Jump to content

kandykidd

Active Members
  • Content Count

    262
  • Joined

  • Last visited

  • Days Won

    7

kandykidd last won the day on January 10

kandykidd had the most liked content!

Community Reputation

145 Excellent

1 Follower

About kandykidd

  • Rank
    Registered user

Profile Information

  • Location
     

Converted

  • Location
    kazakhstan

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. O posibilitate ar fi ca "oferta" să vină chiar de la cineva de la morgă pentru a incasa mai mulți bani de la asigurare. Sincer nu știu cum stă treaba în România, dar aici anumite case de asigurări au gen un preț fix economic pentru înmormântările "standard", în schimb dacă e caz de covid mă gândesc că se schimbă treaba si costurile urcă, gen: materiale de protecție folosite, incinerare, etc..
  2. Microsoft is offering hackers up to $100,000 if they can break the security of the company’s custom Linux OS. The software giant built a compact and custom version of Linux last year for its Azure Sphere OS, which is designed to run on specialized chips for its Internet of Things (IoT) platform. The OS is purpose-built for this platform, ensuring basic services and apps run isolated in a sandbox for security purposes. Microsoft now wants hackers to test the security of the Azure Sphere OS, paying up to $100,000 if the Pluton security subsystem or Secure World sandbox is breached. The bug bounty program is part of a three-month research challenge that runs from June 1st until August 31st. “We will award up to $100,000 bounty for specific scenarios in the Azure Sphere Security Research Challenge during the program period,” explains Sylvie Liu, a security program manager at Microsoft’s Security Response Center. MICROSOFT WANTS A GROUP OF SECURITY RESEARCHERS TO JOIN THE CHALLENGE The challenge is focused on the Azure Sphere OS itself, and not the underlying cloud portion that’s already eligible for Azure bounty program awards. Microsoft is specifically looking for a group of security researchers to try and break its Linux OS security. Physical attacks are out of scope, but researchers can apply to be part of the challenge here. Azure Sphere was announced at last year’s Build developer conference, and it’s still relatively new. Businesses like Starbucks are rolling out Azure Sphere to secure its store equipment, which feeds back data points on the type of beans, coffee temperature, and water quality for every shot of espresso. Microsoft CEO Satya Nadella sees IoT devices as a key area for the company, describing its cloud business as the biggest hardware business at Microsoft earlier this year. Nadella is chasing the billions of IoT devices that analysts predict will be in use over the next decade. Azure Sphere is a key part of the mission to help secure and manage these devices, and part of Microsoft’s increased push to win a world beyond Windows that’s increasingly moving to cloud computing.
  3. Mi s-a parut interesanta ideea. Software developers can accidentally leak sensitive information, particularly secret keys for third party services, across code hosting platforms such as GitHub, GitLab and BitBucket. https://shhgit.darkport.co.uk/
  4. 28 Jan 20 Wawa Breach May Have Compromised More Than 30 Million Payment Cards In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach. On the evening of Monday, Jan. 27, a popular fraud bazaar known as Joker’s Stash began selling card data from “a new huge nationwide breach” that purportedly includes more than 30 million card accounts issued by thousands of financial institutions across 40+ U.S. states. The fraud bazaar Joker’s Stash on Monday began selling some 30 million stolen payment card accounts that experts say have been tied back to a breach at Wawa in 2019. Two sources that work closely with financial institutions nationwide tell KrebsOnSecurity the new batch of cards that went on sale Monday evening — dubbed “BIGBADABOOM-III” by Joker’s Stash — map squarely back to cardholder purchases at Wawa. On Dec. 19, 2019, Wawa sent a notice to customers saying the company had discovered card-stealing malware installed on in-store payment processing systems and fuel dispensers at potentially all Wawa locations. Pennsylvania-based Wawa says it discovered the intrusion on Dec. 10 and contained the breach by Dec. 12, but that the malware was thought to have been installed more than nine months earlier, around March 4. The exposed information includes debit and credit card numbers, expiration dates, and cardholder names. Wawa said the breach did not expose personal identification numbers (PINs) or CVV records (the three-digit security code printed on the back of a payment card). A spokesperson for Wawa confirmed that the company today became aware of reports of criminal attempts to sell some customer payment card information potentially involved in the data security incident announced by Wawa on December 19, 2019. “We have alerted our payment card processor, payment card brands, and card issuers to heighten fraud monitoring activities to help further protect any customer information,” Wawa said in a statement released to KrebsOnSecurity. “We continue to work closely with federal law enforcement in connection with their ongoing investigation to determine the scope of the disclosure of Wawa-specific customer payment card data.” “We continue to encourage our customers to remain vigilant in reviewing charges on their payment card statements and to promptly report any unauthorized use to the bank or financial institution that issued their payment card by calling the number on the back of the card,” the statement continues. “Under federal law and card company rules, customers who notify their payment card issuer in a timely manner of fraudulent charges will not be responsible for those charges. In the unlikely event any individual customer who has promptly notified their card issuer of fraudulent charges related to this incident is not reimbursed, Wawa will work with them to reimburse them for those charges.” Gemini Advisory, a New York-based fraud intelligence company, said the biggest concentrations of stolen cards for sale in the BIGBADABOOM-III batch map back to Wawa customer card use in Florida and Pennsylvania, the two most populous states where Wawa operates. Wawa also has locations in Delaware, Maryland, Virginia and the District of Columbia. According to Gemini, Joker’s Stash has so far released only a small portion of the claimed 30 million. However, this is not an uncommon practice: Releasing too many stolen cards for sale at once tends to have the effect of depressing the overall price of stolen cards across the underground market. “Based on Gemini’s analysis, the initial set of bases linked to “BIGBADABOOM-III” consisted of nearly 100,000 records,” Gemini observed. “While the majority of those records were from US banks and were linked to US-based cardholders, some records also linked to cardholders from Latin America, Europe, and several Asian countries. Non-US-based cardholders likely fell victim to this breach when traveling to the United States and utilizing Wawa gas stations during the period of exposure.” Gemini’s director of research Stas Alforov stressed that some of the 30 million cards advertised for sale as part of this BIGBADABOOM batch may in fact be sourced from breaches at other retailers, something Joker’s Stash has been known to do in previous large batches. Gemini monitors multiple carding sites like Joker’s Stash. The company found the median price of U.S.-issued records in the new Joker’s Stash batch is currently $17, with some of the international records priced as high as $210 per card. “Apart from banks with a nationwide presence, only financial institutions along the East Coast had significant exposure,” Gemini concluded. Representatives from MasterCard did not respond to requests for comment. Visa declined to comment for this story, but pointed to a series of alerts it issued in November and December 2019 about cybercrime groups increasingly targeting fuel dispenser merchants. A number of recent high-profile nationwide card breaches at main street merchants have been linked to large numbers of cards for sale at Joker’s Stash, including breaches at supermarket chain Hy-Vee, restaurant chains Sonic, Buca di Beppo, Krystal, Moe’s, McAlister’s Deli, and Schlotzsky’s, retailers like Bebe Stores, and hospitality brands such as Hilton Hotels. Most card breaches at restaurants and other brick-and-mortar stores occur when cybercriminals manage to remotely install malicious software on the retailer’s card-processing systems. This type of point-of-sale malware is capable of copying data stored on a credit or debit card’s magnetic stripe when those cards are swiped at compromised payment terminals, and that data can then be used to create counterfeit copies of the cards. The United States is the last of the G20 nations to make the shift to more secure chip-based cards, which are far more expensive and difficult for criminals to counterfeit. Unfortunately, many merchants have not yet shifted to using chip-based card readers and still swipe their customers’ cards. According to stats released in November by Visa, more than 3.7 million merchant locations are now accepting chip cards. Visa says for merchants who have completed the chip upgrade, counterfeit fraud dollars dropped 81 percent in June 2019 compared to September 2015. This may help explain why card thieves increasingly are shifting their attention to compromising e-commerce merchants, a trend seen in virtually every country that has already made the switch to chip-based cards. Many filling stations are upgrading their pumps to include more cyber and physical security — such as end-to-end encryption of card data, custom locks and security cameras. In addition, newer pumps can accommodate more secure chip-based payment cards that are already in use and in some cases mandated by other G20 nations. But these upgrades are disruptive and expensive, and many fuel station owners are putting them off until it is absolutely necessary. Prior to late 2016, fuel station owners in the United States had until October 1, 2017 to install chip-capable readers at their pumps. Station owners that didn’t have chip-ready readers in place by then would have been on the hook to absorb 100 percent of the costs of fraud associated with transactions in which the customer presented a chip-based card yet was not asked or able to dip the chip. Yet in December 2016, Visa — by far the largest credit card network in the United States — delayed the requirements, saying fuel station owners would be given until October 1, 2020 to meet the liability shift deadline. Either way, Wawa could be facing steep fines for failing to protect customer card data traversing its internal payment card networks. In addition, at least one class action lawsuit has already been filed against the company. Finally, it’s important to note that even if all 30 million of the cards that Joker’s Stash is selling as part of this batch do in fact map back to Wawa locations, it’s highly unlikely that more than a small percentage of these cards will actually be purchased and used by fraudsters. In the 2013 megabreach at Target Corp., for example, fraudsters stole roughly 40 million cards but only ended up selling between one to three million of those cards. Source: https://krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/
  5. Top 25 RCE Bug Bounty Reports The reports were disclosed through the HackerOne platform and were selected according to their upvotes, bounty, severity level, complexity, and uniqueness. #1 Title: Potential pre-auth RCE on Twitter VPN Company: Twitter Bounty: $20,160 Link: https://hackerone.com/reports/591295 #2 Title: RCE on Steam Client via buffer overflow in Server Info Company: Valve Bounty: $18,000 Link: https://hackerone.com/reports/470520 #3 Title: Struct type confusion RCE Company: Shopify Bounty: $18,000 Link: https://hackerone.com/reports/181879 #4 Title: Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution Company: Valve Bounty: $12,500 Link: https://hackerone.com/reports/351014 #5 Title: Git flag injection — local file overwrite to remote code execution Company: GitLab Bounty: $12,000 Link: https://hackerone.com/reports/658013 #6 Title: Remote Code Execution on www.semrush.com/my_reports on Logo upload Company: SEMrush Bounty: $10,000 Link: https://hackerone.com/reports/403417 #7 Title: Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message Company: Valve Bounty: $9,000 Link: https://hackerone.com/reports/631956 #8 Title: RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi) Company: LocalTapiola Bounty: $6,800 Link: https://hackerone.com/reports/303061 #9 Title: Remote Code Execution at http://tw.corp.ubnt.com Company: Ubiquiti Inc. Bounty: $5,000 Link: https://hackerone.com/reports/269066 #10 Title: Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability Company: Flash (IBB) Bounty: $5,000 Link: https://hackerone.com/reports/139879 #11 Title: RCE by command line argument injection to `gm convert` in `/edit/process?a=crop` Company: Imgur Bounty: $5,000 Link: https://hackerone.com/reports/212696 #12 Title: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/ Company: Starbucks Bounty: $4,000 Link: https://hackerone.com/reports/502758 #13 Title: [ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File Company: Mail.ru Bounty: $4,000 Link: https://hackerone.com/reports/683957 #14 Title: Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice Company: Starbucks Bounty: $4,000 Link: https://hackerone.com/reports/592400 #15 Title: Attention! Remote Code Execution at http://wpt.ec2.shopify.com/ Company: Shopify Bounty: $3,000 Link: https://hackerone.com/reports/73567 #16 Title: Unchecked weapon id in WeaponList message parser on client leads to RCE Company: Valve Bounty: $3,000 Link: https://hackerone.com/reports/513154 #17 Title: Drupal 7 pre auth sql injection and remote code execution Company: The Internet Bug Bounty Program Bounty: $3,000 Link: https://hackerone.com/reports/31756 #18 Title: RCE via ssh:// URIs in multiple VCS Company: The Internet Bug Bounty Program Bounty: $3,000 Link: https://hackerone.com/reports/260005 #19 Title: Remote Code Execution on Git.imgur-dev.com Company: Imgur Bounty: $2,500 Link: https://hackerone.com/reports/206227 #20 Title: GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability] Company: PHP (IBB) Bounty: $1,500 Link: https://hackerone.com/reports/198734 #21 Title: Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE Company: Lob Bounty: $1,500 Link: https://hackerone.com/reports/520717 #22 Title: Remote code execution using render :inline Company: Ruby on Rails Bounty: $1,500 Link: https://hackerone.com/reports/113928 #23 Title: RCE which may occur due to `ActiveSupport::MessageVerifier` or `ActiveSupport::MessageEncryptor` (especially Active storage) Company: Ruby on Rails Bounty: $1,500 Link: https://hackerone.com/reports/473888 #24 Title: Remote code execution on rubygems.org Company: RubyGems Bounty: $1,500 Link: https://hackerone.com/reports/274990 #25 Title: WordPress SOME bug in plupload.flash.swf leading to RCE Company: Automattic Bounty: $1,337 Link: https://hackerone.com/reports/134738 Bonus: 10 Zero Dollars RCE Reports #1 Bonus Title: Read files on application server, leads to RCE Company: GitLab Bounty: $0 Link: https://hackerone.com/reports/178152 #2 Bonus Title: XXE in DoD website that may lead to RCE Company: U.S. D.o.D. Bounty: $0 Link: https://hackerone.com/reports/227880 #3 Bonus Title: Remote Code Execution (RCE) in a DoD website Company: U.S. D.o.D. Bounty: $0 Link: https://hackerone.com/reports/248116 #4 Bonus Title: Remote Unrestricted file Creation/Deletion and Possible RCE. Company: Twitter Bounty: $0 Link: https://hackerone.com/reports/191884 #5 Bonus Title: RCE on via CVE-2017–10271 Company: U.S. D.o.D. Bounty: $0 Link: https://hackerone.com/reports/576887 #6 Bonus Title: Ability to access all user authentication tokens, leads to RCE Company: GitLab Bounty: $0 Link: https://hackerone.com/reports/158330 #7 Bonus Title: Remote Code Execution via Extract App Plugin Company: Nextcloud Bounty: $0 Link: https://hackerone.com/reports/546753 #8 Bonus Title: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ Company: U.S. D.o.D. Bounty: $0 Link: https://hackerone.com/reports/678496 #9 Bonus Title: Remote Code Execution in Rocket.Chat Desktop Company: Rocket.chat Bounty: $0 Link: https://hackerone.com/reports/276031 #10 Bonus Title: [npm-git-publish] RCE via insecure command formatting Company: Node.js third-party modules Bounty: $0 Link: https://hackerone.com/reports/730121 Source
  6. In timpul liber hackthebox.eu, vizionez content de la "IppSec" mai rau ca pe Netflix
  7. When hunting for security issues, the pursuit for uncharted assets and obscure endpoints often ends up taking the focus away from obvious, but still critical, functionality. If you approach a target like you are the first person to ever perform a security assessment on it, and check everything thoroughly, I believe you are bound to find something new — especially if the code you are testing has been in continuous development for a while. This is the story of a high-severity bug affecting what is probably one of PayPal’s most visited pages: the login form. Initial discovery While exploring PayPal’s main authentication flow, I noticed a javascript file containing what appeared to be a CSRF token and a session ID: This immediately drew my attention, because providing any kind of session data inside a valid javascript file usually allows it to be retrieved by attackers. In what is known as a cross-site script inclusion (XSSI) attack, a malicious web page can use an HTML <script> tag to import a script cross-origin, enabling it to gain access to any data contained within the file. Sure enough, a quick test confirmed the XSSI vulnerability and, although a javascript obfuscator was used to randomize variable names on each request, the interesting tokens were still placed in fairly predictable locations, making it possible to retrieve them with just a bit of extra work. However, a secret is only as good as the damage you can do with it. I immediately set out to find out what exactly _csrf and _sessionID were and if they could actually be used in a real attack. Digging further After countless attempts to replace regular CSRF tokens inside authenticated requests on PayPal’s platform with the value of _csrf, I came to the conclusion that a classic cross-site request forgery attack was not possible using this specific token. Similarly, a victim’s _sessionID was unfortunately not enough to impersonate them on PayPal’s site. Next, I went back to the vulnerable script and followed the tokens to find what they were actually used for. This led to a deep dive into one of PayPal’s main protection mechanisms used to prevent brute force attacks, the security challenge. While this functionality is used in many places, I will be focusing on the main login form. The idea is pretty simple: After a few failed login attempts, you are required to solve a reCAPTCHA challenge before you can try again. The implementation, however, may raise some eyebrows. Upon detecting a possible brute-force attempt, the response to the next authentication attempt is a page containing nothing but a Google captcha. If the captcha is solved by the user, an HTTP POST request to /auth/validatecaptcha is initiated. The familiar _csrf and _sessionID are present in the request body, as well as two other values, which we will get to a bit later. The response to the captcha validation request is meant to re-introduce the user into the authentication flow. To this end, it contains a self-submitting form with all the data provided in the user’s latest login request, including their email and plain text password. I realized that, with the correct timing and some user interaction, knowing all the tokens used in this request was enough to get the victim’s PayPal credentials. In a real-life attack scenario, the only user interaction needed would have been a single visit to an attacker-controlled web page. So I went back and tried to figure out what the missing parameters were. This was easier than expected: The value of jse was not validated at all. recaptcha was the token provided by Google upon solving a reCAPTCHA challenge. It was not tied to a specific session, so any valid token— for example, from an automated solving service — would be accepted. Exploitation Putting all this together, I created a proof of concept that demonstrated the whole process, except for integrating a captcha solving service. First, the proof of concept would exploit the initial XSSI vulnerability to get a set of tokens which were valid in the victim’s session. It would then launch a few authentication requests with random credentials from the victim’s browser, simulating a brute force attempt, which would trigger the security challenge flow. Once the victim logged in to PayPal using the same browser, the cached random credentials would be replaced by the user’s own email and password. The last step was obtaining a fresh reCAPTCHA token, after which the plain text credentials would be retrieved from the /auth/validatecaptcha endpoint and displayed on the page. The final page shown by my proof of concept code contained your email and password I later found that the same vulnerable process was also used on some unauthenticated checkout pages, allowing plain text credit card data to be leaked using the same technique. Disclosure The proof of concept, along with all relevant information, was submitted to PayPal’s bug bounty program on the 18th of November 2019, and was validated by HackerOne 18 days later. Following a quick acknowledgement by the PayPal team and a few additional questions, I was awarded a $15,300 bounty on the 10th of December. The reward amount corresponds with the bug’s 8.0 (High) CVSS score, which is the same score that I had initially suggested when submitting the report. A patch was applied around 24 hours later, meaning that the bug was fixed only five days after PayPal became aware of it — quite an impressive turnaround time. Fix and prevention advice The /auth/validatecaptcha endpoint now requires an additional CSRF token, which cannot be leaked using cross-site script inclusion. While this properly fixes the vulnerability, I believe that the whole thing could have been prevented when designing the system by following one of the oldest and most important pieces of infosec advice: Never store passwords in plain text. By the way, I am looking to do security assessments and bug bounty program management work. I have experience in security testing, vulnerability triage, as well as a background in software development. Does this sound of interest to you? You can get in touch via alex@ethicalhack.ro. Source https://medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9
  8. https://www.cnet.com/news/nordvpn-user-accounts-were-compromised-and-passwords-exposed-report-says/ Cred ca mai merg
  9. Nu m-am interesat de unde sunt, pentru ce il folosesc eu nu prea conteaza.
  10. Sincer versiunea "prime" merge destul de bine. Tinand cont ca nu ma conectez din aceasi tara mi se pare chiar ok. Same country as connection
  11. WindScribe is definitely one of the most popular VPN service among users worldwide (check in-depth review -> Googlce trends). The company is famous for its fully functional FREE version with 10 GB data, dedicated servers for streaming, unlimited bandwidth and unique technology called R.O.B.E.R.T. (“Remote Omnidirectional Badware Eliminating Robotic Tool”) which helps to blocks Ads, trackers and malware. With a strong AES-256 encryption the company doesn’t have a huge pool of servers but spread them over 55 countries and 100 cities. Another innovative thing about WindScribe is the ability to build your own subscription plan, so the price can start from $1/month. So any additional location will cost you $1/month and add 10 GB on top of your allowed monthly bandwidth. Also you can select “unlimited bandwidth + R.O.B.E.R.T.” for additional $1/month. The company also runs promotions, special offers and deals from time to time so you can save some extra. A good time to find exclusive WindScribe coupon or promo code is Black Friday, New Year, Halloween, etc. So don’t miss a chance to save big on a top rated VPN service "HOWTO" WindScribe - build a custom plan with "Build a Plan" option and save upto 90% off of the original price
  12. Two Romanian hackers namely Bogdan Nicolescu and Rady Miclaus will be spending 20 and 18 years respectively in prison for infecting 400,000 computers with cryptominers and stealing sensitive financial and credential data. The duo is said to have stolen millions of dollars from countless unsuspected users. Both the accused are members of the infamous Romanian hacking group called Bayrob. Nicolescu was the group leader whereas Miclaus served as the co-conspirator. The third accused, Tiberiu Danet, is also a member of the same group. In November 2018, Danet pleaded guilty to eight of the charges and will be sentenced on January 8, 2020. See: Dutch Police Nabs Romanian Gang for Stealing $590K worth of iPhones According to the official press release, the duo was found guilty of 21 counts of money laundering, wire fraud, identity theft, and malware development for mining bitcoin and monero cryptocurrencies through utilizing host computers’ resources apart from other crimes. “These sentences handed down today reflect the dynamic landscape in which international criminals utilize sophisticated cyber methods to take advantage of and defraud, unsuspecting victims anywhere in the world,” said FBI Special Agent in Charge Eric Smith. “Despite the complexity and global character of these investigations, this investigation and prosecution demonstrate the commitment by the FBI and our partners to aggressively pursue these individuals and bring justice to the victims.” The Bayrob Group was founded in 2007 and operated actively until the apprehension and extradition of its key members, including the group leader Nicolescu, in 2016. This group operated from the outskirts of Bucharest and carried out different hacking and malware campaigns including spam emails loaded with dangerous Trojans sent as harmless messages from renowned firms and enterprises. The emails mostly contained attachments hiding the Bayrob botnet, and were sent from the IRS, Norton, and Western Union. As soon as the user clicked on the attachment, the computer got infected with the malware, and all the installed malware protection tools got disabled while access to websites of law enforcement agencies was also blocked. The attackers copied the email contacts of the victim through the malware and sent the infected emails to them as well. Through the botnet, the Romanian hacker group managed to steal $4 million. Moreover, the group also developed crypto miners to mine for Bitcoin and Monero and scan and transfer the victims’ crypto wallet ownership along with the funds. They also stole personal data from the infected computers including credit card information, login credentials, and usernames/passwords on different websites. Furthermore, the malware enabled the system to register AOL accounts, which were used to send more malicious emails. The duo got 100,000 email accounts registered through this method and subsequently sent out tens of millions of infected emails. They also replaced legitimate websites like eBay with fake replicas and when the victim accessed these websites, they were tricked into entering their credentials to the fake webpage instead of the authentic ones. It did not end here; the group also used eBay for their nefarious objectives. The duo placed over 1,000 fake listings of motorbikes and automobiles on eBay and uploaded malware-infected images on these listings. Users who clicked on the images were redirected to fake eBay ordering pages where the victims were encouraged to pay for the items. A person was hired to play the role of fictional eBay Escrow Agent whose only job was to collect the money from the victim and transfer it to the hacker duo. “These sentences handed down today reflect the dynamic landscape in which international criminals utilize sophisticated cyber methods to take advantage of and defraud, unsuspecting victims anywhere in the world,” added Special Agent Smith. Source https://www.hackread.com/20-years-prison-romanian-hackers-infected-computers/
  13. The official Cayman Islands tourism website brags about the territory's stunning beaches, exotic wildlife and contemporary art museums. Yet, it's probably better known for the allegations of money laundering made against it by other governments, including that of the United States, which is what makes the claim that hackers published 2TB of the Cayman National bank's confidential data interesting. A pseudonymous Twitter account called Distributed Denial of Secrets--a play on the distributed-denial of service attacks that can bring down even the largest websites-- said on Saturday that it was releasing "copies of the servers of Cayman National Bank and Trust." The account has also claimed to have released more information over the last few days and to have upgraded its servers to cope with traffic spikes. Cayman National operates numerous branches in the Cayman Islands proper, Isle of Man and Dubai. Distributed Denial of Secrets claimed that it's "allegedly been used for money laundering by Russian oligarchs and others" as well, which is why it published the bank's confidential data. The goal appears to be giving people access to private information that could prove or disprove those allegations of wrongdoing. Distributed Denial of Secrets said it didn't hack Cayman National itself. Instead, the data appears to have been stolen by someone called "Phineas Fisher," and its revelation was announced by HackBack alongside an explanation of Fisher's actions. A copy of the original statement can be found in the tweets discussing this leak and a report from Unicorn Riot; a translated version was also shared to Pastebin. Cayman National doesn't appear to have acknowledged the alleged leak on its website or social media profiles. It does say on its website that it's requiring clients to share additional information "in connection with the regulations of the global financial industry," however, and that many of its services would be unavailable on November 17 because of "a major upgrade and maintenance programme." The company also offered a helpful tip on its Facebook profile earlier today: "Refrain from accessing Online Banking through open and public access points, such as Internet cafes, public libraries, etc." That's a remarkably odd thing to share on Facebook while people on platforms like Twitter and Hacker News discuss a purported leak of terabytes' worth of private information. Phineas Phisher - Hack Back - Bank https://pastebin.com/8rXhtqgr More info https://unicornriot.ninja/2019/massive-hack-strikes-offshore-cayman-national-bank-and-trust/ Full archive and backups
  14. https://www.bleepingcomputer.com/news/security/cloudflare-now-blocks-the-vbulletin-rce-cve-2019-16759-exploit/
×
×
  • Create New...