Jump to content
Killersites Community
Sign in to follow this  
LSW

Current Threats

Recommended Posts

The article is about Australia, the problem is worldwide and on the rise.

Gone in 15 Minutes: Australia's Phone Number Theft Problem

https://www.databreachtoday.com/gone-in-15-minutes-australias-phone-number-theft-problem-a-11552

Quote

SIM hijacking is not a new attack, but there's increasing interest in stealing phone numbers. That's because banks often send two-step verification codes over SMS. Additionally, major services such as Google, LinkedIn, Facebook and Instagram use the mobile channel in some scenarios for password resets.

Over the past two years, fraud involving unauthorized phone ports has increased, mostly due to organized crime, says Detective Chief Inspector Matthew Craft of the New South Wales Police's Financial Crimes Squad. Craft says because of the mobile industry's "inability to implement some simple measures to prevent it from occurring," the problems have continued.

 

Share this post


Link to post
Share on other sites

Mass WordPress compromises redirect to tech support scams

https://blog.malwarebytes.com/threat-analysis/2018/09/mass-wordpress-compromises-tech-support-scams/

Quote

During the past few days, our crawlers have been catching a larger-than-usual number of WordPress sites being hijacked. One of the most visible client-side payloads we see are redirections to tech support scam pages. Digging deeper, we found that this is part of a series of attacks that have compromised thousands of WordPress sites since early September.

The sites that are affected are running the WordPress CMS and often using outdated plugins. We were not able to figure out whether this campaign was made worse by the exploitation of a single vulnerability, although the recent RCE for the Duplicator plugin came to mind.

Threat actors inject vulnerable sites in different ways. For example, on the client-side we see one large encoded blurb, usually in the HTML headers tag, and a one liner pointing to an external JavaScript. Website owners are also reporting malicious code within the wp_posts table of their WordPress database.

 

Share this post


Link to post
Share on other sites

Warning issued as Netflix subscribers hit by phishing attack

https://nakedsecurity.sophos.com/2018/09/21/warning-issued-as-netflix-subscribers-hit-by-phishing-attack/

Quote

Netflix phishing scammers are at it again – sending emails that try to steal sensitive details from subscribers.

Late last week, Action Fraud – a joint initiative between the City of London Police and the National Fraud Intelligence Bureau – warned Netflix subscribers about a new spate of phishing emails. The scammers are urging victims to enter their Netflix account information and payment details.

Netflix, which has 130m global subscribers, is a popular target for phishers. Back in January we wrote up a similar scam which also targeted Netflix users.

 

Share this post


Link to post
Share on other sites

GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers

(Primarily directed at Brazilian targets)

https://thehackernews.com/2018/10/ghostdns-botnet-router-hacking.html

Quote

Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials.

Dubbed GhostDNS, the campaign has many similarities with the infamous DNSChanger malware that works by changing DNS server settings on an infected device, allowing attackers to route the users' internet traffic through malicious servers and steal sensitive data.

According to a new report from cybersecurity firm Qihoo 360's NetLab, just like the regular DNSChanger campaign, GhostDNS scans for the IP addresses for routers that use weak or no password at all, accesses the routers' settings, and then changes the router's default DNS address to the one controlled by the attackers.

 

Share this post


Link to post
Share on other sites

Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw

https://thehackernews.com/2018/09/facebook-account-hack.html

Quote

Facebook just admitted that an unknown hacker or a group of hackers exploited a zero-day vulnerability in its social media platform that allowed them to steal secret access tokens for more than 50 million accounts.

UPDATE:  10 Important Updates You Need To Know About the Latest Facebook Hacking Incident.

In a brief blog post published Friday, Facebook revealed that its security team discovered the attack three days ago (on 25 September) and they are still investigating the security incident.


The vulnerability, whose technical details has yet not been disclosed and now patched by Facebook, resided in the "View As" feature—an option that allows users to find out what other Facebook users would see if they visit your profile.

According to the social media giant, the vulnerability allowed hackers to steal secret access tokens that could then be used to directly access users' private information without requiring their original account password or validating two-factor authentication code.

 

Share this post


Link to post
Share on other sites

Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data

https://thehackernews.com/2018/10/google-plus-shutdown.html

Quote

Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers.

According to the tech giant, a security vulnerability in one of Google+'s People APIs allowed third-party developers to access data for more than 500,000 users, including their usernames, email addresses, occupation, date of birth, profile photos, and gender-related information.

Since Google+ servers do not keep API logs for more than two weeks, the company cannot confirm the number of users impacted by the vulnerability.

 

Share this post


Link to post
Share on other sites

Google Forced to Reveal Exposure of Private Data

https://www.databreachtoday.com/google-forced-to-reveal-exposure-private-data-a-11587

Quote

Google says a bug in an API for its Google+ social networking service exposed personal details for about 500,000 accounts, but it believes the data wasn't misused.

Google patched the bug in March but chose to not publicly disclose the problem, based on a recommendation made by its privacy and data protection office, writes Ben Smith, a Google fellow and vice president of engineering, in a blog post.

But the company was forced to acknowledge the incident after The Wall Street Journal on Monday reported on the data exposure. Citing anonymous sources and internal documents, the publication reported that Google feared it would be subjected to regulatory scrutiny and reputational damage if the details of the bug became known.

Google's decision to not disclose the data leak is likely to raise eyebrows because technology companies have faced increasing pressure and regulatory scrutiny over their data handling and privacy practices.

 

Share this post


Link to post
Share on other sites

From Now On, Only Default Android Apps Can Access Call Log and SMS Data

https://thehackernews.com/2018/10/android-app-privacy.html

Quote

A few hours ago the company announced its "non-shocking" plans to shut down Google+ social media network following a "shocking" data breach incident.

Now to prevent abuse and potential leakage of sensitive data to third-party app developers, Google has made several significant changes giving users more control over what type of data they choose to share with each app.

Google announced some new changes to the way permissions are approved for Android apps to prevent abuse and potential leakage of sensitive call and text log data by third-party developers.

👍 Maybe a little late, but good call!

Share this post


Link to post
Share on other sites

Tens of Millions of U.S. Voter Records for Sale

https://www.bleepingcomputer.com/news/security/tens-of-millions-of-us-voter-records-for-sale/

Quote

An advertisement on a forum that sells data breach information is also offering the personally identifiable details and voting history of millions of US residents. The estimated size of the cache is in excess of 35 million records.

The announcement says that the data sold is from updated statewide voter lists, and includes millions of phone numbers, full addresses, and names. BleepingComputer counted it to be from 20 states.

The seller provides the number of records only for the lists in three of the states: Louisiana (3 million), Wisconsin (6 million) and Texas (14 million), offering them for prices between $1,300 and $12,500.

Other states on the list are Montana, Iowa, Utah, Oregon, South Carolina, Wisconsin, Kansas, Georgia, New Mexico, Minnesota, Wyoming, Kentucky, Idaho, South Carolina, Tennessee, South Dakota, Mississippi, and West Virginia.

 

Share this post


Link to post
Share on other sites

Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info

https://thehackernews.com/2018/10/tumblr-account-hacking.html

Quote

Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts.

The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email addresses, last login IP addresses, and names of the blog associated with every account.

According to the company, a security researcher discovered a critical vulnerability in the desktop version of its website and responsibly reported it to the Tumblr security team via its bug bounty program.

 

If you used tumblr, this would be a good time to change your password to a strong passphrase. LSW

Share this post


Link to post
Share on other sites

Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now

https://thehackernews.com/2018/11/amp-plugin-for-WordPress.html

Quote

A security researcher has disclosed details of a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website.

The vulnerable WordPress plugin in question is "AMP for WP – Accelerated Mobile Pages" that lets websites automatically generate valid accelerated mobile pages for their blog posts and other web pages.

 

Share this post


Link to post
Share on other sites

Instagram Accidentally Exposed Some Users' Passwords In Plaintext

https://thehackernews.com/2018/11/instagram-password-hack.html

Quote

Instagram has recently patched a security issue in its website that might have accidentally exposed some of its users' passwords in plain text.

The company recently started notifying affected users of a security bug that resides in a newly offered feature called "Download Your Data" that allows users to download a copy of their data shared on the social media platform, including photos, comments, posts, and other information that they have shared on the platform.

To prevent unauthorized users from getting their hands on your personal data, the feature asks you to reconfirm your password before downloading the data.

However, according to Instagram, the plaintext passwords for some users who had used the Download Your Data feature were included in the URL and also stored on Facebook's servers due to a security bug that was discovered by the Instagram internal team.

 

Be smart, if there is a chance yours could have been compromised, change it! Be sure you never use that password for anything else again. If hackers have it, they will keep it and they will try it on all common popular web sites and banks etc. - LSW

  • Like 1

Share this post


Link to post
Share on other sites

PHP Version 5 End of Life: Millions of Websites are About to Become Vulnerable

https://www.riskiq.com/blog/external-threat-management/php-version-5-end-of-life/

Quote
Beginning this month, versions 5.6 and 7.0 of the server-side scripting language PHP will reach end-of-life and will no longer be supported. That means websites using these versions of PHP will run on a platform that no longer receives updates or patches, leaving them extremely vulnerable to hacks and data exposure.
 
Sites running PHP 5 should update to newer, supported versions of PHP 7.2 immediately, but many lack the visibility into their internet-exposed attack surface that helps these organizations identify assets running PHP and upgrade to the latest version if needed.
 
Just how prevalent is this now outdated version of PHP?  Of the 78.9% of all the websites using PHP, 59.6% of them using Version 5. According to RiskIQ telemetry data, 55,714,034 of the sites we crawled all-time ran version 5, and 11,612,312 since the start of 2018.

 

Share this post


Link to post
Share on other sites

Thousands of Google Chromecast Devices Hijacked to Promote PewDiePie

https://thehackernews.com/2019/01/chromecast-pewdiepie-hack.html

Quote

A group of hackers has hijacked tens of thousands of Google's Chromecast streaming dongles, Google Home smart speakers and smart TVs with built-in Chromecast technology in recent weeks by exploiting a bug that's allegedly been ignored by Google for almost five years.

The attackers, who go by Twitter handles @HackerGiraffe and @j3ws3r, managed to hijack Chromecasts’ feeds and display a pop-up, spreading a security warning as well as controversial YouTube star PewDiePie propaganda.

The hackers are the same ones who hijacked more than 50,000 internet-connected printers worldwide late last year by exploiting vulnerable printers to print out flyers asking everyone to subscribe to PewDiePie YouTube channel.

 

Share this post


Link to post
Share on other sites

Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader

https://thehackernews.com/2019/01/adobe-reader-vulnerabilities.html

Quote

Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company's Acrobat and Reader for both the Windows and macOS operating systems.

Though the San Jose, California-based software company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in the context of the current user.

 

Share this post


Link to post
Share on other sites

Hackers are spreading Islamic State propaganda by hijacking dormant Twitter accounts

https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/

Quote
Hackers are using a decade-old flaw to target and hijack dormant Twitter accounts to spread terrorist propaganda, TechCrunch has learned.
 
Many of the affected Twitter accounts appeared to be hijacked in recent days or weeks — some longer — after years of inactivity. A sudden shift in tone or the language used in tweets often gives away the hijack — usually a single tweet in Arabic, sometimes praising Allah or retweeting propaganda from another account.
 
Twitter has suspended most of the accounts we reviewed, but some remain active.
 
The recent resurgence in hijacked accounts appears to be hackers exploiting Twitter’s legacy lack of email confirmation. Twitter took steps to prevent the automated creation of new accounts in June by requiring new accounts to be confirmed using an email address or phone number, but many older accounts remain unconfirmed.

 

Share this post


Link to post
Share on other sites

5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws
 Bluehost, Dreamhost, HostGator, OVH, and iPage

https://thehackernews.com/2019/01/web-hosting-server-security.html

Quote

 

A security researcher has discovered multiple one-click client-side vulnerabilities in the some of the world's most popular and widely-used web hosting companies that could have put millions of their customers as well as billions of their sites' visitors at risk of hacking.
 
Independent researcher and bug-hunter Paulos Yibelo, who shared his new research with The Hacker News, discovered roughly a dozen serious security vulnerabilities in Bluehost, Dreamhost, HostGator, OVH, and iPage, which amounts to roughly seven million domains.
 
Some of the vulnerabilities are so simple to execute as they require attackers to trick victims into clicking on a simple link or visiting a malicious website to easily take over the accounts of anyone using the affected web hosting providers.

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×