Post Syndicated from Darknet original https://www.darknet.org.uk/2019/06/us-government-cyber-security-still-inadequate/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
Surprise, surprise, surprise – an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
US Government security has often been called into question but we’d hope in 2019 it would have gotten better and at least everyone would have adopted the anti-virus solution introduced in 2013..
A committee report (PDF) examining a decade of internal audits this week concluded that outdated systems, unpatched software, and weak data protection are so widespread that it’s clear American bureaucrats fail to meet even basic security requirements.
Read the rest of US Government Cyber Security Still Inadequate now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2018/10/httrack-website-downloader-copier-site-ripper-download/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
HTTrack Website Downloader & Site Ripper
HTTrack allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting all the HTML, images, and other files from the server to your computer.
HTTrack arranges the original site’s relative link-structure, which allows you to simply open a page of the “mirrored” website in your browser, and you can browse the site from link to link as if you were viewing it online.
Read the rest of HTTrack – Website Downloader Copier & Site Ripper Download now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2018/05/yahoo-fined-35-million-usd-for-late-disclosure-of-hack/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 years delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public – Massive Yahoo Hack – 500 Million Accounts Compromised.
Yahoo! has been having a rocky time for quite a few years now and just recently has sold Flickr to SmugMug for an undisclosed amount, I hope that at least helps pay off some of the fine.
Read the rest of Yahoo! Fined 35 Million USD For Late Disclosure Of Hack now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2018/04/myetherwallet-dns-hack-causes-17-million-usd-user-loss/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
Big news in the crypto scene this week was that the MyEtherWallet DNS Hack that occured managed to collect about $17 Million USD worth of Ethereum in just a few hours.
The hack itself could have been MUCH bigger as it actually involved compromising 1300 Amazon AWS Route 53 DNS IP addresses, fortunately though only MEW was targetted resulting in the damage being contained in the cryptosphere (as far as we know anyway).
Read the rest of MyEtherWallet DNS Hack Causes 17 Million USD User Loss now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2018/03/cambridge-analytica-facebook-data-scandal/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
It’s kicking off in the UK and the US and Mark Zuckerberg has had to come out publically and apologise about the involvement of Facebook.
This goes deep with ties to elections and political activities in Malaysia, Mexico, Brazil, Australia and Kenya.
Read the rest of Cambridge Analytica Facebook Data Scandal now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2018/03/memcached-ddos-attacks-will-be-big-in-2018/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
So after the massive DDoS attack trend in 2016 it seems like 2018 is going to the year of the Memcached DDoS amplification attack with so many insecure Memcached servers available on the public Internet.
Unfortunately, it looks like a problem that won’t easily go away as there are so many publically exposed, poorly configured Memcached servers online (estimated to be over 100,000).
Honestly, Github handled the 1.3Tbps attack like a champ with only 10 minutes downtime although they did deflect it by moving traffic to Akamai.
Read the rest of Memcached DDoS Attacks Will Be BIG In 2018 now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2018/02/0-day-flash-vulnerability-exploited-in-the-wild/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
So another 0-Day Flash Vulnerability is being exploited in the Wild, a previously unknown flaw which has been labelled CVE-2018-4878 and it affects 188.8.131.52 and earlier versions for both Windows and Mac (the desktop runtime) and for basically everything in the Chrome Flash Player (Windows, Mac, Linux and Chrome OS).
The full Adobe Security Advisory can be found here:
– Security Advisory for Flash Player | APSA18-01
Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers.
Read the rest of 0-Day Flash Vulnerability Exploited In The Wild now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2017/11/uber-paid-hackers-hide-57-million-user-data-breach/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
Uber is not known for it’s high level of ethics, but it turns out Uber paid hackers to not go public with the fact they’d breached 57 Million accounts – which is a very shady thing to do. Getting hacked is one thing (usually someone f*cked up), but choosing as a company to systematically cover up a breach to the tune of $100,000 – that’s just wrong.
57 Million is a fairly significant number as well with Uber having around 40 Million monthly users, of course, it’s not the scale of Equifax with 143 Million (or more).
Read the rest of Uber Paid Hackers To Hide 57 Million User Data Breach now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2017/11/terabytes-us-military-social-media-spying-s3-data-exposed/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
Once again the old, default Amazon AWS S3 settings are catching people out, this time the US Military has left terabytes of social media spying S3 data exposed to everyone for years.
It’s not long ago since a Time Warner vendor and their sloppy AWS S3 config leaked over 4 million customer records and left S3 data exposed, and that’s not the only case – there’s plenty more.
Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing “dozens of terabytes” of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest.
Read the rest of Terabytes Of US Military Social Media Spying S3 Data Exposed now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2017/11/ethereum-parity-bug-destroys-250-million-tokens/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
If you are into cryptocurrency or blockchain at all, you will have heard about the Ethereum Parity Bug that has basically thrown $280 Million value or more of Ethereum tokens in the bin.
It’s a bit of a mess really, and a mistake by the developers who introduced it after fixing another bug back in July to do with multisig wallets (wallets which multiple people have to agree to transactions).
You can see the thread on Github here: anyone can kill your contract #6995
There’s a lot of hair-pulling among Ethereum alt-coin hoarders today – after a programming blunder in Parity’s wallet software let one person bin $280m of the digital currency belonging to scores of strangers, probably permanently.
Read the rest of Ethereum Parity Bug Destroys Over $250 Million In Tokens now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2017/11/malaysia-telco-hack-corporations-spill-46-million-records/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
The Malaysia Telco Hack has been blowing up in the news with over 46 Million Records being leaked including IMEI numbers, SIM card details, serial numbers and home addresses.
This is an interesting one for me as I live in Malaysia, so this Malaysia Telco Hack was big news over here, especially seen as though from the numbers it looks to affect pretty much every single person in the country (and many more than once with a popular of 31 million).
Read the rest of Malaysia Telco Hack – Corporations Spill 46 Million Records now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2017/10/need-know-krack-wpa2-attack/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself, not the implementation. It’s a flaw in the 4 way handshake for WP2 compromised by a Key Reinstallation Attack.
This means any device that has correctly implemented WPA2 is likely affected (so basically everything that has Wi-Fi capability) – this includes Android, Linux, Apple, Windows, OpenBSD and more.
Read the rest of What You Need To Know About KRACK WPA2 Wi-Fi Attack now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2017/10/taringa-hack-27-million-user-records-leaked/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it’s not often covered in the Western media with it being a Latin American site (something like Reddit).
The leak happened in August and it seems like the hackers were able to brute force around 95% of the account passwords fairly quickly with Taringa using an outdated and flawing hashing algorithm – md5.
Read the rest of Taringa Hack – 27 Million User Records Leaked now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2017/10/equifax-hack-blamed-on-single-employee/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn’t been patched.
Now it seems the CEO Rick Smith is basically placing the blame on a single employee that failed to pass a message on to the right people, rather than taking responsibility for an organisational failure. It’s also interesting there was a scheduled security scan not long after the flaw was disclosed and it wasn’t detected.
Read the rest of Equifax Hack Blamed On Single Employee now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2017/09/deloitte-hacked-client-emails-usernames-passwords-leaked/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
It seems to be non-stop lately, this time it’s Deloitte Hacked, which has also revealed all kinds of publically accessible resources that really should be more secure (VPN, RDP & Proxy services).
The irony is that Deloitte positions itself as a global leader in information security and offers consulting services to huge clients all over the planet, now it seems they don’t take their own advice. Honestly this is not all that uncommon, it’s human nature to leave your own stuff last as it doesn’t directly impact revenue or value (until you get hacked).
Read the rest of Deloitte Hacked – Client Emails, Usernames & Passwords Leaked now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2017/09/ccleaner-hack-spreading-malware-specific-tech-companies/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
The CCleaner Hack is blowing up, with it initially estimated to be huge, it’s hit at least 700,000 computers and is specifically targeting 20 top tech organisations including Cisco, Intel, Microsoft, Akamai, Samsung and more for a second, more intrusive and pervasive layer of infection.
This could be classified as slightly ironic too as CCleaner is extremely popular software for removing crapware from computers, it was a clever assumption that a corrupt version would find itself installed in some very high-value networks.
Read the rest of CCleaner Hack – Spreading Malware To Specific Tech Companies now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2017/09/equifax-data-breach-hack-due-to-missed-apache-patch/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
The original statement about the breach is as follows for those that weren’t up to date with it, which came out Sept 7th (4 months AFTER the breach happened).
Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S.
Read the rest of Equifax Data Breach – Hack Due To Missed Apache Patch now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2017/09/time-warner-hacked-aws-config-exposes-4m-subscribers/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed
What’s the latest on the web, Time Warner Hacked is what it’s about now as a bad AWS S3 config (once again) exposes the details of approximately 4 Million subscribers.
This follows not long after the Instagram API leaking user contact information and a few other recent leaks involving poorly secured Amazon AWS S3 buckets and I’d hazard a guess that it won’t be the last.
Records of roughly four million Time Warner Cable customers in the US were exposed to the public internet after a contractor failed to properly secure an Amazon cloud database.
Read the rest of Time Warner Hacked – AWS Config Exposes 4M Subscribers now! Only available at Darknet.
Post Syndicated from Darknet original https://www.darknet.org.uk/2017/08/instagram-leak-api-spills-high-profile-user-info/?utm_source=darknet&utm_medium=rss&utm_campaign=feed
Another high profile Instagram leak, this time no there’s actual tangible repercussions other than it could possibly link to the recent Justin Bieber nudes leaked via a compromise of Selena Gomez’s account.
There isn’t a whole lot of details about what actually happened, in terms of what went wrong with the API? A wild guess would be some kind of authentication or token bug in the API that allowed you to access certain information about other users that you weren’t supposed to be able to get access to.
Read the rest of Instagram Leak From API Spills High Profile User Info now! Only available at Darknet.