Hacking & Cracking

User avatar
Flatpointhigh
Posts: 7527
Joined: Fri Dec 09, 2011 1:05 pm
Location: Hotel California, PH23
Occupation: Voice Actor, Podcaster, I hold a Ph.D in Procrastination.
Contact:

Re: Hacking & Cracking

#76

Post by Flatpointhigh » Fri Jan 12, 2018 11:52 am

Addie wrote:
Fri Dec 22, 2017 10:09 am
Associated Press
Russian hackers targeted more than 200 journalists globally ...

The AP identified journalists as the third-largest group on a hacking hit list obtained from cybersecurity firm Secureworks, after diplomatic personnel and U.S. Democrats. About 50 of the journalists worked at The New York Times. Another 50 were either foreign correspondents based in Moscow or Russian reporters like Lobkov who worked for independent news outlets. Others were prominent media figures in Ukraine, Moldova, the Baltics or Washington.

The list of journalists provides new evidence for the U.S. intelligence community's conclusion that Fancy Bear acted on behalf of the Russian government when it intervened in the U.S. presidential election. Spy agencies say the hackers were working to help Republican Donald Trump. The Russian government has denied interfering in the American election.

Previous AP reporting has shown how Fancy Bear — which Secureworks nicknamed Iron Twilight — used phishing emails to try to compromise Russian opposition leaders, Ukrainian politicians and U.S. intelligence figures, along with Hillary Clinton campaign chairman John Podesta and more than 130 other Democrats.

Lobkov, 50, said he saw hacks like the one that turned his day upside-down in December 2015 as dress rehearsals for the email leaks that struck the Democrats in the United States the following year.

"I think the hackers in the service of the Fatherland were long getting their training on our lot before venturing outside."
And Edward Snowden wants them to use the "open source" privacy app "Haven"



"It is wrong to say God made rich and poor; He only made male and female, and He gave them the Earth as their inheritance."- Thomas Paine, Forward to Agrarian Justice
Cancer broke me

User avatar
RVInit
Posts: 6796
Joined: Sat Mar 05, 2016 4:31 pm

Re: Hacking & Cracking

#77

Post by RVInit » Fri Jan 12, 2018 11:58 am

Addie wrote:
Fri Jan 12, 2018 11:48 am
Associated Press
Cybersecurity firm: US Senate in Russian hackers' crosshairs

PARIS (AP) — The same Russian government-aligned hackers who penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate, a cybersecurity firm said Friday.

The revelation suggests the group often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 U.S. electoral contest, is still busy trying to gather the emails of America's political elite.

"They're still very active — in making preparations at least — to influence public opinion again," said Feike Hacquebord, a security researcher at Trend Micro Inc., which published the report . "They are looking for information they might leak later."

The Senate Sergeant at Arms office, which is responsible for the upper house's security, declined to comment.

Hacquebord said he based his report on the discovery of a clutch of suspicious-looking websites dressed up to look like the U.S. Senate's internal email system. He then cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which his Tokyo-based firm dubs "Pawn Storm."
Hopefully Democratic candidates/incumbents have figured out by now that it is just plain stoopid to put anything controversial or incriminating in writing, particularly in email writing.


"I know that human being and fish can coexist peacefully"
--- George W Bush

ImageImage

User avatar
Notorial Dissent
Posts: 9990
Joined: Thu Oct 17, 2013 8:21 pm

Re: Hacking & Cracking

#78

Post by Notorial Dissent » Fri Jan 12, 2018 7:59 pm

RVInit wrote:
Fri Jan 12, 2018 11:58 am
Addie wrote:
Fri Jan 12, 2018 11:48 am
Associated Press
Cybersecurity firm: US Senate in Russian hackers' crosshairs

PARIS (AP) — The same Russian government-aligned hackers who penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate, a cybersecurity firm said Friday.

The revelation suggests the group often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 U.S. electoral contest, is still busy trying to gather the emails of America's political elite.

"They're still very active — in making preparations at least — to influence public opinion again," said Feike Hacquebord, a security researcher at Trend Micro Inc., which published the report . "They are looking for information they might leak later."

The Senate Sergeant at Arms office, which is responsible for the upper house's security, declined to comment.

Hacquebord said he based his report on the discovery of a clutch of suspicious-looking websites dressed up to look like the U.S. Senate's internal email system. He then cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which his Tokyo-based firm dubs "Pawn Storm."
Hopefully Democratic candidates/incumbents have figured out by now that it is just plain stoopid to put anything controversial or incriminating in writing, particularly in email writing.
When has a politician EVAH figured that out? I mean seriously.


The fact that you sincerely and wholeheartedly believe that the “Law of Gravity” is unconstitutional and a violation of your sovereign rights, does not absolve you of adherence to it.

User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#79

Post by RTH10260 » Thu Feb 01, 2018 10:58 am

recommend to update asap
Mozilla fixes a critical remote code execution vulnerability in Firefox
January 31, 2018 By Pierluigi Paganini

Mozilla has released security updates for Firefox 58 that addresses a critical remote code vulnerability that allows a remote attacker to run arbitrary code on vulnerable systems.


https://securityaffairs.co/wordpress/68 ... x-rce.html



User avatar
Judge Roy Bean
Posts: 359
Joined: Mon Aug 15, 2016 12:26 pm
Location: West of the Pecos
Occupation: Isn't it obvious?

Re: Hacking & Cracking

#80

Post by Judge Roy Bean » Sat Feb 03, 2018 12:05 pm

iOS users, please ignore and try not to look smug:
Attackers Exploiting Unpatched Flaw in Flash

Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers.
https://krebsonsecurity.com/2018/02/att ... -in-flash/


“Where all think alike, no one thinks very much.”
Walter Lippmann

User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#81

Post by RTH10260 » Sat Feb 03, 2018 5:26 pm

Judge Roy Bean wrote:
Sat Feb 03, 2018 12:05 pm
iOS users, please ignore and try not to look smug:
Attackers Exploiting Unpatched Flaw in Flash

Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers.
https://krebsonsecurity.com/2018/02/att ... -in-flash/
:doh: One would think that Adobe over the many years had sufficient time to code review and screen their code. They have been under attack for so long they even ought to have an own hackers team trying to work against their software. :doh:

Can we have a thumbsdown smiley please :?:



User avatar
Foggy
Posts: 26024
Joined: Tue Jan 20, 2009 12:00 pm
Location: Fogbow HQ
Occupation: Dick Tater

Re: Hacking & Cracking

#82

Post by Foggy » Sat Feb 03, 2018 6:09 pm

RTH10260 wrote:
Sat Feb 03, 2018 5:26 pm
Can we have a thumbsdown smiley please :?:
Something wrong with this one? :thumbsdown:


Hopefully, this will blossom into a snowball.
WWG1WGA

User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#83

Post by RTH10260 » Sat Feb 03, 2018 7:27 pm

Foggy wrote:
Sat Feb 03, 2018 6:09 pm
RTH10260 wrote:
Sat Feb 03, 2018 5:26 pm
Can we have a thumbsdown smiley please :?:
Something wrong with this one? :thumbsdown:
:bag:



User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#84

Post by RTH10260 » Tue Feb 06, 2018 4:31 pm

Amazon Key Busted Open by New Hack
by PAUL WAGENSEIL Feb 6, 2018, 12:45 PM

UPDATED 3:45 p.m. Eastern time Tuesday, Feb. 6 with comment from Amazon.

Amazon's Key door-unlocking system has been hacked again.

A Bay Area security researcher posted a proof-of-concept video on Twitter yesterday (Feb. 4) showing how an unknown device placed near a Key-compatible smart lock can interfere with the lock's locking mechanism, letting anyone into a Key-enabled home.

"I'm withholding details until Amazon has a chance to fix this," the researcher, identified only as "MG," said on Twitter, explaining why he hasn't said exactly how his attack works. "Don't want this being abused in the wild."

Until this flaw is fixed, you might want to hold off on buying or installing an Amazon Key system.

If you're not familiar with Amazon Key, it's a service for Amazon Prime customers that lets Amazon remotely unlock your home's front door when a delivery from Amazon arrives. Amazon gives you a window of delivery, but its operators unlock the door remotely when the delivery person gets there. The delivery person places the package inside the front door, then uses his or her own smartphone app to lock the door.


https://www.tomsguide.com/us/amazon-key ... 26567.html



User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#85

Post by RTH10260 » Mon Feb 12, 2018 3:22 pm

Government websites dish malware in cryptocurrency miner attack
Typically, cryptocurrency is generated using dedicated systems. Malware can crowdsource the process for attackers.

