Hacking & Cracking

User avatar
RTH10260
Posts: 25808
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#176

Post by RTH10260 »

Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum
MGM Resorts said security incident took place last summer and notified impacted guests last year.

By Catalin Cimpanu for Zero Day | February 19, 2020 -- 23:27 GMT (23:27 GMT) | Topic: Security

The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week.

Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world's largest tech companies.

ZDNet verified the authenticity of the data today, together with a security researcher from Under the Breach, a soon-to-be-launched data breach monitoring service.

A spokesperson for MGM Resorts confirmed the incident via email.



https://www.zdnet.com/article/exclusive ... ing-forum/

User avatar
RTH10260
Posts: 25808
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#177

Post by RTH10260 »

Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen

Clearview AI, which contracts with law enforcement after reportedly scraping 3 billion images from the web, now says someone got “unauthorized access” to its list of customers.

Betsy Swan
Published Feb. 26, 2020 9:55AM ET

A facial-recognition company that contracts with powerful law-enforcement agencies just reported that an intruder stole its entire client list, according to a notification the company sent to its customers.

In the notification, which The Daily Beast reviewed, the startup Clearview AI disclosed to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted. The notification said the company’s servers were not breached and that there was “no compromise of Clearview’s systems or network.” The company also said it fixed the vulnerability and that the intruder did not obtain any law-enforcement agencies’ search histories.

Tor Ekeland, an attorney for the company, said Clearview prioritizes security.

“Security is Clearview’s top priority,” he said in a statement provided to The Daily Beast. “Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”

The firm drew national attention when The New York Times ran a front-page story about its work with law-enforcement agencies. The Times reported that the company scraped 3 billion images from the internet, including from Facebook, YouTube, and Venmo.



https://www.thedailybeast.com/clearview ... was-stolen

User avatar
tek
Posts: 4319
Joined: Fri Nov 16, 2012 6:02 pm
Location: Lake Humidity, FL
Occupation: Damned if I know

Re: Hacking & Cracking

#178

Post by tek »

Clearview AI, which contracts with law enforcement after reportedly scraping 3 billion images from the web, now says someone got “unauthorized access” to its list of customers.
Well that certainly makes me feel warm and fuzzy about their ability to keep their big data confidential and their APIs under control..

not.
There's no way back
from there to here

User avatar
RTH10260
Posts: 25808
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#179

Post by RTH10260 »

Cybersecurity warning: Almost half of connected medical devices are vulnerable to hackers exploiting BlueKeep
A new report suggests that vulnerabilities in medical devices could put hospital patients at risk from hackers - but there are some simple ways to protect against these attacks.

Danny Palmer
By Danny Palmer | February 18, 2020 -- 14:00 GMT (14:00 GMT) | Topic: Security

Connected medical devices are twice as likely to be vulnerable to the BlueKeep exploit than other devices on hospital networks, putting patients and staff at additional risk from cyber attacks. This is especially concerning when healthcare is already such a popular target for hacking campaigns.

BlueKeep is a vulnerability in Microsoft's Remote Desktop Protocol (RDP) service which was discovered last year, and impacts Windows 7, Windows Server 2008 R2 and Windows Server 2008.

Microsoft issued a patch for BlueKeep after it came to light in May 2019, and security authorities including the US National Security Agency (NSA) and the UK's National Cyber Security Centre (NCSC) issued urgent warnings about patching vulnerable systems.

It was feared that BlueKeep could be deployed as a worm in a similar fashion to EternalBlue – the exploit that powered WannaCry. This cyberattack affected organisations around the world, but one of the most high-profile victims was the UK's National Health Service, which saw a number of hospital networks taken offline by the incident.

However, despite warnings over a potential repeat, large numbers of standard Windows systems – and bespoke medical devices running Windows – remain vulnerable to BlueKeep attacks.


https://www.zdnet.com/article/cybersecu ... -bluekeep/

User avatar
RTH10260
Posts: 25808
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#180

Post by RTH10260 »

Ransomware attack forces 2-day shutdown of natural gas pipeline
20 FEB 2020
by Lisa Vaas

The US Department of Homeland Security (DHS) on Tuesday said that an infection by an unidentified ransomware strain forced the shutdown of a natural-gas pipeline for two days.

Fortunately, nothing blew up. The attacker never got control of the facility’s operations, the human-machine interfaces (HMIs) that read and control the facility’s operations were successfully yanked offline, and a geographically separate central control was able to keep an eye on operations, though it wasn’t instrumental in controlling them.

Where this all went down is a mystery.

The alert, issued by DHS’s Cybersecurity and Infrastructure Security Agency (CISA), didn’t say where the affected natural gas compression facility is located. It instead stuck to summarizing the attack and provided technical guidance for other critical infrastructure operators so they can gird themselves against similar attacks.


https://nakedsecurity.sophos.com/2020/0 ... -pipeline/

User avatar
RTH10260
Posts: 25808
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#181

Post by RTH10260 »

Marriott data breach exposes 5 million guests' information. Again.
This is Marriott International's second major data breach in as many years.This is Marriott International's second major data breach in as many years.

BY AMANDA YEO
2 DAYS AGO

Marriott International has announced a massive data breach that exposed approximately 5.2 million hotel guests' information. No, not that breach. It's a new one this time.

"At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property," the international hotel chain wrote on Tuesday. "We believe this activity started in mid-January 2020."

According to Marriott International, the breach exposed information such as customers' personal and contact details, loyalty account information, airline loyalty programs, and room preferences. This included people's names, mailing addresses, email addresses, phone numbers, and birthdays.

