Senators Calling for Data Breach Penalties & Tougher Privacy Laws in Light of Marriott Hack

A group of senators is calling for much tougher privacy and data laws, including fines for companies failing to protect their customers’ data from breaches. This comes in the aftermath of Marriott’s admission that hackers compromised the personal information of up to 500 million of its customers (a figure that is not entirely possible since 500 million customers aren’t within their monetary footprint by world income projections). Senator Richard Blumenthal (Conn.) tweeted “We must set clear customer data protection standards for all companies — whether they’re hotel chains, online retailers, […]

Do You Use ElasticSearch? Chances Are Your Data Was Exposed

ElasticSearch had a server expose the personal data of over 57 million US citizens. The Leaky database that housed this data was taken offline, but the user details were still leaked for nearly two weeks. The server that was left wide open on the Internet without any password or authentication protection has lead to the leak of persional information of nearly 57 million Americans… for nearly two weeks. The server was found by Bob Diachenko, Director of Cyber Risk Research for cybersecurity firm Hacken. This was identified as part of […]

FBI Shut Down 3ve – Multimillion Dollar Ad Fraud Op

The FBI has worked with Google, WhiteOps (the ad-fraud fighting company), and a collective of other cyber companies to shut one of the biggest ad-fraud schemes that infected over 1.7 million computers to generate fake clicks. This 3ve operation also defrauded online advertisers for multiple years, generating tens of millions in revenue. The attack/campaign has been dubbed the name 3ve (pronounced “Eve”). It is believed to have originated in 2014; however, its fraudulent activity grew last year, which turned it into a large-scale business and provided the operators with more […]

Thousands of Dark Web Pages Down

Hackers have removed and/or deleted over 6,500 sites that were held on a popular dark web server. Daniel’s Hosting, a site that was leveraged to host pages on the TOR hidden network has fallen victim to an attack. Of course, no back-ups were kept of the pages it hosted, and the administrator of Daniel’s Hosting, Daniel Winzen, said the service should be back up in December. “Around 6,500 hidden services were hosted on the server,” wrote Mr Winzen in a message put on the welcome page of the web companion to the […]

New Zealand Prevents Huawei 5G Tech

New Zealand (NZ) is now the latest country that has decided to block a proposal to use telecom equipment from China’s Huawei technology firm due to national security concerns. Spark New Zealand wanted to use Huawei equipment within its 5G mobile network, but the NZ government security agency has stated the deal would likely introduce major risks and concerns to national security. This is a piece of a bigger puzzle being a push against the involvement of Chinese tech firms on security grounds, largely in part to their relation to […]

US Postal Service Leaked Data of 60 Million Users for at Least a Year

A recent discovery has identified that the US Postal Service (USPS) has ignored an authentication oversight that exposed millions for more than a year. This exposure has impacted more than 60 million users, those being individuals who have logged into their web service. A researcher who has chosen to remain anonymous identified that an application programming interface (API) used by the USPS to support its “Informed Visibility” service did not maintain proper access control standards for reading data belonging to other users’ accounts. This includes their email address, username, user […]

WordPress Design Issue with WooCommerce Vulnerability Allows Site Takeover

A newly-recognized design flaw in the WordPress permission system referenced by plugins combined with the file deletion vulnerability in WooCommerce will allow attackers to acquire full control over a WordPress website. WooCommerce is an eCommerce plugin that is very popular, with over 4 million active installations. The plugin adds eCommerce functionality to blogs so that the site owners can can host stores on the same site. Whenever WordPress plugins are installed that utilize different user roles, they use the built-in WordPress permission system. This is as opposed to creating their […]

Elon Musk Fake Twitter Account’s Bitcoin Scam Raked in More Than 180k in a Single Day

A notoriously widespread scam related to a fake Elon Musk Twitter account has made significant amounts of bitcoin. The scam utilizes a stream of hacked Twitter accounts and different fake giveaway sites, and has earned the scammer(s) over 28 BTC (180k) in a single day… The attackers are pulling the scam off by hacking into different verified Twitter accounts and then changing the name of the profile to Elon Musk. Afterwards, they tweet out that Elon is creating a huge crypto-giveaway of 10,000 BTC. The posts say: “I’m giving 10 […]

Common SSD Brands Allow Bypass of Hardware Disk Encryption

Severe flaws have been identified in major SSD brands. Researchers found these flaws can be exploited to bypass hardware decryption, even without a password… In a new report called “Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)”, researchers Carlo Meijer and Bernard van Gastel (Radboud University) mentioned how they modified the firmware and used a debugging interface to change the password validation routine in SSD drives to decrypt hardware-encrypted data without knowing the password. Meijer and Gastel tested these methods against popular SSD drives. This includes Samsung 840 EVO, Samsung 850 […]

Know What’s Out There: Here’s a List of USB Hacking Techniques

The following article was written by Catalin Cimpanu of bleepingcomputer.com. This is simply a re-post, with Bleepingcomputer maintaining rights and owning the content. Researchers from the Ben-Gurion University of the Negev in Israel have identified 29 ways in which attackers could use USB devices to compromise users’ computers. The research team has classified these 29 exploitation methods in four different categories, depending on the way the attack is being carried out. A) By reprogramming the USB device’s internal microcontroller. The device looks like a particular USB device (e.g.: charger), but […]