Darknet Diaries: The Indo-Pak Conflict

#Kashmir is a region right in between #India, #Pakistan, and #China. For the last 70 years Pakistan and India have fought over this region of the world, both wanting to take #control of it. Tensions sometimes heat up which can result in people being killed. When tensions get high in the real world, some people take to the #internet and #hack their rivals as a form of protest. In this episode we’ll explore some of the #hacking that goes on between India and Pakistan.

📻 #DarknetDiaries #podcast
https://darknetdiaries.com/episode/51/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum

MGM Resorts said security incident took place last summer and notified impacted guests last year.

The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week.

Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world's largest tech companies.

ZDNet verified the authenticity of the data today, together with a security researcher from Under the Breach, a soon-to-be-launched data breach monitoring service.

A spokesperson for MGM Resorts confirmed the incident via email.

👉🏼 Read more:
https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/

#MGM #breach #hack #forum
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Wormable BUG!

Just by sending an innocent-looking image, #remote #attackers could've taken over an organization's entire roster of #Microsoft Teams' #accounts. (Patch Released)

👉🏼 Read more:
https://thehackernews.com/2020/04/microsoft-teams-vulnerability.html

#wormable #bug #attackers #hack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

The A1 Telekom Austria Hack - they came in through the web shells

On the 3rd of February 2020 I received an encrypted email on 3 of my email addresses from a person calling themself "Libertas" with the subject "Information for the public".

"I am writing to you today because you seem to be a IT security related guy from Austria with a brain. I hope this assumption is correct, otherwise please disregard this message.

I am writing concerning your local telecom company A1 Telekom. -Libertas"

At first I thought it's some conspiracy theorist who wants to publish something on my blog (they always do) but it was not one of these cases and I wasn't prepared to what they presented me.

Disclaimer:

After confirming the hack with A1 I was asked to postpone the publishing of this post until A1 has kicked the attackers out. I complied with their request so I wouldn't interfere with the ongoing investigation. Since I did not publish this post for months the whistleblower also contacted a journalist from Heise.de and we agreed to release our articles at the same time.

Since I have no way of checking the validity of individual statements made by the whistleblower, they could all be fabricated. I find them very plausible and many details of the email were confirmed by A1 but keep it in the back of your head that the statements of "Libertas" might be untrue or half-true until confirmed by A1 Telekom. Since I had the opportunity to talk to people from A1 I will add their statements in blue.

👉🏼 Read more:
https://blog.haschek.at/2020/the-a1-telekom-hack.html

👉🏼 Read more 🇩🇪:
https://www.golem.de/news/oesterreich-hackerangriff-bei-a1-telekom-2006-148984.html

#austria #telekom #hack #hacked #Libertas
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Researchers detail huge hack-for-hire campaigns against environmentalists

‘Dark Basin’ is said to have targeted nonprofit groups battling Exxon Mobil

Hackers for hire have targeted thousands of individuals as part of campaigns against environmental advocacy groups, journalists, and others, according to a report produced by Citizen Lab, the University of Toronto’s cybersecurity watchdog group. Citizen Lab dubbed the group behind the campaigns “Dark Basin,” noting that it specifically targeted climate-change organizations who were campaigning against Exxon Mobil.

The report concludes that the campaigns represent “a clear danger to democracy” and could allow powerful organizations to target their opponents. “The extensive targeting of American nonprofits exercising their first amendment rights is exceptionally troubling,” Citizen Lab’s report says. The group has provided its information to federal prosecutors who are investigating the hackers and who hired them, The New York Times reports.

https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/

https://www.nytimes.com/2020/06/09/nyregion/exxon-mobil-hackers-greenpeace.html

#DarkBasin #researchers #hackers #hack #ExxonMobil
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Call Me Maybe: Ea­ves­drop­ping En­cryp­ted LTE Calls With Re­VoL­TE (PoC)

Voice over LTE (VoLTE) is a packet-based telephony service seamlessly integrated into the Long Term Evolution (LTE) standard. By now all major telecommunication operators use VoLTE. To secure the phone calls, VoLTE encrypts the voice data between the phone and the network with a stream cipher. The stream cipher shall generate a unique keystream for each call to prevent the problem of keystream reuse.

