Hacking & Cracking

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#126

Post by RTH10260 » Tue Mar 26, 2019 10:32 am

Operation ShadowHammer hijacks ASUS Live Update
MARCH 25, 2019 FRANK CRAST

Cyber attackers have hijacked ASUS Live Update and downloaded a back-doored version to thousands of ASUS PCs last year. The utility is pre-installed on most ASUS computers and is used to keep ASUS PCs up-to-date with latest firmware, drivers and applications.

Security researchers from Kaspersky Lab discovered the sophisticated supply chain attack dubbed “Operation ShadowHammer” in January 2019 and said the attack took place between June and November 2018. The company reported the attacks impacted a large number of users.

According to the newly released report on Monday, the cyber attack “matches or even surpasses the Shadowpad and the CCleaner incidents in complexity and techniques.”

The Kaspersky researchers also attributed part of the reason the attacks went undetected for so long was due to the trojanized updaters were signed with legitimate certificates (e.g., “ASUSTeK Computer Inc.”).


https://www.securezoo.com/2019/03/opera ... ve-update/

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#127

Post by RTH10260 » Tue Mar 26, 2019 6:08 pm

Big Norwegian Aluminum Producer Suffers Extensive Cyber Attack
By Jonas Cho Walsgard , Elena Mazneva , and Mark Burton
March 19, 2019, 8:41 AM GMT+1 Updated on March 19, 2019, 5:07 PM GMT+1

Company says attack originated in U.S.; some plants halted
Sustained disruption could cut supply of specialized products


Norsk Hydro ASA, one of the world’s biggest aluminum producers, suffered production outages after a cyber attack affected operations across Europe and the U.S.

The company said it was still working to contain the effects of the ransomware, a kind of malicious software that typically blocks computer access unless a ransom is paid, and called the situation “quite severe.” Hydro said it has cyber insurance and plans to restore systems using back-up data.

It couldn’t detail how much output had been impacted, but said it had isolated affected plants. Some plants where metal is fashioned into finished products for use in construction, cars and other manufactured goods were temporarily stopped. The so-called potlines, which process molten aluminum and need to be kept running 24 hours a day, had switched to manual mode where possible.


https://www.bloomberg.com/news/articles ... s-jtfgz6td

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#128

Post by RTH10260 » Tue Mar 26, 2019 6:11 pm

Norsk Hydro will not pay ransom demand and will restore from backups
Microsoft employees have arrived in Norway to help Norsk Hydro recover after ransomware attack.

By Catalin Cimpanu for Zero Day | March 22, 2019 -- 15:14 GMT (15:14 GMT) | Topic: Security

"Experts from Microsoft and other IT security partners have flown in to aid Hydro in taking all necessary actions in a systematic way to get business critical systems back in normal operation," Jo De Vliegher, Head of Information Systems, said in a press release this week.

The company's Chief Financial Officer (CFO), Eivind Kallevik, also said the company does not intend to pay the hackers' ransom demand and has already started restoring its IT infrastructure from backups.


https://www.zdnet.com/article/norsk-hyd ... m-backups/

User avatar
Dr. Blue
Posts: 902
Joined: Sat Jan 07, 2012 10:01 am
Occupation: Call the doctor!

Re: Hacking & Cracking

#129

Post by Dr. Blue » Wed Mar 27, 2019 8:22 am

RTH10260 wrote:
Tue Mar 26, 2019 10:32 am
Operation ShadowHammer hijacks ASUS Live Update
MARCH 25, 2019 FRANK CRAST

Cyber attackers have hijacked ASUS Live Update and downloaded a back-doored version to thousands of ASUS PCs last year. The utility is pre-installed on most ASUS computers and is used to keep ASUS PCs up-to-date with latest firmware, drivers and applications.
The interesting thing about ShadowHammer, which that article only briefly touches on, is that it is a very targeted attack. There was a list of around 600 MAC addresses hard-coded into the trojaned update, and only those systems had the real payload (backdoor) installed. I haven't seen any information identifying who the targets were, although there are websites where you can check your MAC address to see if you were a target.

