Hacking & Security News - Page 1
Criminals will use almost any disaster to try and make some quick money off people in panic. Now, cybercriminals are using the coronavirus COVID-19 pandemic to try and scam people online.
Firstly, DO NOT fall for this scam if you are happened to be sent it. Pay no money to these people as everything they are telling you is lies. Delete the email, and move on with your life. The Sophos Security team received a new phishing scam, and sent it NakedSecurity. The scam sounds kind of crazy to people who are technically inclined or familiar with scammers, but it could fool some people who aren't aware this type of thing happens regularly.
The phish suggests that the scammers have "every dirty little secret about your life", and they attempt to prove this by showing an old password. This password could in fact be correct, but that doesn't mean that the scammers have every little bit of information. This tactic is more so a bluff. The scammers then proceed to threat then users with infecting them and their "whole family" with the coronavirus, while also revealing all of the users digital secrets. To stop the scammer from doing this they request $4,000 paid into a bitcoin address within the next 24 hours.
The world is currently gravely concerned with the recent events surrounding the coronavirus (COVID-19) and its rate of spread. So, many people have turned to going online to look at global outbreak trackers to see if the virus is close to home.
While that might sound like a really smart and harmless idea, it's not quite that simple. Shai Alfasi, a security researcher at Reason Labs, discovered some nefarious activity behind these global maps, and what he found probably won't surprise you either. According to Alfasi, hackers are using the now pandemic of the coronavirus to infiltrate people's computers and steal passwords, names, credit card information, and whatever else that is stored in your browser.
So how are they doing this? Many of the coronavirus trackers require users to download software so you can be 'kept up to date on the spread'. Unfortunately, this malware doesn't even need installation either and can generate a malicious binary file and install it on your PC. Alfasi notes that this method of digital infiltration uses software known as AZORult. Here's what Alfasi said in regards to AZORult, "It is used to steal browsing history, cookies, ID/passwords, cryptocurrency, and more. It can also download additional malware onto infected machines."
One of the biggest cybercrime bot networks has been attacked by Microsoft and its partners and is now facing massive disruption in its day-to-day activities.
According to Microsoft's blog post, just yesterday, Microsoft and its partners from 35 countries conducted a coordinated legal and technical attack on one of the world's most prolific botnets called Necurs. Necurs is reported to have infected over 9 million computers around the world, and the disruption that Microsoft and its partners have been coordinated has taken eight years of researching, tracking, and planning.
Microsoft explains that a botnet is a network of computers that are designed to infect computer users around the globe with malicious software or malware. Once those computers are infected, the cybercriminals control those computers remotely from a secure location and use them to commit crimes. Necurs botnet is one of the largest networks in the spam email threat ecosystem, and Microsoft says that "we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims."
Avast Antivirus is one of the largest free Antivirus software's you can download on the internet, and now an investigation is being conducted into the company for reportedly selling user data.
According to Dark Reading, the Czech Office for Personal Data Protection is now investigating the actions of the Prague-based antivirus software company, Avast. The investigation is to find out whether or not Avast has been selling personal information from its user base to companies such as Google, Microsoft, and Home Depot.
The data that is suspected to have been sold off to these companies is browser history of users, online map searches, YouTube viewing habits, and more. Back in January, Motherboard and PCMag found evidence of Avast collecting data and selling it through its subsidiary company called "Jumpshot". Since this was discovered, Avast as closed down its Jumpshot division.
The FBI has reported the highest amount of scammed losses in 2019 since it's Internet Crime Complaint Center was created.
According to the FBI.gov website, the internet safety arm of the FBI called 'Internet Crime Complaint Center' (IC3) issued out their 2019 report, which stated some worrying figures. The report says that during 2019 the IC3 received 467,361 complaints, which equated to an average of nearly 1,300 a day. It also recorded the highest amount of monetary losses since the center was established back in May, 2000.
The FBI says that more than $3.5 billion losses were recorded from individuals and businesses who fell victim to online scams. Scams such as phishing, non-payment/non-delivery scams, and extortion were the most common form of received complains. The complaints which ended up being the most financially costly were business email compromise (BEC), romance or confidence fraud, and mimicking the account of a person or business vendor.
What if I told you that the United States intelligence agencies secretly owned a device manufacturing company that provided both foreign country officials, and U.S. officials with devices they could listen to?
According to a new report by the Washington Post and ZDF, the United States intelligence agencies secretly owned and ran a company that supplied government spy officials with devices that allowed them to listen in to all communications. The report by WAPO and ZDF detail how the CIA, NSA, and Western German intelligence ran in secret one of the world's largest encrypted communications supplier called Crypto AG.
Foreign governments were reportedly paying the U.S. and West Germany "good money" for supplying them with secrets from these devices that were recording all communications between spy officials. Even U.S. officials weren't safe from the phony devices, with the report saying that higher-up officials insisted that the rigged devices be sent to all persons, ally or not. Crypto AG didn't just make rigged devices either. The report states that two versions were made -- one for friendly governments (select countries/persons) and the other rigged systems that would be provided to the rest of the world. For more information about this discovery, check out this link here.
Data leaks are never good, and as the internet is adopted by more and more people every day, hackers are continuously finding holes in business networks and leaking sensitive data online.
In this instance, we are talking about JailCore, which is a correctional facility management and compliance cloud-based application. vpnMentor, who is a cybersecurity research team, found that 36,077 files were leaked online from an Amazon server linked back to JailCore. Now, these files were nothing to roll your eyes at, as they contain sensitive information for inmates in detention centers located in the following states; Flordia, Kentucky, Missouri, Tennessee, and West Virginia.
The data leak is a large threat to the inmates whose sensitive information was exposed, as criminals who are outside of prison and have nefarious motives can easily steal a person/s identity. The leak contained data in the following categories; prescription records, dosage amounts, correctional officer names, inmates' full names, headcounts, inmate ID, dates of birth, cell locations, officer audit logs, mugshots, inmate activity records, and much more. If you are interested in checking out what else was leaked online, visit this link here.
A California man is facing some serious charges as he has pleaded guilty to hacking Nintendo servers while also possessing child pornography.
21-year-old Palmdale, California man, Ryan Hernandez, has pleaded guilty to charges laid against him for both hacking Nintendo systems and stealing company secrets as well as downloading and possessing child pornography. According to the US Department of Justice website, Hernandez used a "phishing technique" to steal the credentials of a Nintendo employee, which gained him access to Nintendo's servers, where he downloaded confidential files.
The files contained explicit information about Nintendo's coming console, upcoming games, developer tools, and more. The FBI contacted Hernandez back in October 2017, and gave him a warning, Hernandez promised to stop any further hacking attempts and acknowledged that he understood the consequences if he continued to do so. Hernandez continued his malicious online activity throughout 2018 and 2019, continuing to hack Nintendo servers and bragging about his wrongdoings on Twitter and Discord.
A cybercriminal hacking group has given everyone a friendly reminder that anything online can be hacked and exploited.
The reminder has come via from hacking group 'OurMine', who hijacked various social media accounts of fifteen different US National Football League (NFL) teams. OurMine posted onto the social media accounts of the teams a similar message; it reads as follows; "Hi, we're OurMine. We are here for 2 things: 1) Announce that we are back 2) Show people everything is hackable".
The post continued and said, "to improve your accounts security contact us: contact@ourmine. org". The teams that were affected by the hijacking were NFL's own Twitter account and various social medias (Instagram/Facebook/Twitter). The following teams; Kansas City Chiefs, Green Bay Packers, Dallas Cowboys, Denver Broncos, Indianapolis Colts, Houston Texans, New York Giants, Philadelphia Eagles, Tampa Bay Buccaneers, Los Angeles Chargers, San Francisco 49ers, Cleveland Browns, and Arizona Cardinals.
Google has announced via its security blog that throughout 2019 the company paid out a new record to researchers for finding exploits in their products.
If you didn't know, Google rewards people who have found exploits in Google's security system. This reward program is called 'Vulnerability Reward Programs'. Every year Google announces a new report on how much money they have paid out to users, and throughout 2019 Google has set a new record.
In 2018, Google paid out $3.4 million in total to users who were able to assist Google in increasing their security defenses. In 2019, the company had a record-breaking year by doubling what it paid out in 2018, reaching the total payout sum of $6.5 million. If you are interested in checking out Google's full report, head on over to the website here.