wildcard

Cyber-security 101 Information thread

333 posts in this topic

Spambot leaks more than 700m email addresses in massive data breach

Alex Hern      Aug. 30, 2017

"Millions of passwords also contained in breach, a result of spammers collecting information in attempt to break in to users’ email accounts.

More than 700m email addresses, as well as a number of passwords, have leaked publicly thanks to a misconfigured spambot, in one of the largest data breaches ever.

The number of real humans’ contact details contained in the dump is likely to be lower, however, due to the number of fake, malformed and repeated email addresses contained in the dataset, according to data breach experts.

Troy Hunt, an Australian computer security expert who runs the Have I Been Pwned site, which notifies subscribers when their data ends up in breaches, wrote in a blog post: “The one I’m writing about today is 711m records, which makes it the largest single set of data I’ve ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.”

It contains almost twice the records, once sanitised, than those contained in the River City Media breach from March, previously the largest breach from a spammer."   

[ Spam email operator's faulty backup leaks 1.37bn addresses  ]

[  https://www.theguardian.com/technology/2017/mar/06/email-addresses-spam-leak-river-city-media  ]

snip

https://www.theguardian.com/technology/2017/aug/30/spambot-leaks-700m-email-addresses-huge-data-breach-passwords

3 people like this

Share this post


Link to post
Share on other sites

FDA Recalls Nearly One Half Million Pacemakers Over Hacking Fears

Swati Khandelwal   Aug. 31, 2017

"Almost half a million people in the United States are highly recommended to get their pacemakers updated, as they are vulnerable to hacking.
The Food and Drug Administration (FDA) has recalled 465,000 pacemakers after discovering security flaws that could allow hackers to reprogram the devices to run the batteries down or even modify the patient's heartbeat, potentially putting half a million patients lives at risk.
A pacemaker is a small electrical battery-operated device that's surgically implanted in the chest of patients to help control their heartbeats. The device uses low-energy electrical pulses to stimulate the heart to beat at a normal rate.

Six types of pacemakers, all manufactured by health-tech firm Abbott (formerly of St. Jude Medical) are affected by the recall, which includes the Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure.
All the affected models are radio-frequency enabled cardiac devices—typically fitted to patients with irregular heartbeats and patients recovering from heart failure—and were manufactured before August 28th.
In May, researchers from security firm White Scope also analysed seven pacemaker products from four different vendors and discovered that pacemaker programmers could intercept the device using "commercially available" equipment that cost between $15 to $3,000."

snip

https://thehackernews.com/2017/08/pacemakers-hacking.html

BUT, The FDA was aware of this 4 years ago, so why wait until now to bring it up?  Ever hear of Hacker Barnaby Jack? A hacker born in New Zealand, who was scheduled to demonstrate how a pacemaker could be hacked from 30 ft away, and kill the person, back in 2013.  He never gave that demonstration because he died all of a sudden from a massive drug overdose, one week before he was due to demo what he knew.     https://en.wikipedia.org/wiki/Barnaby_Jack

Perhaps 5G couldn't affect these particular pacemakers, so all of a sudden you will need an update to be vulnerable once again? Something about all this simply stinks to high heaven.  Not so sure I'd do the upgrade.

3 people like this

Share this post


Link to post
Share on other sites

Or with the new 5G coming online they are scared that the old pacemakers will be affected by 5G and half a million people will drop dead, which will give cause to reconsider 5G and that's not what they want?  Don't know what's going on lately Breezy, it's a very weird world at the moment and seems to be getting worse by the day.  Never mind, onward and upward.

4 people like this

Share this post


Link to post
Share on other sites

@jessica now that's a really good thought! Anytime "they" do something, seemingly with other's welfare in mind, you can bet it is for their benefit,  not anyone else's.

3 people like this

Share this post


Link to post
Share on other sites

Equifax Says Cyberattack May Have Hit 143 Million Customers

Sept. 7, 2017       Brian Womack

Breach exposed Social Security and credit card numbers
‘Clearly a disappointing event for our company,’ CEO says

 

"Equifax Inc. said its systems were struck by a cyberattack that may have affected about 143 million U.S. customers of the credit reporting agency, shedding light on one of the largest and most intrusive breaches in history.

Intruders accessed names, Social Security numbers, birth dates, addresses and driver’s license numbers, Equifax said in a statement. Credit card numbers for about 209,000 consumers were also accessed, the company said. Equifax shares dropped more than 8 percent in after-hours trading.

"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes," Chief Executive Officer Richard Smith said."

snip

https://www.bloomberg.com/news/articles/2017-09-07/equifax-says-cyber-intrusion-affected-143-million-customers

1 person likes this

Share this post


Link to post
Share on other sites

WIRELESS ‘BLUEBORNE’ ATTACKS TARGET BILLIONS OF BLUETOOTH DEVICES

Sept. 12, 2017      Tom Spring  Update

"Researchers disclosed a bevy of Bluetooth vulnerabilities Tuesday that threaten billions of devices from Android and Apple smartphones to millions of printers, smart TVs and IoT devices that use the short-range wireless protocol.

Worse, according to researchers at IoT security firm Armis that found the attack vector, the so-called “BlueBorne” attacks can jump from one nearby Bluetooth device to another wirelessly. It estimates that there are 5.3 billion devices at risk.

“If exploited, the vulnerabilities could enable an attacker to take over devices, spread malware, or establish a ‘man-in-the-middle’ to gain access to critical data and networks without user interaction,” according to the company. “The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode… since the Bluetooth process has high privileges on all operating systems, exploiting it provides virtually full control over the device.”

snip

https://threatpost.com/wireless-blueborne-attacks-target-billions-of-bluetooth-devices/127921/

The more IoT there is, the more this will happen.

 

 

 

2 people like this

Share this post


Link to post
Share on other sites

A good listen to nanogirls observations of what could well be our need to install our own fire wall to prevent our memories being taken out of our minds by the AI 20 min in is really interesting observations

 

 

2 people like this

Share this post


Link to post
Share on other sites

Piriform Hacked, CCleaner August Versions (v5.33.6162) Injected, Compromised

Sept. 18, 2017    

"In another large-scale attack that's bound to increase users' awareness on their systems' security, news have broken out that Piriform, creators of the popular CCleaner software tool (estimated to be instaled in some 130 million devices), have suffered a hack on their servers that compromised some installer packages of the software. Piriform, which was purchased by popular security software company Avast last July, was hacked last August, and the changes to the installer packages could potentially allow hackers to control the devices of more than two million users, the company and independent researchers said on Monday."

snip

https://www.techpowerup.com/237111/piriform-hacked-ccleaner-august-versions-v5-33-6162-injected-compromised

1 person likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now