Jump to content

LSW

Recommended Posts

The article is about Australia, the problem is worldwide and on the rise.

Gone in 15 Minutes: Australia's Phone Number Theft Problem

https://www.databreachtoday.com/gone-in-15-minutes-australias-phone-number-theft-problem-a-11552

Quote

SIM hijacking is not a new attack, but there's increasing interest in stealing phone numbers. That's because banks often send two-step verification codes over SMS. Additionally, major services such as Google, LinkedIn, Facebook and Instagram use the mobile channel in some scenarios for password resets.

Over the past two years, fraud involving unauthorized phone ports has increased, mostly due to organized crime, says Detective Chief Inspector Matthew Craft of the New South Wales Police's Financial Crimes Squad. Craft says because of the mobile industry's "inability to implement some simple measures to prevent it from occurring," the problems have continued.

 

Link to comment
Share on other sites

Mass WordPress compromises redirect to tech support scams

https://blog.malwarebytes.com/threat-analysis/2018/09/mass-wordpress-compromises-tech-support-scams/

Quote

During the past few days, our crawlers have been catching a larger-than-usual number of WordPress sites being hijacked. One of the most visible client-side payloads we see are redirections to tech support scam pages. Digging deeper, we found that this is part of a series of attacks that have compromised thousands of WordPress sites since early September.

The sites that are affected are running the WordPress CMS and often using outdated plugins. We were not able to figure out whether this campaign was made worse by the exploitation of a single vulnerability, although the recent RCE for the Duplicator plugin came to mind.

Threat actors inject vulnerable sites in different ways. For example, on the client-side we see one large encoded blurb, usually in the HTML headers tag, and a one liner pointing to an external JavaScript. Website owners are also reporting malicious code within the wp_posts table of their WordPress database.

 

Link to comment
Share on other sites

Warning issued as Netflix subscribers hit by phishing attack

https://nakedsecurity.sophos.com/2018/09/21/warning-issued-as-netflix-subscribers-hit-by-phishing-attack/

Quote

Netflix phishing scammers are at it again – sending emails that try to steal sensitive details from subscribers.

Late last week, Action Fraud – a joint initiative between the City of London Police and the National Fraud Intelligence Bureau – warned Netflix subscribers about a new spate of phishing emails. The scammers are urging victims to enter their Netflix account information and payment details.

Netflix, which has 130m global subscribers, is a popular target for phishers. Back in January we wrote up a similar scam which also targeted Netflix users.

 

Link to comment
Share on other sites

GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers

(Primarily directed at Brazilian targets)

https://thehackernews.com/2018/10/ghostdns-botnet-router-hacking.html

Quote

Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials.

Dubbed GhostDNS, the campaign has many similarities with the infamous DNSChanger malware that works by changing DNS server settings on an infected device, allowing attackers to route the users' internet traffic through malicious servers and steal sensitive data.

According to a new report from cybersecurity firm Qihoo 360's NetLab, just like the regular DNSChanger campaign, GhostDNS scans for the IP addresses for routers that use weak or no password at all, accesses the routers' settings, and then changes the router's default DNS address to the one controlled by the attackers.

 

Link to comment
Share on other sites

Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw

https://thehackernews.com/2018/09/facebook-account-hack.html

Quote

Facebook just admitted that an unknown hacker or a group of hackers exploited a zero-day vulnerability in its social media platform that allowed them to steal secret access tokens for more than 50 million accounts.

UPDATE:  10 Important Updates You Need To Know About the Latest Facebook Hacking Incident.

In a brief blog post published Friday, Facebook revealed that its security team discovered the attack three days ago (on 25 September) and they are still investigating the security incident.


The vulnerability, whose technical details has yet not been disclosed and now patched by Facebook, resided in the "View As" feature—an option that allows users to find out what other Facebook users would see if they visit your profile.

According to the social media giant, the vulnerability allowed hackers to steal secret access tokens that could then be used to directly access users' private information without requiring their original account password or validating two-factor authentication code.

 

Link to comment
Share on other sites

  • 2 weeks later...

Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data

https://thehackernews.com/2018/10/google-plus-shutdown.html

Quote

Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers.

According to the tech giant, a security vulnerability in one of Google+'s People APIs allowed third-party developers to access data for more than 500,000 users, including their usernames, email addresses, occupation, date of birth, profile photos, and gender-related information.

Since Google+ servers do not keep API logs for more than two weeks, the company cannot confirm the number of users impacted by the vulnerability.

 

Link to comment
Share on other sites

Google Forced to Reveal Exposure of Private Data

https://www.databreachtoday.com/google-forced-to-reveal-exposure-private-data-a-11587

Quote

Google says a bug in an API for its Google+ social networking service exposed personal details for about 500,000 accounts, but it believes the data wasn't misused.

Google patched the bug in March but chose to not publicly disclose the problem, based on a recommendation made by its privacy and data protection office, writes Ben Smith, a Google fellow and vice president of engineering, in a blog post.

But the company was forced to acknowledge the incident after The Wall Street Journal on Monday reported on the data exposure. Citing anonymous sources and internal documents, the publication reported that Google feared it would be subjected to regulatory scrutiny and reputational damage if the details of the bug became known.

Google's decision to not disclose the data leak is likely to raise eyebrows because technology companies have faced increasing pressure and regulatory scrutiny over their data handling and privacy practices.

 

Link to comment
Share on other sites

From Now On, Only Default Android Apps Can Access Call Log and SMS Data

https://thehackernews.com/2018/10/android-app-privacy.html

Quote

A few hours ago the company announced its "non-shocking" plans to shut down Google+ social media network following a "shocking" data breach incident.

Now to prevent abuse and potential leakage of sensitive data to third-party app developers, Google has made several significant changes giving users more control over what type of data they choose to share with each app.

Google announced some new changes to the way permissions are approved for Android apps to prevent abuse and potential leakage of sensitive call and text log data by third-party developers.

👍 Maybe a little late, but good call!

Link to comment
Share on other sites

Tens of Millions of U.S. Voter Records for Sale

https://www.bleepingcomputer.com/news/security/tens-of-millions-of-us-voter-records-for-sale/

Quote

An advertisement on a forum that sells data breach information is also offering the personally identifiable details and voting history of millions of US residents. The estimated size of the cache is in excess of 35 million records.

The announcement says that the data sold is from updated statewide voter lists, and includes millions of phone numbers, full addresses, and names. BleepingComputer counted it to be from 20 states.

The seller provides the number of records only for the lists in three of the states: Louisiana (3 million), Wisconsin (6 million) and Texas (14 million), offering them for prices between $1,300 and $12,500.

Other states on the list are Montana, Iowa, Utah, Oregon, South Carolina, Wisconsin, Kansas, Georgia, New Mexico, Minnesota, Wyoming, Kentucky, Idaho, South Carolina, Tennessee, South Dakota, Mississippi, and West Virginia.

 

Link to comment
Share on other sites

Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info

https://thehackernews.com/2018/10/tumblr-account-hacking.html

Quote

Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts.

The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email addresses, last login IP addresses, and names of the blog associated with every account.

According to the company, a security researcher discovered a critical vulnerability in the desktop version of its website and responsibly reported it to the Tumblr security team via its bug bounty program.

 

If you used tumblr, this would be a good time to change your password to a strong passphrase. LSW

Link to comment
Share on other sites

  • 4 weeks later...

Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now

https://thehackernews.com/2018/11/amp-plugin-for-WordPress.html

Quote

A security researcher has disclosed details of a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website.

The vulnerable WordPress plugin in question is "AMP for WP – Accelerated Mobile Pages" that lets websites automatically generate valid accelerated mobile pages for their blog posts and other web pages.

 

Link to comment
Share on other sites

Instagram Accidentally Exposed Some Users' Passwords In Plaintext

https://thehackernews.com/2018/11/instagram-password-hack.html

Quote

Instagram has recently patched a security issue in its website that might have accidentally exposed some of its users' passwords in plain text.

The company recently started notifying affected users of a security bug that resides in a newly offered feature called "Download Your Data" that allows users to download a copy of their data shared on the social media platform, including photos, comments, posts, and other information that they have shared on the platform.

To prevent unauthorized users from getting their hands on your personal data, the feature asks you to reconfirm your password before downloading the data.

However, according to Instagram, the plaintext passwords for some users who had used the Download Your Data feature were included in the URL and also stored on Facebook's servers due to a security bug that was discovered by the Instagram internal team.

 

Be smart, if there is a chance yours could have been compromised, change it! Be sure you never use that password for anything else again. If hackers have it, they will keep it and they will try it on all common popular web sites and banks etc. - LSW

  • Like 1
Link to comment
Share on other sites

  • 4 weeks later...

PHP Version 5 End of Life: Millions of Websites are About to Become Vulnerable

https://www.riskiq.com/blog/external-threat-management/php-version-5-end-of-life/

Quote
Beginning this month, versions 5.6 and 7.0 of the server-side scripting language PHP will reach end-of-life and will no longer be supported. That means websites using these versions of PHP will run on a platform that no longer receives updates or patches, leaving them extremely vulnerable to hacks and data exposure.
 
Sites running PHP 5 should update to newer, supported versions of PHP 7.2 immediately, but many lack the visibility into their internet-exposed attack surface that helps these organizations identify assets running PHP and upgrade to the latest version if needed.
 
Just how prevalent is this now outdated version of PHP?  Of the 78.9% of all the websites using PHP, 59.6% of them using Version 5. According to RiskIQ telemetry data, 55,714,034 of the sites we crawled all-time ran version 5, and 11,612,312 since the start of 2018.

 

Link to comment
Share on other sites

  • LSW featured this topic
  • 3 weeks later...

Thousands of Google Chromecast Devices Hijacked to Promote PewDiePie

https://thehackernews.com/2019/01/chromecast-pewdiepie-hack.html

Quote

A group of hackers has hijacked tens of thousands of Google's Chromecast streaming dongles, Google Home smart speakers and smart TVs with built-in Chromecast technology in recent weeks by exploiting a bug that's allegedly been ignored by Google for almost five years.

The attackers, who go by Twitter handles @HackerGiraffe and @j3ws3r, managed to hijack Chromecasts’ feeds and display a pop-up, spreading a security warning as well as controversial YouTube star PewDiePie propaganda.

The hackers are the same ones who hijacked more than 50,000 internet-connected printers worldwide late last year by exploiting vulnerable printers to print out flyers asking everyone to subscribe to PewDiePie YouTube channel.

 

Link to comment
Share on other sites

Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader

https://thehackernews.com/2019/01/adobe-reader-vulnerabilities.html

Quote

Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company's Acrobat and Reader for both the Windows and macOS operating systems.

Though the San Jose, California-based software company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in the context of the current user.

 

Link to comment
Share on other sites

Hackers are spreading Islamic State propaganda by hijacking dormant Twitter accounts

https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/

Quote
Hackers are using a decade-old flaw to target and hijack dormant Twitter accounts to spread terrorist propaganda, TechCrunch has learned.
 
Many of the affected Twitter accounts appeared to be hijacked in recent days or weeks — some longer — after years of inactivity. A sudden shift in tone or the language used in tweets often gives away the hijack — usually a single tweet in Arabic, sometimes praising Allah or retweeting propaganda from another account.
 
Twitter has suspended most of the accounts we reviewed, but some remain active.
 
The recent resurgence in hijacked accounts appears to be hackers exploiting Twitter’s legacy lack of email confirmation. Twitter took steps to prevent the automated creation of new accounts in June by requiring new accounts to be confirmed using an email address or phone number, but many older accounts remain unconfirmed.

 

Link to comment
Share on other sites

5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws
 Bluehost, Dreamhost, HostGator, OVH, and iPage

https://thehackernews.com/2019/01/web-hosting-server-security.html

Quote

 

A security researcher has discovered multiple one-click client-side vulnerabilities in the some of the world's most popular and widely-used web hosting companies that could have put millions of their customers as well as billions of their sites' visitors at risk of hacking.
 
Independent researcher and bug-hunter Paulos Yibelo, who shared his new research with The Hacker News, discovered roughly a dozen serious security vulnerabilities in Bluehost, Dreamhost, HostGator, OVH, and iPage, which amounts to roughly seven million domains.
 
Some of the vulnerabilities are so simple to execute as they require attackers to trick victims into clicking on a simple link or visiting a malicious website to easily take over the accounts of anyone using the affected web hosting providers.

 

 

Link to comment
Share on other sites

  • 2 weeks later...

Millions of PCs Found Running Outdated Versions of Popular Software

https://thehackernews.com/2019/01/software-vulnerabilities-hacking.html

Quote

 

It is 2019, and millions of computers still either have at least one outdated application installed or run outdated operating systems, making themselves vulnerable to online threats and known security vulnerabilities/exploits.
 
Security vendor Avast has released its PC Trends Report 2019 revealing that millions of users are making themselves vulnerable to cyber attacks by keeping outdated versions of popular applications on their computers.
 
Probably the most overlooked vectors for any cyber attack is out-of-date programs, which most of the times, is the result of the users’ laziness and company’s administrators ignoring the security updates in a business environment as they can't afford the downtime.
 
According to the report [PDF], Adobe Shockwave tops the list of software that most user left outdated on their PCs, followed by VLC Media Player, Skype, Java Runtime Environment , 7-Zip File Manager, and Foxit Reader.

 

 

Link to comment
Share on other sites

New FaceTime Bug Lets Callers Hear and See You Without You Picking Up

https://thehackernews.com/2019/01/apple-facetime-privacy-hack.html

Quote

 

If you own an Apple device, you should immediately turn OFF FaceTime app for a few days.
 
A jaw-dropping unpatched privacy bug has been uncovered in Apple's popular video and audio call app FaceTime that could let someone hear or see you before you even pick up their call.
The bug is going viral on Twitter and other social media platforms with multiple users complaining of this privacy issue that can turn any iPhone into an eavesdropping device without the user's knowledge.
 
The Hacker News has tested the bug on iPhone X running the latest iOS 12.1.2 and can independently confirm that it works, as flagged by 9to5Mac on Monday. We were also able to replicate the bug by making a FaceTime call to a MacBook running macOS Mojave.

 

 

Apple Rushes to Fix Serious FaceTime Eavesdropping Flaw

https://www.databreachtoday.com/apple-rushes-to-fix-serious-facetime-eavesdropping-flaw-a-11978

Quote

 

Apple has disabled Group FaceTime after reports emerged on Monday that the feature could be abused to eavesdrop on iPhone users.
 
"We're aware of this issue and we have identified a fix that will be released in a software update later this week," an Apple spokesman tells Information Security Media Group.
 
Apple's system status page says that Group FaceTime, as of 3:16 a.m. British Time, remains "temporarily unavailable" due to an "issue."
 
The technology giant's move follows an exploit for the flaw going viral via social media and Reddit on Monday after a proof-of-concept demonstration video was posted.

 

 

Link to comment
Share on other sites

Facebook Paid Teens $20 to Install 'Research' App That Collects Private Data

 
Quote

 

If you are thinking that Facebook is sitting quietly after being forced to remove its Onavo VPN app from Apple's App Store, then you are mistaken.
 
It turns out that Facebook is paying teenagers around $20 a month to use its VPN app that aggressively monitors their smartphone and web activity and then sends it back to Facebook.
 
The social media giant was previously caught collecting some of this data through Onavo Protect, a Virtual Private Network (VPN) service that it acquired in 2013.

 

I really hope no one is doing this and ensure your teens are not as well. Teens as in 13 and up.  - LSW

Link to comment
Share on other sites

Android Phones Can Get Hacked Just by Looking at a PNG Image

https://thehackernews.com/2019/02/hack-android-with-image.html

Quote

 

Beware! You have to remain more caution while opening an image file on your smartphone—downloaded anywhere from the Internet or received through messaging or email apps.
Yes, just viewing an innocuous-looking image could hack your Android smartphone—thanks to three newly-discovered critical vulnerabilities that affect millions of devices running recent versions of Google's mobile operating system, ranging from Android 7.0 Nougat to its current Android 9.0 Pie.
 
The vulnerabilities, identified as CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988, have been patched in Android Open Source Project (AOSP) by Google as part of its February Android Security Updates.
 
However, since not every handset manufacturer rolls out security patches every month, it's difficult to determine if your Android device will get these security patches anytime sooner.

 

 

Link to comment
Share on other sites

  • 2 weeks later...

WARNING – New Phishing Attack That Even Most Vigilant Users Could Fall For

https://thehackernews.com/2019/02/advance-phishing-login-page.html

Quote

 

How do you check if a website asking for your credentials is fake or legit to log in?
 
By checking if the URL is correct?
 
By checking if the website address is not a homograph?
 
By checking if the site is using HTTPS?
 
Or using software or browser extensions that detect phishing domains?
 
Well, if you, like most Internet users, are also relying on above basic security practices to spot if that "Facebook.com" or "Google.com" you have been served with is fake or not, you may still fall victim to a newly discovered creative phishing attack and end up in giving away your passwords to hackers.

 

 

Link to comment
Share on other sites

  • 3 weeks later...

Although users can hide their phone number on their profile so nobody can see it, it’s still possible to “look up” user profiles in other ways, such as “when someone uploads your contact info to Facebook from their mobile phone,” according to a Facebook help article. It’s a more restricted way than allowing users to search for user profiles using a person’s phone number, which Facebook restricted last year after admitting “most” users had their information scraped.Facebook won’t let you opt out of its phone number ‘look up’ setting

https://techcrunch.com/2019/03/03/facebook-phone-number-look-up/

Quote

 

Users are complaining that the phone number Facebook  hassled them to use to secure their account with two-factor authentication has also been associated with their user profile — which anyone can use to “look up” their profile.
 
Worse, Facebook doesn’t give you an option to opt-out.
 
Last year, Facebook was forced to admit that after months of pestering its users to switch on two-factor by signing up their phone number, it was also using those phone numbers to target users with ads. But some users are finding out just now that Facebook’s default setting allows everyone — with or without an account — to look up a user profile based off the same phone number previously added to their account.
 
 

 

 

Link to comment
Share on other sites

New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild

https://thehackernews.com/2019/03/update-google-chrome-hack.html

Quote

 

You must update your Google Chrome immediately to the latest version of the web browsing application.
 
Security researcher Clement Lecigne of Google's Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers.
 
The vulnerability, assigned as CVE-2019-5786, affects the web browsing software for all major operating systems including Microsoft Windows, Apple macOS, and Linux.

 

 

Link to comment
Share on other sites

BEWARE – New 'Creative' Phishing Attack You Really Should Pay Attention To

https://thehackernews.com/2019/03/ios-mobile-phishing-attack.html

Quote

 

A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users.
 
Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page could mimic look and feel of the browser window to trick even the most vigilant users into giving away their login credentials to attackers.
 
Antoine Vincent Jebara, co-founder and CEO of password managing software Myki, shared a new video with The Hacker News, demonstrating how attackers can reproduce native iOS behavior, browser URL bar and tab switching animation effects of Safari in a very realistic manner on a web-page to present fake login pages, without actually opening or redirecting users to a new tab.

 

 

Link to comment
Share on other sites

Zero-Day Flaws in Counter-Strike 1.6 Let Malicious Servers Hack Gamers' PCs

https://thehackernews.com/2019/03/counter-strike-game-servers.html

Quote

 

If you are a Counter-Strike gamer, then beware, because 39% of all existing Counter-Strike 1.6 game servers available online are malicious that have been set-up to remotely hack gamers' computers.
 
A team of cybersecurity researchers at Dr. Web has disclosed that an attacker has been using malicious gaming servers to silently compromise computers of Counter-Strike gamers worldwide by exploiting zero-day vulnerabilities in the game client.
 
According to the researchers, Counter-Strike 1.6, a popular game that's almost two decades old, contains unpatched multiple remote code execution (RCE) vulnerabilities in its client software that let attackers execute arbitrary code on the gamer's computer as soon as they connect to a malicious server, without requiring any further interaction from the gamers.

 

 

Link to comment
Share on other sites

New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites

https://thehackernews.com/2019/03/hack-wordpress-websites.html

Quote

 

If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website.
 
Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has once again discovered a new flaw in the content management software (CMS) that could potentially lead to remote code execution attacks.
 
The flaw stems from a cross-site request forgery (CSRF) issue in the Wordpress' comment section, one of its core components that comes enabled by default and affects all WordPress installations prior to version 5.1.1.

 

 

Link to comment
Share on other sites

Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-Updates

https://thehackernews.com/2019/03/winrar-hacking-malware.html

Quote

 

Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide.
 
Why? Because the WinRAR software doesn't have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks.
 
The critical vulnerability (CVE-2018-20250) that was patched late last month by the WinRAR team with the release of WinRAR version 5.70 beta 1 impacts all prior versions of WinRAR released over the past 19 years.

 

 

Link to comment
Share on other sites

  • 2 weeks later...

Warning: ASUS Software Update Server Hacked to Distribute Malware

https://thehackernews.com/2019/03/asus-computer-hacking.html

Quote

 

Security researchers today revealed another massive supply chain attack that compromised over 1 million computers manufactured by Taiwan-based tech giant ASUS.
 
A group of state-sponsored hackers last year managed to hijack ASUS Live automatic software update server between June and November 2018 and pushed malicious updates to install backdoors on over one million Windows computers worldwide.
 
According to cybersecurity researchers from Russian firm Kaspersky Lab, who discovered the attack and dubbed it Operation ShadowHammer, Asus was informed about the ongoing supply chain attack on Jan 31, 2019.

 

 

Link to comment
Share on other sites

This Evil New Child Porn Phishing Attack Could Absolutely Ruin Your Life

https://blog.knowbe4.com/heads-up-this-evil-new-child-porn-phishing-attack-could-absolutely-ruin-your-life

Quote

 

Oh my. Bad guys have come up with a sinister new strain of blackmail/sextortion. Just when you thought things couldn't get worse, the bad guys sink lower. 
 
Eric Howes, KnowBe4's Principal Lab Researcher sent me a screenshot of an attack now live out there in the wild. It claims the CIA will bust you for child porn unless you pay 5,000 dollars and only then "your records will be deleted".
 
Apart from the very scary and expensive extortion, it also contains a malicious link. What lies behind that link (credentials phish or malware download) we don't know, as the target web page for that link has been taken down. But it sure looks like the bad guys have two attack vectors and are also trying to infect the workstation.

 

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...