Speculation is that this was a government job. Most general malware authors want to backdoor as many systems as they can, and the notion of targeting specific computers doesn't make sense. One of the only other attacks that I know of that had specific targets was Stuxnet, actually, although most security folks are thinking that ShadowHammer was Chinese in origin, not from the U.S.

Now if I were doing this, and had a dozen people I wanted to target, I'd bury them in a list of 600 random MAC addresses so my intentions and the real targets weren't clear. It would be interesting to see if that's the case here too.

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#130

Post by RTH10260 » Mon Apr 01, 2019 9:35 am

A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach
29MAR 19

On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company’s customers were being sold in the cybercrime underground. Today, Buca’s parent firm announced it had remediated a 10-month breach of its payment systems at dozens of restaurants, including some locations of its other brands such as Earl of Sandwich and Planet Hollywood.

Some 2.1 million+ credit and debit card accounts stolen from dozens of Earl Enterprises restaurant locations went up for sale on a popular carding forum on Feb. 20, 2019.

In a statement posted to its Web site today, Orlando, Fla. based hospitality firm Earl Enterprises said a data breach involving malware installed on its point-of-sale systems allowed cyber thieves to steal card details from customers between May 23, 2018 and March 18, 2019.

Earl Enterprises did not respond to requests for specifics about how many customers total may have been impacted by the 10-month breach. The company’s statement directs concerned customers to an online tool that allows one to look up breached locations by city and state.

According to an analysis of that page, it appears the breach impacts virtually all 67 Buca di Beppo locations in the United States; a handful out of the total 31 Earl of Sandwich locations; and Planet Hollywood locations in Las Vegas, New York City and Orlando. Also impacted were Tequila Taqueria in Las Vegas; Chicken Guy! in Disney Springs, Fla.; and Mixology in Los Angeles.



https://krebsonsecurity.com/2019/03/a-m ... ts-breach/

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#131

Post by RTH10260 » Tue Apr 02, 2019 9:13 am

Hackers trick a Tesla into veering into the wrong lane

Hackers have demonstrated some worrisome ways to manipulate and confuse the various systems on a Tesla Model S. Their most dramatic feat: sending the car careening into the oncoming traffic lane by placing a series of small stickers on the road.

Attack vector: This an example of an “adversarial attack,” a way of manipulating a machine-learning model by feeding in a specially crafted input. Adversarial attacks could become more common as machine learning is used more widely, especially in areas like network security.

Blurred lines: Tesla’s Autopilot is vulnerable because it recognizes lanes using computer vision. In other words, the system relies on camera data, analyzed by a neural network, to tell the vehicle how to keep centered within its lane.

Traffic jamming: This isn’t the first adversarial attack on an autonomous driving system. Dawn Song, a professor at UC Berkeley, has used innocuous-looking stickers to trick a self-driving car into thinking a stop sign was a speed limit for 45 miles per hour. Another study, published in March, demonstrated how medical machine-learning systems can similarly be tricked into giving the wrong diagnoses.

Bug fixes: The researchers behind the lane-recognition hack, from the Keen Security Lab of Chinese tech giant Tencent, used a similar attack to disrupt the vehicle’s automatic windshield wipers. They also hijacked the car’s steering wheel using another method. A Tesla spokesperson told Forbes that the latter vulnerability has been fixed in its most recent software update. The spokesperson said the adversarial attack was unrealistic “given that a driver can easily override Autopilot at any time.”


https://www.technologyreview.com/the-do ... g-traffic/

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#132

Post by RTH10260 » Tue Apr 16, 2019 9:11 am

it even happens to the biggest
Microsoft admits Outlook.com hackers were able to access emails
The security breach was worse for some than others
By Tom Warren@tomwarren Apr 15, 2019, 6:28am EDT

Microsoft has admitted that its Outlook.com security breach was worse than the company initially revealed. The software maker started notifying some Outlook.com users late on Friday night that a hacker was able to access accounts for months earlier this year. Microsoft’s notification revealed that hackers could have viewed account email addresses, folder names, and subject lines of emails, but in a separate notification to other affected users the company also admitted email contents could have been viewed.

Vice’s Motherboard revealed on Sunday that Microsoft sent a different notification message to around six percent of the affected Outlook.com accounts, and that the company only admitted this when it was presented with screenshot evidence that the breach was far worse for those customers. Microsoft discovered that a support agent’s credentials were compromised for its web mail service, allowing unauthorized access to some accounts between January 1st and March 28th, 2019.

Motherboard claims hackers have been able to access some accounts for up to six months, and have used the access to reset iCloud accounts linked to stolen iPhones. A Microsoft spokesperson tells The Verge “the claim of 6 months is inaccurate,” and pointed towards the company’s notification that mentioned access between January 1st and March 28th, 2019. Microsoft also clarified that the vast majority of Outlook.com accounts that were affected received the notification that The Verge published over the weekend.


https://www.theverge.com/2019/4/15/1831 ... se-comment

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#133

Post by RTH10260 » Wed Apr 17, 2019 12:48 pm

Internet Explorer hack could steal users' data – even if you use Chrome or Firefox
By Harry Domanski

Microsoft reportedly ignored security researcher's warning

Microsoft's much-maligned Internet Explorer web browser has been discovered to be the cause of a new Windows exploit, which could let hackers access and obtain operating system user data.

Security researcher John Page discovered the security flaw, finding that any user with Internet Explorer installed on their system is vulnerable to the exploit, whether or not they're currently using the browser or have even opened it before.

Page reportedly reached out to Microsoft last month, warning them of the exploit and requesting an urgent security fix, but according to ZDnet, the tech giant responded by saying that “a fix for this issue will be considered in a future version of this product or service”.

In response, Page made his findings public, including a YouTube video demonstrating the exploit. (Note: mute the video unless you want to hear some low bit-rate thrash metal).


https://www.techradar.com/news/internet ... or-firefox

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#134

Post by RTH10260 » Tue Apr 30, 2019 6:26 pm

GoDaddy takes down 15,000 subdomains used for online scams
GoDaddy resets passwords for several hundred compromised accounts.

By Catalin Cimpanu for Zero Day | April 25, 2019 -- 18:47 GMT (19:47 BST) | Topic: Security

Web hosting provider and domain registrar GoDaddy has taken down more than 15,000 subdomains that were being used as part of a spam operation that lured users on web pages selling fake products.

Users would typically receive a spam email promoting a product, and if they'd click links in these emails, they'd land on one of these subdomains, hosted on legitimate sites -without the site's legitimate owner's knowledge.

The common theme among all the scammy subdomains was that they all sold products backed by bogus endorsements from celebrities.

Celebrity names used in these scams include Stephen Hawking, Jennifer Lopez, Gwen Stefani, Blake Shelton, Wolf Blitzer, the Shark Tank TV show, and others.

Most of the products advertised via these subdomains were brain supplements, CBD oil, weight loss pills, and other dietary products.


https://www.zdnet.com/article/godaddy-t ... ine-scams/

User avatar
tek
Posts: 3394
Joined: Fri Nov 16, 2012 6:02 pm
Location: Happy Valley, MA
Occupation: Damned if I know

Re: Hacking & Cracking

#135

Post by tek » Tue Apr 30, 2019 7:29 pm

looks like there is some collateral damage, the local techie mailing list (yes, that's how techies roll) is lighting up with subdomain outages ...
There's no way back
from there to here

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#136

Post by RTH10260 » Tue Apr 30, 2019 8:28 pm

tek wrote:
Tue Apr 30, 2019 7:29 pm
looks like there is some collateral damage, the local techie mailing list (yes, that's how techies roll) is lighting up with subdomain outages ...
Could it be that some mailing lists were hacked to distribute links?

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#137

Post by RTH10260 » Fri May 03, 2019 11:08 pm

from a fresh mailing by Norton.com security newsletter
80 million US households had their personal information exposed by an unprotected database

Unknown company left data exposed for months


What is Happening?

On Monday, a pair of security researchers shared their discovery of an unprotected online database containing the personal information of 80 million US households.

The huge database, discovered on a cloud server, includes:

Physical address (city, state, zip)
First and last names of individuals in the home
Age and date of birth
Longitude and latitude of the household

Additionally, the database also includes indexed results for: title, gender, marital status, income, homeowner status, and dwelling type. Social Security number and payment information was not found in the database.

A data exposure or data leak is different than a data breach. In a breach, unauthorized access to sensitive information is intentional. In a data exposure like this one, the sensitive information is left out in the open, often because the server was not setup with the proper security.

The security researchers believe it may belong to an insurance, healthcare, or mortgage company, in part because people in the database appear limited to only those over the age of 40. The database has been up and potentially leaking information since February. As of Monday, the cloud server provider where the database was discovered had taken steps to limit additional access to the database and notified the owner so they can properly secure it.

User avatar
Notorial Dissent
Posts: 12221
Joined: Thu Oct 17, 2013 8:21 pm

Re: Hacking & Cracking

#138

Post by Notorial Dissent » Sat May 04, 2019 12:19 am

I still haven't seen anything as to the origin/owner of the database involved.
The fact that you sincerely and wholeheartedly believe that the “Law of Gravity” is unconstitutional and a violation of your sovereign rights, does not absolve you of adherence to it.

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#139

Post by RTH10260 » Mon May 06, 2019 12:15 pm

Hackers steal card data from 201 online campus stores from Canada and the US
Magecart group breached PrismRBS and modified the PrismWeb​ e-commerce platform.

By Catalin Cimpanu for Zero Day | May 4, 2019 -- 15:31 GMT (16:31 BST) | Topic: Security

A group of hackers has planted malicious JavaScript code that steals payment card details inside the e-commerce system used by colleges and universities in Canada and the US.

The malicious code was found on 201 online stores that were catering to 176 colleges and universities in the US and 21 in Canada, cyber-security Trend Micro said in a report released on Friday.

The attack is what security researchers call a Magecart attack --which consists of hackers placing malicious JavaScript code on the checkout and payment pages of online stores to record payment card data, which they later upload to their servers, and re-sell on underground cybercrime forums.

This particular Magecart attack was detected on April 14, according to Trend Micro, and impacted PrismRBS, the company behind PrismWeb, an e-commerce platform (a-la Shopify) sold to colleges and universities in North America.


https://www.zdnet.com/article/hackers-s ... nd-the-us/

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#140

Post by RTH10260 » Mon May 06, 2019 12:22 pm

A hacker is wiping Git repositories and asking for a ransom
Hacker threatens to release the code if victims don't pay in 10 days.

By Catalin Cimpanu for Zero Day | May 3, 2019 -- 19:59 GMT (20:59 BST) | Topic: Security

Hundreds of developers have had had Git source code repositories wiped and replaced with a ransom demand.

The attacks started earlier today, appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening.

What it is known is that the hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570).



https://www.zdnet.com/article/a-hacker- ... -a-ransom/

User avatar
neeneko
Posts: 1657
Joined: Fri Jun 02, 2017 9:08 am

Re: Hacking & Cracking

#141

Post by neeneko » Mon May 06, 2019 1:19 pm

RTH10260 wrote:
Mon May 06, 2019 12:22 pm
A hacker is wiping Git repositories and asking for a ransom
Hacker threatens to release the code if victims don't pay in 10 days.

By Catalin Cimpanu for Zero Day | May 3, 2019 -- 19:59 GMT (20:59 BST) | Topic: Security

Hundreds of developers have had had Git source code repositories wiped and replaced with a ransom demand.

The attacks started earlier today, appear to be coordinated across Git hosting services (GitHub, Bitbucket, GitLab), and it is still unclear how they are happening.

What it is known is that the hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570).



https://www.zdnet.com/article/a-hacker- ... -a-ransom/
It should be noted that the real 'ransom' is for not making their (closed) source public. Most active repos can be easily refreshed from developers even if the hacker destroyed the commit history... which I am not sure how they even did but I am more of an SVN person.

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#142

Post by RTH10260 » Wed May 08, 2019 10:47 am

Russian cyberspies are using one hell of a clever Microsoft Exchange backdoor
Turla APT found exploiting LightNeuron backdoor, a first of its kind targeting Microsoft Exchange email servers.

By Catalin Cimpanu for Zero Day | May 7, 2019 -- 12:00 GMT (13:00 BST) | Topic: Security

A Russian cyber-espionage group has developed and has been using one of the most complex backdoors ever spotted on an email server, according to new research published today by cyber-security firm ESET.

The backdoor, named LightNeuron, was specifically designed for Microsoft Exchange email servers and works as a mail transfer agent (MTA) --an approach that no other backdoor has ever taken.

"To our knowledge, this is the first malware specifically targeting Microsoft Exchange," ESET Malware Researcher Matthieu Faou told ZDNet via email.

"Turla targeted email servers in the past using a malware called Neuron (a.k.a DarkNeuron) but it was not specifically designed to interact with Microsoft Exchange.

"Some other APTs use traditional backdoors to monitor mail servers' activity. However, LightNeuron is the first one to be directly integrated into the working flow of Microsoft Exchange," Faou told us.

Because of the deep level the backdoor works, LightNeuron allows hackers to have full control over everything that passes through an infected email server, having the ability to intercept, redirect, or edit the content of incoming or outgoing emails.


https://www.zdnet.com/article/russian-c ... -backdoor/
The research paper at TURLA LIGHTNEURON - One email away from remote code execution
2.2 Victimology
As opposed to some other APT (Advanced Persistent Threat) groups, Turla is far from being opportunistic
in the selection of its targets. The group is interested in collecting information from strategic people
or organizations. In addition, to our knowledge, Turla has never conducted cybersabotage operations,
such as those made by GreyEnergy [4] or TeleBots [5].
With several years of tracking this espionage group, we have identified the most at-risk types
of organizations:
• Ministries of Foreign Affairs and diplomatic representations (embassies, consulates, etc.)
• Military organizations
• Regional political organizations
• Defense contractors
Most parts of the world are targeted by Turla’s operations, with the exception, perhaps, of Eastern Asia.
Moreover, over the past few years, we have noticed that geographical areas of conflict, such as Eastern
Europe and the Middle East, are under heavy attacks from this APT group. However, even with this new
focus, they did not abandon their traditional targets in Western Europe and Central Asia.

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#143

Post by RTH10260 » Wed May 22, 2019 11:42 am

Hacking the hackers
Account Hijacking Forum OGusers Hacked

Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.

On May 12, the administrator of OGusers explained an outage to forum members by saying a hard drive failure had erased several months’ worth of private messages, forum posts and prestige points, and that he’d restored a backup from January 2019. Little did the administrators of OGusers know at the time, but that May 12 incident coincided with the theft of the forum’s user database, and the wiping of forum hard drives.

On May 16, the administrator of rival hacking community RaidForums announced he’d uploaded the OGusers database for anyone to download for free.


https://krebsonsecurity.com/2019/05/acc ... rs-hacked/

User avatar
Notorial Dissent
Posts: 12221
Joined: Thu Oct 17, 2013 8:21 pm

Re: Hacking & Cracking

#144

Post by Notorial Dissent » Wed May 22, 2019 1:50 pm

Kharma is a stone cold bi-atch. I can't tell you how much this warmed the dark cockles of my heart. Almost as much as when I heard one of the nastier dark web sites had been hacked and its users exposed.
The fact that you sincerely and wholeheartedly believe that the “Law of Gravity” is unconstitutional and a violation of your sovereign rights, does not absolve you of adherence to it.

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#145

Post by RTH10260 » Thu May 23, 2019 6:10 pm

US Air Force probes targeted malware attack, blames... er, the US Navy? What?
War crimes trial takes a fresh twist
By Gareth Corfield 22 May 2019 at 14:59

The US Air Force has opened an investigation into a "malware" infection – which it is blaming on lawyers employed by the US Navy who are working on a war crimes case.

The bizarre case hinges around an alleged attempt by a US Navy prosecutor to plant malware on the devices of US Air Force lawyers defending a US Navy SEAL over war crimes charges from his time commanding a small unit in Afghanistan.

Like the UK, US military lawyers can work on cases involving people from outside their own branch of the armed forces.

The US Air Force Times, an independent publication, quoted from a memo written by Captain David Wilson, a senior Navy defence lawyer, referring to "malware" found on the machine of a USAF lawyer he was working alongside. This was later described as having been written to gain "full access to his computer and all files on his computer".

