves, which will be of no comfort whatsoever to the victims.
Source: You Acer holes! PC maker leaks payment cards in e-store hack
Oh dear, why were they keeping all that information in a database anyway?!
Researchers have uncovered an underground marketplace selling information on over 70,000 compromised servers based around the globe.
Russia-based Kaspersky Lab has revealed today that the online forum, named xDedic, seems to be operated by a Russian-speaking organisation and allows hackers to pay for undetectable access to a wide range of servers, including those owned by government, corporate and academic groups in more than 170 countries. XDedic takes a 5% fee for all funds placed into its trading accounts.
Access to a compromised server can be bought for as little as $6 (approx. £4). The kit comes with relevant software to instruct on launching denial-of-service attacks and spam campaigns on the targeted network, as well as allowing criminals to illegally produce bitcoin and breach online systems, such as retail payment platforms.
With an upgrade to $7 cybercriminals can gain access to government-based servers, including systems in interior and foreign ministries, commerce departments and local councils. Paying up to $15, can allow a hacker access to high-capacity network connections, explained Costin Raiu, director of Kaspersky’s research and analysis unit
Source: Online marketplace sells hackers access to breached servers
Bitdefender vulnerability researcher Radu Caragea presented today at the Hack In The Box Amsterdam conference a novel way to extract TLS keys from virtual machines, using an out-of-guest approach. The new technique works to detect the creation of TLS session keys in memory as the virtual machine is running.
The presentation covers a novel technique that not only works for virtualized machines but is also OS-agnostic and crypto-library-agnostic. With a minimal overhead both in terms of speed and in terms of setup, this new technique offers insight into dynamic malware analysis of infected machines.
Source: TeLeScope unveiled at Hack In the Box | Bitdefender Labs
the database shows email addresses, passwords that were hashed and salted passwords with MD5 (an algorithm that nowadays is easy to crack), as well as a user’s IP address (which in some cases can determine location), and the site that the record was taken from.
Source: Exclusive: Hundreds of forums hacked, leaking millions of users’ data
You can search the database on leakedsource
Troy Hunt, a security researcher who maintains the data breach awareness portal Have I Been Pwned, recently obtained a copy of the stolen data set. Hunt told Motherboard that the data contained 65,469,298 unique emails and passwords.
Source: Hackers Stole 65 Million Passwords From Tumblr, New Analysis Reveals | Motherboard
Once the magic card is inserted, the malware is ready to interact with two different types of cards, each with different functions:
1.Card type 1 – request commands through the interface
2.Card type 2 – execute the command hardcoded in the Track2
After the card is ejected, the user will be presented with a form, asking them to insert the session key in less than 60 seconds. Now the user is authenticated, and the malware will accept 21 different codes for setting its activity. These codes should be entered from the pin pad.
Below is a list of the most important features:
1.Show installation details;
2.Dispense money – 40 notes from the specified cassette;
3.Start collecting the details of inserted cards;
4.Print collected card details;
5.Self delete;
6.Debug mode;
7.Update (the updated malware code is embedded on the card).
During its activity, the malware also creates the following files or NTFS streams (depending on the file system type). These files are used by the malware at different stages of its activity, such as storing the configuration, storing skimmed card data and logging its activity:
TOKYO (Kyodo) — A total of 1.4 billion yen ($12.7 million) in cash has been stolen from some 1,400 automated teller machines in convenience stores across Japan in the space of two hours earlier this month, investigative sources said Sunday.
Police suspect that the cash was withdrawn at ATMs using counterfeit credit cards containing account information leaked from a South African bank.
Japanese police will work with South African authorities through the International Criminal Police Organization to look into the major theft, including how credit card information was leaked, the sources said.
The theft at convenience store ATMs took place in the morning of May 15 in Tokyo and 16 prefectures across the country, and police believe over 100 people might have coordinated in the unlawful withdrawal.
In each of the approximately 14,000 transactions, the maximum amount of 100,000 yen was withdrawn from Seven Bank ATMs using the fake credit cards, according to the sources.
An excellent howto on gsm gprs listening and setting up your own 4g / 2g base
to intercept traffic