👀 👉🏼 https://revolte-attack.net/

#hack #LTE #VoLTE #poc #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Get this - there is a Bitcoin wallet with 69,000 Bitcoins ($693,207,618) that is being passed around between hackers/crackers for the past 2 years for the purpose of cracking the password, no success so far.

👀 👉🏼 https://twitter.com/UnderTheBreach/status/1303316723186139136

#wallet #bitcoin #breach #hack #whynot
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

A Threat Actor is selling several databases from various companies worldwide including 3 from the Financial sector:

- Indonesia 🇮🇩 - 2,9 million records
- Mexico 🇲🇽 - 4,7 million records
- USA 🇺🇸 - 2,2 million records

👀 👉🏼 The Threat Actor shared samples for each DB.
https://nitter.net/Bank_Security/status/1306964926041403393

#hacker #hack #breach #database #worldwide #indonesia #uk #mexico #usa #india #thailand
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

North Korea has tried to hack 11 officials of the UN Security Council

New UN Security Council report reveals repeated targeting of UN Security Council officials over the past year.

A hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council.

The attacks, disclosed in a UN report last month, have taken place this year and have targeted at least 28 UN officials, including at least 11 individuals representing six countries of the UN Security Council.

UN officials said they learned of the attacks after being alerted by an unnamed UN member state (country).

The attacks were attributed to a North Korean hacker group known in the cyber-security community by the codename of Kimsuky.

According to the UN report, Kimsuky operations took place across March and April this year and consisted of a series of spear-phishing campaigns aimed at the Gmail accounts of UN officials.

The emails were designed to look like UN security alerts or requests for interviews from reporters, both designed to convince officials to access phishing pages or run malware files on their systems.

The country which reported the Kimsuky attacks to the UN Security Council also said that similar campaigns were also carried out against members of its own government, with some of the attacks taking place via WhatsApp, and not just email.

Furthermore, the same country informed the UN that Kimsuky attacks have extremely persistent with the North Korean hacker group pursuing "certain individuals throughout the 'lifetime' of their [government] career."

👀 👉🏼 https://www.zdnet.com/article/north-korea-has-tried-to-hack-11-officials-of-the-un-security-council

#northkorea #hack #hacker #un #security #council
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Not Your Usual Supply Chain Hack: The Codecov Bash Uploader Blunder

We all know about the SolarWinds supply chain hack. But, while smaller in scope, Codecov‘s Bash Uploader Security supply chain failure is also a record-setter. And, this is not a record anyone wants to break.

Months after their code was busted Codecov only discovered the foul-up, thanks to a security-conscious user. He checked the Secure Hash Algorithm 1 (SHA-1) checksum for the Github version of Codecov Bash Uploader and the SHA-1 checksum for the downloaded Bash Uploader version with shasum — a Linux program that calculates and verifies SHA-1 hashes — and found they didn’t match. In other words, they were not the same program.

Whoops!

Codecov is a reporting tool that inserts coverage metrics directly into continuous integration (CI) workflows. Its job is to watch for coding problems while running test suites. It especially looks in pull requests where new features and bug fixes are usually found and new bugs and problems often pop up.

Bash Uploader’s task is to export users’ CI environmental data. This includes any credentials, tokens, or keys users were working within their CI runner when the Bash Uploader script was executed. That’s already dangerous enough because its name is perfectly descriptive. Bash Uploader uses the Bash shell and curl to upload unencrypted environmental data to Codecov. And, oh yes, to the attacker’s server as well.

https://thenewstack.io/not-your-usual-supply-chain-hack-the-codecov-bash-uploader-blunder/

💡 Read as well ...
https://t.iss.one/cRyPtHoN_INFOSEC_EN/15695

#supplychain #hack #codecov
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag