Jump to content

mrreboot

Active Members
  • Posts

    268
  • Joined

  • Last visited

  • Days Won

    10

Posts posted by mrreboot

  1. All the deals for InfoSec related software/tools this Black Friday / Cyber Monday

    ❤️ Hope you all have a well-deserved, happy thanksgiving and kudos to all those who contributed to this list.

    FAQ

    When do these sales end?

    Most end 29/30th November.

    When will most of the deals/discounts be here?

    Most likely 27th midday for USA, 28th November for the rest of the world, check back often!

    Can I add deals to the page?

    Yes, please follow formatting guidelines, provide a source and code. Has to be (loosely) infosec related.

    🙈 means 1) Limited user run 2) Great deal or 3) Highly recommended

    *Disclaimer: I have included my own, and other discount codes sent in directly.

    Hacker Essentials

    Stickermule
    https://www.stickermule.com/deals
    $19 down from $65, free shipping

    Tools

    GRAYHATWARFARE (Cloud Storage Buckets Search Engine) 🙈
    https://buckets.grayhatwarfare.com/packages
    Up to 50% off

    IDA Pro
    https://www.hex-rays.com/cgi-bin/quote.cgi/products
    25% OFF for all IDA Home purchases

    Maltego OSINT tool
    https://buy.maltego.com
    50% off Maltego Pro annual subscription

    Burp Bounty Pro Extension
    https://order.shareit.com/cart/view
    20% off with code: CYBERBOUNTY

    Pulsedive Threat Intelligence 🙈
    https://pulsedive.com/about/pro
    $5 PRO accounts with code: TRYFOR5

    SecurityTrails 🙈
    https://securitytrails.com/
    100 recurring free API credits by retweeting

    Tenable
    https://www.tenable.com/buy
    50% off Nessus PRO with code: takehalf

    WPScan
    https://wpscan.com/
    25% off Starter and Pro accounts with code: BLACKFRIDAY2020

    VMware
    https://store-us.vmware.com/
    30% off new licenses, 19% off upgrades. No code required

    Faraday
    https://faradaysec.com/landing-black-friday/
    30% off and Free training on new licenses.

    MalwareBytes
    https://try.malwarebytes.com/black-friday/
    50% off Malwarebytes Premium, 40% OFF Malwarebytes Premium + Privacy

    ESET
    https://www.eset.com/us/cyber-weekend-2020/
    40% off all security software

    010 Editor
    https://www.sweetscape.com/010editor/
    30% off

    Little Snitch (macOS Firewall)
    https://www.obdev.at/products/littlesnitch/order.html
    30% OFF

    Murus and Vallum (macOS Firewall (pf))
    https://murusfirewall.com/
    50% OFF

    Detectify 🙈
    https://detectify.com/lp/black-friday-professional-plan-offer
    20% off annual subscription + mention "Kate sent me", to get a Go Hack Yourself hoodie as well with purchase.

    Sn1per Professional 🙈
    https://xerosecurity.com/wordpress/black-friday-sale/
    $49 savings on Sn1per Professional v8.0 + Command Execution Add-on

    Kon-Boot (Windows and MacOS local password bypass)
    https://kon-boot.com/?NOVEMBER=1
    25% off Kon-Boot Windows, MacOS, and 2in1 personal and commercial licenses.

    Intuitibits (WiFi Explorer Standard, Transfer (TFTP), Wifi Signal)
    https://www.intuitibits.com Various discounts

    Books:

    Bug Bounty Playbook 2 (verified)
    https://payhip.com/b/nRia
    Discount on full price

    NoStarch Press
    https://nostarch.com/
    33.7% off + free shipping with code BLACKFRIDAY20
    *domestic orders only, $50 min

    O'Reilly Books
    https://www.oreilly.com/
    50% discount with code: CM20CS

    Apress
    https://www.apress.com/us/shop/cybermonday-sale
    All eBooks $6.99 each with code: CYBER20AP

    Pearson
    https://www.pearsonitcertification.com/promotions/booksgiving-buy-2-plus-books-or-ebooks-save-55-142246
    Buy 2, save 55% + free US shipping with code: BOOKSGIVING

    Humble Bundle
    https://www.humblebundle.com/
    45% off Premium

    Agile Stationary (cybersecurity card games)
    https://agilestationery.co.uk/
    40% off automatically apply when buying 3 or more products

    Courses & Training:

    OffSec AWAE 🙈
    https://www.offensive-security.com/awae-oswe/
    Various discounts per labs length

    Udemy (Hacking Training - online)
    https://www.udemy.com
    All courses $10.99

    INE (eLearnSecurity, so eJPT, eCPPT)
    https://ine.com/
    40% off with code: BF40

    PluralSight
    https://www.pluralsight.com/offer/2020/bf-cm-40-off
    40% discount

    Lets Defend
    http://letsdefend.io/
    50% off with code: BLCKFRDY

    PentesterLab (Hacking Training/Platform - online) 🙈
    https://pentesterlab.com/pro/
    One-year: US$146.52 instead of US$199.99 Student (3-month): US$27.99 instead of US$34.99

    DroneSec (Drone Security Training - online unlocks 1st December) 🙈
    https://training.dronesec.com
    65% discount on bundle with code: DONOTSHAREBLACKFRI
    20% discount on live training with code: BF20

    Social Engineering Training 🙈
    (Robin Dreeke, retired FBI Special Agent and Chief of the Counterintelligence Behavioral Analysis Program)
    https://www.peopleformula.com/online-training
    25% discount with code: infosec25

    CloudGuru (was Linux Academy)
    https://acloudguru.com/pricing
    Various deals

    Zero2Automated Malware Analysis Course
    https://courses.zero2auto.com/beginner-bundle
    20% off with code: BLACKFRIDAYSALES

    Practical DevSecOps
    https://www.practical-devsecops.com/black-friday/
    15% off

    OSINTion Training
    https://blackfriday.theosintion.com/
    33% off courses with code: 2020BF1337OSINT

    OSINT Combine 🙈
    https://academy.osintcombine.com/
    40% off all courses with code: BLACKFRIDAY

    Whizlabs
    https://www.whizlabs.com/
    50% off all products with code: BLACKFRIDAY50

    ISACA
    https://www.isaca.org/go/flash
    15% off CISA/CISM/CRISC training & certs

    Kaplan
    https://www.kaptest.com/study/gre/black-friday-and-cyber-monday-gre-deals/
    Claim deals are incoming shortly...

    Networkdefense.io
    https://www.networkdefense.io/library/
    20% off all courses. No code required.

    International Cybersecurity Institute
    https://www.icsi.co.uk/pages/black-friday-offer
    50% off courses with code: BF50

    Cybrary (Hacking Training/Platform - online)
    https://www.cybrary.it/
    70% discount

    Cybr (Training/Platform/Community - online) 🙈
    https://cybr.com/
    Up to 74% off

    Hacker House (Hands on Hacking) 🙈
    https://hacker.house/training/
    35% discount with code: HACKFRIDAY

    Dawid Czagan's Web Hacking Secrets 🙈
    https://silesiasecuritylab.com/
    90% discount promo code: BlackFriday2020

    Services:

    ProtonMail
    https://protonmail.com/blog/black-friday-2020/
    33-50% discounts

    NordVPN
    https://nordvpn.com/offer/great-deal/
    68% discount + 3 months free

    F-Secure TOTAL and FREEDOME VPN
    https://www.f-secure.com/en/home/products/total
    50% off with code: BLACKWEEK

    1Password
    https://1password.com/promo/black-friday/the-verge/
    50% off family account

    Lowendbox
    https://lowendbox.com/blog/lowendbox-has-mind-blowing-offers-coming-this-black-friday-cyber-monday-season/ Variety of deals

    Priveasy (Open Source Privacy and Security Services)
    https://Priveasy.org
    Get additional 90 days free at checkout with code: 6ffbb6ff46

    Surfshark VPN
    https://surfshark.com/deals
    83% off + 3 months free

    LastPass
    https://www.lastpass.com/offer/cyber-week-2020
    40% off LastPass Premium for new users

    Hardware:

    DJI 🙈
    https://store.dji.com/event/black-friday-sale-2020
    Up to 46% off Osmo Action $199 down from $369

    SouthOrdPicks
    https://www.southord.com/
    25% discount with code: CHEER25

    SOS Soultions (Hardware Kits)
    https://www.sossolutions.nl/black-friday-2020
    Various discounts

    ifixit
    https://www.ifixit.com/News/47143/our-black-friday-sale-is-here-and-bigger-than-ever Multiple discounts + free shipping over $50 with code: FIXSHIP

    Hak5
    https://shop.hak5.org/
    Various discounts

    Sparkfun
    https://www.sparkfun.com/news/3513 Various Discounts

    Newsletters:

    Cybersecurity Market Insights Newsletter
    https://gumroad.com/securityinsights
    15% for monthly and annual Pro subscriptions with code: security15off


    InfoSec Black Friday Deals (2019)

    These were key deals last year, so keep an eye out and update if released.

    Hacker Essential

    Stickermule
    https://www.stickermule.com/deals
    $19 down from $65, free shipping

    Software:

    Acrylic WiFi Hacking Suite
    https://www.acrylicwifi.com/
    30% discount with code: BLACKFRIDAY

    VMware (Virtual Machine Application)
    Workstation Pro & Fusion Pro, Workstation & Player
    https://store-au.vmware.com/?PID=3211374&PubCID=1397064&cjevent=3533e3c6115911ea839000790a1c0e0f
    45-60% off - BF2019

    RoyalTS (Toolbox for remote computing)
    Royal TS (Win) and Royal TSX (macOS) Individual User Licenses
    https://royalapps.com/ts/win/buy
    50% discount with code BLACKFRIDAY19

    WiFi Explorer Pro
    https://www.adriangranados.com/
    https://buy.paddle.com/checkout/43767240-chreaa50fc5abeb-c5a30d6d5b
    $50 discount

    Hardware:

    SouthOrdPicks
    https://www.southord.com/
    25% discount with code HOLLY19

    Pelican Cases
    https://www.pelican.com/us/en/shop/black-friday/
    30% with code: HOLIDAY

    Yubico/Yubikey
    https://www.yubico.com/store/black-friday-2019
    $20 OFF two YubiKeys or $100 OFF orders of $400 or more

    Hak5
    https://shop.hak5.org/
    50% discount and free shipping

    DJI (for hacking drones)
    https://store.dji.com/guides/dji-black-friday-deals-2019-guide/
    40% discount

    ifixit
    https://www.ifixit.com/Black-Friday
    Multiple discounts + free shipping with code: BLUEANDBLACK19

    SparkFun
    https://www.sparkfun.com/news/3134
    15-25% discount

    SeeedStudio
    https://www.seeedstudio.com/thanksgiving_50_off_sale.html
    50% discount with code: THANKS50

    Airspy SDR Tools
    https://airspy.com/
    https://www.rtl-sdr.com/airspy-30-off-black-friday-sale-coupon-now-active/
    30% discount with code: AWARDWINNING2019

    LAB401 SDR/RFID Equiptment
    https://lab401.com/blogs/news/black-friday-cyber-monday-sales
    15%+ discount with code: BFCM2019

    Southord Lockpicking
    https://www.southord.com/ 15% off with coupon HOLLY19

    Maltronics WiFi Keyloggers
    https://maltronics.com/collections/wifi-keyloggers
    20% discount

    Courses & Training:

    Applied Network Defense Online Training
    https://networkdefense.io/
    20% discount all courses

    NoStarch Press
    https://nostarch.com/
    42% discount with code ULTIMATE42

    Udemy (Hacking Training - online)
    https://www.udemy.com
    All courses $10.99

    eLearnSecurity
    https://www.elearnsecurity.com/
    25% discount with code: BLK-019

    PluralSight
    https://www.pluralsight.com/offer/2019/bf-cm-40-off
    40% discount

    PentesterAcademy (Hacking Training/Platform - online)
    http://www.pentesteracademy.com/thanksgiving
    $39 down from $99 or $489p/y down from $1188p/y

    PentesterLab (Hacking Training/Platform - online)
    https://pentesterlab.com/pro/one_year
    https://twitter.com/PentesterLab/status/1199792188609024000?s=20
    26.74% discount

    DroneSec (Drone Hacking Training - offline)
    https://dronesec.com/collections/training 40% discount code: BLACKFRIDAY19 in email subject

    Cybrary (Hacking Training/Platform - online)
    https://www.cybrary.it/
    66% discount

    Packt Publishing
    https://packtpub.com/
    e-Books and videos $10 each or 3 for $25

    O'Reilly Books
    https://www.oreilly.com/online-learning/cybermonday-2019.html
    50% discount with code: CM19CS

    GNS3 Academy
    https://gns3.teachable.com/
    $7 all courses with code: BLACKFRIDAY19

    Pearson
    http://www.pearsonitcertification.com/promotions/black-friday-2019-buy-2-save-55-142103
    Buy 2 or more courses for 55% discount with code: BF2019

    SANS
    https://www.sans.org/online-security-training/specials?msc=hpslider1
    Apple Hardware or $350 off any course

    Hackers Academy
    https://www.hackersacademy.com/bundles?bundle_id=special-offer
    88% discount

    Linux Academy
    https://linuxacademy.com/pricing/individual/
    $150 off

    Practical DevSecOps
    https://www.practical-devsecops.com/black-friday/
    $400 OFF on course bundle or or $120-$180 OFF on each course.

    Manning Publications
    http://enews.manning.com/q/4qVD2DZvQIJ_yR-6w3SkoEx9ucisTjoscZlyhs8T0J5vCawQV4WfDDi9R
    50% on any purchase over $50 with code: CYBERWEEK

    Leetcode
    https://www.leetcode.com/
    $30 off annual subscription w/ code THANKS2019

    ISACA
    https://isaca.org/info/cisa-certification-ready/index.html/
    15% off CISA/CISM/CRISC training & cert with code CYBERWEEK19CISA

    Networkdefense.io
    https://www.networkdefense.io/library/
    20% off

    Apress
    https://www.apress.com/us/shop/cybermonday-sale?token=cyberweek19
    $7 deals

    PTrace Advanced Software Exploitation
    https://www.psec-courses.com/courses/advanced-software-exploitation
    20% off with code BLACKFRIDAY2019

    Linux Foundation training and certifications
    https://training.linuxfoundation.org/cyber-monday-2020-sneak-peek/ 40%-60% discounts starting on Monday on certification, training, and cert+training bundles

    Services:

    ProtonMail
    https://protonmail.com/blog/black-friday-2019/
    33-50% discount

    NordVPN
    https://nordvpn.com/offer/brand/
    83% discount

    The Hacker News
    https://deals.thehackernews.com/
    15% off with coupon BFSAVE15

    F-Secure FREEDOME VPN
    50% w/ code BLACKWEEK https://campaigns.f-secure.com/blackweek/en_global/?ecid=10916

    1Password
    https://1password.com/promo/black-friday/the-verge/?cjevent=8fec730612de11ea80ac00f80a1c0e14/ 50% off via Verge

    Whizlabs
    https://www.whizlabs.com/ 50% off

    Lowendbox
    https://lowendbox.com/blog/happy-thanksgiving-from-lowendbox-black-friday-cyber-monday-offers-are-coming/ Variety of deals

    Continuing Education

    Kaplan
    https://www.kaptest.com/study/gre/black-friday-and-cyber-monday-gre-deals/ Kaplan: $300 off GRE and similar

    UNCONFIRMED / TBA (2018)

    These were key deals last year, so keep an eye out and update if released.

    Tindie (Hardware, Electronics, IoT)
    https://www.tindie.com/browse/sale/
    Multiple discounts

    Pastebin
    https://pastebin.com/pro?coupon=blackfriday
    ??% discount

    Attify (IoT Exploitation Training/Hardware)
    https://www.attify-store.com/
    ??% off with coupon code

    itrainsec Financial Malware Analysis course (live on-line course December 7-10)
    https://www.itrainsec.com/financial-re 20% discount until Tuesday Dec 1 with code: BLCKFRDYFMA

    How to edit formatting

    At the end of a normal sentance, place a backslash for newline () Alternatively with a link, you can double-space ( )

    Credits

    If you'd like to DM me a deal rather than submitting a PR: @securitymeta_

    Thanks to 0ldMate referring me to @Infosec_Taylor who has a fantastic twitter thread as well, adding in some of those deals here! Also thanks to webyeti, grabbed some deals from: https://www.webyeti.ninja/blog/hackerblkfri - more non-infosec deals in there too. Shoutout to some discounts grabbed from Dutchosintguy, @gabsmashh Thanks to those that have sent pull requests, and @reV_sh_ on twitter, among others.

    Thanks to those who credited and helped spread the word! https://github.com/instadoodledavid/Infosec-Deals-2020
    https://github.com/Securityinfos/Black-Friday-Deals
    https://github.com/Dutchosintguy/Blackfriday-Deals-2020

     

    Source

    • Upvote 1
  2. 1 hour ago, Nytro said:

    O intamplare reala, din neamul meu. Rude. Va garantez ca e adevarat.

    Recent, a murit cineva, o ruda. Era mai in varsta si avea ceva probleme de sanatate dar nu avea interactiune decat ocazionala cu o singura persoana.

    Dupa ce a murit, a venit cineva (nu stiu exact de unde, dar pot afla) si au oferit rudelor 500 EUR ca sa semneze ca a murit de Covid-19. Doar ca rudele nu au vrut. I-au facut analizele si dupa cum era de asteptat, testul a iesit negativ. Ideea e ca am vazut la stiri un interviu luat pe strada in care cineva mentiona ceva asemanator. Nu am crezut, dar despre aceasta intamplare stiu cu certitudine.

     

    Acum, ma intreb, oare de ce? Eu cred ca exista niste fonduri pentru asa ceva si ca exista si persoane care vor sa ramana cu bani de pe urma lor. Are cineva idee care ar putea fi cauza? "Sa dea la numar" nu e un argument. Cineva trebuie sa aiba beneficii in urma unor astfel de actiuni iar intr-un final totul se traduce in bani. 

    O posibilitate ar fi ca "oferta" să vină chiar de la cineva de la morgă pentru a incasa mai mulți bani de la asigurare.

     

    Sincer nu știu cum stă treaba în România, dar aici anumite case de asigurări au gen un preț fix economic pentru înmormântările "standard", în schimb dacă e caz de covid mă gândesc că se schimbă treaba si costurile urcă, gen: materiale de protecție folosite, incinerare, etc..

  3. Microsoft is offering hackers up to $100,000 if they can break the security of the company’s custom Linux OS. The software giant built a compact and custom version of Linux last year for its Azure Sphere OS, which is designed to run on specialized chips for its Internet of Things (IoT) platform. The OS is purpose-built for this platform, ensuring basic services and apps run isolated in a sandbox for security purposes.

     

    Microsoft now wants hackers to test the security of the Azure Sphere OS, paying up to $100,000 if the Pluton security subsystem or Secure World sandbox is breached. The bug bounty program is part of a three-month research challenge that runs from June 1st until August 31st. “We will award up to $100,000 bounty for specific scenarios in the Azure Sphere Security Research Challenge during the program period,” explains Sylvie Liu, a security program manager at Microsoft’s Security Response Center.

     

    MICROSOFT WANTS A GROUP OF SECURITY RESEARCHERS TO JOIN THE CHALLENGE
    The challenge is focused on the Azure Sphere OS itself, and not the underlying cloud portion that’s already eligible for Azure bounty program awards. Microsoft is specifically looking for a group of security researchers to try and break its Linux OS security. Physical attacks are out of scope, but researchers can apply to be part of the challenge here.

    Azure Sphere was announced at last year’s Build developer conference, and it’s still relatively new. Businesses like Starbucks are rolling out Azure Sphere to secure its store equipment, which feeds back data points on the type of beans, coffee temperature, and water quality for every shot of espresso.

     

    Microsoft CEO Satya Nadella sees IoT devices as a key area for the company, describing its cloud business as the biggest hardware business at Microsoft earlier this year. Nadella is chasing the billions of IoT devices that analysts predict will be in use over the next decade. Azure Sphere is a key part of the mission to help secure and manage these devices, and part of Microsoft’s increased push to win a world beyond Windows that’s increasingly moving to cloud computing.

    • Upvote 1

  4. 28
    Jan 20

    Wawa Breach May Have Compromised More Than 30 Million Payment Cards

    In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach.

    On the evening of Monday, Jan. 27, a popular fraud bazaar known as Joker’s Stash began selling card data from “a new huge nationwide breach” that purportedly includes more than 30 million card accounts issued by thousands of financial institutions across 40+ U.S. states.

    badaboom.png

    The fraud bazaar Joker’s Stash on Monday began selling some 30 million stolen payment card accounts that experts say have been tied back to a breach at Wawa in 2019.

    Two sources that work closely with financial institutions nationwide tell KrebsOnSecurity the new batch of cards that went on sale Monday evening — dubbed “BIGBADABOOM-III” by Joker’s Stash — map squarely back to cardholder purchases at Wawa.

    On Dec. 19, 2019, Wawa sent a notice to customers saying the company had discovered card-stealing malware installed on in-store payment processing systems and fuel dispensers at potentially all Wawa locations.

    Pennsylvania-based Wawa says it discovered the intrusion on Dec. 10 and contained the breach by Dec. 12, but that the malware was thought to have been installed more than nine months earlier, around March 4. The exposed information includes debit and credit card numbers, expiration dates, and cardholder names. Wawa said the breach did not expose personal identification numbers (PINs) or CVV records (the three-digit security code printed on the back of a payment card).

    A spokesperson for Wawa confirmed that the company today became aware of reports of criminal attempts to sell some customer payment card information potentially involved in the data security incident announced by Wawa on December 19, 2019.

    “We have alerted our payment card processor, payment card brands, and card issuers to heighten fraud monitoring activities to help further protect any customer information,” Wawa said in a statement released to KrebsOnSecurity. “We continue to work closely with federal law enforcement in connection with their ongoing investigation to determine the scope of the disclosure of Wawa-specific customer payment card data.”

    “We continue to encourage our customers to remain vigilant in reviewing charges on their payment card statements and to promptly report any unauthorized use to the bank or financial institution that issued their payment card by calling the number on the back of the card,” the statement continues. “Under federal law and card company rules, customers who notify their payment card issuer in a timely manner of fraudulent charges will not be responsible for those charges. In the unlikely event any individual customer who has promptly notified their card issuer of fraudulent charges related to this incident is not reimbursed, Wawa will work with them to reimburse them for those charges.”

    Gemini Advisory, a New York-based fraud intelligence company, said the biggest concentrations of stolen cards for sale in the BIGBADABOOM-III batch map back to Wawa customer card use in Florida and Pennsylvania, the two most populous states where Wawa operates. Wawa also has locations in Delaware, Maryland, Virginia and the District of Columbia.

    According to Gemini, Joker’s Stash has so far released only a small portion of the claimed 30 million. However, this is not an uncommon practice: Releasing too many stolen cards for sale at once tends to have the effect of depressing the overall price of stolen cards across the underground market.

    “Based on Gemini’s analysis, the initial set of bases linked to “BIGBADABOOM-III” consisted of nearly 100,000 records,” Gemini observed. “While the majority of those records were from US banks and were linked to US-based cardholders, some records also linked to cardholders from Latin America, Europe, and several Asian countries. Non-US-based cardholders likely fell victim to this breach when traveling to the United States and utilizing Wawa gas stations during the period of exposure.”

    Gemini’s director of research Stas Alforov stressed that some of the 30 million cards advertised for sale as part of this BIGBADABOOM batch may in fact be sourced from breaches at other retailers, something Joker’s Stash has been known to do in previous large batches.

    Gemini monitors multiple carding sites like Joker’s Stash. The company found the median price of U.S.-issued records in the new Joker’s Stash batch is currently $17, with some of the international records priced as high as $210 per card.

    “Apart from banks with a nationwide presence, only financial institutions along the East Coast had significant exposure,” Gemini concluded.

    Representatives from MasterCard did not respond to requests for comment. Visa declined to comment for this story, but pointed to a series of alerts it issued in November and December 2019 about cybercrime groups increasingly targeting fuel dispenser merchants.

    A number of recent high-profile nationwide card breaches at main street merchants have been linked to large numbers of cards for sale at Joker’s Stash, including breaches at supermarket chain Hy-Vee, restaurant chains Sonic, Buca di Beppo, Krystal, Moe’s, McAlister’s Deli, and Schlotzsky’s, retailers like Bebe Stores, and hospitality brands such as Hilton Hotels.

    Most card breaches at restaurants and other brick-and-mortar stores occur when cybercriminals manage to remotely install malicious software on the retailer’s card-processing systems. This type of point-of-sale malware is capable of copying data stored on a credit or debit card’s magnetic stripe when those cards are swiped at compromised payment terminals, and that data can then be used to create counterfeit copies of the cards.

    The United States is the last of the G20 nations to make the shift to more secure chip-based cards, which are far more expensive and difficult for criminals to counterfeit. Unfortunately, many merchants have not yet shifted to using chip-based card readers and still swipe their customers’ cards.

    According to stats released in November by Visa, more than 3.7 million merchant locations are now accepting chip cards. Visa says for merchants who have completed the chip upgrade, counterfeit fraud dollars dropped 81 percent in June 2019 compared to September 2015. This may help explain why card thieves increasingly are shifting their attention to compromising e-commerce merchants, a trend seen in virtually every country that has already made the switch to chip-based cards.

    Many filling stations are upgrading their pumps to include more cyber and physical security — such as end-to-end encryption of card data, custom locks and security cameras. In addition, newer pumps can accommodate more secure chip-based payment cards that are already in use and in some cases mandated by other G20 nations.

    But these upgrades are disruptive and expensive, and many fuel station owners are putting them off until it is absolutely necessary. Prior to late 2016, fuel station owners in the United States had until October 1, 2017 to install chip-capable readers at their pumps. Station owners that didn’t have chip-ready readers in place by then would have been on the hook to absorb 100 percent of the costs of fraud associated with transactions in which the customer presented a chip-based card yet was not asked or able to dip the chip.

    Yet in December 2016, Visa — by far the largest credit card network in the United States — delayed the requirements, saying fuel station owners would be given until October 1, 2020 to meet the liability shift deadline.

    Either way, Wawa could be facing steep fines for failing to protect customer card data traversing its internal payment card networks. In addition, at least one class action lawsuit has already been filed against the company.

    Finally, it’s important to note that even if all 30 million of the cards that Joker’s Stash is selling as part of this batch do in fact map back to Wawa locations, it’s highly unlikely that more than a small percentage of these cards will actually be purchased and used by fraudsters. In the 2013 megabreach at Target Corp., for example, fraudsters stole roughly 40 million cards but only ended up selling between one to three million of those cards.

     

    Source: https://krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/

    • Upvote 2
  5. Top 25 RCE Bug Bounty Reports

    The reports were disclosed through the HackerOne platform and were selected according to their upvotes, bounty, severity level, complexity, and uniqueness.

    #1

    Title: Potential pre-auth RCE on Twitter VPN

    Company: Twitter

    Bounty: $20,160

    Link: https://hackerone.com/reports/591295

    #2

    Title: RCE on Steam Client via buffer overflow in Server Info

    Company: Valve

    Bounty: $18,000

    Link: https://hackerone.com/reports/470520

    #3

    Title: Struct type confusion RCE

    Company: Shopify

    Bounty: $18,000

    Link: https://hackerone.com/reports/181879

    #4

    Title: Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution

    Company: Valve

    Bounty: $12,500

    Link: https://hackerone.com/reports/351014

    #5

    Title: Git flag injection — local file overwrite to remote code execution

    Company: GitLab

    Bounty: $12,000

    Link: https://hackerone.com/reports/658013

    #6

    Title: Remote Code Execution on www.semrush.com/my_reports on Logo upload

    Company: SEMrush

    Bounty: $10,000

    Link: https://hackerone.com/reports/403417

    #7

    Title: Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message

    Company: Valve

    Bounty: $9,000

    Link: https://hackerone.com/reports/631956

    #8

    Title: RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi)

    Company: LocalTapiola

    Bounty: $6,800

    Link: https://hackerone.com/reports/303061

    #9

    Title: Remote Code Execution at http://tw.corp.ubnt.com

    Company: Ubiquiti Inc.

    Bounty: $5,000

    Link: https://hackerone.com/reports/269066

    #10

    Title: Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability

    Company: Flash (IBB)

    Bounty: $5,000

    Link: https://hackerone.com/reports/139879

    #11

    Title: RCE by command line argument injection to `gm convert` in `/edit/process?a=crop`

    Company: Imgur

    Bounty: $5,000

    Link: https://hackerone.com/reports/212696

    #12

    Title: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/

    Company: Starbucks

    Bounty: $4,000

    Link: https://hackerone.com/reports/502758

    #13

    Title: [ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File

    Company: Mail.ru

    Bounty: $4,000

    Link: https://hackerone.com/reports/683957

    #14

    Title: Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice

    Company: Starbucks

    Bounty: $4,000

    Link: https://hackerone.com/reports/592400

    #15

    Title: Attention! Remote Code Execution at http://wpt.ec2.shopify.com/

    Company: Shopify

    Bounty: $3,000

    Link: https://hackerone.com/reports/73567

    #16

    Title: Unchecked weapon id in WeaponList message parser on client leads to RCE

    Company: Valve

    Bounty: $3,000

    Link: https://hackerone.com/reports/513154

    #17

    Title: Drupal 7 pre auth sql injection and remote code execution

    Company: The Internet Bug Bounty Program

    Bounty: $3,000

    Link: https://hackerone.com/reports/31756

    #18

    Title: RCE via ssh:// URIs in multiple VCS

    Company: The Internet Bug Bounty Program

    Bounty: $3,000

    Link: https://hackerone.com/reports/260005

    #19

    Title: Remote Code Execution on Git.imgur-dev.com

    Company: Imgur

    Bounty: $2,500

    Link: https://hackerone.com/reports/206227

    #20

    Title: GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability]

    Company: PHP (IBB)

    Bounty: $1,500

    Link: https://hackerone.com/reports/198734

    #21

    Title: Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE

    Company: Lob

    Bounty: $1,500

    Link: https://hackerone.com/reports/520717

    #22

    Title: Remote code execution using render :inline

    Company: Ruby on Rails

    Bounty: $1,500

    Link: https://hackerone.com/reports/113928

    #23

    Title: RCE which may occur due to `ActiveSupport::MessageVerifier` or `ActiveSupport::MessageEncryptor` (especially Active storage)

    Company: Ruby on Rails

    Bounty: $1,500

    Link: https://hackerone.com/reports/473888

    #24

    Title: Remote code execution on rubygems.org

    Company: RubyGems

    Bounty: $1,500

    Link: https://hackerone.com/reports/274990

    #25

    Title: WordPress SOME bug in plupload.flash.swf leading to RCE

    Company: Automattic

    Bounty: $1,337

    Link: https://hackerone.com/reports/134738

    Bonus: 10 Zero Dollars RCE Reports

    #1 Bonus

    Title: Read files on application server, leads to RCE

    Company: GitLab

    Bounty: $0

    Link: https://hackerone.com/reports/178152

    #2 Bonus

    Title: XXE in DoD website that may lead to RCE

    Company: U.S. D.o.D.

    Bounty: $0

    Link: https://hackerone.com/reports/227880

    #3 Bonus

    Title: Remote Code Execution (RCE) in a DoD website

    Company: U.S. D.o.D.

    Bounty: $0

    Link: https://hackerone.com/reports/248116

    #4 Bonus

    Title: Remote Unrestricted file Creation/Deletion and Possible RCE.

    Company: Twitter

    Bounty: $0

    Link: https://hackerone.com/reports/191884

    #5 Bonus

    Title: RCE on via CVE-2017–10271

    Company: U.S. D.o.D.

    Bounty: $0

    Link: https://hackerone.com/reports/576887

    #6 Bonus

    Title: Ability to access all user authentication tokens, leads to RCE

    Company: GitLab

    Bounty: $0

    Link: https://hackerone.com/reports/158330

    #7 Bonus

    Title: Remote Code Execution via Extract App Plugin

    Company: Nextcloud

    Bounty: $0

    Link: https://hackerone.com/reports/546753

    #8 Bonus

    Title: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███

    Company: U.S. D.o.D.

    Bounty: $0

    Link: https://hackerone.com/reports/678496

    #9 Bonus

    Title: Remote Code Execution in Rocket.Chat Desktop

    Company: Rocket.chat

    Bounty: $0

    Link: https://hackerone.com/reports/276031

    #10 Bonus

    Title: [npm-git-publish] RCE via insecure command formatting

    Company: Node.js third-party modules

    Bounty: $0

    Link: https://hackerone.com/reports/730121

    Source

    • Upvote 2
  6. When hunting for security issues, the pursuit for uncharted assets and obscure endpoints often ends up taking the focus away from obvious, but still critical, functionality.

    If you approach a target like you are the first person to ever perform a security assessment on it, and check everything thoroughly, I believe you are bound to find something new — especially if the code you are testing has been in continuous development for a while.

    This is the story of a high-severity bug affecting what is probably one of PayPal’s most visited pages: the login form.

    Initial discovery

    While exploring PayPal’s main authentication flow, I noticed a javascript file containing what appeared to be a CSRF token and a session ID:

     
    1*8faqys83QMtOkpNEIW-wTA.png

    This immediately drew my attention, because providing any kind of session data inside a valid javascript file usually allows it to be retrieved by attackers.

    In what is known as a cross-site script inclusion (XSSI) attack, a malicious web page can use an HTML <script> tag to import a script cross-origin, enabling it to gain access to any data contained within the file.

    Sure enough, a quick test confirmed the XSSI vulnerability and, although a javascript obfuscator was used to randomize variable names on each request, the interesting tokens were still placed in fairly predictable locations, making it possible to retrieve them with just a bit of extra work.

     
    1*KaTYj-xefQX1GOh7En1Fww.png

    However, a secret is only as good as the damage you can do with it. I immediately set out to find out what exactly _csrf and _sessionID were and if they could actually be used in a real attack.

    Digging further

    After countless attempts to replace regular CSRF tokens inside authenticated requests on PayPal’s platform with the value of _csrf, I came to the conclusion that a classic cross-site request forgery attack was not possible using this specific token. Similarly, a victim’s _sessionID was unfortunately not enough to impersonate them on PayPal’s site.

    Next, I went back to the vulnerable script and followed the tokens to find what they were actually used for. This led to a deep dive into one of PayPal’s main protection mechanisms used to prevent brute force attacks, the security challenge. While this functionality is used in many places, I will be focusing on the main login form.

     
    1*PB5r3dB2AsV0FRwy56BFqg.png

    The idea is pretty simple: After a few failed login attempts, you are required to solve a reCAPTCHA challenge before you can try again. The implementation, however, may raise some eyebrows.

    Upon detecting a possible brute-force attempt, the response to the next authentication attempt is a page containing nothing but a Google captcha. If the captcha is solved by the user, an HTTP POST request to /auth/validatecaptcha is initiated.

     
    1*SGfqWuDOzAjjWmMItGtOqQ.png

    The familiar _csrf and _sessionID are present in the request body, as well as two other values, which we will get to a bit later.

    The response to the captcha validation request is meant to re-introduce the user into the authentication flow. To this end, it contains a self-submitting form with all the data provided in the user’s latest login request, including their email and plain text password.

     
    1*s4WHNKuRLZmsK3rB1cMf0Q.png

    I realized that, with the correct timing and some user interaction, knowing all the tokens used in this request was enough to get the victim’s PayPal credentials. In a real-life attack scenario, the only user interaction needed would have been a single visit to an attacker-controlled web page.

    So I went back and tried to figure out what the missing parameters were. This was easier than expected:

    • The value of jse was not validated at all.
    • recaptcha was the token provided by Google upon solving a reCAPTCHA challenge. It was not tied to a specific session, so any valid token— for example, from an automated solving service — would be accepted.

    Exploitation

    Putting all this together, I created a proof of concept that demonstrated the whole process, except for integrating a captcha solving service.

    First, the proof of concept would exploit the initial XSSI vulnerability to get a set of tokens which were valid in the victim’s session. It would then launch a few authentication requests with random credentials from the victim’s browser, simulating a brute force attempt, which would trigger the security challenge flow.

    Once the victim logged in to PayPal using the same browser, the cached random credentials would be replaced by the user’s own email and password. The last step was obtaining a fresh reCAPTCHA token, after which the plain text credentials would be retrieved from the /auth/validatecaptcha endpoint and displayed on the page.

     
    1*jzKlO-gvU6iEKd9GvRyUsg.png
    The final page shown by my proof of concept code contained your email and password

    I later found that the same vulnerable process was also used on some unauthenticated checkout pages, allowing plain text credit card data to be leaked using the same technique.

    Disclosure

    The proof of concept, along with all relevant information, was submitted to PayPal’s bug bounty program on the 18th of November 2019, and was validated by HackerOne 18 days later.

    Following a quick acknowledgement by the PayPal team and a few additional questions, I was awarded a $15,300 bounty on the 10th of December. The reward amount corresponds with the bug’s 8.0 (High) CVSS score, which is the same score that I had initially suggested when submitting the report.

    A patch was applied around 24 hours later, meaning that the bug was fixed only five days after PayPal became aware of it — quite an impressive turnaround time.

    Fix and prevention advice

    The /auth/validatecaptcha endpoint now requires an additional CSRF token, which cannot be leaked using cross-site script inclusion.

    While this properly fixes the vulnerability, I believe that the whole thing could have been prevented when designing the system by following one of the oldest and most important pieces of infosec advice: Never store passwords in plain text.


    By the way, I am looking to do security assessments and bug bounty program management work. I have experience in security testing, vulnerability triage, as well as a background in software development. Does this sound of interest to you? You can get in touch via alex@ethicalhack.ro.

    Source

    https://medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9

    • Like 1
    • Thanks 1
    • Upvote 8
  7. 14 hours ago, aismen said:

    NordVPN e bun ca nu are sediile in America/Canada si alte tari din Nine Eyes si ce organizatii de-astea cu tratat de spionaj mai exista.

    https://www.cnet.com/news/nordvpn-user-accounts-were-compromised-and-passwords-exposed-report-says/

     

    Cred ca mai merg

     

    Quote

    pezempire@yahoo.com:Mad1Alex2Pip3
    peresclyde@yahoo.com:mh02na4594
    redgerton89@gmail.com:Jordan08
    benzialberto@gmail.com:cucciolone
    2011drew24@gmail.com:sea93329
    comm4330@yahoo.com:Bullshit1
    merevesz@gmail.com:corky123
    romeo.se.2009@gmail.com:romeo36896
    spork232ca@hotmail.com:Rjh232ca
    caplanamy@hotmail.com:Oakham97
    djcunningham007@gmail.com:Doctorwhofan11
    christraves@yahoo.com:Chicago1
    toremyklebust@Comcast.net:donald88
    akraa021@hotmail.co.uk:bellman11
    samueleasterbrook@gmail.com:katherine69
    nataliep14@hotmail.com:nats6265
    kadijah1222@gmail.com:Rasheen12
    alberthartholt@hotmail.com:Appie2004
    tino1317@gmail.com:fire1317
    ryan_guy222@hotmail.com:Amanda123
    mmcyj1@aol.com:skippy12
    deniseusuka@hotmail.com:cdjuly13
    tsmith9494@hotmail.com:Potter94
    ghendricks777@gmail.com:Home2047
    nimzoray777@yahoo.com:akopian123
    berjali@gmail.com:maryama2011
    westhompson1982@gmail.com:pass4ggpa123
    justin18y@gmail.com:Erindale30
    catslack@gmail.com:minesweeper
    ajhltu212000@yahoo.com:miamifins21

     

  8. 2 hours ago, SynTAX said:

    Am incercat mai toate VPN-urile si acesta are o viteza scazuta in comparatie cu altele. Nu va recomand.

    Sincer versiunea "prime" merge destul de bine.

     

    Tinand cont ca nu ma conectez din aceasi tara mi se pare chiar ok.

    tz1Cx10HR2_DhTnyoc5JZQ.png

     

    Same country as connection

    8862116812.png

     

     

     

  9. WindScribe is definitely one of the most popular VPN service among users worldwide (check in-depth review -> Googlce trends). The company is famous for its fully functional FREE version with 10 GB data, dedicated servers for streaming, unlimited bandwidth and unique technology called R.O.B.E.R.T. (“Remote Omnidirectional Badware Eliminating Robotic Tool”) which helps to blocks Ads, trackers and malware. With a strong AES-256 encryption the company doesn’t have a huge pool of servers but spread them over 55 countries and 100 cities.

    Another innovative thing about WindScribe is the ability to build your own subscription plan, so the price can start from $1/month. So any additional location will cost you $1/month and add 10 GB on top of your allowed monthly bandwidth. Also you can select “unlimited bandwidth + R.O.B.E.R.T.” for additional $1/month.

    The company also runs promotions, special offers and deals from time to time so you can save some extra. A good time to find exclusive WindScribe coupon or promo code is Black Friday, New Year, Halloween, etc. So don’t miss a chance to save big on a top rated VPN service

     

    "HOWTO"

    WindScribe - build a custom plan with "Build a Plan" option and save upto 90% off of the original price

     

  10. Two Romanian hackers namely Bogdan Nicolescu and Rady Miclaus will be spending 20 and 18 years respectively in prison for infecting 400,000 computers with cryptominers and stealing sensitive financial and credential data. The duo is said to have stolen millions of dollars from countless unsuspected users. 

    Both the accused are members of the infamous Romanian hacking group called Bayrob. Nicolescu was the group leader whereas Miclaus served as the co-conspirator. The third accused, Tiberiu Danet, is also a member of the same group. In November 2018, Danet pleaded guilty to eight of the charges and will be sentenced on January 8, 2020.

    See: Dutch Police Nabs Romanian Gang for Stealing $590K worth of iPhones

    According to the official press release, the duo was found guilty of 21 counts of money laundering, wire fraud, identity theft, and malware development for mining bitcoin and monero cryptocurrencies through utilizing host computers’ resources apart from other crimes. 

     

     

    “These sentences handed down today reflect the dynamic landscape in which international criminals utilize sophisticated cyber methods to take advantage of and defraud, unsuspecting victims anywhere in the world,” said FBI Special Agent in Charge Eric Smith. “Despite the complexity and global character of these investigations, this investigation and prosecution demonstrate the commitment by the FBI and our partners to aggressively pursue these individuals and bring justice to the victims.”

     

     

    The Bayrob Group was founded in 2007 and operated actively until the apprehension and extradition of its key members, including the group leader Nicolescu, in 2016. This group operated from the outskirts of Bucharest and carried out different hacking and malware campaigns including spam emails loaded with dangerous Trojans sent as harmless messages from renowned firms and enterprises.

    The emails mostly contained attachments hiding the Bayrob botnet, and were sent from the IRS, Norton, and Western Union. As soon as the user clicked on the attachment, the computer got infected with the malware, and all the installed malware protection tools got disabled while access to websites of law enforcement agencies was also blocked. The attackers copied the email contacts of the victim through the malware and sent the infected emails to them as well.

    Through the botnet, the Romanian hacker group managed to steal $4 million. Moreover, the group also developed crypto miners to mine for Bitcoin and Monero and scan and transfer the victims’ crypto wallet ownership along with the funds. They also stole personal data from the infected computers including credit card information, login credentials, and usernames/passwords on different websites. 

     

    Furthermore, the malware enabled the system to register AOL accounts, which were used to send more malicious emails. The duo got 100,000 email accounts registered through this method and subsequently sent out tens of millions of infected emails.

    They also replaced legitimate websites like eBay with fake replicas and when the victim accessed these websites, they were tricked into entering their credentials to the fake webpage instead of the authentic ones. 

    It did not end here; the group also used eBay for their nefarious objectives. The duo placed over 1,000 fake listings of motorbikes and automobiles on eBay and uploaded malware-infected images on these listings. Users who clicked on the images were redirected to fake eBay ordering pages where the victims were encouraged to pay for the items. A person was hired to play the role of fictional eBay Escrow Agent whose only job was to collect the money from the victim and transfer it to the hacker duo.

    “These sentences handed down today reflect the dynamic landscape in which international criminals utilize sophisticated cyber methods to take advantage of and defraud, unsuspecting victims anywhere in the world,” added Special Agent Smith.

