Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: #Hackers (Page 1 of 8)

Anonymous Claims to Have Stolen Huge Trove of Data From Epik, the Right-Wing’s Favorite Web Host

fe463e13243a2db549fabe7ee08c07eb.jpg

Members of the hacktivist collective Anonymous claim to have hacked web registration company Epik, allegedly stealing “a decade’s worth of data,” including reams of information about its clients and their domains.

Read more…

Source: https://gizmodo.com/anonymous-claims-to-have-stolen-huge-trove-of-data-from-1847673935
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Lucas Ropek

A Complete Guide to Not Getting Hacked

dc07161d07fda46b61d1e9afd243cc30.jpg

As safe as you might feel sitting at your laptop, happily typing and posting and scrolling, we all know the truth: the internet is actually a giant hellscape full of spies, criminals, ransomware, and all kinds of other dangerous shit.

Read more…

Source: https://gizmodo.com/a-complete-guide-to-not-getting-hacked-1847400695
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Lucas Ropek

T-Mobile’s Data Breach Is Real And Worse Than You Imagined

T-Mobile storefrontAlastair Pike/AFP/Getty Images

Earlier this week, T-Mobile confirmed news and reports that the company had been hacked and experienced a wide customer data breach. And while the company’s findings show not all 100+ million customers are affected, it’s still bad news, and the details are going from bad to worse.

After confirming over 40 million customers’ user data was compromised, on Friday, the mobile carrier reported that hackers illegally accessed customer names, dates of birth, phone numbers, social security numbers, addresses, and even IMEI numbers for customer devices. This includes current, former, and potential customers, as well as postpaid users.

T-Mobile also said it had identified an additional 667,000 accounts of former customers that were accessed. This is bad news as hackers can easily use that info for identity theft, SIM swapping attacks to intercept secure two-factor logins, and other harmful activities.

So far, the number of affected customers is over 50 million. In a press release, the company said it’s taking immediate steps to help protect affected customers and is coordinating with law enforcement.

“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” said the company. “While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”

The company has now opened a dedicated webpage full of information for customers. Here, T-Mobile users can find information on how to change their PIN or passwords or sign up for a complimentary 2-years of McAfee ID Theft Protection services. T-Mobile recommends postpaid customers change their PIN and have already alerted many users or reset it themselves.

via The Verge

Source: https://www.reviewgeek.com/95482/t-mobiles-data-breach-is-real-and-worse-than-you-imagined/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Cory Gunther

T-Mobile confirms data breach affects over 47 million people

f6504e10-0a0e-11eb-bffe-84d3e0cb9010

As part of its ongoing data breach investigation, T-Mobile has confirmed the enormity of the stolen information. Roughly 47.8 million current and former or prospective customers have been affected by the cyberattack on its systems, the carrier confirmed on Wednesday. Of that number, about 7.8 million are current T-Mobile postpaid accounts and the rest are prior or potential users who had applied for credit, the company added in a press release

Worryingly, the data includes some personal information including the first and last names, date of birth, SSN, and driver’s license/ID information for a “subset of customers.” So far, T-Mobile said it does not have any indication that the stolen files contain phone numbers, account numbers, passwords or financial information.

What’s more, the company said about 850,000 active T-Mobile prepaid customers also had their names, phone numbers and account PINs exposed. The affected users do not include Metro by T-Mobile, former Sprint prepaid, or Boost users and T-Mobile said it has reset the PINs on these accounts. In addition, it claimed that “some additional information” from inactive prepaid accounts was accessed through prepaid billing files.

The findings from the carrier’s preliminary analysis come just days after it was notified of a data breach. Initially, it was reported that a member of an underground forum claimed to have obtained the data for over 100 million T-Mobile customers. The culprit was reportedly selling information of about 30 million T-Mobile customers for about $270,000 in Bitcoin. 

As part of its compensation and mitigation efforts, T-Mobile is offering affected customers two years of McAfee’s ID Theft Protection Service; recommending all postpaid users change their PIN; and setting up an online resource page. T-Mobile said that it began coordination with law enforcement on Tuesday as its investigation into the data breach — the third such attack it has suffered in the past two years — continues.

Source: https://www.engadget.com/t-mobile-data-breach-affected-people-103104868.html?src=rss
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Saqib Shah

T-Mobile confirms unauthorized access to ‘some’ data

016d3470-0a10-11ea-b3ab-05aa46926fd7

Following reports of a data breach over the weekend, T-Mobile has confirmed it’s investigating a cybersecurity incident. In an update published on Monday, the company said someone gained unauthorized access to its computer systems, but that it has yet to determine if any customer data was stolen.

“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” the carrier said.

When Motherboard first broke the news of the data breach on Sunday, the information of about 30 million T-Mobile customers was on sale on the dark web for about $270,000 in Bitcoin. A hacker told the outlet they had obtained social security and IMEI numbers connected to more than 100 million people. As of the second quarter of 2021, T-Mobile had 104.7 million subscribers. The carrier said it could not “confirm the reported number of records affected or the validity of statements made by others” until it completes its investigation. Once it knows more about the situation, T-Mobile promises to proactively contact customers.

Source: https://www.engadget.com/t-mobile-confirms-data-breach-203719462.html?src=rss
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Igor Bonifacic

Critical Cobalt Strike bug leaves botnet servers vulnerable to takedown

You did a bad bad thing.

Enlarge / You did a bad bad thing. (credit: Getty Images)

Governments, vigilantes, and criminal hackers have a new way to disrupt botnets running the widely used attack software Cobalt Strike, courtesy of research published on Wednesday.

Cobalt Strike is a legitimate security tool used by penetration testers to emulate malicious activity in a network. Over the past few years, malicious hackers—working on behalf of a nation-state or in search of profit—have increasingly embraced the software. For both defender and attacker, Cobalt Strike provides a soup-to-nuts collection of software packages that allow infected computers and attacker servers to interact in highly customizable ways.

The main components of the security tool are the Cobalt Strike client—also known as a Beacon—and the Cobalt Strike team server, which sends commands to infected computers and receives the data they exfiltrate. An attacker starts by spinning up a machine running Team Server that has been configured to use specific “malleability” customizations, such as how often the client is to report to the server or specific data to periodically send.

Read 11 remaining paragraphs | Comments

index?i=aDwsn33khug:JLLa6ZeGIck:V_sGLiPB index?i=aDwsn33khug:JLLa6ZeGIck:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA

Source: https://arstechnica.com/gadgets/2021/08/critical-cobalt-strike-bug-leaves-botnet-servers-vulnerable-to-takedown/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Dan Goodin

Over 100 warship locations have been faked in one year

63697eb0-f247-11eb-bd7f-00dcafc086fa

Abuses of location technology might just result in hot political disputes. According to Wired, SkyWatch and Global Fishing Watch have conducted studies showing that over 100 warship locations have been faked since August 2020, including the British aircraft carrier Queen Elizabeth and the US destroyer Roosevelt. In some cases, the false data showed the vessels entering disputed waters or nearing other countries’ naval bases — movements that could spark international incidents.

The research team found the fakes by comparing uses of the automatic identification system (AIS, a GPS-based system to help prevent collisions) with verifiable position data by using an identifying pattern. All of the false info came from shore-based AIS receivers while satellites showed the real positions, for instance. Global Fishing Watch had been investigating fake AIS positions for years, but this was the first time it had seen falsified data for real ships.

It’s not certain who’s faking locations and why. However, analysts said the data was characteristic of a common perpetrator that might be Russia. Almost all of the affected warships were from European countries or NATO members, and the data included bogus incursions around Kaliningrad, the Black Sea, Crimea and other Russian interests. In theory, Russia could portray Europe and NATO as aggressors by falsely claiming those rivals sent warships into Russian seas.

Russia has historically denied hacking claims. It has a years-long history of using fake accounts and misinformation to stoke political tensions that further its own ends, though. And if Russia is connected, the faked warship locations might be a significant escalation of that strategy. Even though such an approach might not lead to shooting matches, it could get disconcertingly close.

Source: https://www.engadget.com/warship-fake-locations-221800228.html?src=rss
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Jon Fingas

White House blames China for Microsoft Exchange cyberattacks

e35121f0-e88d-11eb-bfff-2ae41ba058e5

The Biden administration isn’t hesitating to blame China for a string of Microsoft Exchange cyberattacks. The White House has declared “with a high degree of confidence” that hackers linked to China’s Ministry of State Security (MSS) were responsible for a digital espionage campaign using the Exchange vulnerabilities. Officials have confronted senior Chinese leadership with this and “broader” hostile online activity, the White House said.

The US further accused China of running an intelligence operation that relied on “contract hackers” who frequently launched attacks meant solely for profit, such as ransomware schemes and crypto jacking. The Chinese government’s reported unwillingness to tackle these abuses is believed to hurt businesses, governments and infrastructure with “billions of dollars” in damage, the White House said.

Accordingly, the Justice Department has revealed indictments of four MSS-affiliated Chinese men for allegedly conducting an extended hacking campaign meant to steal intellectual property and trade secrets, including health research. The initiative, which ran between 2011 and 2018, reportedly saw Ding Xiaoyang, Cheng Qingmin, Zhu Yunmin and Wu Shurong compromise comptuers worldwide to grab information ranging from autonomous vehicle technology and chemical formulas through to research on Ebola, AIDS and other diseases.

Biden’s administration has already taken multiple actions in response to attacks, including “proactive network defense actions” like deleting backdoors on compromised Exchange servers. It added private companies to its Unified Coordination Group to bolster its security incident response. CISA, the FBI and the NSA also released an advisory outlining China’s strategy for compromising US and ally networks using the Exchange holes and other methods.

This comes on top of stricter security rules for pipeline companies as well as a pilot to tackle vulnerabilities in sectors like electricity and water supply.

China has historically denied involvement in attacks like these, and it’s doubtful the country will have a change of heart after this. The White House effort is more of a warning — the US will not only pin attacks on China, but respond to them in kind.

Source: https://www.engadget.com/white-house-blames-china-for-exchange-cyberattacks-132053693.html?src=rss
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Jon Fingas

« Older posts