Search the Community
Showing results for tags 'hacked'.
Found 8 results
eBay hacked (December 2018)
QuoVadis posted a topic in Stiri securitatePutin whistle-blowing...share, comment & distribute Vad ca inaptii tac ca "porcul in papusoi" despre treaba asta asa ca postez aici: se pare ca au fost hackuiti si tac in privinta asta. Am aplicatia eBay pe telefon si Sambata dimineata (aproximativ ora 8.30) primesc o notificare de la app ca produsul meu s-a vandut. Nu aveam nimic postat de vanzare si nu folosisem pana atunci eBay-ul de vreo 1-2 luni. A trebuit sa astept pana la 9am sa vorbesc cu cineva de la support si tipa cica "da, stim ca sunt ceva hackeri care fac chestia asta insa se pare a fi automata". A verificat adresa de IP de unde s-a postat produsul si era de Hong Kong. Ce-i mai nasol e ca sunt foarte discreti in treburile astea - nu am primit nici o notificare referitor la schimbarea parolei, ca a fost postat un item nou, ca am vandut ceva nimic - de obicei primesc toate astea prin mail. Daca nu aveam aplicatia pe telefon nu aflam poate nimic, poate doar cand era prea tarziu. Si tipa de la eBay support cica "da, stim ca fac chestia asta, dar nu stim inca cum o fac, se pare a fi un bot care face tranzactii multe si marunte", etc. And the English version - eBay have been hacked and they seem to be keeping quiet about it. I have the eBay app on my phone and on Saturday morning (approx 8.30am) I get a notification from the app that my item has been sold. I did not have any item on sale and have not been using eBay for the past 1-2 months. I had to wait until 9am to ring their support and they were like "yeah, we know there's some hackers who are doing this, seems to be automated". And they checked the IP address from where the listing was made and it was from Hong Kong. But what's more worrying is the stealth with which they've done this - I had no notification of my account changing password, had no notification that an item has been posted for sale, etc. If I wouldn't have had the app on my phone, I would have probably not found about it until too late. And the lady on eBay support on the phone was like "yeah, we know about this, but we don't know how they're doing it, seems to be some bot as they're doing loads of small value transactions", etc.
Bitcoin exchange Youbit shuts after second hack attack
Fi8sVrs posted a topic in CryptocurrencyBitcoin's value hit a high of more than $19,000 this year prompting attacks by hackers A crypto-currency exchange in South Korea is shutting down after it was hacked for the second time in less than eight months. Youbit, which lets people buy and sell bitcoins and other virtual currencies, has filed for bankruptcy after losing 17% of its assets in the cyber-attack. It did not disclose how much the assets were worth at the time of the attack. In April, Youbit, formerly called Bithumb , lost 4,000 bitcoins now worth $73m (£55m) to Kisa. Crime wave South Korea's Internet and Security Agency (Kisa) which investigates net crime, said it had started an enquiry into how the thieves gained access to the exchange's core systems. Kisa blamed the earlier attack on Youbit on cyber-spies working for North Korea. Separate, more recent, attacks on the Bithumb and Coinis exchanges, have also been blamed on the regime. No information has been released about who might have been behind the latest Youbit attack. In a statement, Youbit said that customers would get back about 75% of the value of the crypto-currency they have lodged with the exchange. It said it was "very sorry" that it had been forced to shut down. The exchange added that the hackers did not manage to steal all the digital cash it held because a lot was lodged in a "cold wallet" - a secure store used to hold the assets that were not being traded. Youbit was one of the smaller exchanges active in South Korea. The majority of Bitcoin trading in the country is done on the Bithumb exchange which has a 70% market share. More and more cybercriminals have tried to cash in on the boom in virtual currencies such as Bitcoin. Many have created malware that seeks to use victims' computers to create or "mine" valuable currencies. Others have simply attacked exchanges and other crypto-cash service firms to get at large numbers of bitcoins at once. Earlier this month, hackers got away with more than $80m in bitcoins from NiceHash, a Slovenia-based mining exchange. Via bbc.com
Welp, Vevo Just Got Hacked
Fi8sVrs posted a topic in Stiri securitateAnother day, another multinational video service brought to its knees by a group of rogue hackers with a bone to pick. Vevo, the joint venture between Universal Music Group, Sony Music Entertainment, Abu Dhabi Media, Warner Music Group, and Alphabet Inc. (Google’s parent company), was just hacked. Roughly 3.12TB worth of internal files have been posted online, and a couple of the documents reviewed by Gizmodo appear sensitive. The OurMine hacker squad has claimed responsibility for the breach. The group is well known: They hijacked WikiLeaks’ DNS last month shortly after they took over HBO’s Twitter account; last year, they took over Mark Zuckerberg’s Twitter and Pinterest accounts; and they hit both BuzzFeed and TechCrunch not long after that. The leaked cache contains a wide variety of office documents, videos, and other promotional materials. Based on a cursory review, a majority of the files seemed pretty mild—weekly music charts, pre-planned social media content, and various details about the artists under the record companies’ management. But not all of the material was quite so benign. Vevo’s UK office will probably want to get this alarm code changed as soon as possible: OurMine typically hacks people because, well, it can. The group’s primary goal is demonstrating to companies that they have weak security. In this case, the hackers managed to compromise an employee account for Okta, the single sign-on workplace app. Usually they don’t resort to leaking large caches of files—at least to our knowledge—but in this case it sounds like someone may have pissed them off. In a post late Thursday, OurMine claimed it leaked Vevo’s files after reaching out to one of the company’s employees and being told to “fuck off.” But they informed Gizmodo by email: “If they asked us to remove the files then we will.” Of course, Sony (one of Vevo’s joint owners) fell victim to a devastating hack in 2014 after a group of hackers calling themselves the “Guardians of Peace” dumped a wealth of its confidential data online. US intelligence agencies pinned the breach on North Korea (one of the hacking group’s demands was that Sony pull The Interview, Seth Rogan’s comedy about a plot to assassinate Kim Jong-Un.) According to Business Insider, Vevo locked up nearly $200 million in year long ad commitments this year, thanks to artists like Beyonce, Taylor Swift, and Ariana Grande helping generate some 25 million daily views. They might consider spending some of those earnings on beefing up their security. This could’ve been a lot worse. We’ve reached out to Vevo, Sony, Warner, Universal, and Google for comment. We’ll update if we hear anything back. Update 9/15/17 12:40am ET: Responding to our inquiry, a Vevo spokesperson told Gizmodo that the company “can confirm that Vevo experienced a data breach as a result of a phishing scam via Linkedin. We have addressed the issue and are investigating the extent of exposure.” Via gizmodo.com
Broadband routers: SOHOpeless and vendors don't care
Aerosol posted a topic in Stiri securitateFeature "It is far more common to find routers with critical flaws than without" - Craig Young "It's sad that end-user education about strong passwords, password safes, and phishing can be undone by something as innocuous as the blinking box in the corner of your room. - Peter Adkins Introduction Home and small business router security is terrible. Exploits emerge with depressing regularity, exposing millions of users to criminal activities. Many of the holes are so simple as to be embarrassing. Hard-coded credentials are so common in small home and office routers, comparatively to other tech kit, that only those with tin-foil hats bother to suggest the flaws are deliberate. Hacker gang Lizard Squad crystallised the dangers – and opportunities – presented by router vulnerabilities when over the Christmas break they crafted a slick paid denial of service stresser service that operated on hacked boxes. Customers were found paying to flood targets of choice with gigabits of bandwidth stolen from what the black hats claimed were a fleet of half a million vulnerable and subsequently hacked routers. A year earlier, security boffins at Team Cymru warned that an unknown ganghad popped 300,000 routers in a week, altering the DNS settings to point to malicious web entities. Those routers were hacked through a self-propagating worm (PDF) that researchers had already warned about, but not yet seen. It used a mix of brute force password guessing of web admin consoles, cross-site request forgery, and known un-patched vulnerabilities. Arguably the most infamous hack in recent months was Check Point's so-called Misfortune Cookie discovered in December 2014. This vulnerability was thought to impact a staggering 12 million routers across 200 models from big names such as Linksys, D-Link, TP-Link, ZTE, and Huawei. Affected routers could be hijacked with a crafted cookie that allows attackers to meddle with just about everything on the units, from password theft, to alterations to DNS, and infection of connected devices. In October Rapid7 had chipped in with its own research, warning that Network Address Translation Port Mapping Protocol configurations in 1.2 million routers was sufficiently borked that remote attackers could spy on internal traffic. Security is 'abysmal' "Router security remains abysmal, especially among the cheapest brands,” says John Matherly, founder of the popular Shodan search engine which crawls for internet-connected devices. “Backdoors, no automated patching and default usernames and passwords are just a few of the problems that many SOHO routers continue to face.” Matherly last month dug up an estimated 250,000 routers used in Spain that were using the same SSH keys, placing those configured a for remote access at heighten risk. He also points to research published two days later by Entrust Solutions hacker Nabin Kc, who found 200,000 home routers contained a firmware backdoor, a flaw replicated across 10 different vendors who seemed to be re-branding a vanilla router. Matherly says badge-engineering seems a common practise for vendors that compete on price over form or function. “It seems that the rate of security problems discovered with routers is only limited by the number of security experts that take the time to analyse the devices,” he says. Source
Social Media Hacking: Mitigation StrategiesSocial media platforms provide fertile ground for communication without borders, so there is actually no limitation as to the potential benefits that these platforms can offer to you. This is why so many Internet users have been registering for new accounts on Facebook, Twitter, Pinterest and Google+ on a daily basis, opening just another window of communication and online interaction with friends, relatives or even mere acquaintances and total strangers. Most people own more than a couple of accounts on social media sites and use them fairly regular (even every day, as we have mentioned above). They connect with others and share personal information, videos and pictures of them and their loved ones. They also share their thoughts and anything else worthy of attention. Due to the significant increase in the social media accounts and their gravity, there have been major incidents of hacking. This means that many social media accounts get hacked, and this is not a rare phenomenon to comment on. On the contrary, many people have to confront with such a negative consequence of the importance of social media nowadays; social media is an easy and simple way for hackers and other malicious intruders to have their way and penetrate the systems of many other people (the followers of the person whose account has been breached) at once. Let’s start by looking into the signs that reveal the hacking, in order for you to be on alert and know when something is wrong with your account. Signs of a Hacked Social Media Account Although it can be difficult to realize that your social media account has been compromised, there are definitely signs that should raise an eyebrow and motivate you to look deeper into the root of the problem. Some of the most frequent signs that reveal something is not great about your account include the following: You instantly observe likes and follows that you had nothing to do with You have your status updated, although you have not shared anything There is ad flood on your page (unusually extensive) You have trouble logging in Private messages are posted on your behalf Spam posts are posted on your behalf You have new friends that you do not recall adding Others inform you of sharing malicious content on your wall If you notice some of these signs, you had better check it out and not sit idly. It is more than likely that your account has been hacked and you need to act promptly and effectively. How do accounts get hacked? In order for you to know how to be safe on social media, you need to know where the threat lies. Indeed, hacking a social media account is a lot easier and simpler than you would have expected it to be. There are sophisticated menaces nowadays lurking in the dark and targeting Internet users, so as to penetrate their system and access their sensitive data. These are the major methods for hacking a social media account being used by cybercriminals: Password exposed Phishing Malware installed Sites being hacked Third-party apps or services breached As you can see, there are multiple routes to getting the desired effect and it is true that today the threats that appear online are far more advanced and sophisticated than a few years ago. So, your defensive line should be equally strong. Below, we are going to have a look at what you need to do if your social media account gets hacked. What to do if your social media account has been hacked Even if hacking has occurred, you should not panic. There are several steps that you can take in order for you terminate the threat and reset the protection layering on your computer. Just follow the guidelines being provided below in avoidance of any further damage. With dedicated work and attention, you will be able to regain your social media account and have nobody else threatening its integrity and uniqueness. Of course it is crucial that you change your password immediately and that you use a solid password that has never been used by you anywhere else. The common strategy of using the same password on all of your accounts (email, banking accounts and social media platforms) can be catastrophic! Delete the apps that appear on your social media account and that you know nothing about. If you have not installed anything, you do not need it on your account. Equally important for safe social media is to set the default email address of your accounts and check that it is available for you to reach. Make sure that your antivirus is up-to-date and schedule a thorough scan for any threats on your computer. If you use social media on multiple devices, have them all scanned. Report spam posts, as they can hide malware and other threats. If a friend of yours clicks on them he might get in trouble and have his account hacked, too. You cannot allow this vicious circle to go on indefinitely. Think twice before clicking on anything. New malware can crawl up to your account and therefore you need to be vigilant and eliminate such threats. Use secure platforms for paid messaging. It is imperative that you buy the ads that you want right from the platform and not have a third-party getting in the way. Last but not least, make sure that the online information of yours is safe. Do not reveal information that is linked to your account and do not expose too many details from your personal life online. How to prevent hacking on social media We have already outlined what needs to be done after having realized that your social media account has been breached. Nevertheless, it is essential that you know what you ought to do, in avoidance of repeating the same mistakes. You ought to enhance your security layering and allow nothing to penetrate the safety of your online navigation. There are some fundamental details that will make a huge difference for you, and that will offer great power and effectiveness against malware and other threats. First of all, you need to be cautious with your password. Besides choosing to use a solid password that is hard to guess, you need to be really scholastic about others knowing. Even if you use social media at work, you cannot risk having the password of yours in use when leaving your office. Always log out and be twice as scholastic with shared computers. Do not share your password with others, even with your best friend or your better half. This is private for a reason and you should never underestimate the risk that you take when letting someone else know your private information. Apart from that, you ought to introduce yourself to two-factor authentication. This is an extra weapon that you can use to enhance the protection offered to you via your password. With two-factor authentication, you eliminate the threat of someone else breaching your social media account (or any other account, apparently). There is another step that has to be followed and another piece of information for someone else to breach, prior to gaining access to your social media account. So, this is a great weapon that can be put into effect and act like an armor for you online. Bottom line Safer social media can be really hard to achieve, however, if you are concentrated on what you do and if you focus on the guidelines that we have provided, you will see that you can recover from a potential hacking of your social account without any delay or frustration. Of course, you can follow these simple guidelines even if you haven’t been hacked – prevention is better than the cure, right? Feel free to enhance your social media account protection right away. This will keep all dangers at bay and shield you against the malicious intent of others on the web. Remember that social media platforms can be truly helpful, provided that you know how to use them and what safety precautions you ought to take. Source
Md1.ro =)))Kronzy Slaparu
KronzyHackeru posted a topic in Cosul de gunoiOwned By © FuNcKer. Hacked by Funcker & Avunit Mondialu
Hacked Feature Phone Can Block Other People’s Calls
