fbpx

Download free GDPR compliance checklist!

Tag Archives for " hacking "

Hacker Selling 80,000 Users’ Data Stolen From Cryptocurrency Wallets

A hacker who was behind the cyber attack on Ethereum.org is now selling data tied to key cryptocurrency wallets like Keepkey, Trezor, Ledger and online investment platform Bnktothefuture. The hacker has three large databases with information pertaining to at least 80,000 customers. This includes the customer’s email address, name, phone number, residential address and other data.

“The hacker doesn’t seem to have any passwords, but is offering detailed information that was stolen from an alleged Shopify breach like email addresses, home addresses, and phone numbers,” reports Bitcoin News.

Source: Hacker Selling 80,000 Users’ Data Stolen From Cryptocurrency Wallets

Hacker leaks 40 million user records from popular Wishbone app

A hacker has put up for sale the details of 40 million users registered on Wishbone, a popular mobile app that lets users compare two items in a simple voting poll. Later Wishbone user database has leaked in full, being offered as a free download on one of the hacking forums it was being sold on.

A well-known hacker known as ShinyHunters has taken credit for hacking the company. According to the seller’s claims and a sample of the data published online, the Wishbone data includes user information such as usernames, emails, phone numbers, city/state/country, but also hashed passwords.

Source: Hacker leaks 40 million user records from popular Wishbone app | ZDNet

FBI cracks alleged al-Qaida shooter’s iPhone without Apple’s help

U.S. authorities have reportedly broken through the encryption on one of the iPhones belonging to a mass shooter without the help of Apple who refused to create a backdoor saying it violated privacy rights.

FBI defeated the password on the iPhone belonging to Mohammed Saeed Alshamrani, a Saudi military trainee who went on a mass shooting at a Naval Air Station in Pensacola, Florida last December killing four and injuring eight.

Source: FBI cracks alleged al-Qaida shooter’s iPhone without Apple’s help | Cult of Mac

Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps

A newly uncovered strain of Android spyware lurked on the Google Play Store disguised as cryptocurrency wallet Coinbase, among other things, for up to four years, according to a new report by Bitdefender.

The malware, named Mandrake by the threat intelligence agency, featured a three-part structure that allowed its operators to evade detection by routine Google scanning.

Beginning with an innocuous-looking dropper hosted on the Google Play store, masquerading as one of a number of legitimate apps, Mandrake allowed its Russian operators to snoop on virtually everything unsuspecting targets did on their mobile phone.

Source: Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps • The Register

Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking

The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019.

On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, this technique can bypass the login screen of a sleeping or locked computer—and even its hard disk encryption—to gain full access to the computer’s data. And while attack in many cases requires opening a target laptop’s case with a screwdriver, it leaves no trace of intrusion and can be pulled off in just a few minutes.

Source: Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking | WIRED

More than 160 million user records from 11 companies for sale on dark web

A new individual or group that appears to be a reincarnation of GnosticPlayers is offering millions of user records for sale on the dark web.

The records offered by “ShinyHunters” on a well-known dark web market appear to come from 11 firms: Tokopedia (91 Million), HomeChef (8 Million), Bhinneka (1.2 Million), Minted (5 Million), StyleShare (6 Million), Ggumim (2 Million), Mindful (2 Million), Star Tribune (1 Million), Chatbooks (15 Million), Chronicle of Education (3 Million), and Zoosk (30 Million).

Source: “ShinyHunters” lists more than 160 million user records from 11 companies for sale on dark web

NSA shares list of vulnerabilities commonly exploited to plant web shells

The US National Security Agency (NSA) and the Australian Signals Directorate (ASD) have published a security advisory this week warning companies to search web-facing and internal servers for common web shells.

“Web shell” is a malicious program or script that’s installed on a hacked server. Web shells provide a visual interface that hackers can use to interact with the hacked server and its filesystem.

Hackers install web shells by exploiting vulnerabilities in internet-facing servers or web applications (such as CMS, CMS plugins, CMS themes, CRMs, intranets, or other enterprise apps, etc.).

Source: NSA shares list of vulnerabilities commonly exploited to plant web shells | ZDNet

Apple iPhone mail app vulnerable to hacking

Apple’s built-in iPhone email app has a major security flaw, according to new research, allowing hackers to exploit an iPhone without victims knowing or even clicking on anything.

The discovery raises new questions about whether iPhones are safe to use, especially for people who may be targets of deep-pocketed hackers.

Source: Apple iPhone mail app vulnerable to hacking, new research says – The Washington Post

Google removes 49 Chrome extensions caught stealing crypto-wallet keys

The Chrome extensions were mimicking cryptocurrency wallet apps like Ledger, MyEtherWallet, Trezor, Electrum, and others, but, in reality, they were stealing users’ private keys and mnemonic phrases.

49 extensions appear to have been put together by the same person/group, believed to be a Russian-based threat actor. Whilst the extensions all function the same, the branding is different depending on the user they are targeting.

Source: Exclusive: Google removes 49 Chrome extensions caught stealing crypto-wallet keys | ZDNet

Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000

People who trade in zero-day exploits say there are two Zoom zero-days, one for Windows and one for MacOS, on the market.

Zero-day exploits are unknown vulnerabilities in software or hardware that hackers can take advantage of to hack targets. The zero-day for Zoom on Windows would allow hackers to access the app, but would need to be coupled with another bug to access the whole machine.

Source: Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 – VICE

1 2 3 23
>