"In fact, I've learned that the Air Force is treating this malware as a cyber-intrusion on their network and have seized the Air Force Individual Military Counsel's computer and phone for review," he wrote.


https://www.theregister.co.uk/2019/05/2 ... legations/

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#146

Post by RTH10260 » Thu May 23, 2019 6:30 pm

Russian bots are just for rigging US elections? They hit home, too: Kid stripped of crown in TV contest vote-fix scandal
Singing competition stunned by suspicious spree of SMSes
By Iain Thomson in San Francisco 17 May 2019 at 06:07

The winner of a Russian talent show for children has been stripped of her crown following confirmation that software was used to swing a public vote in her favor.

There was a national outcry when 11-year-old Mikella Abramova won the top telly talent show The Voice Kids with 56.5 per cent of a public poll, bagging over 30,000 votes, ten times more than any other contestant. Abramova is the daughter of popular Russian singer Alsou and Russian millionaire Yan Abramov, and you can judge her singing for yourself below...

The show’s broadcaster Channel One called in security shop Group-IB to check the results, and the infosec crew found signs of classic bot behavior. More than 8,000 text messages voting for the kid were sent from roughly 300 consecutive phone numbers, from the same telco in one region of the country, and all of the numbers have since been shut down. But there was also a more definite smoking gun.

"The analyzed traffic revealed massive automated SMS spamming in favor of one of The Voice Kids participants,” said the security shop in its preliminary report on Thursday.


https://www.theregister.co.uk/2019/05/1 ... e_rigging/

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#147

Post by RTH10260 » Mon May 27, 2019 8:52 am

no hacking required - walk in and serve yourself
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.

Santa Ana, Calif.-based First American is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in more than $5.7 billion in 2018.

Earlier this week, KrebsOnSecurity was contacted by a real estate developer in Washington state who said he’d had little luck getting a response from the company about what he found, which was that a portion of its Web site (firstam.com) was leaking tens if not hundreds of millions of records. He said anyone who knew the URL for a valid document at the Web site could view other documents just by modifying a single digit in the link.

And this would potentially include anyone who’s ever been sent a document link via email by First American.

KrebsOnSecurity confirmed the real estate developer’s findings, which indicate that First American’s Web site exposed approximately 885 million files, the earliest dating back more than 16 years. No authentication was required to read the documents.


https://krebsonsecurity.com/2019/05/fir ... e-records/

User avatar
RTH10260
Posts: 21044
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Hacking & Cracking

#148

Post by RTH10260 » Tue Jul 16, 2019 5:18 pm

Hacker steals data of millions of Bulgarians, emails it to local media
Source of the data breach appears to be the country's National Revenue Agency.

By Catalin Cimpanu for Zero Day | July 16, 2019 -- 06:25 GMT (07:25 BST) | Topic: Security

A mysterious hacker has stolen the personal details of millions of Bulgarians and has emailed download links to the stolen data to local news publications.

The data's origin is believed to be the country's National Revenue Agency (NRA), a department of the Bulgarian Ministry of Finance.

In a message posted on its website on Monday, the NRA said it was working with the Ministry of the Interior and the State Agency for National Security (SANS) to investigate the hack.

"We are currently verifying whether the data is real," said the NRA.

Hours after this article's publication, the Bulgarian Ministry of the Interior confirmed the hack.

HACKER STOLE 110 DATABASES, LEAKED 57

According to reports from local media [1, 2, 3, 4, 5], who received part of the data, the hacker said they stole the personal details of over five million Bulgarians, of the country's total population of seven million.

The hacker bragged about stealing 110 databases from NRA's network, totaling nearly 21 GB. The hacker only shared 57 databases, comprising 11 GB of the aggregate data with local news outlets but promised to release the rest in the coming days.

The leak contains names, personal identification numbers (PINs), home addresses, and financial earnings. Most of the information is years old, dating back as far as 2007, but newer database entries were also discovered.


https://www.zdnet.com/article/hacker-st ... cal-media/

Post Reply

Return to “Computers & Internet”