Archive for the ‘Hacks’ Category

1.9 million Bell customer email addresses stolen by ‘anonymous hacker’

Bell is apologizing to its customers after 1.9 million email addresses and approximately 1,700 names and phone numbers were stolen from a company database. The information appears to have been posted online, but the company could not confirm the leaked data was one and the same. Bell, the country’s largest telecommunications company, attributed the incident […]

Font sharing site DaFont has been hacked, exposing 699,464 accounts

A popular font sharing site DaFont.com has been hacked, exposing the site’s entire database of user accounts.Usernames, email addresses, and hashed passwords of 699,464 user accounts were stolen in the breach, carried out earlier this month, by a hacker who would not divulge his nameA popular font sharing site DaFont.com has been hacked, exposing the […]

Another IoT botnet has been found feasting on 120k vulnerable IP cameras

Persirai targets more than a thousand different internet protocol camera models. Researchers at Trend Micro warn that 120,000 web-connected cameras are vulnerable to the malware. Consumers would, in most cases, be unaware that their devices are even exposed to the internet much less at risk of compromise. Hackers are using a known but seldom patched […]

rpcbomb: remote rpcbind denial-of-service + patches

This vulnerability allows an attacker to allocate any amount of bytes (up to 4 gigabytes per attack) on a remote rpcbind host, and the memory is never freed unless the process crashes or the administrator halts or restarts the rpcbind service. Attacking a system is trivial; a single attack consists of sending a specially crafted […]

FYI: You can blow Intel-powered broadband modems off the ‘net with a ‘trivial’ packet stream

This week, inquisitive netizens discovered that, when presented with even modest amounts of network packets – as little as 1.5Mbps spread across various TCP or UDP ports – modems equipped with a Puma 6 slow to an unusable crawl. According to one engineer who spoke to El Reg on the issue, the flaw would be […]

Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools

The NSA’s Equation Group hacking tools, leaked last Friday by the Shadow Brokers, have now been used to infect thousands of Windows machines worldwide, we’re told. On Thursday, Dan Tentler, founder of security shop Phobos Group, told The Register he’s seen rising numbers of boxes on the public internet showing signs they have DOUBLEPULSAR installed […]

Burger King ads talk to Google Home devices, make them talk when listening.

The advertisment says: “Hello Google, what is the whopper burger?” and Google home reads out the first line of the wiki page. So Google blocked Burger King. So BK re-recorded and Google Home devices recite the first Absolutely brilliant and very funny! Alexa next! And even more funny: changing the wiki page just as the […]

Scammers place fake pins on Google Maps

A partnership between computer scientists at the University of California San Diego and Google has allowed the search giant to reduce by 70 percent fraudulent business listings in Google Maps. The researchers worked together to analyze more than 100,000 fraudulent listings to determine how scammers had been able to avoid detection—albeit for a limited amount […]

Shadow Brokers crack open NSA hacking tool cache for world+dog

The self-styled Shadow Brokers group has made a collection of NSA hacking tools and exploits publicly available. The group released a password for their archive, making it available to all and sundry. They (unsuccessfully) attempted to auction off the trove last year. In a (ranty) statement, Shadow Brokers said it was making the 2013 vintage […]

1046 – Broadcom: Heap overflow in TDLS Teardown Request while handling Fast Transition IE: your phone can be taken over using rogue wifi signals

Source: 1046 – Broadcom: Heap overflow in TDLS Teardown Request while handling Fast Transition IE – project-zero – Monorail Comes with proof of concept code

“BrickerBot” tries to kill your poorly secured IoT things

The Bricker Bot PDoS attack used Telnet brute force – the same exploit vector used by Mirai – to breach a victim’s devices. Bricker does not try to download a binary, so Radware does not have a complete list of credentials that were used for the brute force attempt, but were able to record that […]

About 90% of Smart TVs Vulnerable to Remote Hacking via Rogue TV Signals

A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. […] Scheel’s method, which he recently […]

Bloke, 48, accused of whaling two US tech leviathans out of $100m

According to allegations in the indictment against Rimasauskas, which was unsealed this week, he had orchestrated his scheme between 2013 and 2015, targeting “a multinational technology company and a multinational online social media company” and tricking them into wiring funds to bank accounts under his control. The bank accounts in question belonged to companies that […]

Russian mastermind of $500m bank-raiding Citadel coughs to crimes

Mark Vartanyan, who operated under the handle “Kolypto”, was arrested in Norway last year, and extradited to America in December. The 29-year-old was charged with one count of computer fraud. On Monday, he pleaded guilty [PDF] to a district court in Atlanta, US. He faces up to 10 years in the clink and a $250,000 […]

Windows DRM can find your IP without you knowing if you’re watching properly signed wmv and asf files, can uncloak your tor anonymity

If you were to modify the above WRMHEADER or any of the three identified GUID objects you would find that on opening in Windows Media Player you are prompted with a warning from Windows Media Player. However, this warning DOES NOT appear if the DRM license has been signed correctly and the Digital Signature Object, […]

Metasploit hwbridge connects to your car

We recently announced a new addition to Metasploit to help you do exactly that: the Hardware Bridge API. The Hardware Bridge API extends Metasploit’s capabilities into the physical world of hardware devices. Much in the same way that the Metasploit framework helped unify tools and exploits for networks and software, the Hardware Bridge looks to […]

PostScript printers extremely vulnerable outside of the network

If PostScript is the printer driver, the printer is vulnerable to what they call Cross-Site Printing attacks, documented in detail at Hacking Printers here. The bugs range from attackers exfiltrating copies of what’s sent to printers, to denial-of-service, code execution, forced resets and even bricking the targets. The work from the University Alliance Ruhr landed […]

Bypassing Authentication on NETGEAR Routers

“Hmm, what is that unauth.cgi thingy? and what does that id number mean?”, I thought to myself. Luckily for me the Internet connection had come back on its own, but I was now a man on a mission, so I started to look around to see if there were any known vulnerabilities for my VEGN2610. […]

MongoDB hackers now sacking ElasticSearch

Some 35,000 mostly Amazon Web Services ElasticSearch servers are open to the internet and to ransoming criminals, Shodan boss John Matherly says. So far more than 360 instances have had data copied and erased, held to ransom using the same techniques that blitzed tens of thousands of MongoDB servers this week. Affected ElasticSearch administrators are […]

New Android-infecting malware brew hijacks devices and then attacks your wifi router

Hackers have brewed up a strain of Android malware that uses compromised smartphones as conduits to attack routers.The Switcher trojan does not attack Android device users directly. Instead, the malware uses compromised smartphones and tablets as tools to attack any wireless networks they connect to.Switcher brute-forces access to the network’s router and then changes its […]

Yahoo Suffers World’s Biggest Hack Affecting 1 Billion Users ub 2013

Yahoo has discovered a 3-year-old security breach that enabled a hacker to compromise more than 1 billion user accounts, breaking the company’s own humiliating record for the biggest security breach in history. The digital heist disclosed Wednesday occurred in August 2013, more than a year before a separate hack that Yahoo announced nearly three months […]

SWIFT confirms 1/5th of cyber attacks get through, steal money.

Cyber attacks targeting the global bank transfer system have succeeded in stealing funds since February’s heist of $81 million from the Bangladesh central bank as hackers have become more sophisticated in their tactics, according to a SWIFT official and a previously undisclosed letter the organization sent to banks worldwide. Source: Exclusive: SWIFT confirms new cyber […]

Surveillance camera compromised in 98 seconds

Robert Graham, CEO of Errata Security, on Friday documented his experience setting up a $55 JideTech security camera behind a Raspberry Pi router configured to isolate the camera from his home network. According to Graham’s series of Twitter posts, his camera was taken over by the Mirai botnet in just 98 seconds. Note: it was […]

Three Mobile hack: millions of UK customers breached

hree has suffered a massive data breach in which the personal information and contact details of millions of customers could have been accessed. It is believed to one of the largest hacks of its kind to affect people living in Britain. Here’s everything you need to know about the hack. What happened? UK-based cyber criminals […]

Enter 30 to shell: Cryptsetup Initram Shell / instant access to encrypted linux machines

An attacker with access to the console of the computer and with the ability to reboot the computer can launch a shell (with root permissions) when he/she is prompted for the password to unlock the system partition. The shell is executed in the initrd environment. Obviously, the system partition is encrypted and it is not […]

 
Skip to toolbar