     

    Source

    https://www.hackread.com/20-years-prison-romanian-hackers-infected-computers/

    • Thanks 1
    • Upvote 1
  11. The official Cayman Islands tourism website brags about the territory's stunning beaches, exotic wildlife and contemporary art museums. Yet, it's probably better known for the allegations of money laundering made against it by other governments, including that of the United States, which is what makes the claim that hackers published 2TB of the Cayman National bank's confidential data interesting.

    A pseudonymous Twitter account called Distributed Denial of Secrets--a play on the distributed-denial of service attacks that can bring down even the largest websites-- said on Saturday that it was releasing "copies of the servers of Cayman National Bank and Trust." The account has also claimed to have released more information over the last few days and to have upgraded its servers to cope with traffic spikes.

     

    Cayman National operates numerous branches in the Cayman Islands proper, Isle of Man and Dubai.  Distributed Denial of Secrets claimed that it's "allegedly been used for money laundering by Russian oligarchs and others" as well, which is why it published the bank's confidential data. The goal appears to be giving people access to private information that could prove or disprove those allegations of wrongdoing.

     

    Distributed Denial of Secrets said it didn't hack Cayman National itself. Instead, the data appears to have been stolen by someone called "Phineas Fisher," and its revelation was announced by HackBack alongside an explanation of Fisher's actions. A copy of the original statement can be found in the tweets discussing this leak and a report from Unicorn Riot; a translated version was also shared to Pastebin.

    Cayman National doesn't appear to have acknowledged the alleged leak on its website or social media profiles. It does say on its website that it's requiring clients to share additional information "in connection with the regulations of the global financial industry," however, and that many of its services would be unavailable on November 17 because of "a major upgrade and maintenance programme."

    The company also offered a helpful tip on its Facebook profile earlier today: "Refrain from accessing Online Banking through open and public access points, such as Internet cafes, public libraries, etc." That's a remarkably odd thing to share on Facebook while people on platforms like Twitter and Hacker News discuss a purported leak of terabytes' worth of private information.

     

    Phineas Phisher - Hack Back - Bank

    https://pastebin.com/8rXhtqgr

     

    More info

    https://unicornriot.ninja/2019/massive-hack-strikes-offshore-cayman-national-bank-and-trust/

     

    Full archive and backups

     

    • Upvote 1
  12. Vechime: 2012

    Balanta: 45.00 €

    Ultima plata: 2017

    Pret: 100 €

    Tara aprobare: Spania

    Nu a mai avut activitate de 2 ani aprox.

    A fost generat cu continut legal in limba spaniola si engleza.

     

    Plata de prefertat in crypto: ETH, BTC, XLM

    0cnAhK4.jpg

  13. Amazon has thousands of workers around the world who listen to and review private Alexa conversations with the goal of helping improve the speech assistant’s technology, according to Bloomberg.

    The report said the Amazon team transcribes the recordings and shares the conversations with other parts of the company in order to make Alexa’s “understanding of human speech” better.

     

    The team is spread across different regions, including Boston, India, and Romania, Bloomberg said, and some of the workers review up to 1,000 audio clips per shift.

    Amazon has never publicly disclosed the role of this group or the fact that human interference is part of Alexa’s voice technology.

    An Amazon spokesperson noted that employees don’t have direct access to information that can identify the people speaking or the account that the snippet came from. However, Bloomberg reported that recordings are associated with account numbers, device serial numbers and the owner’s first name. 

     

    The spokesperson said:

    Quote

    “We take the security and privacy of our customers’ personal information seriously. We only annotate an extremely small sample of Alexa voice recordings in order improve the customer experience. For example, this information helps us train our speech recognition and natural language understanding systems, so Alexa can better understand your requests, and ensure the service works well for everyone. We have strict technical and operational safeguards, and have a zero tolerance policy for the abuse of our system. Employees do not have direct access to information that can identify the person or account as part of this workflow. All information is treated with high confidentiality and we use multi-factor authentication to restrict access, service encryption, and audits of our control environment to protect it.”

     

    Source: https://www.bloomberg.com/news/articles/2019-04-10/is-anyone-listening-to-you-on-alexa-a-global-team-reviews-audio

  14. free-web-hosting-hacking.png

    The world’s most popular Free Web Hosting company 000Webhost has suffered a major data breach, exposing more than 13.5 Million of its customers' personal records.

    The stolen data includes usernames, passwords in plain text, email addresses, IP addresses and last names of around 13.5 Million of 000Webhost's customers.

    According to a recent report published by Forbes, the Free Hosting service provider 000Webhost was hacked in March 2015 by an anonymous hacker.

    In a post on its official Facebook page, the hosting company has acknowledged the data breach and posted the following statement:

    "We have witnessed a database breach on our main server. A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised, we are mostly concerned about the leaked client information."

    The stolen data was obtained by Troy Hunt, an Australian security researcher, who received the data from an anonymous source and also confirmed the authenticity of the data.

    "By now there's no remaining doubt that the breach is legitimate and that impacted users will have to know," Hunt wrote in a blog post published Wednesday. "I'd prefer that 000webhost be the ones to notify [its customer] though."

    000Webhost Ignored Data Breach Warnings Continuously

    000Webhost web Hosting company repeatedly failed to pay attention to the early warnings by Troy Hunt and the Forbes journalist, but the company ultimately decided to ignore them.

    What's even Worse?

    The Web Hosting company did not even follow fundamental and standard security practices to ensure the security of its customers.

    Data breaches are common these days. Just a few days back, we reported about a serious data breach at TalkTalk – the biggest phone and broadband provider in the UK that put the personal data of its 4 Million customers at risk.

    But, What could a Security Breach lead to?

    Severe damage to company's reputation

    Loss of consumer trust

    Thousands of dollars in penalties and fines

    Personal data loss cost infinite

    Temporary or Permanent Closure

    Note: At the time of writing, 000webhost.com website is temporarily down.

    What Should You Do Now?

    For security reasons, the team at Free Hosting service has changed all customers' passwords to the random values and implemented encryption, without giving any direct notice to its affected customers.

    That means, if you are one of those 13.5 Million 000webhost clients, then you need to follow the password reset process to generate a new password in order to access your account.

    However, 000Webhost said: "We removed all illegally uploaded pages as soon as we became aware of the [data] breach. Next, we changed all the passwords and increased their encryption to avoid such mishaps in the future."

    Storing customers passwords in plain text, ignoring early warnings, and then implementing encryption to prevent further damages.

    SOURCE

×
×
  • Create New...