Search the Community: Showing results for tags 'Hacking News'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • ChainScriptz
    • News
    • Site Updates
    • Add Links
    • Feedback and Comments
  • Miscellaneous
    • Welcome Intro
    • Jokes
    • Chit Chat
    • Radio Stations
    • Hot Picks
    • Test Forum
  • IRC Help and News
    • Scripting Help
    • IRCd Snippets
    • IRCd Chat
    • Chat Networks
    • Eggdrop
    • Script Reviews
    • mIRC Chat
    • IRC Servers & Rooms
    • mIRC Tutorials
    • IRC Clients
  • Tutorials
    • IRC Network Tutorials
    • IRC Client Tutorials
  • Coding Corner
    • WebSite Corner
  • Archives
    • MSN Chat
    • Defunct Chat Networks
    • Gallery
  • Sparkpea
  • Oasiz Chat
  • Phreik Chat
  • Icons & Toolbars
  • Koach.com
  • MTS Themes
  • MSN Old Scriptz
  • New Downloads
  • Support Files & DLL's
  • Vibe SN
  • Maztal
  • Slovenain Scriptz
  • Italian Scriptz
  • Turkish IRC Scriptz
  • Greek Scriptz
  • Script Support Files & DLL's
  • Groups
  • Security Software - Daily Updates
  • Security Programs - Updates
  • General Software - Updates
  • Other Operating Systems - Updates
  • Social Networks
  • Software Reviews
  • Security News and Alerts
  • Virus, Spyware and Trojan Removal
  • Security Bulletins

Categories

  • Info Addons
  • Buzzen
    • Buzzen Addons
    • Buzzen Archives
  • Sparkpea (ircwx)
    • Sparkpea Scripts (ircwx)
    • Sparkpea Connections (ircwx)
  • Scriptz(IRC)
    • Addons
    • War Scriptz
  • International Scripts(IRC)
    • Greek IRC Scriptz
    • Italian Scriptz
    • Slovenain Scriptz
    • Turkish IRC Scriptz
    • Swedish Scripts
    • Russian Scriptz
    • French Scriptz
  • TCN
  • essential chat
  • Net4110
  • Script Support Files & DLL's
  • IRC Administration Resources
  • IRCd's
  • Server Clients
  • Phoenix Chat
  • Scripting Essentials
  • Phreik Chat
    • Addons
    • Games
  • MSN Archive Scripts
    • MSN Addons
  • Sparkpea Scripts
    • Sparkpea Connections
    • Sparkpea Addons
    • Sparkpea Vincula Scripts
    • sparkpea Trivia & Game scripts
  • Tutorials
  • EggDrop
    • Anti-Spam Scripts
    • Info Scripts
  • Dlls

Calendars

  • Community Calendar

Found 7 results

  1. A few days ago, security experts at CheckPoint software have disclosed a critical 19-year-old vulnerability in the WinRAR that could be exploited by attackers to gain full control over a target computer. Over 500 million users worldwide use the popular software and are potentially affected by the flaw that affects all versions of released in the last 19 years. The flaw is an “Absolute Path Traversal” issue a third-party library, called UNACEV2.DLL, that could be exploited to execute arbitrary code by using a specially-crafted file archive. https://securityaffairs.co/wordpress/81669/hacking/winrar-exploit-malspam.html
  2. After an emergency meeting, the Internet Corporation for Assigned Names and Numbers (ICANN) confirmed that the global Internet infrastructure is facing large-scale attacks. ICANN warns of “an ongoing and significant risk” to key components of the Internet infrastructure. “The Internet Corporation for Assigned Names and Numbers (ICANN) believes that there is an ongoing and significant risk to key parts of the Domain Name System (DNS) infrastructure. ” reads the ICANN’s announcement. “They are going after the internet infrastructure itself,” ICANN chief technology officer David Conrad told AFP. “There have been targeted attacks in the past, but nothing like this.” Even if the attacks date back to 2017, in recent weeks the experts observed a spike in the malicious activities against the Internet infrastructure, threat actors are targeting the Domain Name System or DNS which are responsible for traffic rounting. https://securityaffairs.co/wordpress/81617/security/icann-alarm-internet-infrastructure.html
  3. WinRAR has patched a 19-year-old security vulnerability that allowed attackers to extract malicious software to anywhere on your hard drive. The vulnerability was discovered by researchers at Check Point Software Technologies, who realised that WinRAR’s support for the effectively defunct ACE archive format meant that it was still relying on an insecure and dated DLL file from 2006. The researchers have compiled a lengthy blog post explaining how they discovered the bug, but a short video tells you everything you need to know about how it works. Simply by renaming an ACE file to give it a RAR extension you can get WinRAR to extract a malicious program to a computer’s startup folder, meaning it will run automatically the next time the computer boots up.
  4. Roundup Let's kickstart your Monday with some lovely juicy computer security and screwups news, beyond what we reported last week. New round of data theft claimsThroughout last week, El Reg broke the news that more than 600 million accounts details had been stolen from more than a dozen websites, and were being offered for sale on the dark web by a single seller. One by one, the companies hit by the hacker confirmed their customer records had been swiped and touted online for Bitcoin. Just before the weekend, the miscreant put more databases up for sale on the dark web from more hacked websites. The purloined data is mostly usernames or email addresses as well as hashed passwords, sold to spammers and credential stuffers to exploit. Here's the list of purported account records for sale: Houzz: 57 million usernames and hashed passwords. The company is aware, and notified customers and law enforcement around early February that it had been ransacked by a hacker.YouNow: 40 million usernames and IP addresses. The company is aware, and said that no passwords were involved as it uses external sites for user authentication. YouNow says it does not believe the advertised data was stolen from its systems, and may have been scraped from its website – although that doesn't explain the IP addresses.ixgo: 18 million usernames and MD5 hashed passwords, which could be trivially easy to break.Stronghold Kingdoms: 5 million accounts and HMAC-RIPEMD160 hashed passwords.Roll20.net: 4 million usernames and bcrypt hashed passwords.ge.tt: 1.8 million usernames and sha256 hashed passwords.Petflow: 1.5 million usernames and MD5 hashed passwords, which could be trivially easy to break.CoinMama: 400,000 usernames and PHPASS hashed passwords.Plus, in late-breaking news: 60 million accounts from Pizap, 8 million from Gfycat, 20 million accounts from Storybird, Jobandtalent, Legendas.tv, and OneBip, 1.5 million from ClassPass, and one million from StreetEasy.Needless to say, if you have an account on any of these sites, you should expect to hear from them shortly. The stolen credentials were hashed, aka one-way encrypted, and some of the more secure algorithms, such as bcrypt, make it highly unlikely they could be solved to steal accounts, but it's better to be safe than sorry: wait for that password reset, and change the password on other sites where you've reused your passphrase. But we know Reg readers aren't reusing passwords across multiple sites, yeah? Prosecutors claim Stone link to WikiLeaksFriday afternoon's bad news dump contained a new allegation in the case against President Trump associate Roger Stone. US prosecutors say they have copies of direct communications between Stone and Wikileaks. If proven, that would place Stone within an alleged chain of communication that went from the Guccifer 2.0 hacking operation to WikiLeaks, to Stone, and possibly to the Trump campaign. Stone has plead not guilty. In brief... Duo Security has been probing around Apple's T2 security coprocessor. A facial recognition database he Chinese government uses to track Uyghur Muslims in the Xinjiang area has been facing the public internet for months. Also, it appears Twitter keeps hold of direct messages for years, even for deleted or suspended accounts. Facebook using tracking tools to watch 'threats'Stop us if you've heard this one before: a newly-uncovered practice at Facebook is raising possible privacy concerns. This time, it's a report from CNBC outlining how the social network uses its products to track users who they believe pose a credible threat to Facebook offices and employees. Dubbed "Bolo" (short for Be On Look Out) the tool has reportedly been in use for more than a decade. When a user is added to the Bolo list, Facebook's security team gets their information as well as their location information and photos. While Facebook maintains that the list is only used to protect its employees from credible threats of harm, the report suggests that in some cases people are added to the list for minor infractions, or because they were a former employee or contractor. The whole thing is a sticky situation. On one hand, Facebook can and should be able to protect its employees from any threat of harm. On the other, the social network doesn't exactly have the best track record when it comes to guarding privacy. Hackers show off remote-control tricks in Xiaomi scootersA report by security shop at Zimperium found that Xiaomi's M365 scooter model uses a potentially insecure Bluetooth control system that can be managed through a smartphone. The flaw is not within the scooter's hardware itself, but rather in the way the techie toys communicate with administrator devices over Bluetooth. The problem arises in the way that Bluetooth communication occurs. The hackers found that by default the scooter assumes the person running the application has already been authenticated. "During our research, we determined the password is not being used properly as part of the authentication process with the scooter and that all commands can be executed without the password," writes researcher Rani Idan. "The password is only validated on the application side, but the scooter itself doesn’t keep track of the authentication state." Fortunately, it does not look like this is a threat for any of the popular rent-a-scooter services popping up in cities. Of the major scooter carriers we talked to, only one still used the M365, and they had closed the described vulnerability long before putting the scooters on the street. Mac malware spreads via Windows PC appsA new outbreak of Mac malware infections is coming from an unlikely source: a Windows .EXE file. Researchers at Trend Micro say the infection disguises itself as an installer for the popular paid-for Little Snitch macOS security tool being spread for free on Torrent sites. Within the installer is a .EXE file, a Windows executable packed with the Mono .NET framework, which allows the executable to launch on a Mac and begin downloading adware and logging system information. Trend believes the unusual behavior is done to evade macOS's built-in security Gatekeeper tool that would otherwise spot the malicious activity: in other words, the operating system would stop the malware as an unsigned binary, or from an untrusted developer, but allows the .EXE to run. "We suspect that this specific malware can be used as an evasion technique for other attack or infection attempts to bypass some built-in safeguards such as digital certification checks since it is an unsupported binary executable in Mac systems by design," the security firm says. "We think that the cybercriminals are still studying the development and opportunities from this malware bundled in apps and available in torrent sites, and therefore we will continue investigating how cybercriminals can use this information and routine." Microsoft sacks SAC-TRedmond wants to make it a bit easier for companies to upgrade their PCs. To do that, Microsoft says it is doing away with the SAC-T designation on some versions of Windows. Previously, SAC-T, or Semi-Annual Channel (Targetted) had been designated for specific versions of Windows offered on Windows Update for Business. This was done as Microsoft was working to get the Windows and Office releases aligned on Update for Business. That work will be done in the upcoming Windows feature update. "Instead, you will find a single entry for each new SAC release. In addition, if you are using Windows Update for Business, you will see new UI and behavior to reflect that there is only one release date for each SAC release," writes Microsoft's John Wilcox. "If you use System Center Configuration Manager, Windows Server Update Services (WSUS), or other management tools, there will now only be one feature update published to WSUS, and this will occur at the time of release. by: https://www.theregister.co.uk
  5. In January, security researchers from Symantec found cryptomining applications in the Microsoft App Store, but they were published in the store between April and December 2018. It's not clear how many users downloaded or installed the apps, but they had almost 1,900 user ratings. [ Get inside the mind of a hacker, learn their motives and their malware. | Sign up for CSO newsletters! ] The rogue applications posed as browsers, search engines, YouTube video downloaders, VPN and computer optimization tutorials and were uploaded by three developer accounts called DigiDream, 1clean and Findoo. However, the Symantec researchers believe the apps were created by a single person or the same group of attackers since they all share the same origin domain on the backend. "As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers," the Symantec researchers said in a report Friday. "The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators. Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store." The programs were published as Progressive Web Applications (PWA), a type of app that works as a web page but also has access to the computer hardware through APIs, can send push notifications, use offline storage and behave a lot like a native program. Under Windows 10, these applications run independently from the browser, under a standalone process called WWAHost.exe. When executed, the applications call GTM, a legitimate service that allows developers to dynamically inject JavaScript into their applications. All the applications use the same unique GTM key, which further suggests they were created by the same developer. The script loaded by the apps is a variant of Coinhive, a Web-based cryptocurrency miner that has been used in the past by attackers to infect websites and hijack visitors' CPU resources. "We have informed Microsoft and Google about these apps’ behaviors," the Symantec researchers said. "Microsoft has removed the apps from their store. The mining JavaScript has also been removed from Google Tag Manager." [ Prepare to become a Certified Information Security Systems Professional with this comprehensive online course from PluralSight. Now offering a 10-day free trial! ]This incident shows that cryptocurrency mining remains of high interest to cybercriminals. Whether it's to hijack people's personal computers or servers in datacenters, they are always on the lookout for new ways to deploy coinminers. Over the past two years, attackers have launched coinmining attacks through Android apps hosted on Google Play, through browser extensions for Google Chrome and Mozilla Firefox, through regular desktop applications, through compromised websites and now, through Windows 10 PWA. There are also a variety of botnets that infect Linux and Windows servers with cryptocurrency mining programs by exploiting vulnerabilities in popular Web applications and platforms. Users are often advised to only download applications from trusted sources, whether on their mobile devices or computers. However, with rogue apps frequently finding their way into official app stores, relying only on that advice alone for protection is no longer an option. BY: https://www.itworld.com
  6. Lauri Love Pic: Katherine Da Silva / Shutterstock.comLauri Love, the Brit who beat US attempts to extradite him over accusations of hacking, is suing Blighty's National Crime Agency (NCA) to get back computing gear seized in 2013 as part of the case against him. More than five years ago, Love was indicted across the pond over allegations he hacked thousands of PCs in America and other countries, inserting backdoors into networks with the aim of circling back at a later date to pilfer confidential data. It was alleged Love had breached the security of NASA, the US military, and other government agencies. The following year, 2014, Uncle Sam added the Federal Reserve to that list. https://www.theregister.co.uk/2019/02/06/lauri_love_to_sue_national_crime_agency_uk/
  7. The US government has formally accused the North Korean government of being behind the Sony Pictures hack, the WannaCry ransomware that crippled the UK's National Health Service and other organizations, and a series of online bank heists including $81m stolen from Bangladesh's national bank. The state-sponsored attacks were allegedly carried out by a group of North Korean hackers who worked for a front company called Chosun Expo Joint Venture, the FBI and Department of Justice (DoJ) said at a press conference on Thursday. They named one of the group - called the Lazarus Group by security companies fighting to combat its actions – and put his name, Park Jin Hyok, and face on an FBI Wanted poster, adding that he is now considered a fugitive from justice. The US will impose additional sanctions against North Korea as a result of the findings of the investigation, a DoJ spokesperson noted. North Korea has long been suspected – and accused – of having carried out the Sony hack and being behind the WannaCry ransomware but today those accusations were made formal. A lengthy 179-page affidavit [PDF] from the special agent in charge of the investigation gives an extensive rundown of how the attacks were tracking back to Hyok, his hacking group, and eventually the North Korean government. It details how the group used multiple Gmail accounts and went to some lengths to cover their tracks but left a series of electronic breadcrumbs that ultimately led to the hackers and an email account that North Korean government officials were also seen to be using, making the connection to the government. GlobalOfficials stressed the global reach of the hacking group's actions, highlighting that over 100 search warrants were issued along with 85 requests to foreign countries for more information. "The scale and scope of the cyber-crimes alleged by the complaint is staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations," said John Demers, Assistant Attorney General for National Security. The group targeted entertainment groups and banks and then used the same code to create the WannaCry ransomware that caused global havoc, including crippling the National Health Service in the UK. The entertainment groups were targeted because of movies that depict the North Korean government unflatteringly. Sony was responsible for The Interview, a fictionalized assassination of North Korea's leader. Its systems were infiltrated through a spear-phishing attack and then personal emails from senior executives were leaked online, causing immense embarrassment. Copies of upcoming movies, including The Interview, were also placed online. The investigators revealed that cinema chain AMC was also targeted because it was due to show the film, as well as an unnamed British production company that was also working on a film depicting North Korea. Numerous efforts were made to break into banks started in 2015, it was revealed, with the most successful being the removal of $81m from Bangladesh Bank in February 2016. But other attempts were made across the world with "attempted losses well over $1 billion," the complaints notes. And the restAnd then countless other attempts were made against Western targets, including hospitals, universities, utility companies, defense contractors, Bitcoin currencies and others. Investigators noted that the same devices, IP addresses and encryption keys were used repeatedly in these attacks and domain names hard-coded into the malware were under the control of the hackers – fancug.com was just one example. They also discovered that prior to attacks that the hacking team followed and tracked specific individuals at target companies through their social media accounts – effectively engaging in online surveillance – and pulled domain name and business records in an effort to find holes in their systems and figure out the most effective way to spear-phish employees. In one attack, an email sent to a victim from Facebook alerting them to the fact that their account had been accessed from a different IP address was grabbed by the hackers and then resent with the hyperlink within the email changed from Facebook's website to a domain that they controlled. The victim clicked on what looked like a legitimate link in a legitimate Facebook email and ended up on a webpage that investigators assume installed malware on their computer. Similar efforts were made with Google Drive and any other services that the victims used. The affidavit goes into extensive detail over how the attacks were tracked back through server logs and other electronic piece of evidence. The named individual - Park Jin Hyok – often visited China to carry out legitimate computer work, the formal complaint notes, before returning to North Korea to continue his hacking work on behalf of his government. Investigators discovered his CV and tracked his activities. Long memoryThe US government acknowledged that it is unlikely to get their hands on Park Jin Hyok – his last known location was North Korea and the US does not have an extradition treaty with the dictatorship – but argued it was still important to name him and lodge a formal complaint. "We have a long memory and are fully prepared for the day when he will be arrested," said a DoJ representative, adding: "It is one thing to name a group and quite another to say we know who did it and name them. The message is: you can't hide from us." In unrelated news, President Donald Trump unexpectedly praised North Korea's leader just hours before the press conference and the imposition of further sanctions on the country. "Kim Jong Un of North Korea proclaims 'unwavering faith in President Trump'," the 45th president of the United States tweeted. "Thank you to Chairman Kim. We will get it done together!"  theregister