Hacking & Security News - Page 1
If you didn't know, Joe Biden has an official 2020 Presidential campaign app called 'Vote Joe', and unfortunately, it was discovered that the app had a critical bug that exposed user information.
According to a new report from The App Analyst, the app, which is designed to send users pro-Biden texts, nearby events, campaign updates, etc, was found to have a critical bug in it that exposed sensitive user information. The sensitive user information that was exposed was home addresses, birthdays, phone numbers, and prior voting history.
The App Analyst explains that the bug in the app made it very easy for anyone to access this information and that anyone who signed up to the app with a fake email address was granted access to a TargetSmart database. Through this database, users would be able to access more than 190 million voter records. Last week the Biden campaign notified of this bug and has since worked with its third-part app developer to resolve the issue.
Remember the MGM Hotel data breach in 2019? It was meant to be 10.6 million people, but it exposed a huge 142 million hotel guests.
Back in February 2020, a data breach affected 10.6 million hotel customers that stayed at MGM Resorts. At the time, the company said that the hackers bnreached their dfatabase in 2019, and that they'd notified people. Well, MGM might have notified a significant lower number of people affected because the numbers are baffling.
ZDNet is reporting that it wasn't 10.6 million customers that had their data breached, but rather over 10x that amount with 142 million customers details now hanging out on the dark web with a hacker selling them for $2939.
As Trump begins to get back out and rally his supporters for this years election, cybersecurity analysts have noticed some security vulnerabilities with the President's official campaign app.
If you are wondering what this official campaign app is, it's an app developed specifically for President Trump's reelection campaign. If you head over to this website, and enter your phone number, you will receive a one time SMS to download the free app that will give you exclusive content and campaign updates. It's available on both the App Store and Google Play.
The issue with this app is that cybersecurity analysts, Noam Rotem and Ran Locar, have found some critical security vulnerabilities in the app. According to WebsitePlanet, where the analysts posted their findings, the app's code "revealed keys and secrets, similar to usernames and passwords, that gave access to different parts of the app, such as its Twitter API." The cybersecurity researchers also said, "While the exposed keys allowed access to many parts of the app, we concluded in our investigation that user accounts remained inaccessible through this vulnerability."
Anonymous seems to have awoken once again, and this time the hacktivist group is targeting the main source of controversy, the Minneapolis Police Department.
In a video released onto the official Anonymous Twitter account, we see a member of the group wearing the iconic Guy Fawkes mask, talking directly into the camera. The member explains that officers who believe they can kill people and commit other crimes need to be held accountable "just like the rest of us", otherwise they will think they have a license to do whatever they want.
The video goes onto say that the people have "had enough of this corruption and violence from an organization that promises to keep them safe". Anonymous then begins to target the Minneapolis Police Department by saying that the officers behind the George Floyd killing need to face charges, and officer Chauvin should face murder charges. "Unfortunately, we do not trust your corrupted organization to carry out justice, so we will be exposing your many crimes to the world".
It seems like something out of a Mission: Impossible movie, but a new hack is able to steal data from your PC through your power supply -- yeah, I just said your power supply. Check it out:
The new hack is capable of taking data from a completely air-gapped system, which is completely disconnected from the internet. This means it has no connection to the internet, Wi-Fi, Bluetooth, or any other connection to the internet. Air-gapped systems are considered virtually impossible to siphon data from, but someone is now doing through power supplies.
Dr. Mordechai Guri from the Ben Girion University in Israel is behind the revelations, with a new hack he calls POWER-SUPPLaY. How does it work? Get this: malware is installed onto the target PC, which then reads out the system data and makes some changes to the CPU workload.
Criminals will use almost any disaster to try and make some quick money off people in panic. Now, cybercriminals are using the coronavirus COVID-19 pandemic to try and scam people online.
Firstly, DO NOT fall for this scam if you are happened to be sent it. Pay no money to these people as everything they are telling you is lies. Delete the email, and move on with your life. The Sophos Security team received a new phishing scam, and sent it NakedSecurity. The scam sounds kind of crazy to people who are technically inclined or familiar with scammers, but it could fool some people who aren't aware this type of thing happens regularly.
The phish suggests that the scammers have "every dirty little secret about your life", and they attempt to prove this by showing an old password. This password could in fact be correct, but that doesn't mean that the scammers have every little bit of information. This tactic is more so a bluff. The scammers then proceed to threat then users with infecting them and their "whole family" with the coronavirus, while also revealing all of the users digital secrets. To stop the scammer from doing this they request $4,000 paid into a bitcoin address within the next 24 hours.
The world is currently gravely concerned with the recent events surrounding the coronavirus (COVID-19) and its rate of spread. So, many people have turned to going online to look at global outbreak trackers to see if the virus is close to home.
While that might sound like a really smart and harmless idea, it's not quite that simple. Shai Alfasi, a security researcher at Reason Labs, discovered some nefarious activity behind these global maps, and what he found probably won't surprise you either. According to Alfasi, hackers are using the now pandemic of the coronavirus to infiltrate people's computers and steal passwords, names, credit card information, and whatever else that is stored in your browser.
So how are they doing this? Many of the coronavirus trackers require users to download software so you can be 'kept up to date on the spread'. Unfortunately, this malware doesn't even need installation either and can generate a malicious binary file and install it on your PC. Alfasi notes that this method of digital infiltration uses software known as AZORult. Here's what Alfasi said in regards to AZORult, "It is used to steal browsing history, cookies, ID/passwords, cryptocurrency, and more. It can also download additional malware onto infected machines."
One of the biggest cybercrime bot networks has been attacked by Microsoft and its partners and is now facing massive disruption in its day-to-day activities.
According to Microsoft's blog post, just yesterday, Microsoft and its partners from 35 countries conducted a coordinated legal and technical attack on one of the world's most prolific botnets called Necurs. Necurs is reported to have infected over 9 million computers around the world, and the disruption that Microsoft and its partners have been coordinated has taken eight years of researching, tracking, and planning.
Microsoft explains that a botnet is a network of computers that are designed to infect computer users around the globe with malicious software or malware. Once those computers are infected, the cybercriminals control those computers remotely from a secure location and use them to commit crimes. Necurs botnet is one of the largest networks in the spam email threat ecosystem, and Microsoft says that "we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims."
Avast Antivirus is one of the largest free Antivirus software's you can download on the internet, and now an investigation is being conducted into the company for reportedly selling user data.
According to Dark Reading, the Czech Office for Personal Data Protection is now investigating the actions of the Prague-based antivirus software company, Avast. The investigation is to find out whether or not Avast has been selling personal information from its user base to companies such as Google, Microsoft, and Home Depot.
The data that is suspected to have been sold off to these companies is browser history of users, online map searches, YouTube viewing habits, and more. Back in January, Motherboard and PCMag found evidence of Avast collecting data and selling it through its subsidiary company called "Jumpshot". Since this was discovered, Avast as closed down its Jumpshot division.
The FBI has reported the highest amount of scammed losses in 2019 since it's Internet Crime Complaint Center was created.
According to the FBI.gov website, the internet safety arm of the FBI called 'Internet Crime Complaint Center' (IC3) issued out their 2019 report, which stated some worrying figures. The report says that during 2019 the IC3 received 467,361 complaints, which equated to an average of nearly 1,300 a day. It also recorded the highest amount of monetary losses since the center was established back in May, 2000.
The FBI says that more than $3.5 billion losses were recorded from individuals and businesses who fell victim to online scams. Scams such as phishing, non-payment/non-delivery scams, and extortion were the most common form of received complains. The complaints which ended up being the most financially costly were business email compromise (BEC), romance or confidence fraud, and mimicking the account of a person or business vendor.