Hacker news and latest on security breaches and cyber threats

Belkin WeMo Vulnerability Can Hack Android Phones

Security researchers at Invincea Labs discovered two vulnerabilities in Belkin’s WeMo home automation devices, one of which is an SQL injection vulnerability present in its’ firmware that could allow hackers with local access to a network to gain root access to Internet of Things (IoT) devices. Android Phones

HackForums Bans DDoS-for-Hire Services

Jesse LaBrocca, the administrator of the hobbyist hacking site HackForums, announced Friday that he was banning the sale of DDoS-for-Hire services from his site. As one of the Internet’s biggest forums for hacking-related activity, HackForums was previously one of the most readily accessible places to buy DDoS-for-Hire services online.

Ukrainian Hackers Leak Emails of Top Putin Advisor

A group of Ukrainian hackers calling itself CyberHunta has released more than a gigabyte of emails (approx. 2,337) belonging to one of Vladimir Putin’s top advisors, Vladislav Surkov, who was formerly deputy prime minister of Russia.  The authenticity of the leaked cache of emails was verified by the Atlantic Council’s Digital Forensic Research Lab (DFRL).

Voter Database Leak with 350,000 Files Discovered

Another massive voter database leak was discovered last week by the Austin-based security company MacKeeper. According to their blog, the 350,000-file public database contained information about voters from California, Montana, New Jersey, and Virginia, including voters’ names, addresses, phone numbers, gender, birth date, marital status, voter ID number, date of registration, political affiliation, and elections they have voted in.

IoT Scanner Tests Device Vulnerability to DDoS Attacks

With the proliferation of Internet of Things (IoT) devices, cybersecurity experts has repeatedly warned that any of them could be subject to an unprecedented wave of major DDoS attacks. Already seen with KrebsonSecurity, the 1 Tbps DDoS attack on French-based OVH hosting company, and the Dyn server attacks, the availability of the malware source codes made millions of devices vulnerable to attackers.

Red Cross Service Responsible for Australia’s Biggest Data Leak

Security researcher and owner of haveibeenpwned.com Troy Hunt has unveiled that the Australian Red Cross Service data log of blood donors’ personal information has been exposed in what appears to be the largest leak ever exposed in Australia to date. The data comprises of a 1.74GB MySQL database backup containing 1.3 million rows and 647 different tables (or 413k unique email addresses and 550k blood donors) has been compromised due to a poor security encryption by a third-party provider. 

Moonlight Malware Campaign Targets Middle East

Researchers at Vectra Networks has been monitoring a threat group in Palestine believed to have been targeting entities in Palestine and across the Middle Eastern region. Dubbed ‘Moonlight’ malware, chosen based by the name the attackers chose for one of their command-and-control (C&C) domains, the researchers have analyzed 200 samples of malware used by the threat group over the last two years.

AtomBombing Code Injection Attacks All Windows Versions

enSilo researchers have discovered a code injection to the underlying Windows operating system in order to inject malicious code and infect user PCs. Dubbed ‘AtomBombing’, the security firm that found the vulnerability and posted technical details of the exploit in their blog post. The code injection has the ability to bypass every Window versions’ current security solutions that could protect the system from potential malware attacks.

CloudFanta Malware Leverages Cloud Storage App

Netskope Threat Research Labs today published a report that the CloudFanta malware campaign began operations since July 2016 and is suspected to have stolen more than 26,000 email credentials and also monitoring online banking activities. Cloudfanta leverages the effective use of cloud services for hosting malware by malicious threat adversaries by uses a popular online storage app to complete the infection cycle. 

Scroll Up