A Russian group has hacked 1.2 billion usernames and passwords belonging to more than 500 million email addresses, according to Hold Security – a US firm specialising in discovering breaches. Hold Security described the hack as the "largest data breach known to date". It claimed the stolen information came from more than 420,000 websites, including Read more about Russia gang hacks 1.2 billion usernames and passwords[…]
As the entry point, they exploit a vulnerability in Microsoft Word with the help of a crafted Word document they spread via email. The same approach would work with any other exploit. After that, they make sure that the malicious activities survive system re-boot by creating an encoded autostart registry key. To remain undetected, this Read more about Malware without files on the PC, encoded in the registry[…]
Once reprogrammed, benign devices can turn malicious in many ways, including: A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer. The device can also Read more about BadUSB – Turning USB peripherals into hacking vectors[…]
In January 2013, a chap called Jonathan Moylan sent a single email that caused an AU$314m – £174m or $295m – dip in a coal company’s value. The email was a fake press release stating that Whitehaven Coal’s bank, ANZ, had decided not to lend the mining firm the billion or so dollars needed to Read more about ONE EMAIL costs mining company $300 Million in stock fall[…]
Think W3 Limited was hacked in December 2012 in an attack that relied on what the ICO described as "insecure" coding on the website of its subsidiary business, Essential Travel Ltd. The unidentified hacker behind the attack siphoned off a total of 1,163,996 credit and debit card records (431K current and 733K expired). "Cardholder details Read more about W3 Ltd lost > 1m credit card records in website breach.[…]
The European Central Bank (ECB) said on Thursday there had been a breach of the security protecting a database serving its public website. This led to the theft of email addresses and other contact data left by people registering for events at the ECB. via ECB: ECB announces theft of contact information.
In an unbelievably sane move, the UK has accepted that piracy exists and that cutting people from the internet won’t work very well. Geoff Taylor, chief executive of music trade body the BPI, said VCAP was about “persuading the persuadable, such as parents who do not know what is going on with their net connection.” Read more about UK: 4 strikes, not out, pirates![…]
the distributor (Source Interlink) decided to close its doors to magazine distribution after losing Time Inc.’s business. This caused us to scramble to find alternative methods of getting our magazine into stores around the world, a feat we accomplished without too much difficulty. But getting what was left of Source Interlink, now rebranded as “TEN: Read more about 2600 magazine ripped off by TEN: The Enthusiast Network[…]
SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners. SHODAN – Computer Search Engine.
Cupid is a pair of patches for hostapd-2.1 and wpa_supplicant-2.1 to exploit heartbleed on Wireless networks that use EAP Authentication methods based on TLS (specifically OpenSSL) via lgrangeia/cupid · GitHub.
And yes, userdetails were stolen… avast! blog » AVAST forum offline due to attack.
"NICE Recording eXpress is designed specifically for the audio recording needs of the small and medium sized Public Safety organisation. This advanced recording solution offers a comprehensive, advanced, easy-to-install and affordable platform built for the Public Safety environment and Command and Control operations delivering optimal recording functionality and quality management." Source: http://www.nice.com/sites/default/files/nicerecordingexpress050112.pdf.pdf.pdf Business recommendation: ======================== Read more about Police voice recording systems hackable with backdoors[…]
If you have an eBay account, it’s time to change your password. The company released a statement today saying their internal and customer databases were compromised earlier this year, and starting today they’ll prompt everyone to change their passwords. Attackers made off with names, addresses, email addresses, phone numbers, birth dates, and of course, encrypted Read more about eBay Hacked, Change Your Passwords Now[…]
Samsung Galaxy devices running proprietary Android versions come with a back-door that provides remote access to the data stored on the device. In particular, the proprietary software that is in charge of handling the communications with the modem, using the Samsung IPC protocol, implements a class of requests known as RFS commands, that allows the Read more about Samsung Galaxy Backdoor[…]
The man used his first-class ticket to score free meals and drinks at a VIP airport lounge nearly every day for a year, the Kwong Wah Yit Poh reported. He changed his flight itinerary more than 300 times within the year so he could enjoy the facilities at the Xi’an Airport in Shaanxi, China. What’s Read more about China Eastern Airlines passenger uses first class ticket for free meals[…]
70,000 was just one of the numbers that I was able to go up to. And I stopped after that. You know, and I’m sure it’s hundreds of thousands, if not more and it was done within about a four-minute time frame. So, it’s just wide open. You can literally just open up your browser, Read more about Insecure healthcare.gov allowed hacker to access 70,000 records in 4 minutes[…]
Any person with a mailbox in a company using Office 365 could exploit this vulnerability to obtain full Administrative permissions over their entire company’s Office 365 environment using just a few lines of JavaScript Office 365 Vulnerability Allowed Unauthorized Administrator Access. It’s been fixed now 🙂
These are some volatility plugins that extract the masterkeys from a memory dump, enabling you to extract them from Windows / Linux machines and giving you full acces to the disks as well as identifying the disks. Volatility Labs: TrueCrypt Master Key Extraction And Volume Identification.
Turns out that to correct errors, each SD card comes with a 100mhz microcontroller which reports on the size of the device and runs algorithms to block out certain errors. On at least one brand, the firmware loader is not secured. This opens up a host of possibilities, from a very cheap source of Arduino Read more about On Hacking MicroSD Cards[…]
According to revelations about the QUANTUM program, the NSA can “shoot” (their words) an exploit at any target it desires as his or her traffic passes across the backbone. It appears that the NSA and GCHQ were the first to turn the internet backbone into a weapon; absent Snowdens of their own, other countries may Read more about Our Government Has Weaponized the Internet. Here’s How They Did It | Wired Opinion | Wired.com[…]
SkyJack (available from github) is primarily a perl application which runs off of a Linux machine, runs aircrack-ng in order to get its wifi card into monitor mode, detects all wireless networks and clients around, deactivates any clients connected to Parrot AR.drones, connects to the now free Parrot AR.Drone as its owner, then uses node.js with Read more about SkyJack – autonomous drone hacking[…]
http://jewelpie.com/easy-way-to-peel-mandarin-oranges/
A hack attack against an Irish loyalty programme firm, Loyaltybuild, has led to the theft of the full credit card details of at least 376,000 consumers, says the country’s data protection watchdog.According to the results of a preliminary investigation by the Office of the Data Protection Commissioner (ODPC), credit card and – contrary to all payment storage Read more about Hackers steal ‘FULL credit card details’ of 376,000 people from Irish loyalty programme firm[…]
One of the better, understandable, but still technical, explanations of why the encrypted password list of 38 million users being out in the open is such a disaster. Anatomy of a password disaster – Adobe’s giant-sized cryptographic blunder | Naked Security.
A Melbourne security professional has sent ear-piercing ‘garbage’ tunes to the top of online music charts by spoofing track plays. Despite that Peter Filimore (@typhoonfilsy) has never played an instrument, in a month he accrued hundreds of thousands of plays for his tunes hosted in online music charts, trumping artists like P!nk, Nicki Minaj, Flume Read more about Hacker uses bots to top music charts, earn royalties without being able to make music[…]