Four thousand websites, including those of the U.S. federal court system, the British National Health system and other government sites, have infected visitors with cryptocurrency mining malware, the U.K. National Cyber Security Centre said Monday.

What actually happened? Hackers embedded the CoinHive malware in a third party component, Texthelp Browsealoud, advertised as adding speech, reading, and translation software to websites "for people with Dyslexia, Low Literacy, English as a Second Language, and those with mild visual impairments."


https://www.axios.com/four-thousand-gov ... d1fd2.html



User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#86

Post by RTH10260 » Fri Feb 16, 2018 10:35 pm

Drive-by cryptomining campaign targets millions of Android users
Posted: February 12, 2018 by Jérôme Segura
Last updated: February 13, 2018

Malvertising and online fraud through forced redirects and Trojanized apps—to cite the two most common examples—are increasingly plaguing Android users. In many cases, this is made worse by the fact that people often don’t use web filtering or security applications on their mobile devices.

A particular group is seizing this opportunity to deliver one of the most lucrative payloads at the moment: drive-by cryptomining for the Monero (XMR) currency. In a campaign we first observed in late January, but which appears to have started at least around November 2017, millions of mobile users (we believe Android devices are targeted) have been redirected to a specifically designed page performing in-browser cryptomining.

In our previous research on drive-by mining, we defined this technique as automated, without user consent, and mostly silent (apart from the noise coming out of the victim’s computer fan when their CPU is clocked at 100 percent). Here, however, visitors are presented with a CAPTCHA to solve in order to prove that they aren’t bots, but rather real humans.

“Your device is showing suspicious surfing behaviour. Please prove that you are human by solving the captcha.”

Until the code (w3FaSO5R) is entered and you press the Continue button, your phone or tablet will be mining Monero at full speed, maxing out the device’s processor.


https://blog.malwarebytes.com/threat-an ... oid-users/



User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#87

Post by RTH10260 » Mon Feb 19, 2018 8:40 am

For the recently published Meltdown / Spectre soft spots in Intel CPUs a different attack vector has been researched
New Security Exploit Found for Meltdown and Spectre Vulnerability
Researchers from Princeton University and NVIDIA have discovered a new security exploit for the Meltdown/Spectre CPU vulnerability.
Christine Hall | Feb 16, 2018

A new security exploit has been found for the Meltdown and Spectre CPU design vulnerabilities. Most people probably figured this would eventually happen, just maybe not so quickly.

There's good news and bad news here -- if a new security exploit can ever be seen as good news.

The good news is that the software patches that have been developed -- you know, the ones that come with performance hits as a side effect -- will most likely work against these exploits.

The bad news? It might be back to the drawing board time for the chip makers. The hardware modifications being developed to make the future safe probably won't work against these new variants -- although Intel says it's done enough.

The exploit was discovered by Caroline Trippel and Margaret Martonosi of Princeton University and Daniel Lustig from Nvidia using a tool they developed to find new attack vectors for Meltdown and Spectre. They're differentiating the new exploit from the previously discovered one by using the suffix "prime" -- as in MeltdownPrime and SpectrePrime -- because it uses a Prime+Probe attack pattern while the previous attack was a Flush+Reload attack.


http://www.itprotoday.com/endpoint-secu ... nerability



User avatar
Judge Roy Bean
Posts: 359
Joined: Mon Aug 15, 2016 12:26 pm
Location: West of the Pecos
Occupation: Isn't it obvious?

Re: Hacking & Cracking

#88

Post by Judge Roy Bean » Mon Feb 19, 2018 1:58 pm

IRS Scam Leverages Hacked Tax Preparers, Client Bank Accounts
Identity thieves who specialize in tax refund fraud have been busy of late hacking online accounts at multiple tax preparation firms, using them to file phony refund requests. Once the Internal Revenue Service processes the return and deposits money into bank accounts of the hacked firms’ clients, the crooks contact those clients posing as a collection agency and demand that the money be “returned.”
:madguy:


“Where all think alike, no one thinks very much.”
Walter Lippmann

User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#89

Post by RTH10260 » Tue Feb 20, 2018 10:14 am

The logical progression in the USA for Intels Meltdown and Spectre issues
32 lawsuits filed against Intel over Spectre and Meltdown flaws
Company also accused of failing to act in response to insider trading.
PETER BRIGHT - 2/16/2018, 9:42 PM

In its annual SEC filing, Intel has revealed that it's facing 32 lawsuits over the Spectre and Meltdown attacks on its processors. While the Spectre problem is a near-universal issue faced by modern processors, the Meltdown attack is specific to processors from Intel and Apple, along with certain ARM designs that are coming to market shortly.

Per Intel's filing, 30 of the cases are proposed customer class-action suits from users claiming to be harmed by the flaws. While Meltdown has effective workarounds, they come with some performance cost. Workarounds for Spectre are more difficult and similarly can harm system performance.

The other two cases are securities lawsuits that claim that Intel made misleading public statements during the six-month period after the company was notified of the problems but before the attacks were made public.


https://arstechnica.com/gadgets/2018/02 ... own-flaws/



User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#90

Post by RTH10260 » Thu Mar 08, 2018 8:11 am

400k servers may be at risk of serious code-execution attacks. Patch now
Widely used message transfer agent patched buffer overflow last month.
DAN GOODIN - 3/7/2018, 1:45 AM

A bug in an obscure but widely used email program may be putting as many as 400,000 servers around the world at risk of serious attack until they install an update.

How security flaws work: The buffer overflow

The flaw—which is in all releases of the Exim message transfer agent except for version 4.90.1—opens servers to attacks that can execute malicious code, researchers who discovered the vulnerability warned in an advisory published Tuesday. The buffer overflow vulnerability, which is indexed as CVE-2018-6789, resides in base64 decode function. By sending specially manipulated input to a server running Exim, attackers may be able to remotely execute code.


https://arstechnica.com/information-tec ... u-patched/
also
Buffer overflow in Unix mailer Exim imperils 400,000 email servers
Bug already plugged, get updating
By John Leyden 7 Mar 2018 at 17:33 12 R

Researchers have uncovered a critical buffer overflow vulnerability in all versions of the Exim mail transfer agent.

The flaw (CVE-2018-6789) leaves an estimated 400,000 email servers at potential risk to remote code execution-style attacks. Fortunately a patched version (Exim version 4.90.1) is already available.

The bug might be exploited by unauthenticated users rather than hackers who have already broken into targeted systems or scored login credentials through some other (doubtless nefarious) means.

Meh Chang, the Taiwanese researcher from the DEVCORE research team who uncovered the flaw, was able to bypass security mitigations built into Exim (such as Address Space Layout Randomisation) in developing a proof-of-concept exploit.

Structure of a handcrafted message capable of exploiting the Exim bug
[ image ommitted ]

The bug stems from (previously dormant) flaws introduced since the first commit of Exim, so all versions prior to the latest update are affected. More details about the vulnerability can be found here.


https://www.theregister.co.uk/2018/03/0 ... erver_bug/

Note: I understand that it is very difficult to use this attack vector.



User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#91

Post by RTH10260 » Thu Mar 15, 2018 5:54 pm

AMD chip security reports seem to bea scam and possibly securities manipulation attempt
CTS Labs Responds to Allegations of Bad Faith Over AMD CPU Security Disclosures, Digs Itself a Deeper Hole
By Joel Hruska on March 15, 2018 at 8:47 am

Earlier this week, bombshell news surfaced of 13 supposedly critical security flaws in AMD processors. While at least some of the flaws appear to be real based on independent confirmation from security researchers, the manner and nature of the disclosure lifted a number of eyebrows. A simultaneously released report from a firm trying to short AMD’s stock made the entire affair look particularly shady, especially since the firm in question, Viceroy Research, carried out a nearly identical attack on a German company just a week ago. In that case, Viceroy took a large short position on the German company ProSieben, then accused it of questionable accounting practices. Now, CTS Labs has published a letter from its own CTO, Ilia Luk Zilberman, offering an explanation for its own behavior.

The letter can be divided into two broad sections: Claims about how CTS Labs began and progressed through its investigation of the relevant security flaws, and Zilberman’s own views on the disclosure process.

In the first part of the letter, Zilberman claims that his firm began researching Asmedia devices — the ASM1042, ASM1142, ASM1143 chips, specifically — and that this served as a jumping off point for an overarching investigation into AMD’s overall security practices. On the surface, this makes sense. It’s the kind of inquiry that’s familiar to anyone who’s ever worked in QA or attempted to reproduce and characterize unexpected behavior. But scratch the surface and Zilberman’s framing starts to fall apart.


https://www.extremetech.com/computing/2 ... eeper-hole



User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#92

Post by RTH10260 » Tue Mar 20, 2018 7:53 pm

picked a few more paragraphs to get all flaw descriptions
AMD promises firmware fixes for security processor bugs
All bugs require administrative access to exploit.
PETER BRIGHT - 3/20/2018, 11:00 PM

AMD has responded to the reports last week of a range of security flaws affecting its Platform Security Processor (PSP) and chipset. The company acknowledges the bugs and says that, in coming weeks, it will have new firmware available to resolve the PSP bugs. These firmware fixes will also mitigate the chipset bugs.

Israeli firm CTS identified four separate flaw families, naming them Masterkey (affecting Ryzen and Epyc processors), Ryzenfall (affecting Ryzen, Ryzen Pro, and Ryzen Mobile), Fallout (hitting only Epyc), and Chimera (applying to Ryzen and Ryzen Pro systems using the Promonotory chipset).

Masterkey, Ryzenfall, and Fallout are all problems affecting the Platform Security Processor (PSP), a small ARM core that's integrated into the chips to provide certain additional features such as a firmware-based TPM security module. The PSP has its own firmware and operating system that runs independently of the main x86 CPU. Software running on the x86 CPU can access PSP functionality using a device driver, though this access is restricted to administrator/root-level accounts. The PSP is also typically not exposed to guest virtual machines, so virtualized environments will typically be protected.

In theory, the PSP is able to keep secrets even from the x86 CPU; this ability is used for the firmware TPM capability, for example. However, the Ryzenfall and Fallout bugs enable an attacker to run untrusted, attacker-controlled code on the PSP. This attacker code can disclose the PSP's secrets, undermining the integrity of the firmware TPM, AMD's encrypted virtual memory, and various other platform features.

The Masterkey bug is worse; the PSP does not properly verify the integrity of its firmware. A system that enabled a malicious firmware to be flashed could have a malicious PSP firmware permanently installed, persisting across reboots.

The Chimera bug affects a chipset found in many, but not all, Ryzen systems. The chipset includes its own embedded processor and firmware, and flaws in these mean that an attacker can again run untrusted, attacker-controlled code on the chipset. CTS said that these flaws represent a backdoor, deliberately inserted to enable systems to be attacked, but offered no justification for this claim. As with the PSP flaws, exploiting this requires administrator access to a system.


https://arstechnica.com/gadgets/2018/03 ... ssor-bugs/



User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#93

Post by RTH10260 » Thu Mar 22, 2018 11:57 am

Expedia's Orbitz Hack May Have Compromised 880,000 Credit Cards
Expedia Inc.-owned Orbitz said hackers may have accessed 880,000 credit-card numbers used to book travel through the site and other companies serviced by Orbitz, including American Express Co.
Bloomberg | Mar 21, 2018

(Bloomberg) --Expedia Inc.-owned Orbitz said hackers may have accessed 880,000 credit-card numbers used to book travel through the site and other companies serviced by Orbitz, including American Express Co.

The news pushed Expedia shares down 1.5 percent to $109.63 at 2:31 p.m. in New York. In addition to the cards, hackers may have stolen names, dates of birth, phone numbers and addresses of consumers who booked through Orbitz in 2016 and 2017. Orbitz also provides a back-end booking system for other companies, which may also have been affected, Orbitz said in an email. American Express said that could include people who booked through Amextravel.com.

The hack is the latest headache for Expedia stemming from its $1.6 billion acquisition of Orbitz in 2015, a deal that cemented the company’s position as one of two global travel-booking giants, along with Booking Holdings Inc. While Expedia was integrating Orbitz’ back-end system with its own, the network crashed, causing downtime that affected sales enough to cut into quarterly revenue, the company said in July 2016.


http://www.itprotoday.com/network-secur ... edit-cards
and
Orbitz says a possible data breach has affected 880,000 credit cards

By Dani Deahl@danideahl Mar 20, 2018, 4:28pm EDT

Travel booking website Orbitz has announced that it discovered a potential data breach that exposed information for thousands of customers, as reported by Engadget. The incident, discovered by the company on March 1st, may have exposed information tied to about 880,000 credit cards.

