now browsing by tag


#cybersecurity | #infosec | WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI

Source: National Cyber Security – Produced By Gregory Evans

FBI seizes control of which sold passwords stolen in data breaches

Law enforcement agencies have seized control of the domain of WeLeakInfo, a website offering cheap access to billions of personal credentials stolen from approximately 10,000 data breaches.

For as little as $2 per day, anyone could search the controversial website’s database of records and in many instances extract names, email addresses, phone numbers, and passwords. These passwords could then be used by unscrupulous hackers to break into other accounts where users had made the mistake of reusing the same credentials.


With the seizure of the domain, the website’s operations are effectively suspended.

Visitors to the website are now greeted by a message from the various law enforcement agencies who have been investigating the website’s activities.

Seized website

A 22-year-old man was arrested by police on Wednesday in Fintona, County Tyrone, Northern Ireland, in connection with the website, and another 22-year-old male has been arrested by East Netherland Cyber Crime Unit (Politie) in Arnhem.

According to an NCA press release, the two individuals are suspected by police of having made profits in excess of £200,000 from the site.

Prosecutors are likely to argue that those behind the website were profiting from the unlawful sale of stolen data, and assisting third-parties in also accessing sensitive details.

It’s important to recognise that there is a clear difference between the likes of WeLeakInfo and legitimate services like Troy Hunt’s HaveIBeenPwned.

WeLeakInfo allowed anyone to scoop up the passwords of those involved in a data breach, meaning they could be used in future security breaches.

HaveIBeenPwned, on the other hand, doesn’t store or share anybody’s password – instead the service, which I heartily recommend individuals and organisations sign up for, informs you if your email address has been included in a data breach. And that’s it. The onus is then on you to take steps to protect yourself (which may mean resetting passwords, and ensuring that you are not using the password you use on the hacked website anywhere else).

Authorities say they continue to investigate WeLeakInfo, and one can’t help but wonder if there will be more arrests if the site’s customer details are extracted from the seized infrastructure.

Source link

The post #cybersecurity | #infosec | WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Assemblies of God (USA) Official Web Site

Source: National Cyber Security – Produced By Gregory Evans

Don’t miss any stories. Follow AG News!

Nicole M. Oldham thought she was simply sharing a part of her life with her women’s church group. All marriages go through struggles, she knew, and as director of women’s ministry at Highway Assembly of God in Fredericksburg, Virginia, she wanted to be transparent about hers to provide an encouraging example for others to open up as well.

But when she revealed details, the other women’s faces registered shock. Several group members informed Oldham that she needed to rethink her situation more seriously; the struggles she endured went beyond normal marital disagreements.

The licensed Assemblies of God minister finally admitted it: she was a victim of domestic violence.

Her then-Marine corporal husband’s drinking had turned to bouts of violence, repeatedly stunning her and leaving her in a constant state of anxiety.

“I couldn’t believe this sweet man was capable of doing these awful things,” says Oldham. She had faithfully stayed in the marriage and prayed for her husband, but the angry outbursts continued.

Maggie Journigan, a work colleague at King George Elementary School where Oldham taught fourth grade, encouraged Oldham to file a report with the military at Quantico base, where Oldham’s husband was stationed.

“I wasn’t out to wreck his career,” she says. “I wanted to get him help — because I knew it was only going to get worse.”
Her prophetic words proved true. In June 2018, with a second report filed, the military again investigated, found the charges met their criteria for abuse, and arrested Oldham’s husband.

Oldham fell into a deep depression, which led to her 13-day stay in Bethesda Naval Hospital. A forensic psychiatry specialist diagnosed her with major depressive disorder, anxiety disorder, and “relational distress . . . related to spouse abuse.” While there, and after just less than four years of marriage, her husband filed for divorce and kicked her out of their house, leaving her homeless.

“My faith was all I had to hold onto,” she says, tearing up at the memory.

Oldham, 30, moved to Chelsea, Oklahoma, to begin a new life near her family of origin. She found a job teaching fourth grade in nearby Pryor, connected with other Christians through ClearView Church in Claremore, and did her best to heal.

“She is committed to taking her losses and making them gains,” says Bob J. Warman, lead pastor of ClearView and Oldham’s pastoral counselor and mentor. With her divorce finalized in December 2018, she sought to become more involved in ministry. But she wondered exactly how to serve with a new identity.

As she prayed about her options, she recognized the need to help educate church leaders on how best to aid those affected by domestic violence.

“This is such a critical issue and our wonderful pastors are woefully ill-prepared to engage it,” Oldham says. From that recognition will emerge the ministry HANDS: Home and Neighborhood Domestic Safety. Though still in its infant stages, Oldham is determined to make sure domestic violence victims have a safe place within the Church “to run with their heart, and maybe with their bags.”

“These women never know when they are going to need the Church, so I want to help leaders be ready,” she says.

Preparing for HANDS’s summer launch, Oldham is enrolled with the National Anger Management Association to become a first level certified domestic violence specialist and also she has begun her ordination process, studying with the Oklahoma School of Ministry.

“I want to be able to meet and work with pastors as peers, not as some hysterical female who has gone through this terrible thing and wants to tell them they’re doing ministry wrong,” Oldham says.

Her commitment to ministry and to healing has been noticeable.

“She’s come a long way,” says Warman. “There’s a great light in her life now and she’s so joyful.”

Source link

The post #deepweb | <p> Assemblies of God (USA) Official Web Site <p> appeared first on National Cyber Security.

View full post on National Cyber Security

The War Vet, the Dating Site, and the Phone Call From Hell

Source: National Cyber Security – Produced By Gregory Evans

“Please don’t go!” Jared’s mother, Kathy Bowling, begged him. “This is why I don’t want you to go!”

“This is why I have to go,” he told her.

Two months after he graduated, in May 2012, Jared packed his bags to join the Army. In his spare time during training, he recorded videos of himself in his camouflage uniform, singing pop songs and Christian hymns, which he uploaded to his YouTube channel. He was deployed to Afghanistan less than a year later, manning a .50-caliber gun atop a Buffalo, a moving-truck-sized armored vehicle.

Jared had wanted to see combat, but the reality of it hit him harder than he’d imagined. He was terrified one night when his base came under rocket fire. Two of his buddies were blown up in a truck. But that wasn’t the worst of it. Jared told his brother about one particular firefight where he was blasting away with the .50-caliber gun. “I don’t know for sure, but I might have killed a child,” he told Jacob. He didn’t want to say much more about it.

After a patrol in Kandahar Province one day, Jared injured his back while getting off the Buffalo. He was flown to a hospital on a base in Germany. There, the doctors put him on painkillers and told him he couldn’t go back into combat. After barely six months in the field, he was done as war-fighter.

Stuck on base, his ambitions crushed, Jared started coming unglued. He hit the bars every night, drinking heavily. He got a local woman pregnant. He was caught driving drunk and confined to barracks. He made a clumsy suicide attempt with pills, which got him placed in psychiatric care for a few days. By October 2015 he was discharged and back home in Greenville.

Though his parents, sister, and two brothers gave him a hero’s welcome, Jared was lost. “All my life I wanted to be a soldier, and now I can’t do that,” he told Jacob. “I just feel worthless.” He bounced from job to job and between his divorced parents’ houses. As the months went by, his once muscular physique turned soft. Jared had nightmares and occasional panic attacks and got into bar fights. He was diagnosed with PTSD and prescribed antidepressants. Stuck for a job, he bought a Jeep and started driving for Uber. Over Kathy’s objections, he also bought a stubby black 9-mm pistol to keep in the car, for protection.

By mid-2018, though, things were looking up. He was dating a local girl. He had a dog, a lively German shepherd he called Tex. He’d landed a great job for a chatterbox like him, selling phones and internet service plans at the local AT&T store, and he and Jacob had moved into an apartment with a balcony overlooking the complex’s pool. The brothers would cook, watch football games, stream Netflix with their girlfriends. Once a week they’d have dinner with their mom and then go into town to drink tequila and sing at DT’s, their favorite karaoke bar. Just about every time, Jared would wail through his three signature songs—“Drops of Jupiter,” “Bohemian Rhapsody,” and “No Diggity.”

The caller said he was a police detective. He’d been contacted by Caroline’s parents, who were outraged that Jared had sexually propositioned their daughter.

Though he and his girlfriend didn’t mean to get pregnant, Jared was overjoyed when his son Jaxon was born. He stopped taking the antidepressants; he wanted to keep his head clear to be a good dad to the baby.

Before long, however, Jared split with Jaxon’s mom. Suddenly he was a part-time single dad, fighting regularly with his ex. He turned to Tinder and soon started seeing a young woman whom I’ll call Lisa—she doesn’t want her real name published. But from time to time, he still cruised dating sites, and in early September he came across the pretty blonde who said her name was Caroline Harris. The two chatted on the dating app. When she said, “I’ll be 18 in a few weeks,” he replied, “Oh that’s cool when will you be 18?”

The Original Source For This Story: Source link

The post The War Vet, the Dating Site, and the Phone Call From Hell appeared first on National Cyber Security.

View full post on National Cyber Security

Official Monero site delivers malicious cash-grabbing wallet – Naked Security

Source: National Cyber Security – Produced By Gregory Evans On 18 November, somebody swapped out the legitimate command line wallet binaries for the Monero (XMR) cryptocurrency and replaced them with software that stole users’ funds. The malicious versions of the Linux and Windows binaries were first spotted by a user on Monday who noticed that […] View full post on

Bitcoin money trail leads cops to ‘world’s largest’ child abuse site – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

US, British and South Korean police announced on Wednesday that they have taken down Welcome To Video: a Darknet market that had what the US Department of Justice (DOJ) says is the world’s most voluminous offerings of child abuse imagery.

The DOJ called this the largest market for child sexual abuse videos, and that this is one of the largest seizures of this type of contraband. The 8 terabytes worth of child sexual abuse videos, which are now being analyzed by the National Center for Missing and Exploited Children (NCMEC), comprise over 250,000 unique videos, 45% of which contain new images that weren’t previously known to exist.

The global crackdown, which has so far led to the arrest of 337 alleged users and the indictment of the website’s admin, has led to the rescue of at least 23 victims living in the US, Spain and the UK. The DOJ says that the minors were actively being abused by site users.

The admin of Welcome to Video, who was indicted on Wednesday, is Jong Woo Son, 23, a South Korean national who was previously charged and convicted in South Korea. He’s now serving his sentence in South Korea.

The global dragnet has scooped up 337 alleged site users who’ve been arrested and charged worldwide: throughout the US, the UK, South Korea, Germany, Saudi Arabia, the United Arab Emirates, the Czech Republic, Canada, Ireland, Spain, Brazil and Australia. About 92 individuals’ home and businesses in the US have been searched.

Five search warrants issued in the Washington, D.C. metropolitan area have led to the arrests of eight people suspected of both conspiring with Jong Woo Son and of being website users themselves. The DOJ says that two suspected users committed suicide after the search warrants were executed.

The bust

According to the indictment, on 5 March 2018, a global police force – including agents from the UK, the Korean National Police in South Korea, the US Internal Revenue Service’s Criminal Investigation Division (IRS-CI), and the US Homeland Security Investigations (HSI) – arrested Jong Woo Son and seized the server that he used to operate the market.

Welcome To Video specialized in exclusively selling child sexual exploitation videos. The site, which operated from June 2015 to March 2018, had a message on its landing page explicitly warning users to “not upload adult porn.” As of 8 February 2018, Welcome to Video indicated on its download page that users had downloaded files more than a million times.

The material documented abuse of pre-pubescent children, toddlers and infants as young as six months.

Hacker #tricks official #Vatican News site into #declaring #God an #onion

Source: National Cyber Security News

A Belgian security researcher has discovered a vulnerability on the website of Vatican News — the official news publication of the Holy See — that could allow anyone to publish their own fake news.

The vulnerability was discovered by independent researcher Inti De Ceukelaire. Proving his work, he tweeted a picture of Vatican News falsely stating that Pope Francis had declared God to be an onion.

De Ceukelaire (who we’ve previously profiled) has been behind some high profile discoveries. In September, he disclosed ways to access corporate messaging apps like Slack and Yammer by exploiting publicly-accessible help-desks and bug trackers.

Last February, De Ceukelaire earned notoriety after he redirected several links in Donald Trump’s old tweets to content that would otherwise be embarrassing for the now-occupant of 1600 Pennsylvania Avenue. He did this by identifying websites Trump had tweeted out whose domain names had been allowed to expire. He then re-registered them under his own name.

Keeping with the Trump theme, he used publicly accessible online information to find the contact details of Melania Trump. He used this to invite FLOTUS to his home town.

In the case of Vatican News, De Ceukelaire encountered an unpatched cross site scripting (XSS) vulnerability, and exploited it to inject the blatantly fake news.

Read More….


View full post on National Cyber Security Ventures

Manager, IT Site Information Technology

Source: National Cyber Security – Produced By Gregory Evans

WVU Healthcare – Morgantown, WV


IT Site Manager (86804) 

Information Technology 

AVP/Asst. CIO 


POSITION SUMMARY : Under the general 
supervision of the AVP/ACIO of IT, the IT Site Manager is responsible for the 
daily operation and support of the PC Techs, infrastructure, legacy clinical 
and business information systems of the assigned Hospitals, Clinics and 
Physician offices.

Read More….

The post Manager, IT Site Information Technology appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

BlackBerry #Mobile site the #latest #target of #cryptocurrency mining #hackers

Source: National Cyber Security – Produced By Gregory Evans

TCL Communication Technology Holding Ltd., the operator of the BlackBerry Mobile site, is the latest victim of cryptocurrency-loving hackers in the latest of a rash of cryptomining hijacking cases.

The website for BlackBerry Mobile was discovered by a Reddit user last week to be serving up code to visitors from Coinhive, the notorious Monero mining script service. The same person who discovered the code did note that it was only the global TCL- owned site that was affected, not country-specific sites or those owned by BlackBerry Ltd.

Coinhive itself chimed in on Reddit, saying that one of its users had hacked the Blackberry Mobile website using a vulnerability in the Magento webshop software. “We’re sorry to hear that our service has been misused,” the company said. “This specific user seems to have exploited a security issue in the Magento webshop software (and possibly others) and hacked a number of different sites. We have terminated the account in question for violating our terms of service now.”

TCL is far from the first company to be targeted by cryptomining code, and it won’t be the last. The first outbreaks of cryptomining-related hacking occurred in September, when The Pirate Bay and then Showtime were exposed as using the method. As cryptocurrencies boomed, so instances of hackers and site owners trying to cash in on Monero mining. A RiskIQ report Sept. 26 found that more than 1,000 sites were now hijacking the computing power of site visitors to mine for cryptocurrencies.

By October, leading content delivery network Cloudflare Inc. was the first major provider to crack down on the method, banning all sites from its network that have cryptocurrency mining code installed.

The method spread to apps later the same month, when the first reports emerged of Coinhive scripts appearing in Android apps, and the new attack vector has seemingly continued to grow. Only this weekend, a security researcher discovered 291 apps across third-party Android stores that included the miming code, although they appear to be the same app and code with 291 different names.

Commenting on the Android outbreak, HackRead noted that though the biggest victims of cryptocurrency miners were previously website owners and unsuspecting visitors, now Android users are also at risk. The advice, as always, is to practice safe internet: Do not download unknown apps from Android stores, make sure they have up-to-date antivirus software installed and keep an eye on their processor usage because cryptocurrency miners trigger high usage.

The post BlackBerry #Mobile site the #latest #target of #cryptocurrency mining #hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Feds seize largest criminal ‘dark web’ site AlphaBay after Atlanta investigations

Source: National Cyber Security – Produced By Gregory Evans

The largest criminal marketplace on the internet, AlphaBay, has been seized by the U.S. Department of Justice with the help of Atlanta-based investigations, officials said Thursday. An AlphaBay staffer was identified through an ongoing investigation conducted in Atlanta, DOJ spokesman Bob Page said. Officials said the “dark web” operation started…

The post Feds seize largest criminal ‘dark web’ site AlphaBay after Atlanta investigations appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Microsoft Accuses ‘Gaming Site’ of Hacking Xbox Accounts and Selling Proceeds

Source: National Cyber Security – Produced By Gregory Evans

Microsoft Accuses ‘Gaming Site’ of Hacking Xbox Accounts and Selling Proceeds

A complaint filed by Microsoft in federal court earlier today accuses Chinese gaming website iGSKY of hacking Xbox accounts and using stolen credit card information to purchase rare items (via The Verge). According to Microsoft, iGSKY then sells puts those …

The post Microsoft Accuses ‘Gaming Site’ of Hacking Xbox Accounts and Selling Proceeds appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures