Category Archives: Cybercrime

November Surprise: Info on 62 Million US Voters Up for Sale on Darknet – Report

An Israeli cybersecurity firm made the discovery just days before Tuesday’s vote, when millions of Americans go to the polls to elect House and Senate lawmakers, as well as a host of state and local representatives and officials.

Israeli cybersecurity company ClearSky Cyber Security has found a Darknet Dream Market data pool containing detailed information on 62 million registered American voters from 17 states, the company’s CEO has told Haaretz.

Share

Hacker selling US military documents online… because someone forgot to change a default password

Sensitive military documents have been put up for sale in online hacking forums after someone forgot to change a default password, according to a security firm that discovered the breach.

Documents for sale include maintenance manuals for servicing MQ-9 Reaper drones, training manuals describing deployment tactics for improvised explosive devices (IEDs), documents detailing tank platoon tactics and an M1 ABRAMS tank operation manual, Bleeping Computer reported.

Security firm Recorded Future discovered the documents for sale online and said the hacker who stole them was selling the information for the surprisingly low bargain price of between $150 and $200.

Share

Bitcoin price plunges after cryptocurrency exchange is hacked

Security fears rise as South Korea’s Coincheck loses about £28m of virtual currency

There has been a sharp drop in the price of bitcoin and other virtual currencies after South Korean cryptocurrency exchange Coinrail was hacked over the weekend.

A tweet confirming the cyber-attack sent the price of bitcoin tumbling 10% on Sunday to two-month lows.

The world’s best-known cryptocurrency lost $500 (£372) in an hour, dropping to $6,627 on the Luxembourg exchange Bitstamp, while most other digital currencies also recorded large losses.

Share

‘Catastrophic disaster’: Aircraft hack only matter of time, US agencies warn

It is “only a matter of time” until a commercial aircraft is hacked, the Department of Homeland Security and other US government agencies have warned. Most planes lack cybersecurity protections to prevent such a hack.

Motherboard obtained internal DHS documents through a Freedom of Information Act request which detail vulnerabilities with commercial aircraft and risk assessments. A number of the documents are still being “withheld pursuant to exemption” of the FOIA.

The release includes a January presentation from Pacific Northwest National Laboratory (PNNL), part of the Department of Energy, outlining the group’s efforts to hack an aircraft via its wifi service as a security test.

Share

Saks 5th Avenue data breach compromises customers’ credit card info

Hudson’s Bay Co. says customer payment card information was involved in a “data security issue” at certain Saks Fifth Avenue, Saks OFF 5th and Lord & Taylor stores in North America.

The company didn’t say whether any Canadian locations were affected.

It says the investigation is ongoing, but there’s no indication that the breach affects the company’s digital platforms or Hudson’s Bay and Home Outfitters stores.

HBC says there could be fraudulent charges to customers’ accounts because of the breach, but adds that those customers won’t be liable to pay them.

Glad I can’t afford to shop at Saks.

Share

North Korea steps up cyber powers with shadowy ‘Reaper’ hacker group

North Korea is stepping up its cyber capabilities to target international aerospace and defence industries through a shadowy and sophisticated hackers group called Reaper, a new report revealed on Tuesday.

The group, also known as APT37, was identified in research by American private security company FireEye, which tracks cyber-attackers around the world.

They reported that it is using malware to infiltrate computer networks and now represents “an advanced persistent threat” that has dramatically increased the reach of North Korea’s already formidable cyber operations

Share

Secret iPhone code published online in ‘biggest ever’ leak

A secret part of Apple’s iPhone software has been posted online in a leak that could potentially allow hackers to find security holes in the smartphone.

Although the release does not immediately put iPhone owners at risk, security experts said the leak enables hackers to analyse Apple’s code, replicate and manipulate it for malicious purposes and that users could be vulnerable in the future.

On Wednesday night, an anonymous user published part of the “source code” – the computing instructions that underpin the iOS software – on GitHub, a website for computer programmers to share code.

Share

Cryptocurrency mining malware infects over 500,000 PCs with NSA exploit

New cryptocurrency mining viruses have lately spread to infect Windows computers as virtual currency-related malware becomes popular and profitable among cyber criminals.

The viruses are being spread using same EternalBlue exploit, which has been developed by the US National Security Agency (NSA). The exploit was recently used as part of the worldwide WannaCry ransomware attack.

According to researchers from Proofpoint, a massive global botnet dubbed ‘Smominru’ is using EternalBlue SMB exploit to infect PCs and secretly mine monero cryptocurrency (valued at $245.47) for its master.

Share

Hackers are making U.S. ATMs spit out cash like slot machines

Hackers able to make ATMs spit cash like winning slot machines are now operating inside the United States, marking the arrival of “jackpotting” attacks after widespread heists in Europe and Asia, according to the world’s largest ATM makers and security news website, Krebs on Security.

Thieves have used skimming devices on ATM machines to steal debit card information, but “jackpotting” augurs more sophisticated technological challenges that American financial firms will face in coming years.

Share

Coincheck: World’s biggest ever digital currency ‘theft’

One of Japan’s largest digital currency exchanges says it has lost some $534m (£380m) worth of virtual assets in a hacking attack on its network.

Coincheck froze deposits and withdrawals for all crypto-currencies except Bitcoin as it assessed its losses in NEM, a lesser-known currency.

It may be unable to reimburse the funds lost on Friday, a representative told Japanese media.

If the theft is confirmed, it will be the largest involving digital currency.

Share