Hacker Donates $11000 to Help Kurds in Rojava

A hacker going by the codename HackBack or Phineas Fisher, has donated $11000 in bitcoins to Rojava – a Kurdish region in northern Syria, located at the borders of IS (Daesh) controlled territory.On his twitter account, he described them as "one of the most inspiring revolutionary projects in the world today.

The hacker stated that the money comes from a heist but refused to reveal more details. He also revealed that a much bigger cyber-heist is been work on. The donation was done online though a campaign which the Rojava is running to get fun to feed its region.

Source:[Click Here!

Hacker Selling 117 Million LinkedIn Accounts On Darkweb

A hacker using the code name of Peace is selling 117 million LinkedIn user information on darkweb for 5 Bitcoins(around $2200/£1,500).LeakedSource, the paid search engine for hacked data managed to get a copy of the stolen data stated that there are around 167 million hacked account and 117 million have both emails and encrypted passwords.
LeakedSource commented about the password sasying,
"Passwords were stored in SHA1 with no salting. This is not what internet standards propose. Only 117m accounts have passwords and we suspect the remaining users registered using Facebook or some similarity."

Additionally, security researcher Troy Hunt Tweeted that as the passwords are encrypted with SHA-1, it will be easily cracked.

Source:[Click here!]

444 School Websites Shut Down By Teen Hacker

A 16 year old student has been charged with obstruction of justice for having launched DDoS attacks on 444 school websites in Japan. The incident took place in November 2015 and is considered to have made history in Japan for having targeted a local governmental organisation. According to the local police, the boy launched the attack to teach his educators a lesson.

"I hate how the teachers talk down to us and never let us express ourselves. So, I thought I would remind them of their own incompetence. It felt good to see them have problems. I did it several times,"

Police seized the boy's computer and some hacking book. He downloaded tools which sent large volumes of data to the Board of Education servers, causing it to be unreachable for about one hour. The boy also told the police that he wanted to join the hacking group Anonymous.

Japanese law punishes such crimes with a maximum of a three-year prison term or a fine of ¥500,000 (£3204, $4,598). Taking the boy's age into consideration, it is not sure that he will face the maximum sentence.

Source:[Click Here!]

Commercial Bank of Ceylon Hacked

Commercial Bank of Ceylon, Sri-Lanka published a notice stating that they were hacked.

"There was a hacking attack on our website and the Bank took immediate corrective steps. Our systems are fully secure and operational. The hacking attack was also immediately communicated to the relevant authorities. We confirm that no sensitive customer data were lost due to this intrusion. We are taking every measure to protect the privacy of our customers and have engaged external parties to review all our systems to ensure that no vulnerabilities exist. Commercial Bank of Ceylon PLC is committed to provide safe and reliable systems and is at the forefront of providing secure banking services."

No more details concerning when and how this happened. But recently, according to an article on Bank Info Security, published on May 13, 2016,  it is believed that a hacking group going by the name of Bozkurtlar hacking group posted data of the Commercial Bank of Ceylon online. Researchers said that the dumped files contains the entire content of the corporate website, 158276 files in 22901, which when uncompressed is about 6.97GB.

Commercial Bank of Ceylon Statement: [Click Here!]
Read More From Source: [Click Here!]

Nulled.io Database Leaked

The well known underground hacking forum Nulled.io suffered massive data breached on 6th May 2016. 500,000 members' email addresses, private messages, password and IP was leaked in a 1.3GB tar archive file. When expanded, the size of the data is 9.45 db.sql file and also contains over 5500 purchase record and 12,600 invoices of buying, selling and sharing of stolen credentials.

The breach was discovered by the security firm Risk Based Security. The firm was unable to track the hacker and stated "When services such as Nulled.IO are compromised and data is leaked, often it exposes members who prefer to remain anonymous and hide behind screen names. By simply searching by email or IP addresses, it can become evident who might be behind various malicious deeds. As you can imagine, this can lead to significant problems for forum users."

Source:[Click Here!]

A Former Executive Suspected of Hacking the National Transport Authority (NTA) Database

A former top executive of the National Transport Authority (NTA) is suspected of hacking the database of the NTA. It is believed that the former employee was helped by insiders.

A source at the Ministry of Public Infrastructure told le Defi Media Newspaper:
"The police and the Cybercrime Unit are investigating to determine who are the people who could benefit from this hacking,". The same source also added that the accomplices of the former NTA executive will face sanctions and very soon the investigation will reveal the impact of the hack.

To mention, this hacking case was first revealed by the minister of Public infrastructure himself, Mr Nando Bodha, at the opening ceremony of a workshop on cybercrime, at the Westin Hotel, Balaclava, Monday, March 21 2016. He also mentioned that the alleged hacker was getting access to the database from his home (remotely), he modified the database and also made a copy of it.

 
 

Complete Panama Papers Database Now Available Online

The Panama Papers scandal came into light last April when German newspaper Süddeutsche Zeitung and the International Consortium of Investigative Journalists (ICIJ) published a summary of their investigation into the 2.6TB of dump data of the activities of Mossack Fonseca.

These data covers nearly 40years of the law firm's activities, ending in 2015. Investigators claimed these data contained important information on important companies and people from more than 200 countries.

ICIJ launched a website where internet users can search for both individuals and companies and get neatly organized results. Details about each person is available, their connection to offshore institution, along with information on that shell corporation, current jurisdiction, incorporation details, and the searched person's role.

ICIJ Website: [Click Here!]

Google Brings HTTPS to All BlogSpot Domain Blogs

In a blog post published on the 3rd May, Google has announced that it has rolled out HTTPS for all BlogSpot, even for those having a private domain. Launched in September last year, this feature was an option which users could turn on. But now the feature is set by default.
Another option has been added, one that says "HTTPS Redirect". If this feature is turned on, automatically all visitors will be redirected to the HTTPS URL instead of the old insecure HTTP link.

Google also stated that mixed content may cause some of the blog's functionality no to work with the HTTPS version. This is usually caused by incompatible templates, gadgets, or post contents and they are working on these issues but there are some setting that blog owners only will be able to do so that these works.

Source:[Google Security Blog]

Fake Google Chrome Update Delivering Malware

Security researchers from Zscaler came across a malware posing as Google Chrome update which fools user into lowering their smartphone defenses so that they can steal credit card details.

When the APK file is executed after downloading, the fake Google chrome update asks for administrative right. As most users will think this is from Google, they will grant the permission. Once the malware is given such permission, it will start its malicious behavior by first registering the device with a C&C server, then check antivirus installed on the phone and terminate their process. The malware can monitor SMS and call on the infected device and can also steal SMS by sending it to the C&C server.

The most dangerous thing the malware does is, stealing credit card credentials. Each time the user of the infected device opens Google Play Store app, a popup appears asking the user to enter his/her credit card details. If by mistake the user enters the details, this is sent via SMS to a phone number in Russia (+7926XXXX135).

We advise our readers to update their applications only through Google Play Store.

Source:[Zscaler]

Visitors

Free counters!

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !