close
  • Ar chevron_right

    Gab, the far-right website, has been hacked and 70GB of data leaked

    news.movim.eu / ArsTechnica · Monday, 1 March - 23:14

Gab, the far-right website, has been hacked and 70GB of data leaked

Enlarge (credit: Gab.com)

The founder of the far-right social media platform Gab said that the private account of former President Donald Trump was among the data stolen and publicly released by hackers who recently breached the site.

In a statement on Sunday, founder Andrew Torba used a transphobic slur to refer to Emma Best, the co-founder of Distributed Denial of Secrets. The statement confirmed claims the WikiLeaks-style group made on Monday that it obtained 70GB of passwords, private posts, and more from Gab and was making them available to select researchers and journalists. The data, Best said, was provided by an unidentified hacker who breached Gab by exploiting a SQL-injection vulnerability in its code.

"My account and Trump's account were compromised, of course as Trump is about to go on stage and speak," Torba wrote on Sunday as Trump was about to speak at the CPAC conference in Florida. "The entire company is all hands investigating what happened and working to trace and patch the problem."

Read 10 remaining paragraphs | Comments

index?i=-9cQisZRe1I:_g_YJUBkEW4:V_sGLiPBpWUindex?i=-9cQisZRe1I:_g_YJUBkEW4:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    Hackers tied to Russia’s GRU targeted the US grid for years

    news.movim.eu / ArsTechnica · Saturday, 27 February - 11:50 · 1 minute

Hackers tied to Russia’s GRU targeted the US grid for years

Enlarge (credit: Yuri Smityuk | Getty Images)

For all the nation-state hacker groups that have targeted the United States power grid —and even successfully breached American electric utilities —only the Russian military intelligence group known as Sandworm has been brazen enough to trigger actual blackouts, shutting the lights off in Ukraine in 2015 and 2016 . Now one grid-focused security firm is warning that a group with ties to Sandworm’s uniquely dangerous hackers has also been actively targeting the US energy system for years.

On Wednesday, industrial cybersecurity firm Dragos published its annual report on the state of industrial control systems security, which names four new foreign hacker groups focused on those critical infrastructure systems. Three of those newly named groups have targeted industrial control systems in the US, according to Dragos. But most noteworthy, perhaps, is a group that Dragos calls Kamacite, which the security firm describes as having worked in cooperation with the GRU's Sandworm. Kamacite has in the past served as Sandworm's "access" team, the Dragos researchers write, focused on gaining a foothold in a target network before handing off that access to a different group of Sandworm hackers, who have then sometimes carried out disruptive effects. Dragos says Kamacite has repeatedly targeted US electric utilities, oil and gas, and other industrial firms since as early as 2017.

Read 11 remaining paragraphs | Comments

index?i=464CCh06nmQ:Ygk3ti-Mb6Y:V_sGLiPBpWUindex?i=464CCh06nmQ:Ygk3ti-Mb6Y:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    France ties Russia’s Sandworm to a multiyear hacking spree

    news.movim.eu / ArsTechnica · Wednesday, 17 February - 01:26

The logo of the French national cybersecurity agency Agence Nationale de la securite des systemes d

Enlarge / The logo of the French national cybersecurity agency Agence Nationale de la securite des systemes d'information(ANSSI) taken at ANSSI headquarters in Paris. (credit: Eric Piermont | AFP | Getty Images)

The Russian military hackers known as Sandworm , responsible for everything from blackouts in Ukraine to NotPetya, the most destructive malware in history , don't have a reputation for discretion. But a French security agency now warns that hackers with tools and techniques it links to Sandworm have stealthily hacked targets in that country by exploiting an IT monitoring tool called Centreon—and appear to have gotten away with it undetected for as long as three years.

On Monday, the French information security agency ANSSI published an advisory warning that hackers with links to Sandworm, a group within Russia's GRU military intelligence agency, had breached several French organizations. The agency describes those victims as "mostly" IT firms and particularly web hosting companies. Remarkably, ANSSI says the intrusion campaign dates back to late 2017 and continued until 2020. In those breaches, the hackers appear to have compromised servers running Centreon, sold by the firm of the same name based in Paris.

Read 8 remaining paragraphs | Comments

index?i=Qh_QT7je9XQ:FeCiswh-Jl4:V_sGLiPBpWUindex?i=Qh_QT7je9XQ:FeCiswh-Jl4:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    A Windows Defender vulnerability lurked undetected for 12 years

    news.movim.eu / ArsTechnica · Saturday, 13 February - 12:10

A Windows Defender vulnerability lurked undetected for 12 years

Enlarge (credit: Drew Angerer | Getty Images)

Just because a vulnerability is old doesn't mean it's not useful. Whether it's Adobe Flash hacking or the EternalBlue exploit for Windows , some methods are just too good for attackers to abandon, even if they're years past their prime. But a critical 12-year-old bug in Microsoft's ubiquitous Windows Defender antivirus was seemingly overlooked by attackers and defenders alike until recently. Now that Microsoft has finally patched it, the key is to make sure hackers don't try to make up for lost time.

The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender—renamed Microsoft Defender last year—uses to delete the invasive files and infrastructure that malware can create. When the driver removes a malicious file, it replaces it with a new, benign one as a sort of placeholder during remediation. But the researchers discovered that the system doesn't specifically verify that new file. As a result, an attacker could insert strategic system links that direct the driver to overwrite the wrong file or even run malicious code.

Read 8 remaining paragraphs | Comments

index?i=XP6R2T2YOe0:9kJf17INqo4:V_sGLiPBpWUindex?i=XP6R2T2YOe0:9kJf17INqo4:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    Microsoft is seeing a big spike in Web shell use

    news.movim.eu / ArsTechnica · Friday, 12 February - 13:19

Microsoft is seeing a big spike in Web shell use

Enlarge (credit: Getty Images)

Security personnel at Microsoft are seeing a big increase in the use of Web shells, the light-weight programs that hackers install so they can burrow further into compromised websites.

The average number of Web shells installed from August, 2020 to January of this year was 144,000, almost twice that for the same months in 2019 and 2020. The spike represents an acceleration in growth that the same Microsoft researchers saw throughout last year.

web-shell-yoy-640x321.jpg

(credit: Microsoft)

A Swiss Army knife for hackers

The growth is a sign of just how useful and hard to detect these simple programs can be. A Web shell is an interface that allows hackers to execute standard commands on Web servers once the servers have been compromised. Web shells are built using Web-based programming languages such as PHP, JSP, or ASP. The command interfaces work much the way browsers do.

Read 10 remaining paragraphs | Comments

index?i=7gYYSCTs3ow:9492IbMeh_o:V_sGLiPBpWUindex?i=7gYYSCTs3ow:9492IbMeh_o:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    Ticketmaster pays $10 million criminal fine for hacking a rival company

    news.movim.eu / ArsTechnica · Monday, 4 January - 18:57

Image of ones and zeros with the word

(credit: Pixy )

Ticketmaster has agreed to pay a $10 million criminal fine after admitting its employees repeatedly used stolen passwords and other means to hack a rival ticket sales company.

The fine, which is part of a deferred prosecution agreement Ticketmaster entered with federal prosecutors, resolves criminal charges filed last week in federal court in the eastern district of New York. Charges include violations of the Computer Fraud and Abuse Act, computer intrusion for commercial advantage or private financial gain, computer intrusion in furtherance of fraud, conspiracy to commit wire fraud, and wire fraud.

In the settlement, Ticketmaster admitted that an employee who used to work for a rival company emailed the login credentials for multiple accounts the rival used to manage presale ticket sales. At a San Francisco meeting attended by at least 14 employees of Ticketmaster or its parent company Live Nation, the employee used one set of credentials to log in to an account and demonstrate how it worked.

Read 6 remaining paragraphs | Comments

index?i=mIMDVK35Pmg:1jsNndk0Ky8:V_sGLiPBpWUindex?i=mIMDVK35Pmg:1jsNndk0Ky8:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA