Hacking & Security News - Page 1
It seems foreign hackers have gained access to the networks of both the US Department of Energy and National Nuclear Security Administration.
There are new reports from both Bloomberg and Politico that say federal investigators say was part of a "Russian cyber attack that struck a number of federal government agencies. Microsoft Corp. was also breached, and its products were used to further attacks on others".
Shaylyn Hynes, a Department of Energy spokeswoman, said in a statement: "At this point, the investigation has found that the malware has been isolated to business networks only".
If you didn't know, Joe Biden has an official 2020 Presidential campaign app called 'Vote Joe', and unfortunately, it was discovered that the app had a critical bug that exposed user information.
According to a new report from The App Analyst, the app, which is designed to send users pro-Biden texts, nearby events, campaign updates, etc, was found to have a critical bug in it that exposed sensitive user information. The sensitive user information that was exposed was home addresses, birthdays, phone numbers, and prior voting history.
The App Analyst explains that the bug in the app made it very easy for anyone to access this information and that anyone who signed up to the app with a fake email address was granted access to a TargetSmart database. Through this database, users would be able to access more than 190 million voter records. Last week the Biden campaign notified of this bug and has since worked with its third-part app developer to resolve the issue.
Remember the MGM Hotel data breach in 2019? It was meant to be 10.6 million people, but it exposed a huge 142 million hotel guests.
Back in February 2020, a data breach affected 10.6 million hotel customers that stayed at MGM Resorts. At the time, the company said that the hackers bnreached their dfatabase in 2019, and that they'd notified people. Well, MGM might have notified a significant lower number of people affected because the numbers are baffling.
ZDNet is reporting that it wasn't 10.6 million customers that had their data breached, but rather over 10x that amount with 142 million customers details now hanging out on the dark web with a hacker selling them for $2939.
As Trump begins to get back out and rally his supporters for this years election, cybersecurity analysts have noticed some security vulnerabilities with the President's official campaign app.
If you are wondering what this official campaign app is, it's an app developed specifically for President Trump's reelection campaign. If you head over to this website, and enter your phone number, you will receive a one time SMS to download the free app that will give you exclusive content and campaign updates. It's available on both the App Store and Google Play.
The issue with this app is that cybersecurity analysts, Noam Rotem and Ran Locar, have found some critical security vulnerabilities in the app. According to WebsitePlanet, where the analysts posted their findings, the app's code "revealed keys and secrets, similar to usernames and passwords, that gave access to different parts of the app, such as its Twitter API." The cybersecurity researchers also said, "While the exposed keys allowed access to many parts of the app, we concluded in our investigation that user accounts remained inaccessible through this vulnerability."
Anonymous seems to have awoken once again, and this time the hacktivist group is targeting the main source of controversy, the Minneapolis Police Department.
In a video released onto the official Anonymous Twitter account, we see a member of the group wearing the iconic Guy Fawkes mask, talking directly into the camera. The member explains that officers who believe they can kill people and commit other crimes need to be held accountable "just like the rest of us", otherwise they will think they have a license to do whatever they want.
The video goes onto say that the people have "had enough of this corruption and violence from an organization that promises to keep them safe". Anonymous then begins to target the Minneapolis Police Department by saying that the officers behind the George Floyd killing need to face charges, and officer Chauvin should face murder charges. "Unfortunately, we do not trust your corrupted organization to carry out justice, so we will be exposing your many crimes to the world".
It seems like something out of a Mission: Impossible movie, but a new hack is able to steal data from your PC through your power supply -- yeah, I just said your power supply. Check it out:
The new hack is capable of taking data from a completely air-gapped system, which is completely disconnected from the internet. This means it has no connection to the internet, Wi-Fi, Bluetooth, or any other connection to the internet. Air-gapped systems are considered virtually impossible to siphon data from, but someone is now doing through power supplies.
Dr. Mordechai Guri from the Ben Girion University in Israel is behind the revelations, with a new hack he calls POWER-SUPPLaY. How does it work? Get this: malware is installed onto the target PC, which then reads out the system data and makes some changes to the CPU workload.
One of the biggest cybercrime bot networks has been attacked by Microsoft and its partners and is now facing massive disruption in its day-to-day activities.
According to Microsoft's blog post, just yesterday, Microsoft and its partners from 35 countries conducted a coordinated legal and technical attack on one of the world's most prolific botnets called Necurs. Necurs is reported to have infected over 9 million computers around the world, and the disruption that Microsoft and its partners have been coordinated has taken eight years of researching, tracking, and planning.
Microsoft explains that a botnet is a network of computers that are designed to infect computer users around the globe with malicious software or malware. Once those computers are infected, the cybercriminals control those computers remotely from a secure location and use them to commit crimes. Necurs botnet is one of the largest networks in the spam email threat ecosystem, and Microsoft says that "we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims."
Avast Antivirus is one of the largest free Antivirus software's you can download on the internet, and now an investigation is being conducted into the company for reportedly selling user data.
According to Dark Reading, the Czech Office for Personal Data Protection is now investigating the actions of the Prague-based antivirus software company, Avast. The investigation is to find out whether or not Avast has been selling personal information from its user base to companies such as Google, Microsoft, and Home Depot.
The data that is suspected to have been sold off to these companies is browser history of users, online map searches, YouTube viewing habits, and more. Back in January, Motherboard and PCMag found evidence of Avast collecting data and selling it through its subsidiary company called "Jumpshot". Since this was discovered, Avast as closed down its Jumpshot division.
The FBI has reported the highest amount of scammed losses in 2019 since it's Internet Crime Complaint Center was created.
According to the FBI.gov website, the internet safety arm of the FBI called 'Internet Crime Complaint Center' (IC3) issued out their 2019 report, which stated some worrying figures. The report says that during 2019 the IC3 received 467,361 complaints, which equated to an average of nearly 1,300 a day. It also recorded the highest amount of monetary losses since the center was established back in May, 2000.
The FBI says that more than $3.5 billion losses were recorded from individuals and businesses who fell victim to online scams. Scams such as phishing, non-payment/non-delivery scams, and extortion were the most common form of received complains. The complaints which ended up being the most financially costly were business email compromise (BEC), romance or confidence fraud, and mimicking the account of a person or business vendor.
What if I told you that the United States intelligence agencies secretly owned a device manufacturing company that provided both foreign country officials, and U.S. officials with devices they could listen to?
According to a new report by the Washington Post and ZDF, the United States intelligence agencies secretly owned and ran a company that supplied government spy officials with devices that allowed them to listen in to all communications. The report by WAPO and ZDF detail how the CIA, NSA, and Western German intelligence ran in secret one of the world's largest encrypted communications supplier called Crypto AG.
Foreign governments were reportedly paying the U.S. and West Germany "good money" for supplying them with secrets from these devices that were recording all communications between spy officials. Even U.S. officials weren't safe from the phony devices, with the report saying that higher-up officials insisted that the rigged devices be sent to all persons, ally or not. Crypto AG didn't just make rigged devices either. The report states that two versions were made -- one for friendly governments (select countries/persons) and the other rigged systems that would be provided to the rest of the world. For more information about this discovery, check out this link here.