Hacking & Security News - Page 2
The FBI has reported the highest amount of scammed losses in 2019 since it's Internet Crime Complaint Center was created.
According to the FBI.gov website, the internet safety arm of the FBI called 'Internet Crime Complaint Center' (IC3) issued out their 2019 report, which stated some worrying figures. The report says that during 2019 the IC3 received 467,361 complaints, which equated to an average of nearly 1,300 a day. It also recorded the highest amount of monetary losses since the center was established back in May, 2000.
The FBI says that more than $3.5 billion losses were recorded from individuals and businesses who fell victim to online scams. Scams such as phishing, non-payment/non-delivery scams, and extortion were the most common form of received complains. The complaints which ended up being the most financially costly were business email compromise (BEC), romance or confidence fraud, and mimicking the account of a person or business vendor.
What if I told you that the United States intelligence agencies secretly owned a device manufacturing company that provided both foreign country officials, and U.S. officials with devices they could listen to?
According to a new report by the Washington Post and ZDF, the United States intelligence agencies secretly owned and ran a company that supplied government spy officials with devices that allowed them to listen in to all communications. The report by WAPO and ZDF detail how the CIA, NSA, and Western German intelligence ran in secret one of the world's largest encrypted communications supplier called Crypto AG.
Foreign governments were reportedly paying the U.S. and West Germany "good money" for supplying them with secrets from these devices that were recording all communications between spy officials. Even U.S. officials weren't safe from the phony devices, with the report saying that higher-up officials insisted that the rigged devices be sent to all persons, ally or not. Crypto AG didn't just make rigged devices either. The report states that two versions were made -- one for friendly governments (select countries/persons) and the other rigged systems that would be provided to the rest of the world. For more information about this discovery, check out this link here.
Data leaks are never good, and as the internet is adopted by more and more people every day, hackers are continuously finding holes in business networks and leaking sensitive data online.
In this instance, we are talking about JailCore, which is a correctional facility management and compliance cloud-based application. vpnMentor, who is a cybersecurity research team, found that 36,077 files were leaked online from an Amazon server linked back to JailCore. Now, these files were nothing to roll your eyes at, as they contain sensitive information for inmates in detention centers located in the following states; Flordia, Kentucky, Missouri, Tennessee, and West Virginia.
The data leak is a large threat to the inmates whose sensitive information was exposed, as criminals who are outside of prison and have nefarious motives can easily steal a person/s identity. The leak contained data in the following categories; prescription records, dosage amounts, correctional officer names, inmates' full names, headcounts, inmate ID, dates of birth, cell locations, officer audit logs, mugshots, inmate activity records, and much more. If you are interested in checking out what else was leaked online, visit this link here.
A California man is facing some serious charges as he has pleaded guilty to hacking Nintendo servers while also possessing child pornography.
21-year-old Palmdale, California man, Ryan Hernandez, has pleaded guilty to charges laid against him for both hacking Nintendo systems and stealing company secrets as well as downloading and possessing child pornography. According to the US Department of Justice website, Hernandez used a "phishing technique" to steal the credentials of a Nintendo employee, which gained him access to Nintendo's servers, where he downloaded confidential files.
The files contained explicit information about Nintendo's coming console, upcoming games, developer tools, and more. The FBI contacted Hernandez back in October 2017, and gave him a warning, Hernandez promised to stop any further hacking attempts and acknowledged that he understood the consequences if he continued to do so. Hernandez continued his malicious online activity throughout 2018 and 2019, continuing to hack Nintendo servers and bragging about his wrongdoings on Twitter and Discord.
A cybercriminal hacking group has given everyone a friendly reminder that anything online can be hacked and exploited.
The reminder has come via from hacking group 'OurMine', who hijacked various social media accounts of fifteen different US National Football League (NFL) teams. OurMine posted onto the social media accounts of the teams a similar message; it reads as follows; "Hi, we're OurMine. We are here for 2 things: 1) Announce that we are back 2) Show people everything is hackable".
The post continued and said, "to improve your accounts security contact us: contact@ourmine. org". The teams that were affected by the hijacking were NFL's own Twitter account and various social medias (Instagram/Facebook/Twitter). The following teams; Kansas City Chiefs, Green Bay Packers, Dallas Cowboys, Denver Broncos, Indianapolis Colts, Houston Texans, New York Giants, Philadelphia Eagles, Tampa Bay Buccaneers, Los Angeles Chargers, San Francisco 49ers, Cleveland Browns, and Arizona Cardinals.
Google has announced via its security blog that throughout 2019 the company paid out a new record to researchers for finding exploits in their products.
If you didn't know, Google rewards people who have found exploits in Google's security system. This reward program is called 'Vulnerability Reward Programs'. Every year Google announces a new report on how much money they have paid out to users, and throughout 2019 Google has set a new record.
In 2018, Google paid out $3.4 million in total to users who were able to assist Google in increasing their security defenses. In 2019, the company had a record-breaking year by doubling what it paid out in 2018, reaching the total payout sum of $6.5 million. If you are interested in checking out Google's full report, head on over to the website here.
Researchers have found that a porn cam affiliate network has left 20GB of extremely sensitive data of models exposed online.
The research group is vpnMentor and found that a porn cam affiliate website PussyCash left 20GB of extremely sensitive information of models on the website exposed in an Amazon S3 bucket. The researchers found a mix of different sensitive data; images, videos, passports information, ID photos, driver licenses, and more. Some of the data was traced back to be about 20 years old, while some other forms of data were as recent as a couple of weeks old.
Around 4,000 models across the world were subjected to sensitive data exposure, and it could have serious implications on the models if nefarious people acquire the data and use it for blackmail purposes. PussyCash never responded to the notifications of the exposure by vpnMentor, but another brand under the company "ImLive" said that they would sort out the problem.
If you are after some fast cash and have competent hacking skills, then you might be in luck because the annual Pwn2Own hacking competition is offering up ridiculous prizes.
Pwn2Own is a hacking competition that is scheduled to begin March this year in Vancouver. At this competition hacking, experts and security researchers can put their skills to the test and break into some of the secure digital infrastructures ever made -- and they are handsomely rewarded for it. The press release says that Tesla vehicles come with three distinct layers of security, and for each of these layers being compromised, a reward will be given to the hacker.
Looking at the highest prize, achievable - Tier 1. Tier 1 represents a complete vehicle compromise, and to win this tier, the hacker will have to "pivot through multiple systems in the car, meaning they will need a complex exploit chain to get arbitrary code execution on three different sub-systems in the vehicle." If a participant manages to do this, they will walk away with a Tesla Model 3 and $500,000 in cash. Additionally, more money can be acquired if the hacker manages to hack into the peripherals of the Model 3. For more information, check out this link here.
The United States has a government initiative targeted at low-income Americans, and the premise of this initiative is to make it easier for low-income Americans to acquire a smartphone.
While that sounds like an amazing idea, and it is, what if those smartphones were found out to have pre-installed Chinese malware? Unfortunately, that seems to be the case as in October 2019, Malwarebytes started to receive complaints in its support system from users who were purchasing the most inexpensive smartphone that Assurance Wireless sells. Assurance Wireless, which is a federal Lifeline Assistance program under Virgin Mobile, is supported by the federal Universal Service Fund.
The most inexpensive smartphone they were selling was the Unimax (UMX) U686CL, and this was the phone that researchers picked up to test consumers' claims. It was discovered that the U686CL harbored malicious apps, such as an app called Wireless Update. The origin of this app can be traced back to Adups malware, which was created by a Chinese company that was caught gathering user data, creating backdoors users' phones, and auto-installing other malware.
Microsoft has announced a brand new online weapon that is designed to protect children from being groomed online by predators.
The new weapon is called "Project Artemis" and according to Mircosoft's blog post, is a new technique that can detect and report people who are suspected of child grooming. So how does it work? Project Artemis is a text-based review system that reviews conversations between people online and determines through a rating system whether or not its likely a party is grooming a child.
If a party is deemed likely to be grooming Artemis will then flag the conversation and notify a human moderator to come and check it for further evaluation. Project Artemis has been in development since November 2018, Microsoft hasn't been alone in the development either as The Meet Group, Roblox, Kik, Thorn and others have also given their assistance. Microsoft says in their post, "Project Artemis" is a significant step forward, but it is by no means a panacea". The fight for child safety online continues.