sicilianul posted a topic in Stiri securitateSwapping software can give one GSM phone the power to prevent incoming calls and text messages from reaching other phones nearby. By making simple modifications to common Motorola phones, researchers in Berlin have shown they can block calls and text messages intended for nearby people connected to the same cellular network. The method works on the second-generation (2G) GSM networks that are the most common type of cell network worldwide. In the U.S., both AT&T and T-Mobile carry calls and text messages using GSM networks. The attack involves modifying a phone’s embedded software so that it can trick the network out of delivering incoming calls or SMS messages to the intended recipients. In theory, one phone could block service to all subscribers served by base stations within a network coverage area known as a location area, says Jean-Pierre Seifert, who heads a telecommunications security research group at the Technical University of Berlin. Seifert and colleagues presented a paper on the technique at the Usenix Security Symposium in Washington, D.C., last week. An online video demonstrates the attack in action. Seifert’s group modified the embedded software, or “firmware,” on a chip called the baseband processor, the component of a mobile phone that controls how it communicates with a network’s transmission towers. In normal situations, when a call or SMS is sent over the network, a cellular tower “pages” nearby devices to find the one that should receive it. Normally, only the proper phone will answer—by, in effect, saying “It’s me,” as Seifert puts it. Then the actual call or SMS goes through. The rewritten firmware can block calls because it can respond to paging faster than a victim’s phone can. When the network sends out a page, the modified phone says “It’s me” first, and the victim’s phone never receives it. “If you respond faster to the network, the network tries to establish a service with you as an attacker,” says Nico Golde, a researcher in Seifert’s group. That’s enough to stall communications in a location area, which in Berlin average 200 square kilometers in size. The group didn’t design the hack to actually listen to the call or SMS but just hijacked the paging process. Traditionally, the details of how baseband processors work internally has been proprietary to makers of chips and handsets. But a few years ago, baseband code for a certain phone, the Vitelcom TSM30, leaked out. That enabled researchers to understand how baseband code works and spawned several open-source projects to study and tweak it. The Berlin group used that open-source baseband code to write replacement software for Motorola’s popular C1 series of phones (such as the C118, C119, and C123). Those devices all use Texas Instruments’ Calypso baseband processor. The researchers tested their attack by blocking calls and messages just to their own phones. However, they calculate that just 11 modified phones would be enough to shut down service of Germany’s third-largest cellular network operator, E-Plus, in a location area. “All those phones are listening to all the paging requests in that area, and they are answering ‘It’s me,’ and nobody in that cell will get an SMS or a phone call,” Seifert explains. Jung-Min Park, a wireless-security researcher at Virginia Tech, says that although devising the attack requires detailed technical knowledge, once it is created, “if someone had access to the same code and hardware, repeating the attack should be possible for an engineer.” Although carriers today mostly tout their 3G and 4G services, most networks around the world still use GSM networks. Around four billion people worldwide use GSM networks for calls, and carriers also use them for some machine-to-machine applications. The problem could be fixed, but that would require changing GSM protocols to require phones to prove their identity through an additional exchange of encrypted codes. “The defense is expensive to deploy,” says Victor Bahl, principal researcher and manager of the mobility and networking research group at Microsoft. “I can only speculate that the cell network providers are reluctant to invest in mitigation strategies in the absence of an immediate threat.” Seifert says the research of his group and others shows that basic aspects of mobile communications can no longer be assumed to be safe from hacking. “The answer of the carriers is: ‘It’s illegal—you are not allowed to do it,’” he says, “However, the implication is that the good old times, where you can assume that all the phones are honest and following the protocol, are over.” Demo: Sursa: Software Update to $20 Phones Could Topple 2G Cell Networks | MIT Technology Review Oare e chiar "noua" stirea?
Voice of America hacked
m0rphic posted a topic in Stiri securitateSursa:Iranian Group Says It Hacked VOA Web Site VOA Breaking News Imi cer scuze daca a mai fost postat.Am dat search dar nu am gasit. LE: au scos repede deface-ul respectiv dar se pare ca inca mai au probleme http://www.voanews.com/english/search/?run=Y&c=%3CIMG%20%22%22%22%3E%3CSCRIPT%3Ealert(%22m0rphic%20RST%22)%3C/SCRIPT%3E%22%3E