Steal
now browsing by tag
Scammers using fake antibody test to steal information, FBI warns | #coronavirus | #scams | #covid19
Scammers have found yet another way to take advantage of the COVID-19 pandemic, by selling fake antibody tests. A real antibody test will screen your blood for antibodies made when […] View full post on National Cyber Security
#infosec | Hackers Steal Customer Info from UK FinTech Loqbox
Source: National Cyber Security – Produced By Gregory Evans
A UK-based fintech was hit by a “sophisticated” cyber-attack last month, compromising the payment information and personal details of its customers.
The firm, which helps customers improve their credit score by taking out and repaying loans with it, revealed the incident in an email to customers seen by MoneySavingExpert.
It happened on February 20 this year, and although the number of customers affected is thus far unknown, the variety of personal information compromised should set alarm bells ringing for those affected.
It includes customers’ names, dates of birth, postal addresses and phone numbers alongside: the first six and last four digits of their card number, expiry date, sort code and two digits from their bank account number.
This information isn’t enough on its own for hackers to use in payment or account takeover fraud, but it could certainly be deployed to make follow-on phishing attacks more convincing.
If a victim responded to such an email with more of their details, hackers could piece together enough digital information to commit a range of identity fraud scams.
“Cyber-criminals are quick to create genuine-looking fake sites and emails designed to manipulate further information out of their victims including passwords or other missing data,” warned ESET cybersecurity specialist, Jake Moore.
Loqbox itself has claimed to have notified the relevant regulatory authorities and police, and has taken steps to address the security issues which led to the breach.
It reassured customers that any funds paid into accounts were still secure. However, there’s no public breach notification on its website or Twitter feed, the latter not having been updated since June 2019.
____________________________________________________________________________________________________________________
#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________
The post #infosec | Hackers Steal Customer Info from UK FinTech Loqbox appeared first on National Cyber Security.
View full post on National Cyber Security
#deepweb | Criminals using ‘Frankenstein identities’ to steal from banks
Source: National Cyber Security – Produced By Gregory Evans It started out like any other online loan. Notre Dame Federal Credit Union reviewed the application. It did the necessary background checks, and authenticated the applicant’s credit score and background. But it wasn’t until a group of borrowers in Missouri abruptly stopped making payments that the […] View full post on AmIHackerProof.com
When Spies Get Hacked… Hackers Steal Customer Data from Android Spyware Company
When hackers get hacked” should become the tagline of 2018. After several other similar incidents, it is now the turn of an Android spyware maker that advertises its spyware to be used against children and employees. A target of a vigilante hacker, the company known as SpyHuman offers surveillance software for Android devices that enables its users to intercept phone calls, text messages, track GPS locations, read messages on WhatsApp and Facebook, and use the target device’s microphone.
It now appears that a hacker has stolen customer text messages and call metadata from the spyware company. Call metadata includes phone numbers the target devices dialled or received calls from along with their duration and dates. Hackers managed to access over 440,000,000 call details through exploiting a basic security flaw in the website.
“These spy apps should be out of market, most people spy on girls and [their] data image […] always sensitive,” the hacker wrote in a message that was obtained by Motherboard. “No one have rights to do that and same these apps and provider making money by doing this.”
While SpyHuman sells its spyware as a tool to monitor children and employees, it’s mostly used to illegally spy on partners and spouses without their consent. “Several review websites and social media posts do push the app for such purposes, and archives of particular SpyHuman pages include phrases such as ‘know if your partner is cheating on you,’ and suggests monitoring your husband’s texts in case he is having an affair,” the publication reports.
The company gave the following (non)explanation when asked about how it makes sure its software isn’t being used for illegal surveillance:
“As a precaution, at an initial stage of our app installation, we always ask users that for what purposes they are installing this app in the target device. If they select child or employee monitoring then our app stays hidden and operate in stealth mode. Otherwise, it will create visible Icon so that one can know that such app is installed on his/her devices.”
As is apparent, since its users can always select a child or an employee – which in itself raises several questions – they don’t necessarily have to reveal if they are using the product for spying on people, mostly partners, without their consent.
