Hacker Donates $11000 to Help Kurds in Rojava

A hacker going by the codename HackBack or Phineas Fisher, has donated $11000 in bitcoins to Rojava – a Kurdish region in northern Syria, located at the borders of IS (Daesh) controlled territory.On his twitter account, he described them as "one of the most inspiring revolutionary projects in the world today.

The hacker stated that the money comes from a heist but refused to reveal more details. He also revealed that a much bigger cyber-heist is been work on. The donation was done online though a campaign which the Rojava is running to get fun to feed its region.

Source:[Click Here!

Hacker Selling 117 Million LinkedIn Accounts On Darkweb

A hacker using the code name of Peace is selling 117 million LinkedIn user information on darkweb for 5 Bitcoins(around $2200/£1,500).LeakedSource, the paid search engine for hacked data managed to get a copy of the stolen data stated that there are around 167 million hacked account and 117 million have both emails and encrypted passwords.
LeakedSource commented about the password sasying,
"Passwords were stored in SHA1 with no salting. This is not what internet standards propose. Only 117m accounts have passwords and we suspect the remaining users registered using Facebook or some similarity."

Additionally, security researcher Troy Hunt Tweeted that as the passwords are encrypted with SHA-1, it will be easily cracked.

Source:[Click here!]

444 School Websites Shut Down By Teen Hacker

A 16 year old student has been charged with obstruction of justice for having launched DDoS attacks on 444 school websites in Japan. The incident took place in November 2015 and is considered to have made history in Japan for having targeted a local governmental organisation. According to the local police, the boy launched the attack to teach his educators a lesson.

"I hate how the teachers talk down to us and never let us express ourselves. So, I thought I would remind them of their own incompetence. It felt good to see them have problems. I did it several times,"

Police seized the boy's computer and some hacking book. He downloaded tools which sent large volumes of data to the Board of Education servers, causing it to be unreachable for about one hour. The boy also told the police that he wanted to join the hacking group Anonymous.

Japanese law punishes such crimes with a maximum of a three-year prison term or a fine of ¥500,000 (£3204, $4,598). Taking the boy's age into consideration, it is not sure that he will face the maximum sentence.

Source:[Click Here!]

Commercial Bank of Ceylon Hacked

Commercial Bank of Ceylon, Sri-Lanka published a notice stating that they were hacked.

"There was a hacking attack on our website and the Bank took immediate corrective steps. Our systems are fully secure and operational. The hacking attack was also immediately communicated to the relevant authorities. We confirm that no sensitive customer data were lost due to this intrusion. We are taking every measure to protect the privacy of our customers and have engaged external parties to review all our systems to ensure that no vulnerabilities exist. Commercial Bank of Ceylon PLC is committed to provide safe and reliable systems and is at the forefront of providing secure banking services."

No more details concerning when and how this happened. But recently, according to an article on Bank Info Security, published on May 13, 2016,  it is believed that a hacking group going by the name of Bozkurtlar hacking group posted data of the Commercial Bank of Ceylon online. Researchers said that the dumped files contains the entire content of the corporate website, 158276 files in 22901, which when uncompressed is about 6.97GB.

Commercial Bank of Ceylon Statement: [Click Here!]
Read More From Source: [Click Here!]

Nulled.io Database Leaked

The well known underground hacking forum Nulled.io suffered massive data breached on 6th May 2016. 500,000 members' email addresses, private messages, password and IP was leaked in a 1.3GB tar archive file. When expanded, the size of the data is 9.45 db.sql file and also contains over 5500 purchase record and 12,600 invoices of buying, selling and sharing of stolen credentials.

The breach was discovered by the security firm Risk Based Security. The firm was unable to track the hacker and stated "When services such as Nulled.IO are compromised and data is leaked, often it exposes members who prefer to remain anonymous and hide behind screen names. By simply searching by email or IP addresses, it can become evident who might be behind various malicious deeds. As you can imagine, this can lead to significant problems for forum users."

Source:[Click Here!]

A Former Executive Suspected of Hacking the National Transport Authority (NTA) Database

A former top executive of the National Transport Authority (NTA) is suspected of hacking the database of the NTA. It is believed that the former employee was helped by insiders.

A source at the Ministry of Public Infrastructure told le Defi Media Newspaper:
"The police and the Cybercrime Unit are investigating to determine who are the people who could benefit from this hacking,". The same source also added that the accomplices of the former NTA executive will face sanctions and very soon the investigation will reveal the impact of the hack.

To mention, this hacking case was first revealed by the minister of Public infrastructure himself, Mr Nando Bodha, at the opening ceremony of a workshop on cybercrime, at the Westin Hotel, Balaclava, Monday, March 21 2016. He also mentioned that the alleged hacker was getting access to the database from his home (remotely), he modified the database and also made a copy of it.

 
 

Pornhub Launches Bug Bounty Program

In an article posted May 9, Pornhub has announced about the launching of its security bug bounty program via HackerOne platform. Independent researchers will be awarded between $50 to $25000 for their findings.

Like other major tech players have been doing as of late, we’re tapping some of the most talented security researchers as a proactive and precautionary measure – in addition to our dedicated developer and security teams -- to ensure not only the security of our site but that of our users, which is paramount to us,” said Corey Price, Vice President, Pornhub.

When reporting a vulnerability, the researcher must:
  • Be the first to report the vulnerability,
  • Send a clear textual description of the report along with steps to reproduce the vulnerability,
  • Include attachments such as screenshots or proof of concept code,
  • Disclose the vulnerability report directly and exclusively to Pornhub.

Pornhub also stated that their security team can take up to 30 days to respond to the report and will be taking up to 90 days to fix the vulnerability.

For more details about the program, [Click Here!]

Source:[Pornhub Post]

Complete Panama Papers Database Now Available Online

The Panama Papers scandal came into light last April when German newspaper Süddeutsche Zeitung and the International Consortium of Investigative Journalists (ICIJ) published a summary of their investigation into the 2.6TB of dump data of the activities of Mossack Fonseca.

These data covers nearly 40years of the law firm's activities, ending in 2015. Investigators claimed these data contained important information on important companies and people from more than 200 countries.

ICIJ launched a website where internet users can search for both individuals and companies and get neatly organized results. Details about each person is available, their connection to offshore institution, along with information on that shell corporation, current jurisdiction, incorporation details, and the searched person's role.

ICIJ Website: [Click Here!]

#OpIcarus: Anonymous Attacks More Banks

The operation launched by Anonymous is hitting more banks. Eight more financial institutions have suffered DDoS attack during the past few days.

Central Bank of Greece has been the first bank to be under DDoS attack, followed by the Central Bank of Cyprus. Attacks are coming from multiple Anonymous members and divisions including Ghost Squad Hackers. On the official Twitter account of OpIcarus, they have published about several bank which have been under attack, namely, Central Bank of the Dominican Republic, Guernsey Financial Services Commission, Dutch Central Bank and the Central Bank of Maldives.


Anonymous also published a video on YouTube explaining about OpIcarus

 
 
Transcript
 Greetings world, We are Anonymous.

It has been said that humanity is not an end in itself but rather a means to an end.
We have shown the World our strength to deny ignorance, overcome adversity, fight oppression and even the power to throw a wrench in the system that perpetuates it. We are enslaved within a matrix of institutions with the illusion that each stands alone, fighting for power, for profits, for the scraps on the table that represent humanities dwindling resources. In reality however, these institutions - the arms industries, banking and other financial institutions, government intelligence agencies and countless others, have formed what was once a clandestine coalition whose corruption, and avarice have become increasingly transparent due to WikiLeaks and to the efforts of Anonymous. This coalition seeks the preservation and the perpetuation of the powers that be, and this octopus operates through the tentacles of the IMF, the Federal Reserve, and the World Bank, masterminded by think-tanks such as the Bilderberg group, and the Council on Foreign Relations.

The puppets of the powers that be include the president of the United States and his cabinet, and through them they are able to repress the freedom of information, and with it the free and open exchange of ideas which are fundamental to the existence and operations of Anonymous, and the ability to see beyond the veil of secrecy from which the powers that be stand behind.
But where does the power behind the throne lie? Within the global financial system, centered within the New York Stock Exchange, and Bank of England.

They feel secure in their ivory tower built on the broken backs of laborers of the world for what are their subjects, but human... All too human... In humanity lies the restraints of pity and mercy driven by fear. But we are not merely human. Anonymous is something much more for we possess neither fear nor mercy. It is time to show the world the true power and the true face of the faceless, the nameless and the ghosts of society.

Like Icarus, the powers that be have flown too close to the sun, and the time has come to set the wings of their empire ablaze, and watch the system their power relies on come to a grinding halt and come crashing down around them. We must strike at the heart of their empire by once again throw a wrench into the machine, but this time we face a much bigger target - the global financial system.
This time our target is the Global Banking Cartel as a whole.

This is a call to arms, brothers, who for too long have stood for nothing but have criticized everything.
Stand now, behind the banner of free men against the tyrannical matrix of institutions that oppose us. In the beginning some people may stand to lose something from this, but the powers that be stand to lose much more.

For more information check the description of this video.

We are anonymous.
We are legion.
We do not forgive.
We do not forget.
Operation Icarus, engaged.
Expect us.

Google Brings HTTPS to All BlogSpot Domain Blogs

In a blog post published on the 3rd May, Google has announced that it has rolled out HTTPS for all BlogSpot, even for those having a private domain. Launched in September last year, this feature was an option which users could turn on. But now the feature is set by default.
Another option has been added, one that says "HTTPS Redirect". If this feature is turned on, automatically all visitors will be redirected to the HTTPS URL instead of the old insecure HTTP link.

Google also stated that mixed content may cause some of the blog's functionality no to work with the HTTPS version. This is usually caused by incompatible templates, gadgets, or post contents and they are working on these issues but there are some setting that blog owners only will be able to do so that these works.

Source:[Google Security Blog]

Fake Google Chrome Update Delivering Malware

Security researchers from Zscaler came across a malware posing as Google Chrome update which fools user into lowering their smartphone defenses so that they can steal credit card details.

When the APK file is executed after downloading, the fake Google chrome update asks for administrative right. As most users will think this is from Google, they will grant the permission. Once the malware is given such permission, it will start its malicious behavior by first registering the device with a C&C server, then check antivirus installed on the phone and terminate their process. The malware can monitor SMS and call on the infected device and can also steal SMS by sending it to the C&C server.

The most dangerous thing the malware does is, stealing credit card credentials. Each time the user of the infected device opens Google Play Store app, a popup appears asking the user to enter his/her credit card details. If by mistake the user enters the details, this is sent via SMS to a phone number in Russia (+7926XXXX135).

We advise our readers to update their applications only through Google Play Store.

Source:[Zscaler]

Visitors

Free counters!

Receive all updates via Facebook. Just Click the Like Button Below...

Powered By MauriHackerS

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !