fbpx

Download free GDPR compliance checklist!

Tag Archives for " hacking "

23,600 hacked databases have leaked from a defunct ‘data breach index’ site

Site archive of Cit0day.in has now leaked on two hacking forums after the service shut down in September.

Cit0day operated by collecting hacked databases and then providing access to usernames, emails, addresses, and even cleartext passwords to other hackers for a daily or monthly fee.

In total, 23,618 hacked databases were provided for download via the MEGA file-hosting portal. The link was live only for a few hours before being taken down following an abuse report. Dataset is estimated at around 50GB and 13 billion user records.

Source: 23,600 hacked databases have leaked from a defunct ‘data breach index’ site | ZDNet

A Hacker Is Threatening to Leak Patients’ Therapy Notes

An extortionist has turned a breach of Finland’s Vastaamo mental health services provider into a nightmare for victims.

It seems that Vastaamo had at least one exposed database of patient information that was breached in November 2018 and likely again in mid-March 2019. It is unclear how many patients were affected, but the National Bureau of Investigation said on Sunday that the number could be in the tens of thousands.

The hacker or hackers running the extortion campaign have been demanding 200 euros’ worth of bitcoin, about $230, from victims within 24 hours of the initial ask, or 500 euros ($590) after that, or else they’ll make their information public. A hacker persona “ransom_man” has set up a site on the anonymous web service Tor that already lists leaked data from at least 300 Vastaamo patients. Finnish media reports also indicate that Vastaamo has received a demand for around $530,000 worth of bitcoin to keep the stolen data out of the public domain.

Source: A Hacker Is Threatening to Leak Patients’ Therapy Notes | WIRED

The Police Can Probably Break Into Your Phone

At least 2,000 law enforcement agencies have tools to get into encrypted smartphones, according to new research, and they are using them far more than previously known.

At least 49 of the 50 largest U.S. police departments have the tools, according to the records, as do the police and sheriffs in small towns and counties across the country. And local law enforcement agencies that don’t have such tools can often send a locked phone to a state or federal crime lab that does.

With more tools in their arsenal, the authorities have used them in an increasing range of cases, from homicides and rapes to drugs and shoplifting, according to the records.

Source: The Police Can Probably Break Into Your Phone – The New York Times

Fitbit Spyware Steals Personal Data via Watch Face

Immersive Labs Researcher takes advantage of lax Fitbit privacy controls to build a malicious spyware watch face.

A wide-open app-building API would allow an attacker to build a malicious application that could access Fitbit user data, and send it to any server.

Kev Breen, director of cyber threat research for Immersive Labs, created a proof-of-concept for just that scenario, after realizing that Fitbit devices are loaded with sensitive personal data.

“Essentially, [the developer API] could send device type, location and user information including gender, age, height, heart rate and weight,” Breen explained. “It could also access calendar information. While this doesn’t include PII profile data, the calendar invites could expose additional information such as names and locations.”

Source: Fitbit Spyware Steals Personal Data via Watch Face | Threatpost

Half of Organizations Experienced Security Incidents While Working Remotely

As businesses try to deliver a seamless hybrid experience of work from home and office, Tessian’s Securing the Future of Hybrid Working report reveals the security risks they must overcome and the pressures on IT teams.

The majority of IT decision makers (82%) think that employees are at greater risk of phishing attacks when working remotely. Their concerns are valid; over three-quarters (78%) of employees said they received a phishing email while working on their personal laptop between March and July 2020, and 68% admitted to clicking a link or downloading an attachment within that email.

In fact, nearly half of companies surveyed experienced a data breach or security incident between March and July 2020, with half being caused by phishing attacks – making it the leading cause of security incidents during this period of remote working.

Source: Half of Organizations Experienced Security Incidents While Working Remotely, Reveals New Data – socPub

Iranian hackers’ Android malware spies on dissidents by stealing 2FA codes

An Iranian hacking group made Android malware that appears built to spy on regime critics by stealing their two-factor codes.

The attackers first use a phishing trojan to collect login details, and then try those with the real site. If the victim has two-factor authentication turned on, the newly-reported malware intercepts the incoming SMS messages and quietly sends copies to the intruders.

Source: Iranian hackers’ Android malware spies on dissidents by stealing 2FA codes | Engadget

ECHR dismisses Privacy International case on UK state hacking

The European Court of Human Rights (ECHR) dismissed the claim Privacy International and coalition of internet and communications service providers and campaign groups for failure to pursue all domestic remedies.

Coalition in ECHR challenged the conduct of hacking operations abroad by one of the UK’s intelligence agencies, the Government Communications Headquarters (GCHQ), and originated in the Investigatory Powers Tribunal (IPT), which hears claims against the UK intelligence agencies.

Source: PI’s statement on the ECtHR decision in Privacy International v. UK | Privacy International

Hackers are exploiting a critical flaw affecting >350,000 WordPress sites

Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on Websites running File Manager, a WordPress plugin with more than 700,000 active installations, researchers said on Tuesday.

Attackers are using the exploit to upload files that contain webshells that are hidden in an image. Word of the attacks came a few hours after the security flaw was patched. Website security firm Wordfence said that it had blocked more than 450,000 exploit attempts in the past few days.

Source: Hackers are exploiting a critical flaw affecting >350,000 WordPress sites | Ars Technica

Marriott International faces class action suit over mass data breach

Technology consultant leads legal action after hackers stole personal details of 300m guests.

Hotel group Marriott International is facing a class action lawsuit in London’s high court from millions of customers, who are seeking compensation after their personal details were stolen in one of the world’s largest data breaches .

Source: Marriott International faces class action suit over mass data breach

U.S. Government Contractor Embedded Software in Apps to Track Phones

Anomaly Six LLC , a small U.S. company with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide.

Virginia-based company founded by two U.S. military veterans with a background in intelligence, said in marketing material it is able to draw location data from more than 500 mobile applications, in part through its own software development kit, or SDK, that is embedded directly in some of the apps.

Source: U.S. Government Contractor Embedded Software in Apps to Track Phones – WSJ

1 2 3 25
>