– If you are a victim of spyware or technology-facilitated abuse, this is a very comprehensive resource list offering guidelines and help.
The post When Spies Get Hacked… Hackers Steal Customer Data from Android Spyware Company appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
New #identity theft #scheme: #scammers use #US Postal #Service to #steal #information
Source: National Cyber Security – Produced By Gregory Evans
Stepahnie Vagim says it was her quick thinking mailman who saved her from identity theft just two days before Christmas.
Mail theft victim, Stephanie Vagim said, “Apparently someone went online and requested a vacation hold under my address that wasn’t me. He didn’t recognize the name so he brought me the mail.”
In the stack, letters for lines of credit – that a scammer was itching to get their hands on.
“The JC Penny, the Kohls Community Bank. Someone could have furnished their own home brought Christmas gifts for everyone they know and all under my name.”
And Vagim says it was all executed through their USPS website. The thief filled out the “request hold mail service” form to stop deliveries to her home.
The person, according to the form, planned on picking the mail up from the post office without Vagim ever knowing.
We spoke over the phone with a USPS Postal Inspector. He says this is not the first time a crime like this has happened.
“We are seeing this we’ve had similar crimes take place in the Central Valley in the Sacramento in the Bay Area and the key is the minute you realize something is not right say something,” Jeff Fitch said.
Meantime while Vagim is warning people of this new fraudulent scheme, she is hoping the government will find a way to stop it from happening so easily.
The post New #identity theft #scheme: #scammers use #US Postal #Service to #steal #information appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Hackers #steal 19M #California voter #records after #holding #database for #ransom
Source: National Cyber Security – Produced By Gregory Evans
In late 2015, a security researcher found voter registration records of 191 million US voters on the Internet. Months later, hackers were found selling those records on several dark web marketplaces. Now, the IT security firm Kromtech has revealed that its researchers discovered a MongoDB database (a popular database management system) containing over 19 million California voters records.
Database Was Left Exposed
The database was left exposed for anyone with an Internet access to view or edit. In the majority of such cases, researchers contact the affected party and inform them about the exposed data, but in this case, Kromtech researchers were unable to identify the owner.
Remember, MongoDB is used by popular organizations such as LinkedIn, MetLife, City of Chicago, Expedia, BuzzFeed, KMPG and The Guardian etc.
Cybercriminals Held Voters Database For Ransom
Since early 2017, hackers have been targeting MongoDB based databases. In this case, according to researchers hackers discovered voters records, took control of it and left a ransom note before deleting the entire database.
The ransom note asked the owner of the database to send 0.2 bitcoin, that is around USD 3,123 (thanks to sudden price hike) to a bitcoin address. However, the fact that cybercriminals erased the database, researchers were unable to conduct a detailed analysis.
Furthermore, the group stated that “your database is downloaded and backed up on our secure servers.” Simply put: the group now holds the database and wants the owner to pay to get it back.
What Data The Database Had
In total, the 4GB database contained 19,264,123 records. As expected, it included highly personal and sensitive data of registered Californian voters such as:
City: Zip: StreetType: LastName: HouseFractionNumber RegistrationMethodCode State: CA Phone4Exchng: MailingState: CA Email: Phone3Area: Phone3NumPart: Status: A Phone4Area: StreetName: FirstName: StreetDirSuffix: RegistrantId: Phone1NumPart: UnitType: Phone2NumPart: VoterStatusReasonCodeDesc: Voter Requested Precinct: PrecinctNumber: PlaceOfBirth: Phone1Exchng: AddressNumberSuffix: ExtractDate: 2017-05-31 Language: ENG Dob: Gender: MailingCountry: AssistanceRequestFlag MailingCity: MiddleName: AddressNumber: StreetDirPrefix: RegistrationDate: PartyCode: Phone1Area: Suffix: NonStandardAddress: Phone4NumPart: CountyCode: MailingAdd3: MailingAdd2: MailingAdd1: UnitNumber: Phone2Exchng: NamePrefix: _id: ObjectId MailingZip5: Phone2Area:
Moreover, researchers also found a 22GB file that contained a massive 409,449,416 records of complete California voter registration records. It is believed that the database was created back on May 31st, 2017.
ExtractDate: '2017-05-31', 'District': 'RegistrantId': 'CountyCode':, 'DistrictName': '_id': ObjectId
MongoDB And Ransom
Since 2016, there have been a number of incidents where MongoDB database have been found exposed on the Internet or held for ransom. In January this year, several unsecured MongoDB databases were hijacked by a hacker, who not only wiped out those databases but also stored copies of them and asked for a ransom of 0.2 bitcoins (roughly US$ 211 at that time).
Researchers also found 13 MillionMacKeeper’ credentials and 58 million business firm accounts exposed online due to misconfigured MongoDB database last year. Last week, AI.Type keyboard app had 31 million customers records exposed online due to misconfigured MongoDB database. In that case, it was discovered that the keyboard app has been spying on users and collecting everything a user does on their smartphone.
Voters Database And Dark Web
A dark web marketplace is a perfect place for hackers and cybercriminals to sell what they steal from others. A year ago, entire US voters’ registration records were being sold on now seized Hansa marketplace, therefore, Californians should not be surprised if their data goes on the dark web for sale.
The post Hackers #steal 19M #California voter #records after #holding #database for #ransom appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Hackers #steal $64 #million from #cryptocurrency firm #NiceHash
A Slovenian cryptocurrency mining marketplace, NiceHash, said it lost about $64 million worth of bitcoin in a hack of its payment system, the latest incident to highlight risks that uneven oversight and security pose to booming digital currencies.
NiceHash matches people looking to sell processing time on computers in exchange for bitcoin.
There have been at least three dozen heists on exchanges that buy and sell digital currencies since 2011, including one that led to the 2014 collapse of Mt. Gox, once the world’s largest bitcoin market.
More than 980,000 bitcoins have been stolen from exchanges, which would be worth more than $15 billion at current exchange rates. Few have been recovered, leaving some investors without any compensation.
The hacks have not kept demand for digital currencies from soaring. Bitcoin’s value has climbed more than 15-fold so far this year, closing at a record $16,000 on the Luxembourg-based Bitstamp exchange on Thursday, ahead of this weekend’s launch of bitcoin futures by CBOE.
Security experts said they expect the cyber-crime spree to pick up as the rising valuations attract interest from cyber criminals looking for victims that lack experience defending against hacks.
“These exchanges are not in my opinion secure,” said Gartner security analyst Avivah Litan. “You don’t know what their security is like behind the scenes.”
NiceHash executive Andrej P. Škraba told Reuters that his firm was the victim of “a highly professional” heist that yielded about 4,700 bitcoin, worth around $64 million.
Sophisticated criminal groups are increasingly targeting the cryptocurrency industry, focusing on exchanges and other types of firms in the sector, said Noam Jolles, a senior intelligence specialist with Israeli cyber-security company Diskin Advanced Technologies.
“The most sophisticated groups are going into this area,” she said.
NiceHash, which advised users to change online passwords after it halted operations on Wednesday, has provided few other details about the attack on its payment system.
“We ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service,” it said on its website.
It was unclear whether customers faced any losses from the hack.
Slovenian police said they were looking into the hack, but declined to elaborate.
View full post on National Cyber Security Ventures
Russian government hackers used antivirus software to steal U.S. cyber capabilities
Source: National Cyber Security – Produced By Gregory Evans
Russian government hackers lifted details of U.S. cyber capabilities from a National Security Agency employee who was running Russian antivirus software on his computer, according to several individuals familiar with the matter. The employee had taken classified material home to work on it on his computer, and his use of…
The post Russian government hackers used antivirus software to steal U.S. cyber capabilities appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Hackers Could Use Light to Steal Information Via Security Cameras
Source: National Cyber Security – Produced By Gregory Evans
Where there’s a will, there’s a way, and hackers have plenty of will and countless ways to attack a secure network—even if it’s not connected to the internet. In the latest demonstration proving no network is safe, researchers at Ben-Gurion University of the Negev used security cameras equipped with night…
The post Hackers Could Use Light to Steal Information Via Security Cameras appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures