Category Archives: Hacking News

MageCart Hacked Customers’ In NewEgg Credit Card Data Breach

The infamous cyber gang Magecart seems unstoppable. The gang has been around for quite a few years. However, this year,

MageCart Hacked Customers’ In NewEgg Credit Card Data Breach on Latest Hacking News.

Latest Hacking News Podcast #126

Microsoft Jet zero-day and WD My Cloud vulnerabilities disclosed, US authorizes offensive cyber operations and more on today's Latest Hacking News Podcast.

Latest Hacking News Podcast #126 on Latest Hacking News.

Magecart’s Next Attack Resulted In ABS-CBN Data Breach

We’ve been hearing about the malicious attacks by Magecart attacks targeting multiple firms. After British Airways and Feedify, Magecart’s next

Magecart’s Next Attack Resulted In ABS-CBN Data Breach on Latest Hacking News.

Authentication Bypass Vulnerability Disclosed in Western Digital My Cloud NAS Devices

Security Researchers at Securify have found an elevation of privilege vulnerability in the WD MyCloud platform which can be exploited by

Authentication Bypass Vulnerability Disclosed in Western Digital My Cloud NAS Devices on Latest Hacking News.

US authorities Have Pardoned Authors of Mirai Ransomware in Return For Government “Cooperation”

The authors of the Mirai botnet have been pardoned and have avoided jail since they have helped the FBI in

US authorities Have Pardoned Authors of Mirai Ransomware in Return For Government “Cooperation” on Latest Hacking News.

UK Regulator Fines Equifax £500,000 Over 2017 Data Breach

Atlanta-based consumer credit reporting agency Equifax has been issued a £500,000 fine by the UK's privacy watchdog for its last year's massive data breach that exposed personal and financial data of hundreds of millions of its customers. Yes, £500,000—that's the maximum fine allowed by the UK's Data Protection Act 1998, though the penalty is apparently a small figure for a $16 billion

Interview with Daniel Stenberg: His thoughts on the Curl Bug Bounty Program

Curl is the most popular, open source command line tool and library for transferring data with URLs. It is also used

Interview with Daniel Stenberg: His thoughts on the Curl Bug Bounty Program on Latest Hacking News.

State Department Email Breach Exposed Personal Data Of Employees

Data breaches are not unusual in this day and age. In fact, the frequency of such incidents makes them look

State Department Email Breach Exposed Personal Data Of Employees on Latest Hacking News.

Latest Hacking News Podcast #125

MageCart hits Newegg, Mirai botnet operators cooperate with FBI and UK ICO fines Equifax £500,000 on episode 125 of the Latest Hacking News Podcast.

Latest Hacking News Podcast #125 on Latest Hacking News.

Hackers Steal Customers’ Credit Cards From Newegg Electronics Retailer

The notorious hacking group behind the Ticketmaster and British Airways data breaches has now victimized popular computer hardware and consumer electronics retailer Newegg. Magecart hacking group managed to infiltrate the Newegg website and steal the credit card details of all customers who entered their payment card information between August 14 and September 18, 2018, according to a joint

11M Records of E-Marketing Data Exposed Online From Unsecured MongoDB Instance

It has only been a week since we heard of the massive Veeam data leakage from misconfigured MongoDB server incident. The

11M Records of E-Marketing Data Exposed Online From Unsecured MongoDB Instance on Latest Hacking News.

New Malware Combines Ransomware, Coin Mining and Botnet Features in One

Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems. Dubbed XBash, the new malware, believed to be tied to the Iron Group, a.k.a. Rocke—the Chinese speaking APT threat

Pirated Windows Instances Have Been Infected with EternalBlue Exploit Code

Avira have published a report that contains information about unpatched Windows Machines which are infected with the EternalBlue Exploit Code.

Pirated Windows Instances Have Been Infected with EternalBlue Exploit Code on Latest Hacking News.

Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

Three young hackers who were sentenced late last year for creating and spreading the notorious Mirai botnet are now helping the FBI to investigate other "complex" cybercrime cases in return to avoid their lengthy prison terms. Paras Jha, 21 from New Jersey, Josiah White, 20 from Washington, and Dalton Norman, 21 from Louisiana, plead guilty in December 2017 to multiple charges for their role

Western Digital’s My Cloud NAS Devices Turn Out to Be Easily Hacked

Security researchers have discovered an authentication bypass vulnerability in Western Digital's My Cloud NAS devices that potentially allows an unauthenticated attacker to gain admin-level control to the affected devices. Western Digital's My Cloud (WD My Cloud) is one of the most popular network-attached storage (NAS) devices which is being used by businesses and individuals to host their

Staff at Amazon Being Investigated Over Selling of Customer Data

Amazon have confirmed that there is an internal investigation currently occurring over allegations that staff have been stealing confidential customer

Staff at Amazon Being Investigated Over Selling of Customer Data on Latest Hacking News.

Many Android Apps Are Targeting Children in Their Advertising Campaigns

Last Week, Attorney General Hector Balderas has filed a lawsuit against the company TinyLab who gave been exploiting kids through

Many Android Apps Are Targeting Children in Their Advertising Campaigns on Latest Hacking News.

Latest Hacking News Podcast #124

US State Department email system hacked, Judge rejects paperless voting machine ban though convinced they are vulnerable and Pegasus spyware being used illegally on episode 124 of our daily podcast.

Latest Hacking News Podcast #124 on Latest Hacking News.

Peekaboo Zero-Day Vulnerability Allows Hacking of Surveillance Cameras

iOT based security cameras from various vendors invites opportunities for flaws. Recently, researchers have discovered a similar vulnerability that allows hacking

Peekaboo Zero-Day Vulnerability Allows Hacking of Surveillance Cameras on Latest Hacking News.

Facebook Bug Bounty Program Expands To Include Third-Party Apps

In the post-Cambridge Analytica phase, Facebook appears to have worked extensively towards user data privacy. Although, even after the Cambridge Analytica

Facebook Bug Bounty Program Expands To Include Third-Party Apps on Latest Hacking News.

Indian Government Websites Affected By Cryptojacking Attacks

CoinHive – the infamous cryptominer – started off as a great tool for mining cryptocurrency. However, the malefactors quickly began

Indian Government Websites Affected By Cryptojacking Attacks on Latest Hacking News.

Latest Hacking News Podcast #123

On today's Latest Hacking News Podcast a zero-day flaw exposes surveillance cameras, Altaba agrees to Yahoo breach class-action settlement and Facebook expands it's bug bounty program.

Latest Hacking News Podcast #123 on Latest Hacking News.

Tech Support Scam Uses “Evil Cursor” Attack To Con Users Into Paying For Assistance

Tech support scams aren’t something new or novel for the internet users. Almost all of us have come across such

Tech Support Scam Uses “Evil Cursor” Attack To Con Users Into Paying For Assistance on Latest Hacking News.

Ransomware Attack Takes Down Bristol Airport’s Flight Display Screens

Bristol Airport has blamed a ransomware attack for causing a blackout of flight information screens for two days over the weekend. The airport said that the attack started Friday morning, taking out several computers over the airport network, including its in-house display screens which provide details about the arrival and departure information of flights. <!-- adsense --> The attack forced

Hackers Exploited Flaw In EOSBet Smart Contract To Steal 44,000 EOS

Once again, the crypto world faced another cyber attack losing several thousands of dollars to hackers. This time, the hackers

Hackers Exploited Flaw In EOSBet Smart Contract To Steal 44,000 EOS on Latest Hacking News.

Windows and Linux Are Being Targeted by Malicious Kodi Add-ons

The Kodi Open-Source Media player has been modified with a malicious script that downloads crypto mining software on Windows and

Windows and Linux Are Being Targeted by Malicious Kodi Add-ons on Latest Hacking News.

Watch Out! This New Web Exploit Can Crash and Restart Your iPhone

It's 2018, and just a few lines of code can crash and restart any iPhone or iPad and can cause a Mac computer to freeze. Sabri Haddouche, a security researcher at encrypted instant messaging app Wire, revealed a proof-of-concept (PoC) web page containing an exploit that uses only a few lines of specially crafted CSS & HTML code. Beyond just a simple crash, the web page, if visited, causes a

Microsoft Patched FragmentSmack Vulnerability Targeting Windows

This Tuesday, Microsoft September Patch was rolled out containing fixes for a number of security vulnerabilities. While it gained attention

Microsoft Patched FragmentSmack Vulnerability Targeting Windows on Latest Hacking News.

Latest Hacking News Podcast #122

Ransomware hits Bristol Airport, officials warn of Hurricane Florence phishing scams and former Anonymous hacker raises $2.5 million for start-up on today's episode of Latest Hacking News Podcast.

Latest Hacking News Podcast #122 on Latest Hacking News.

New Cold Boot Attacks Can Evade Current Mitigations

Many people tend to put laptops to ‘Sleep’ instead of shutting it down. Whether you’re at home, or at your

New Cold Boot Attacks Can Evade Current Mitigations on Latest Hacking News.

Microsoft September Patch Fixed 61 Vulnerabilities Including A Zero-Day

Last month, Microsoft Patch Tuesday addressed 60 vulnerabilities that also included two zero-day flaws. This month also, the tech giant

Microsoft September Patch Fixed 61 Vulnerabilities Including A Zero-Day on Latest Hacking News.

Veeam Left Nearly Half-A-Billion! Records Exposed

Veeam, A company that handles backup disaster recovery and intelligent data management software based in Switzerland markets itself as one

Veeam Left Nearly Half-A-Billion! Records Exposed on Latest Hacking News.

New Ransomware Named PyLocky Discovered

Security experts at Trend Micro have found a new Ransomware strain named PyLocky which has been involved in attacks between July

New Ransomware Named PyLocky Discovered on Latest Hacking News.

Latest Hacking News Podcast #121

Cold Boot attacks are back, a Nigerian email scammer gets sentenced and 2 billion devices still vulnerable to old Bluetooth flaws on episode 121 of the Latest Hacking News Podcast.

Latest Hacking News Podcast #121 on Latest Hacking News.

Researchers Discover Vulnerability in Tesla Model S Key

A group of COSIC experts form KL Leuven University in Belgium have developed a new relay attack called Passive Key

Researchers Discover Vulnerability in Tesla Model S Key on Latest Hacking News.

Russian Hacker Pleads Guilty to Operating Kelihos Botnet

The Russian man who was accused of operating the infamous Kelihos botnet has finally pleaded guilty in a U.S. federal court. Peter Yuryevich Levashov, 38, of St. Petersburg, Russia, pleaded guilty on Wednesday in U.S. federal court in Connecticut to computer crime, wire fraud, conspiracy and identity theft charges. Levashov, also known by many online aliases including Peter Severa, Petr

New Cold Boot Attack Unlocks Disk Encryption On Nearly All Modern PCs

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption. The attack is a new variation of a traditional Cold Boot Attack, which is around since 2008 and lets attackers steal information that briefly remains in the memory (RAM) after the computer is shut down.

Latest Hacking News Podcast #120

MageCart infecting Feedify sites, malware campaign targeting Jaxx cryptocurrency wallet and mobile cyber crime increasing on episode 120 of Latest Hacking News Podcast.

Latest Hacking News Podcast #120 on Latest Hacking News.

Tesla Model S Hack Could Let Thieves Clone Key Fobs to Steal Cars

Despite having proper security measures in place to protect the driving systems of its cars against cyber attacks, a team of security researchers discovered a way to remotely hack a Tesla Model S luxury sedans in less than two seconds. Yes, you heard that right. A team of researchers from the Computer Security and Industrial Cryptography (COSIC) group of the Department of Electrical

Microsoft Issues Software Updates for 17 Critical Vulnerabilities

Times to gear up your systems and software. Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for September 2018, patching a total of 61 security vulnerabilities, 17 of which are rated as critical, 43 are rated Important, and one Moderate in severity. This month's security updates patch vulnerabilities in Microsoft Windows, Edge, Internet Explorer, MS Office,

Adobe Issues ColdFusion Software Update for 6 Critical Vulnerabilities

Adobe has released September 2018 security patch updates for a total of 10 vulnerabilities in Flash Player and ColdFusion, six of which are rated as critical that affected ColdFusion and could allow attackers to remotely execute arbitrary code on a vulnerable server. What's the good news this month for Adobe users? This month Adobe Acrobat and Reader applications did not receive any patch

Tor Browser Zero-Day Exploit Revealed Online – Patch Now

Zerodium, the infamous exploit vendor that earlier this year offered $1 million for submitting a zero-day exploit for Tor Browser, today publicly revealed a critical zero-day flaw in the anonymous browsing software that could reveal your identity to the sites you visit. In a Tweet, Zerodium shared a zero-day vulnerability that resides in the NoScript browser plugin comes pre-installed with

No.1 Adware Removal Tool On Apple App Store Caught Spying On Mac Users

A highly popular top-tier app in Apple's Mac App Store that's designed to protect its users from adware and malware threats has been, ironically, found surreptitiously stealing their browsing history without their consent, and sending it to a server in China. What's more concerning? Even after Apple was warned a month ago, the company did not take any action against the app. The app in

North Korean hacker charged for WannaCry and Sony cyberattacks

U.S. charges North Korean hacker for WannaCry, Sony cyber attacks

The U.S. government on Thursday charged and sanctioned a North Korean hacker for the 2014 Sony hack and the 2017 WannaCry global ransomware cyberattack, U.S. officials said.

The accused, Park Jin Hyok worked as part of a team of hackers, also known as the Lazarus Group, has been charged under the strategy planned by the U.S. government for naming and shaming the hackers in order to prevent future cyber attacks.

According to an FBI wanted poster released on Thursday, Park is identified as an alleged North Korean programmer who is accused of being “part of a state-sponsored hacking organization responsible for some of the costliest computer intrusions in history.”

Those attacks include the Sony Pictures Entertainment hack, the WannaCry attack and “a series of attacks targeting banks across the world that collectively attempted to steal more than one billion dollars,” according to the FBI.

Also Read- Top 9 hacking groups sponsored by governments

The U.S. Treasury Department sanctioned Park, a computer programmer, and the North Korea entity, Chosun Expo Joint Venture, the company he worked for.

The Treasury said the joint venture, also known as Korea Expo Joint Venture, is “a front for the North Korean government,” according to the Justice Department.

“The scale and scope of the cyber-crimes alleged by the complaint is staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations,” said Assistant Attorney General for National Security John C. Demers.

“The complaint alleges that the North Korean government, through a state-sponsored group, robbed a central bank and citizens of other nations, retaliated against free speech in order to chill it half a world away, and created disruptive malware that indiscriminately affected victims in more than 150 other countries, causing hundreds of millions, if not billions, of dollars’ worth of damage.”

Park is also suspected of trying to hack into Lockheed Martin’s THAAD Missile defense system project currently deployed in South Korea. He is suspected of working for North Korea’s Reconnaissance General Bureau, a leading intelligence agency of that country.

The complaint against Park describes a “wide-ranging, multi-year conspiracy to conduct computer intrusions and commit wire fraud by co-conspirators working on behalf of the government of the Democratic People’s Republic of Korea, commonly known as North Korea.”

In 2014, the U.S. officials said unnamed North Korean hackers were responsible for the cyber attacks launched on Sony, which resulted in the loss of internal documents and data.

The hack on Sony Pictures came after Pyongyang sent a letter to the United Nations demanding that the movie production house not move forward with the movie “The Interview,” that showed the North Korean dictator Kim Jong Un in a negative light.

Park exploited multiple social media personas by sending malicious links to individuals involved in the production of the movie, the complaint said. The malicious links carried North Korean-controlled malware.

In 2017, WannaCry ransomware made headlines as one of the most widespread cyber attacks in history that brought up to 3,00,000 computers running Windows operating system in 150 countries to a standstill. Among the victims were Britain’s National Health Service (NHS), which had to close emergency rooms in a number of hospitals due to the hack.

Federal prosecutors have charged Park, who is not in custody, with conspiracy and conspiracy to commit wire fraud.

The Treasury Department, in a press release, said, “North Korea has demonstrated a pattern of disruptive and harmful cyber activity that is inconsistent with the growing consensus on what constitutes responsible state behavior in cyberspace.”

“Our policy is to hold North Korea accountable and demonstrate to the regime that there is a cost to its provocative and irresponsible actions.”

John Demers, the Assistant Attorney General of the National Security Division, said on Thursday, “The department has charged, arrested and imprisoned hackers working for the governments of China, Russia, and Iran. Today, we add the North Korean regime to our list, completing frankly four out of four of our principal adversaries in cyberspace.”

This is the first time the U.S. law enforcement agencies have formally charged a hacker involved in the North Korean “sponsored” cyber attacks. However, North Korea has denied the allegations of hacking.

The post North Korean hacker charged for WannaCry and Sony cyberattacks appeared first on TechWorm.

U.S. Charges North Korean Spy Over WannaCry and Sony Pictures Hack

The U.S. Department of Justice announces criminal charges against a North Korean government spy in connection with the 2017 global WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack. According to multiple government officials cited by the NY Times who are familiar with the indictment, the charges would be brought against Park Jin Hyok, who works for North Korean military

British Airways Hacked – 380,000 Payment Cards Compromised

British Airways, who describes itself as "The World's Favorite Airline," has confirmed a data breach that exposed personal details and credit-card numbers of up to 380,000 customers and lasted for more than two weeks. So who exactly are victims? In a statement released by British Airways on Thursday, customers booking flights on its website (ba.com) and British Airways mobile app between

19-Year-Old Hacker Arrested Over Making Hoax School and Flight Bomb Threats

British police have arrested a 19-year-old teen who is an alleged member of Apophis Squad cybercriminal group responsible for making hoax bomb threats to thousands of schools and airlines; and DDoSing ProtonMail and Tutanota secure email services. George Duke-Cohan was arrested in his bedroom at his family home in Watford by British National Crime Agency (NCA) on 31st August and pledged

Cisco Issues Security Patch Updates for 32 Flaws in its Products

Cisco today released thirty security patch advisory to address a total of 32 security vulnerabilities in its products, three of which are rated critical, including the recently disclosed Apache Struts remote code execution vulnerability that is being exploited in the wild. Out of the rest 29 vulnerabilities, fourteen are rated high and 15 medium in severity, addressing security flaws in Cisco

Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic

Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks. Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy

Hacker Who Leaked Celebrities’ Naked Photos Gets 8 Months in Prison

George Garofano (left) The fourth celebrity hacker—who was charged earlier this year with hacking into over 250 Apple iCloud accounts belonged to Jennifer Lawrence and other Hollywood celebrities—has been sentenced to eight months in prison. Earlier this year, George Garofano, 26, of North Branford, admitted to illegally obtaining credentials of his victims' iCloud accounts using a phishing

Air Canada Suffers Data Breach — 20,000 Mobile App Users Affected

Air Canada has confirmed a data breach that may have affected about 20,000 customers of its 1.7 million mobile app users. The company said it had "detected unusual log-in behavior" on its mobile app between August 22 and 24, during which the personal information for some of its customers "may potentially have been improperly accessed." <!-- linkads --> The exposed information contains basic

T-Mobile Hacked — 2 Million Customers’ Personal Data Stolen

T-Mobile today confirmed that the telecom giant suffered a security breach on its US servers on August 20 that may have resulted in the leak of "some" personal information of up to 2 million T-Mobile customers. The leaked information includes customers' name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid). However, the good news is that