The company claims it has no reason to believe driver license numbers, national identification numbers, passport numbers, or payment information was compromised. However, the breach is still being investigated.


https://mashable.com/article/marriott-i ... on-guests/

User avatar
RTH10260
Posts: 25808
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#182

Post by RTH10260 »

ALLEN GRUBMAN’S LAW FIRM HACKED, ‘WORKING AROUND THE CLOCK’ AS CYBERATTACK GROUP DEMANDS $21M
MAY 13, 2020BY TIM INGHAM

Grubman Shire Meiselas & Sacks (GSMS), one of the best known law firms in the music business, has been hit by a cyberattack – and the perpetrators want $21m to keep confidential files out of the public domain.

A hacking group calling itself REvil is claiming responsibility for the ransomware attack. It is threatening to release personal details of GSMS clients, including Elton John, Lady Gaga, Barbra Streisand, Lizzo and Madonna, unless GSMS pays up.

New York-based GSMS, which was founded by Allen Grubman in the 1970s, said this week in a statement: “We can confirm that we’ve been victimized by a cyberattack.

“We have notified our clients and our staff. [We] have hired the world’s experts who specialize in this area, and we are working around the clock to address these matters.”

According to Page Six, the FBI is now investigating the matter.

REvil claims to have obtained 756 gigabytes of data from GSMS, including contracts and personal emails from superstar clients. They have already posted a screenshot of what appears to be a contract for Madonna on the dark web.


https://www.musicbusinessworldwide.com/ ... nding-21m/
Note: latest news is that demand is now $42M, and "Trumps dirty laundry" to be revealed.

User avatar
Volkonski
Posts: 28377
Joined: Sat Mar 02, 2013 4:44 pm
Location: Texas Gulf Coast and North Fork of Long Island
Occupation: Retired Mechanical Engineer

Re: Hacking & Cracking

#183

Post by Volkonski »

In view of the possible release of negative information about Trump, Grubman must be prevented from paying the ransom at all costs. ;)

Law firm hackers double ransom demand, threaten Donald Trump

https://pagesix.com/2020/05/14/la-law-f ... %20buttons
On Thursday, the hackers upped the ante by posting a chilling new message saying, “The ransom is now [doubled to] $42,000,000 … The next person we’ll be publishing is Donald Trump. There’s an election going on, and we found a ton of dirty laundry on time.”

They added, “Mr. Trump, if you want to stay president, poke a sharp stick at the guys, otherwise you may forget this ambition forever. And to you voters, we can let you know that after such a publication, you certainly don’t want to see him as president … The deadline is one week.

:snippity:

It is not clear why the hackers connected Trump to Grubman. The president has never been a Grubman client, according to sources, either as a private businessman or during his administration.

On Thursday, the hackers claimed to have hacked another prominent US firm and also posted a file of stolen documents titled “Lady Gaga” on their site on the dark web.
Image“If everyone fought for their own convictions there would be no war.”
― Leo Tolstoy, War and Peace

User avatar
Reality Check
Posts: 16248
Joined: Fri Feb 20, 2009 8:09 pm
Location: USA
Contact:

Re: Hacking & Cracking

#184

Post by Reality Check »

Volkonski wrote:
Fri May 15, 2020 9:19 am
In view of the possible release of negative information about Trump, Grubman must be prevented from paying the ransom at all costs. ;)

Law firm hackers double ransom demand, threaten Donald Trump
:snippity:
Indeed. :pray:
"“If you’re not outraged, you’re not paying attention.”

Heather Heyer, November 2016

User avatar
RTH10260
Posts: 25808
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#185

Post by RTH10260 »

Volkonski wrote:
Fri May 15, 2020 9:19 am
In view of the possible release of negative information about Trump, Grubman must be prevented from paying the ransom at all costs. ;)

Law firm hackers double ransom demand, threaten Donald Trump

https://pagesix.com/2020/05/14/la-law-f ... %20buttons
:snippity:

It is not clear why the hackers connected Trump to Grubman. The president has never been a Grubman client, according to sources, either as a private businessman or during his administration.
.
Not a client, but did individual-1 let his hands grab prominent pussies and they sued him, back in the days when he was not a failure-in-command :?:

User avatar
RTH10260
Posts: 25808
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#186

Post by RTH10260 »

EasyJet Says Hackers Stole Data of 9 Million Customers
By Siddharth Vikram Philip and Ryan Gallagher
May 19, 2020, 1:50 PM GMT+2 Updated on May 19, 2020, 6:54 PM GMT+2

Credit card details for 2,208 customers also accessed
EasyJet says breach closed, contacting customers about data


EasyJet Plc said email addresses and travel data of about 9 million customers were taken by hackers in one of the biggest data breaches to hit the airline industry.

The intruders also accessed credit card details for 2,208 customers in the “highly sophisticated” attack, EasyJet said Tuesday in a statement. The airline said it’s closed off the unauthorized access, notified those whose credit-card information was exposed and will contact the rest of the customers over the next few days.

Cyber-attacks against businesses and their employees have surged this year as hackers take advantage of the disruption caused by the coronavirus pandemic. While the EasyJet breach was discovered in late January, predating the disease’s flare-up across Europe, the company is alerting those whose exposure was limited to email and travel details to guard against a rising number of so-called phishing attempts, a person familiar with the situation said.


https://www.bloomberg.com/news/articles ... -customers

Post Reply

Return to “Computers & Internet”