Attack on The EMV Smartcard Standard: man in the middle exploit with 2 smartphones

EMV is the international protocol standard for smartcard payment and is used in over 9 billion cards worldwide. Despite the standard’s advertised security, various issues have been previously uncovered, deriving from logical flaws that are hard to spot in EMV’s lengthy and complex specification, running over 2,000 pages. We formalize a comprehensive symbolic model of Read more about Attack on The EMV Smartcard Standard: man in the middle exploit with 2 smartphones[…]

Plane-tracking site Flight Radar 24 DDoSed… just as drones spotted buzzing over Azerbaijan and Armenia

[…] Flight Radar spokesman Ian Petchenik told The Register: “At this time we understand this to be a very strong DDoS attack [orchestrated] from a single source. While it is not known why we’re being targeted, multiple flight tracking services have suffered attacks over the past two days.” It was not immediately obvious which other Read more about Plane-tracking site Flight Radar 24 DDoSed… just as drones spotted buzzing over Azerbaijan and Armenia[…]

Looks Like the Windows XP Source Code Just Leaked on 4chan

Would you believe more than 1% of computers worldwide are still using Windows XP? Incredibly, there are still millions of people using 19-year-old operating system. And a recent development — if it bears out — is another reason  people need to make the switch to something newer. On Thursday, users on 4chan posted what they Read more about Looks Like the Windows XP Source Code Just Leaked on 4chan[…]

Iranian Hackers Beat Encrypted Apps like Telegram, WhatsApp – since 2014

Iranian hackers, most likely employees or affiliates of the government, have been running a vast cyberespionage operation equipped with surveillance tools that can outsmart encrypted messaging systems — a capability Iran was not previously known to possess, according to two digital security reports released Friday. The operation not only targets domestic dissidents, religious and ethnic Read more about Iranian Hackers Beat Encrypted Apps like Telegram, WhatsApp – since 2014[…]

European Police Malware Could Harvest GPS, Messages, Passwords, More from Encrochat devices

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest “all data stored within the device,” and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard. The document adds more Read more about European Police Malware Could Harvest GPS, Messages, Passwords, More from Encrochat devices[…]

Eterbase cryptocurrency exchange hacked and $5.4 million stolen

Cryptocurrency exchange Eterbase last week admitted hackers broke into its computers and made off with other people’s coins, said to be worth $5.4m. The plug was pulled on the digital dosh exchange as a result, though it may return at some point: it claims to have enough capital to surmount the cyber-heist. Investigations by staff Read more about Eterbase cryptocurrency exchange hacked and $5.4 million stolen[…]

European ISPs report mysterious wave of DDoS attacks

More than a dozen internet service providers (ISPs) across Europe have reported DDoS attacks that targeted their DNS infrastructure. The list of ISPs that suffered attacks over the past week includes Belgium’s EDP, France’s Bouygues Télécom, FDN, K-net, SFR, and the Netherlands’ Caiway, Delta, FreedomNet, Online.nl, Signet, and Tweak.nl. Attacks lasted no longer than a day and were all eventually mitigated, but ISP services were Read more about European ISPs report mysterious wave of DDoS attacks[…]

The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy

In July 2017, Tesla CEO Elon Musk got on stage at the National Governors Association in Rhode Island and confirmed that a “fleet-wide hack” is one of Tesla’s biggest concerns as the automaker moves to autonomous vehicles. He even presented a strange scenario that could happen in an autonomous future: “In principle, if someone was able Read more about The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy[…]

Ex-Uber chief security officer charged, accused of covering up theft of personal info from databases by hackers

Uber’s chief security officer, Joe Sullivan broke the law by hushing up the theft of millions of people’s details from the app maker’s databases by hackers, prosecutors say. Sullivan, 52, formerly of eBay, Facebook, and PayPal, was today charged with obstruction of justice and misprision – concealing knowledge of a crime from law enforcement – Read more about Ex-Uber chief security officer charged, accused of covering up theft of personal info from databases by hackers[…]

Zoombomber crashes court hearing on Twitter hack with Pornhub video, Judge obviously not qualified for this case

Zoombombers today disrupted a court hearing involving the Florida teen accused of masterminding a takeover of high-profile Twitter accounts, forcing the judge to stop the hearing. “During the hearing, the judge and attorneys were interrupted several times with people shouting racial slurs, playing music, and showing pornographic images,” ABC Action News in Tampa Bay wrote. A Read more about Zoombomber crashes court hearing on Twitter hack with Pornhub video, Judge obviously not qualified for this case[…]

How > 23% of Tor Relays are Maliciously Exploiting Users and stealing BTC in 2020 seemingly run by 1 actor

In December 2019 I wrote about The Growing Problem of Malicious Relays on the Tor Network with the motivation to rise awareness and to improve the situation over time. Unfortunately instead of improving, things have become even worse, specifically when it comes to malicious Tor exit relay activity. Tor exit relays are the last hop Read more about How > 23% of Tor Relays are Maliciously Exploiting Users and stealing BTC in 2020 seemingly run by 1 actor[…]

Hacker leaks passwords for 900+ enterprise Pulse VPN servers

A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. According to a review, Read more about Hacker leaks passwords for 900+ enterprise Pulse VPN servers[…]

Hackers are defacing loads of high profile Reddit channels with pro-Trump messages

A massive hack has hit Reddit today after tens of Reddit channels have been hacked and defaced to show messages in support of Donald Trump’s reelection campaign. The hacks are still ongoing at the time of writing, but we were told Reddit’s security team is aware of the issue and has already begun restoring defaced Read more about Hackers are defacing loads of high profile Reddit channels with pro-Trump messages[…]

Hackers Broke Into Real News Sites to Plant Fake Stories

On Wednesday, security firm FireEye released a report on a disinformation-focused group it’s calling Ghostwriter. The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they’ve posted fake content on everything from social media to pro-Russian news websites. Read more about Hackers Broke Into Real News Sites to Plant Fake Stories[…]

US govt says Chinese duo hacked, stole blueprints from just about everyone and then extorted cash.

On Tuesday, the US Department of Justice charged two Chinese nationals with allegedly hacking hundreds of organizations and individuals in America and elsewhere to steal confidential corporate secrets on behalf of Beijing for more than a decade. The pilfered files are said to be worth hundreds of millions of dollars, and in some cases, it Read more about US govt says Chinese duo hacked, stole blueprints from just about everyone and then extorted cash.[…]

Twitter hack latest: Up to 36 compromised accounts had their private messages read – including a Dutch politician’s

Twitter has admitted that the naughty folk who hijacked verified accounts last week read a portion of hacked users’ direct messages. Among the 36 Twitter users whose direct messages (DMs), email addresses and phone numbers were definitely accessed by account hijackers last week was one Dutch politician, the microblogging platform said overnight. “We believe that Read more about Twitter hack latest: Up to 36 compromised accounts had their private messages read – including a Dutch politician’s[…]

BadPower Attack Can Trick Power Bricks into Starting a Fire

In a study published by Xuanwu Labs (which is owned by Chinese tech giant Tencent), researchers detailed the BadPower hack which works by manipulating the firmware inside fast charge power adapters. Normally, when a phone is connected to a power brick with support for fast charging, the phone and the power adapter communicate with each Read more about BadPower Attack Can Trick Power Bricks into Starting a Fire[…]

FYI Russia is totally hacking the West’s labs in search of COVID-19 vaccine files, say UK, US, Canada cyber-spies. So is China and Iran.

Russian hackers at the state’s FSB spy agency have been caught breaking into Western institutions working on potential vaccines for the COVID-19 coronavirus in hope of stealing said research. That’s according to the British National Cyber Security Centre and America’s NSA today. The Kremlin-backed APT29 crew, also known by a variety of other names such Read more about FYI Russia is totally hacking the West’s labs in search of COVID-19 vaccine files, say UK, US, Canada cyber-spies. So is China and Iran.[…]

Secret Trump order gives CIA more powers to launch cyberattacks with less oversight

The Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets since winning a secret victory in 2018 when President Trump signed what amounts to a sweeping authorization for such activities, according to former U.S. officials with direct knowledge of the matter. The secret authorization, known as a presidential Read more about Secret Trump order gives CIA more powers to launch cyberattacks with less oversight[…]

Twitter says hack of key staff led to celebrity, politician, biz account hijack mega-spree

Twitter has offered its initial analysis of the Wednesday mass hijacking of prominent twits’ accounts – and suggested it all kicked off after its staff fell for social engineering. Judging from leaked screenshots of Twitter’s internal systems circulating online and seen by El Reg, it appears one or more miscreants were able to gain direct Read more about Twitter says hack of key staff led to celebrity, politician, biz account hijack mega-spree[…]

Guilty: Russian miscreant who hacked LinkedIn, Dropbox, Formspring, stole 200-million-plus account records

The Russian hacker accused of raiding LinkedIn, Dropbox and Formspring, and obtaining data on 213 million user accounts, has been found guilty. On Friday, Yevgeniy Nikulin was convicted [PDF] by a San Francisco jury of committing computer intrusion, data theft, and other charges [PDF] relating to the databases he broke into and siphoned off in Read more about Guilty: Russian miscreant who hacked LinkedIn, Dropbox, Formspring, stole 200-million-plus account records[…]

Collabera hacked: IT staffing’n’services giant hit by ransomware, employee personal data stolen

Hackers infiltrated Collabera, siphoned off at least some employees’ personal information, and infected the US-based IT consultancy giant’s systems with ransomware. We understand this swiped data included workers’ names, addresses, contact and social security numbers, dates of birth, employment benefits, and passport and immigration visa details. Basically, everything needed for identity theft. The recruitment’n’staffing biz, Read more about Collabera hacked: IT staffing’n’services giant hit by ransomware, employee personal data stolen[…]

‘BlueLeaks’ Exposes Files, personal and banking details, emails from Hundreds of Police Departments spanning 24 years

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection — nearly 270 Read more about ‘BlueLeaks’ Exposes Files, personal and banking details, emails from Hundreds of Police Departments spanning 24 years[…]

Super secretive Russian disinfo operation discovered dating back to 2014

Social media research group Graphika published today a 120-page report [PDF] unmasking a new Russian information operation of which very little has been known so far. Codenamed Secondary Infektion, the group is different from the Internet Research Agency (IRA), the Sankt Petersburg company (troll farm) that has interfered in the US 2016 presidential election. Graphika Read more about Super secretive Russian disinfo operation discovered dating back to 2014[…]