The consumer data in question is from an older booking platform, where information may have been accessed between October and December 2017. Orbitz partner platform data, such as travel booked via Amex Travel, submitted between January 1st, 2016 and December 22nd, 2017 may have also been compromised. The Expedia-owned company says that names, payment card information, dates of birth, email addresses, physical billing addresses, gender, and phone numbers may have been accessed, but it doesn’t yet have “direct evidence” that any information was taken from the website.


https://www.theverge.com/2018/3/20/1714 ... edit-cards



User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#94

Post by RTH10260 » Thu Jun 07, 2018 11:12 pm

Hack of DNA Website Exposes Data From 92 Million Accounts
According to MyHeritage, the breach took place on Oct. 26, 2017, and affects users who signed up for an account through that date.

Bloomberg | Jun 06, 2018

(Bloomberg) -- Consumer genealogy website MyHeritage said that email addresses and password information linked to more than 92 million user accounts have been compromised in an apparent hacking incident.

MyHeritage said that its security officer had received a message from a researcher who unearthed a file named “myheritage” containing email addresses and encrypted passwords of 92,283,889 of its users on a private server outside the company.

“There has been no evidence that the data in the file was ever used by the perpetrators,” the company said in a statement late Monday.

MyHeritage lets users build family trees, search historical records and hunt for potential relatives. Founded in Israel in 2003, the site launched a service called MyHeritage DNA in 2016 that, like competitors Ancestry.com and 23andMe, lets users send in a saliva sample for genetic analysis. The website currently has 96 million users; 1.4 million users have taken the DNA test.

According to MyHeritage, the breach took place on Oct. 26, 2017, and affects users who signed up for an account through that date. The company said that it doesn’t store actual user passwords, but instead passwords encrypted with what’s called a one-way hash, with a different key required to access each customer’s data.


http://www.itprotoday.com/network-secur ... n-accounts



User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#95

Post by RTH10260 » Tue Jun 12, 2018 11:17 am

Note: The malware known by the name of "VPNFilter" has nothing to do with VPN per se.
VPNFilter router malware is a lot worse than everyone thought
More affected devices. More damage. And what looks like an escalation in attacks
By Richard Chirgwin 7 Jun 2018 at 05:02 57

Asus, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE: these are the vendors newly named by Cisco's Talos Intelligence whose products are being exploited by the VPNFilter malware.

As well as the expanded list of impacted devices, Talos warned that VPNFilter now attacks endpoints behind the firewall, and sports a “poison pill” to brick an infected network device if necessary.

When it was discovered last month, VPNFilter had hijacked half a million devices – but only SOHO devices from Linksys, MikroTik, Netgear, TP-Link, and QNAP storage kit, were commandeered.

As well as the six new vendors added to the list, Talos said this week more devices from Linksys, MikroTik, Netgear, and TP-Link are affected. Talos noted that, to date, all the vulnerable units are consumer-grade or SOHO-grade.

All in all, it seems the early VPNFilter infections amounted to a dry run to see if there were enough vulnerable boxen out there to make the effort of coordinating and controlling the hijacked devices worthwhile.

Juniper Networks, which had advance notice of Talos' latest findings as a member of the Cyber Threat Alliance, noted Wednesday that there are no known zero-day vulns associated with VPNFilter – all the infiltrations attempts leverage known vulnerabilities in the gateways.


https://www.theregister.co.uk/2018/06/0 ... e_thought/

Taken from a different source the list of known routers that are exposed to this threat:
Asus: RT-AC66U, RT-N10, RT-N10E, RT-N10U, RT-N56U, RT-N66U

D-Link: DES-1210-08P, DIR-300, DIR-300A, DSR-250N, DSR-500N, DSR-1000, DSR-1000N

Huawei: HG8245

Linksys: E1200, E2500, E3000, E3200, E4200, RV082, WRVS4400N

Mikrotik: CCR1009, CCR1016, CCR1036, CCR1072, CRS109 ,CRS112, CRS125, RB411, RB450, RB750, RB911, RB921, RB941, RB951, RB952, RB960, RB962, RB1100, RB1200, RB2011, RB3011
RB Groove: RB Omnitik, STX5

Netgear: DG834, DGN1000, DGN2200, DGN3500, FVS318N, MBRN3000, R6400, R7000, R8000, WNR1000, WNR2000, WNR2200, WNR4000, WNDR3700, WNDR4000, WNDR4300, WNDR4300-TN, UTM50

QNAP: TS251, TS439 Pro, Andere QNAP NAS-Geräte mit QTS-Software

TP-Link: R600VPN, TL-WR741ND, TL-WR841N

Ubiquiti: NSM2, PBE M5

Upvel: Components in the malware may also affect products of this maker. Unknown which devices may be endangered.

ZTE: ZXHN H108N



User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#96

Post by RTH10260 » Wed Jun 20, 2018 8:54 am

Flight Tracker Flightradar24 Hit by Data Breach
By Eduard Kovacs on June 20, 2018

Flightradar24, a highly popular flight tracking service based in Sweden, has instructed some users to change their passwords after detecting a breach on one of the company’s servers.

Earlier this week, some Flightradar24 users started receiving emails alerting them of a security breach in which email addresses and password hashes associated with accounts registered prior to March 16, 2016, may have been compromised.

Some of the individuals who received the notification complained that the emails looked like phishing attempts, especially since the company had not mentioned the incident on its website or social media channels. It has however confirmed to users who inquired via social media and the company’s forum that the emails are legitimate.

In response to posts on the Flightradar24.com forum, a company representative highlighted that no personal information was compromised, and noted that payment information is not stored on its systems.

Flightradar24 said it was confident that the incident had been contained after the targeted server was “promptly” shut down after the intrusion was detected.


https://www.securityweek.com/flight-tra ... ata-breach



User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#97

Post by RTH10260 » Thu Jun 21, 2018 3:18 pm

Note: endangered are Android devices that have switched the secure download feature from Google Play only off to install from third party sites (as needed for Amazon software)
Android Malware Found Mining Cryptocurrency on Amazon Fire TVs
By Ryan Whitwam on June 12, 2018 at 1:44 pm 1 Comment

Amazon’s Fire TV devices are a popular way to watch streaming content on a TV because they support plenty of services and come with a low price tag. However, a new spate of malware infections has the potential to interrupt your viewing as the device secretly mines cryptocurrency in the background. The good news is you have to make several critical mistakes to get infected.

Amazon’s Fire TV boxes and sticks all run Android, but it’s not the version of Android that Google certifies for smartphones, tablets, and Android TV devices. This is Amazon’s modified version of Android known as FireOS. It’s the same base used on the Fire tablets, but with a “lean back” UI that’s comfortable to use from across the room.

Like Amazon’s other Android devices, all the apps come from the company’s Appstore for Android rather than the Play Store. However, that store doesn’t have as much content. That has apparently led users to look for alternative apps to sideload manually on their streaming boxes. Unfortunately, some of those supposed streaming apps are in reality malware called ADB.Miner.


https://www.extremetech.com/electronics ... tv-devices



User avatar
RTH10260
Posts: 16473
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#98

Post by RTH10260 » Thu Jun 21, 2018 3:24 pm

Could your Google Home leak your location to hackers?
Edward C. Baig USA TODAY
Published 10:06 p.m. UTC Jun 19, 2018

Google is preparing to plug a potential privacy leak with its Google Home smart speakers and Chromecast television devices that could reveal your location.

The vulnerability was discovered by the Tripwire security firm. Researcher Craig Young blogged that the problem stems from fundamental design choices that he says are prevalent among Internet of Things devices.

One such issue, Young writes, is that such “devices rarely require authentication for connections received on a local network.”

Although the Home app you use to configure Google Home and Chromecast performs most actions using Google’s cloud, Young says that some tasks are carried out using a local HTTP server. And that's where a remote intruder or scammer might be able to break through.

Google said it's fixing the vulnerability, which security researcher Brian Krebs first reported on. In a statement emailed to USA TODAY, Google said that, "Security is an ongoing focus for our teams. We're aware of the report and will be rolling out a fix in the coming weeks."


https://eu.usatoday.com/story/tech/talk ... 716018002/
Note: according to another article hackers can use this flaw to also spy get further information on other devices on the LAN. Unclear from first reading if they could use that to inflict malware on the devices.



Post Reply

Return to “Computers & Internet”