Page 43 of 43 FirstFirst ... 33353637383940414243
Results 1,051 to 1,072 of 1072
  1. #1051
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    80,090

  2. #1052
    Excommunicated baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 01:51 PM
    Posts
    23,697
    no words

    only allow public ports for...

    brute force capabilities that enable it to log into Internet-exposed devices ....

  3. #1053
    Member

    Join Date
    Jan 2020
    Last Online
    Today @ 01:52 PM
    Posts
    278
    I'm going to count this as good news.

    A disgruntled Conti affiliate has leaked the gang's training material when conducting attacks, including information about one of the ransomware's operators. The Conti Ransomware operation is run as a ransomware-as-a-service (RaaS), where the core team manages the malware and Tor sites, while recruited affiliates perform network breaches and encrypt devices.
    As part of this arrangement, the core team earns 20-30% of a ransom payment, while the affiliates earn the rest.
    The affiliate said they posted the material as he was only paid $1,500 as part of an attack, while the rest of the team are making millions and promising big payouts after a victim pays a ransom.
    https://www.bleepingcomputer.com/news/security/angry-conti-ransomware-affiliate-leaks-gangs-attack-playbook/
    *** The Security News Thread  ***-forum-post-jpg

  4. #1054
    Excommunicated baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 01:51 PM
    Posts
    23,697

  5. #1055
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    80,090
    They forgot the CVV.

    Meanwhile...


  6. #1056
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    80,090
    T-Mobile is looking to claims of a potential hack of personal data from more than 100 million of its customers.
    The telecommunications company confirmed Monday that there was unauthorized access to T-Mobile data, but they “have not yet determined that there is any personal customer data involved,” a T-Mobile spokesperson said in an email.
    A hacker on an online forum claimed to be selling T-Mobile customers’ private data, including names, Social Security numbers, addresses, phone numbers and drivers license information. Vice’s Motherboard first reported the incident and confirmed the data appeared to be that of T-Mobile customers.



    T-Mobile is looking into a hack of 100 million customers’ data. Here’s what to do if you think that your data was leaked - MarketWatch

  7. #1057
    Member

    Join Date
    Jan 2020
    Last Online
    Today @ 01:52 PM
    Posts
    278
    Update on T-Mobile's little disaster.

    T-Mobile discovered the breach when hackers started to sell T-Mobile customers’ user data on a dark web forum. The hackers claimed to have over 100 million users’ private data when they spoke to Vice on Sunday, 15th August. In response, T-Mobile began an investigation and closed the vulnerability on Monday, confirming the hack but not revealing the scope of the damage. By Wednesday, 18th August, T-Mobile confirmed that a breach of over 40 million users’ data had taken place.

    According to several sources, including the hackers themselves, the breach includes SSNs as well as driver’s licenses. In some cases, the data may also include account PINs as well. This breach has affected current, past, and potential customers of T-Mobile.
    The below article has links to resources to help those affected, in addition to more info about the attack.

    T-Mobile Data Breach: Is Your Data Safe?

  8. #1058
    Member

    Join Date
    Jul 2021
    Last Online
    18-09-2021 @ 05:01 PM
    Posts
    100
    Why on earth would you give your driving license to T-mobile anyways?

  9. #1059
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    80,090
    Quote Originally Posted by DC101 View Post
    Why on earth would you give your driving license to T-mobile anyways?
    Photo ID?

  10. #1060
    Member

    Join Date
    Jul 2021
    Last Online
    18-09-2021 @ 05:01 PM
    Posts
    100
    Quote Originally Posted by harrybarracuda View Post
    Photo ID?
    There are ways around it

  11. #1061
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    80,090
    Quote Originally Posted by DC101 View Post
    There are ways around it
    Ways around what?

  12. #1062
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    80,090
    SteelSeries and Razer users should update drivers and software.

    SteelSeries bug gives Windows 10 admin rights by plugging in a device (bleepingcomputer.com)

  13. #1063
    Member

    Join Date
    Jan 2020
    Last Online
    Today @ 01:52 PM
    Posts
    278
    21-year-old tells WSJ he was behind massive T-Mobile hack, calls T-Mobile security "awful."

    21-year-old tells WSJ he was behind massive T-Mobile hack | ZDNet

  14. #1064
    Member

    Join Date
    Jan 2020
    Last Online
    Today @ 01:52 PM
    Posts
    278
    Where the people are sick, the security is sick also. It seems Thai hospitals are becoming a favorite target of hackers lately.

    Additionally Thailand's cyber security rating is falling fast! A bad sign for everyone, not just hospitals.

    *** The Security News Thread  ***-4086667-jpg


    https://www.bangkokpost.com/business...t-data-robbery



  15. #1065
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    80,090
    Apple issues emergency software update after discovery of 'zero click' malware

    Apple has issued an emergency software update after a flaw was found that allows spyware attributed to Israel's NSO Group to infect an iPhone, Apple Watch, or Mac computer without the user having to click on anything.

    The malware was found on the phone of an unidentified Saudi activist by Canadian internet security watchdog Citizen Lab.

    It is the first time that a "zero-click" exploit - which affects all of the phone's operating systems - has been caught and analysed.

    The phone is thought to have been infected in February, although the researchers discovered the malicious code on 7 September and immediately alerted Apple.

    Ivan Krstić, head of Apple security engineering and architecture, said: "After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS
    14.8 to protect our users.

    "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals."

    "While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data," he added.

    Citizen Lab researcher Bill Marczak said there was high confidence that Israeli surveillance firm NSO Group was behind the attack, although it was "not necessarily" being attributed to the Saudi government.

    In a statement to Reuters, NSO did not confirm or deny that it was behind the technique, saying only that it would "continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime".

    Citizen Lab has previously found evidence of zero-click malware being used to hack the phones of some journalists and other targets but Mr Marczak said this was the first time one had been captured "so we can find out how it works".

    Security experts have said that the average user does not need to be too concerned, as such attacks tend to be highly targeted, but the exploit was still alarming.

    Mr Marczak said that malicious files were put on the Saudi activist's phone via the iMessage app before the phone was hacked with NSO's Pegasus spyware.

    This meant the phone was able to spy on its user, without them even knowing.

    Citizen Lab researcher John Scott-Railton said: "Popular chat apps are at risk of becoming the soft underbelly of device security. Securing them should be top priority."

    In July it was reported that NSO Group's spyware had been used to target journalists, political dissidents and human rights activists.

    NSO Group says that its spyware is only used by governments to hack the mobile phones of terrorists and serious criminals, but a leaked list featuring more than 50,000 phone numbers of interest to the company's clients suggested that it is being used much more broadly.

    More than 1,000 individuals in 50 countries were allegedly selected for potential surveillance - including 189 journalists and more than 600 politicians and government officials, according to Paris-based journalism non-profit Forbidden Stories and Amnesty International, as well as their media partners.

    Mr Marczak said on Monday: "If Pegasus was only being used against criminals and terrorists, we never would have found this stuff."

    It has also been reported that the FBI is investigating NSO Group, and Israel has set up a senior inter-ministerial team to examine the allegations surrounding how the spyware is being used.

    https://news.sky.com/story/apple-issues-emergency-software-update-after-discovery-of-zero-click-malware-12407471

  16. #1066
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    80,090
    And two 0-days in Chrome as well.

    Time to "Help -> About"....

    Google patches 10th Chrome zero-day exploited in the wild this year

  17. #1067
    Member

    Join Date
    Jan 2020
    Last Online
    Today @ 01:52 PM
    Posts
    278
    "WTF I thought this was a free service, but I'm getting charges on my cards after checking"

    *** The Security News Thread  ***-checked-all-my-cards-png

  18. #1068
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    80,090
    Netgear has released new firmware to fixed a Remote Code Execution vulnerability.

    Apply ASAP. Affected models in the link.

    Security Advisory for Remote Code Execution on Some Routers, PSV-2021-0204 | Answer | NETGEAR Support

  19. #1069
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    80,090
    Well that seems like an eminently sensible idea.

    American search engine giant Google is rolling out the latest privacy feature that auto-resets permission for apps that haven’t been used for months.
    According to the company, this feature will automatically revoke the permission for inactive apps to access sensitive device features, including SMS messages, sensors, and contact lists.


    Google to Auto-Reset Inactive Android App Permissions for Billions of Devices

  20. #1070
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    80,090
    This doesn't affect me in the slightest but it might get some people TWITCHING!

    (Do you see what I did there?)

    If it's true, no-one respectable has got hold of it yet.


    ALL TWITCH DATA HAS APPARENTLY LEAKED INCLUDING ENCRYPTED PASSWORDS AND PAY-OUT INFORMATION



    All Twitch Data Has Apparently Leaked Including Encrypted Passwords And Pay-Out Information



    Added: The Verge say it's legit
    Last edited by harrybarracuda; 06-10-2021 at 07:12 PM.

  21. #1071
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    80,090
    This is a worry.

    "The developers of these malicious documents have made considerable effort to obfuscate malicious code, achieving zero detections on VirusTotal."
    *** The Security News Thread  ***-detection-png


    Russian cybercrime gang targets finance firms with stealthy macros

  22. #1072
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    80,090
    Doh!

    Last week, threat actors known as 'Desorden' emailed journalists to say they hacked Acer India's servers and stole data, including customer information.

    Acer later confirmed the breach but stated it was an "isolated attack," affecting only their after-sales service systems in India.

    Less than a week later, Desorden emailed BleepingComputer to say they breached Acer Taiwan's servers on October 15th and stole employee and product information.


    They also shared images of an internal Acer Taiwan portal and CSV files containing login credentials for Acer employees.
    Acer hacked twice in a week by the same threat actor

Page 43 of 43 FirstFirst ... 33353637383940414243

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •