Category Archives: Cyber Attack

GlobalHackNews Is The Popular Blog of IT Security, Cybersecurity, and Latest Hacking News Update. Read Regular News to Improve Your Security.

Cyber Attack, Hack News

Email provider VFEmail’s US servers Hacked After Catastrophic Data Loss

Leave a comment

VFEmail

Hackers have breached the U.S. servers of privacy-focused VFEmail.net and wiped were hacked into on February 11 and destroying on primary and the backup system’s data. attack down without notice the company’s site and webmail client is calling “catastrophic destruction” . some 60,000 emails sent and received over more than a decade

“This is not looking good,” the company tweeted.

All externally facing systems, of differing OS’s and remote authentication, in multiple data centers, are down.”

It added: “

At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost. 

After hack Two hours later, VFEmail announced on official Twitter handle that the hackers were able to format each and every disk on all servers, with all(Vendor management system) VMs, lost in the process.

Email provider VFEmail’s US servers Hacked After Catastrophic Data Loss

“I have an account with that site, all the email in my account was deleted,” Senchak said.

After 17 years if I was planning it shut it down, it’d be shut down by me – not script kiddies.

VFEmail is the first service which gets its data destroyed in a hacking attack without receiving a ransom note to avoid catastrophic data loss.

VFEmail developer says statement posted to its website gave more details. It also pointed to an IP address which looks to be registered in Bulgaria.

Hacker note 

vfe mail hack

!!!ALERT!!!! Update Feb 11 2019
www.vfemail.net and mail.vfemail.net are currently unavailable.
We have suffered catastrophic destruction at the hands of a hacker, last seen as aktv@94.155.49.9
This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can.

New updates 2/11/19 6pm CST:

  • Incoming mail is now being delivered.
  • Webmail is up. Note-mailboxes are created upon new mail delivery. If you cannot login, you may not have received mail.
  • Mailboxes are new, no subfolders exist.
  • No filters are in place. If you created a filter with Horde, Login to Horde, Create any folders you need. 
    Click Filter, Click Script, then click ‘Activate Script’.
  • There is no spam scanning at this time – Incoming mail may be Spam scanned depending on DNS status.
  • Free users should not attempt to send email, there is currently no delivery mechanism for free accounts. Paid accounts should be useable, including Horde/Roundcube contacts and calendars.

At this time I am unsure of the status of existing mail for US users. If you have your own email client, DO NOT TRY TO MAKE IT WORK.
If you reconnect your client to your new mailbox, all your local mail will be lost

Cyber Attack, Hack News, Malware, TechNews, Vulnerability

Fortnite Bug Hacker Takeover Your Gamers’ Accounts

Leave a comment

fortnite accounts hacked

Checkpoint researchers found a bug to Fortnite Accounts Hacked‘, the account authentication process for the massively popular online battle game players accounts hacks to takeover. Hacker could have stolen login tokens by just duping the victim into clicking a WhatsApp and any social sharing link.

The sequence of an unvalidated subdomain and cross-site scripting (XSS) bug to load a JavaScript that would make allowed to bypass the protections implemented by the single sign-on (SSO) access control mechanism used for logging into Fortnite access account and most importantly an OAuth account to Fortnite Accounts Hacked.

According to the Checkpoint researchers, the cross-site scripting (XSS) bug and a malicious direct redirect issue on the Epic Games’ subdomains allowed attackers to hijack users’ authentication token simply by dumping them into clicking an especially web link.

Single Sign-On (SSO) shifts the authentication engagement to a trusted third party like (Google, Facebook, X-Box, PlayStation), which authorizes access to the resource with the access token. Fortnite Accounts Hacked

Fortnite Bug Hacker Takeover Your Gamers’ Accounts

The Fortnite user used an unvalidated domain for the login page accounts.epicgames.com, which could be redirected to another online location to hacked Accounts.

Fortnite Accounts Hacked

Epic Games’ request to their server, along with the attacker’s “crafted state” parameters received from the single sign-on (SSO)

hacking-fortnite

CheckPoint has released a video showing the exact steps of the attack and how easy it would have been to trick a Fortnite user into clicking the wrong link. The original research is available Checkpoint 

Fortnite popularity, with at least 80 million monthly players, while statistics point to nearly 250 million registered users.

Bypassing the WAF

The XSS payload was executed the WAF took effect and told us that the request was forbidden. Apparently, the only issue was the length of the script source URL, so we simply bypassed it by using a shortened URL.

Now that we had the XSS we could load our own JavaScript which, in turn, would be executed in the context of “ut2004stats.epicgames.com”. [Source:-checkpoint]

Fortnite Accounts Hacked-4

According to CheckPoint, researchers notified Epic Games’ developer of the Fortnite vulnerabilities which the company fixed in mid-December.

Fortnite developer advice players are also to enable two-factor authentication (2FA) which prompts users to enter a security code sent to their email when logging into the Fortnite game account.

Cyber Attack, Hack News, internet

Some Popular Web Hosting Companies found Vulnerable

Leave a comment

some-popular-web-hosting-provider-found-vulnerableA security researcher has identified multiple vulnerabilities to take over web hosting provider customer’s account if your account in Bluehost, Dreamhost, HostGator, OVH, and iPage then be aler,   from the largest web hosting companies on the internet. Could be compromised with one click client-side vulnerabilities

Paulos Yibelo a strong passion for Web Application Security and Applied Security Research, who share with his new research to GlobalHackNews to identified  about a dozen dangerous security vulnerabilities in Bluehost, Dreamhost, HostGator, OVH, and iPage, which amounts to approximately eight million domains “All five had at least one serious vulnerability allowing a user account hijack,” he told GlobalHackNews, with which he shared his findings before going public

Vulnerable Reported in Popular Web Hosting Provider

This research was done by Paulos Yibelo, experimented all the five web hosting provider find vulnerabilities and found several accounts takeover oss-scripting, and information disclosure vulnerabilities.[Source :-websiteplanet]

1. Bluehost – Web Hosting Companies Vulnerable

Endurance International Group (EIG) formerly BizLand, is a web hosting company owned by Endurance which also owns Hostgator and iPage, the three hosting provide more than 2 million sites in the world. Bluehost – Multiple Account Takeover and Information Leak Vulnerabilities.

  • Information leakage through cross-origin-resource-sharing (CORS) misconfigurations
  • Account takeover due to improper JSON request validation CSRF
  • A Man-in-the-middle attack can be performed due to improper validation of CORS scheme
  • Cross-site scripting flaw on my.bluehost.com allows account takeover (demonstrated in a proof-of-concept, below)

2.Dreamhost—Web Hosting Companies Vulnerable

DreamHost is a Los Angeles-based web hosting provider and domain name registrar. It is owned by New Dream Network the hosting provider more than one million domains were found vulnerable to:

  • Account takeover using cross-site scripting (XSS) flaw

3. HostGator

  • Site-wide CSRF protection bypass allows complete control
  • Multiple CORS misconfigurations leading to information leak and CRLF

4. OVH Hosting 

OVH is a French cloud computing company that offers VPS, dedicated servers and other web services. the company more than four million domains around the world was found vulnerable to:

  • CSRF protection bypass
  • API misconfigurations

5. iPage Hosting

  • Account takeover flaw
  • Multiple Content Security Policy (CSP) bypasses
Cyber Attack, Hack News

202 Million Chinese Job Seekers private resumes exposed On the Internet

Leave a comment

chinese-job-seekers-private-resumes-exposed

Cybersecurity expert has found a bug where online a massive database list of more than 200 million Chinese jobs seekers private data on the Internet without authentication until last week by Chinese job seekers private resumes

The unprotected 854 GB of the database was stolen in a MongoDB database with no password/login authentication. Which NoSQL high-performance database server, hosted by an American hosting provider company.

The same IP also appeared in Shodan search results:

chinese-job-seekers-private-resumes-exposed-2

In total database content of the 202,730,434  recode about the China job seeker skills and work experience and also on their personal info, like as mobile phone number, email, weight, politics, height, marriage details, children, driver license, literacy level, salary expectations and more.

202 Million Chinese Job Seekers private resumes exposed On the Internet

chinese-job-seekers-private-resumes-exposed-3

Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof analyze the date steam two weak ago and classified an open and unprotected MongoDB instance to Chinese Job Seekers private resumes exposed

“MongoDB log showed at least a dozen IPs who might have accessed the data before it was taken offline,” Diachenko said.

The source of the data unknown, Diachenko thinks someone has used an old resume scraping The tool named “data-import” seems to have been created to scrape data from different Chinese classifieds, like bj.58.com and etc. the format of the of Seekers data  matches the way scraping tool stores collected information

The security team of BJ.58.com did not confirm that the data originated from their source

We have searched all over the database of us and investigated all the other storage, turned out that the sample data is not leaked from us.

It seems that the data is leaked from a third party who scrape data from many CV websites.

Cyber Attack

Rail operator website hacked for demanding bitcoin

Leave a comment

rail-operator-website-hackedRail operator website hacked: The website of  www.luas.ie  rail operator in Dublin, Ireland, has been taken offline today after hacker change content with a ransom note to demanding one bitcoin (currently $3,845) not to publish customer data.
Users who tried reaching the tram operator website last Tuesday saw a message claiming the website has been hacked and the company has taken the website down. Users are advised not to reach the website.

 

Before the website was taken down, it showed a message from a perpetrator bothered by the operator’s lack of response to their messages informing of security problems.

You are hacked

some time ago I wrote that you have serious security holes you didn’t reply the next time someone talks to you,
press the reply button you must pay 1 bitcoin in 5 days otherwise,
I will publish all data and send emails to your users
BTC address:
3FsR4CTUmumBJK12Zk8QRwdpPTJEY11aSX

Rail operator website hacked for demanding bitcoin

Luas confirm to says no financial information has been compromised, and the company to contact the affected users within 24 hours.

Luas twit that website has been recovery and the malicious message remove to the homepage of the website. We currently working on the issue for removing the unwanted file

Cyber Attack, Hack News

Hackers have hijack thousand of Google Chromecasts to promote PewDiePie

1 Comment

 

Felix Kjellberg who was known as PewDiePie , his position as the YouTuber with the most subscribers have caused many internet users, And he currently has the most subscribers in the world, with more than 79,859,500+ loyal fans who want him to stay in the top position.

PewDiePie, the currently most-subscribed-to channel on YouTube, is at stake of losing his position as the number one position by an Indian company called T-Series with more than 78,852,500+ Subscriber, with simply uploads videos of Bollywood trailers and songs.”

  • A group of hackers hijacked as many as 5,000 smart TVs and Chromecast devices worldwide, forcing them to play a video in support of YouTube star Felix “PewDiePie” Kjellberg.
  • The hacking incident is the third since late November to promote PewDiePie, following cyber attacks on The Wall Street Journal and more than 100,000 printers.
  • The hackers claim the primary goal of the hack is to make people aware of security flaws in their technology.
  • PewDiePie has not claimed involvement, but has joked about the hacks on Twitter as they are reported

A group of hackers has hijacked tens of thousands of Google’s Chromecast streaming dongles, Google Home smart speakers and smart TVs with built-in Chromecast technology in previous weeks by exploiting a bug that’s allegedly been ignored by Google for almost five years.

  The attackers, who go by Twitter handles @HackerGiraffe and @j3ws3r, managed to hijack Chromecasts’ feeds and display a pop-up, spreading a security warning as well as controversial YouTube star PewDiePie propaganda.

 Interestingly, Google was made aware of the Chromecast bug multiple times since 2014 shortly after the streaming device was launched and also acknowledged the hack, but the company has decided to ignore the issue 

Hackers hijack thousand of Google Chromecasts to promote PewDiePie

Moreover, an attacker can also remotely force affected devices into playing media of their choice, rename devices, force factory reset or reboot the device, force it to forget all WiFi networks, or force the affected device to pair with new networks.

UPnP comes enabled by default on every internet-connected device, creating a hole in your router’s security that could allow malware to infiltrate any part of your local network. Hackers have compromised UPnP several times in the past.

Cyber Attack, Hack News

200,000 MikroTik Routers Hacked and Turned Into Crypto-Mining Zombies

Leave a comment

MikroTik Routers hacked

MikroTik routers Independent malware investigator has discovered a massive crypto jacking campaign to targets MikroTik routers and re-arrange their setup setting to insert a copy of the Cognitive in-browser cryptocurrency miners on computers connected to them.more than 210,000 routers from Latvian network hardware provider Mikrotik across the world.

 

The first campaign, noticed by Trustwave researchers, began with targeting networking devices in Brazil, where a hacker oTroy Mursch, another security researcher, has identified two similar malware campaigns that infected 25,500 and 16,000 MikroTik routers, mainly in Moldova, with malicious cryptocurrency mining code from infamous cognitive service.r a group of hackers compromised more than 183,700 MikroTik routers.MikroTik Routers hacked-globalhacknews

The first campaign, noticed by Trustwave researchers, began with targeting networking devices in Brazil, where a hacker or a group of hackers compromised more than 183,700 MikroTik routers.

Global Hacker-Troy Mursch has classified two similar malware attacks that affected 25,500 and 16,000 MikroTik Routers hacked, with malicious cryptocurrency mining code from infamous coinhive 

Hacker adding Coinhive’s Javascript within all web page that a user using regularly a vulnerable router, ultimately charging every compared computer to unknowingly mine Monero cryptocurrency for the miscreants.

Hacker created a custom error page with the CoinHive script in it” and “if a routers user receives an error page of any kind while web browsing, they will get this custom error page which will mine CoinHive for the attacker,” says Trustwave researcher Simon Kenin.
the attacker uses a zero-day in the Winbox component of routers. MikroTik patched the zero-day in less than a day, back in April, but this didn’t necessarily mean that router owners applied the required patch.,” Kenin said.

It’s a good reminder for users and IT managers who are still running vulnerable MikroTik routers in their environment to patch their devices as soon as possible

The security flaw can probably enable an attacker to gain unauthenticated, remote administrative entrance to any vulnerable MikroTik router.

Cyber Attack, Hack News

Security Flaws Uncover in LTE (4G) Mobile Telephony Network Protocol

Leave a comment

4g Mobile Network Protocol hackingAlter Attack : A team of researchers has discovered yesterday that reports three attacks against the 4g network protocol  standard LTE (Long-Term Evolution), also known as 4G, that could permit involved hackers to spy on customer ‘ cellular networks data, and also  even can re-route them to malicious or phishing websites(a website fingerprinting attack)

LTE is the latest mobile telephony model used by billions of user planned to bring many security changes over the ancestor measure known as (GSM) Global System for Mobile communications.

Know about aLTEr Attack?  How aLTEr Attack Targets 4G LTE Networks?
aLTEr because of its intrusive skills, which used in experiments to redirect users to malicious URL by altering DNS spoofing. Here is a demo of an aLTEr attack recorded by researchers.

The team explained how an active attacker could redirect DNS requests and then do a DNS spoofing attack, generating the victim mobile device to use a malicious DNS server that ultimately redirects the victim to a malicious site masquerading as Hotmail.

Also, set up two servers, their DNS server, and an HTTP server, to affect how an attacker can redirect network bonds.

Attack Possible because of weak Long-Term Evolution encryption :
Technical detachments of the three attacks, the three vulnerabilities exist in one of the two LTE layers called the datasheet,

1. That transports the user’s actual data.
2. A layer is the control layer
3. And that’s the one that controls and keeps the user’s 4G connection running.

According to researchers, the vulnerabilities exist because the data layer is not safe, so a hacker can easily intercept, and then transfer the modified packets to the actual cell tower They can do this because 4G data packets are not integrity-protected

That flaws also impact upcoming 5G standard: alter attackalter attack

Three researchers researcher from New York University and the Ruhr-University in Bochum, Germany, say they have reported important institutions such as the GSM Association (GSMA), (3Gp)3rd Generation Partnership Project about the issues they discovered. the forthcoming version of the 5G standard in its popular form. researchers stated that the 5G model incorporates supplementary security features to check aLTEr attacks.

Cyber Attack, Hack News

Unplug your Alexa devices immediately, You’re being hacked

Leave a comment

Unplug your amazon Alexa devicesUnplug your Alexa devices immediately, You’re being hacked

A couple from Portland received a call from a friend “Unplug your Amazon Alexa immediately, You’re being hacked” he said in a speedy.

KIRO7 reports, Danielle contacted Amazon Alexa to investigate, after he says a private conference in their house was recorded by Amazon’s Alexa device, and also that the recorded audio was transferred to the phone of a randomly in  Seattle, who was in the family’s contact list. In a report issued on Thursday(24th may 218), and  Amazon Alexa engineer confirmed that the conversation was accidentally recorded by the device.

“My husband and I would joke and say I’d bet these devices are listening to what we’re saying,” said Danielle.

Danielle says the engineer did not provide specifics about why it happened, or if it’s a widespread issue.

“He told us that the device just guessed what we were saying,” she said.

Danielle said the device did not audibly advise her it was preparing to send the recording, something it’s programmed to do.

The couple notified that each room in their home was wired with the Alexa devices to control the lights and security system.

Amazon’s Alexa recorded a family’s conversation and sent it to random people on the contact list 

 

We unplugged all of them and he proceeded to tell us that he had received audio files of recordings from inside our house,” she said. “At first, my husband was, like, ‘no you didn’t!’ And the (recipient of the message) said ‘You sat there talking about hardwood floors.’ And we said, ‘oh gosh, you really did hear us.'”

“I felt invaded,” she said. “A total privacy invasion. Immediately I said, ‘I’m never plugging that device in again because I can’t trust it.'”

Ryan Calo, a law professor who co-directs the University of Washington’s tech policy laboratory, agreed that the glitch Amazon called is unlikely.

“What makes it particularly unfortunate is the sense that Amazon Echo users will have that there’s any prospect that what they say in their private home might end up outside the home,” Calo said.

“We feel less reassured about the control we assert over it than we once did. It’s the feeling you have to watch what you say in front of a device that’s supposed to make your life better.”

Cyber Attack, Vulnerability

Google new rules to  Necessary for OEMs to Roll Out Android Security Updates Regularly

Leave a comment

Android security has been a vision since its facts , Mainly the reason being is android users don’t receive users latest security patch updates regularly and information Literary, it’s your device operator (Android OEMs) really who takes time to roll out of security patches for your Android devices and constantly, caught lying notification about Android security 94% customers feedback that their smartphones are running the latest updates.

Similarly, Google did not have control over the OEM branded firmware running on billions of Android devices, it brought few significant different to the Android security architecture expert last year with Project Treble gain more control over the update. Google made some progress in the past year, the problem with the security update remains because of OEMs not delivering all patches regularly and on a timely basis, leaving parts of the Android ecosystem exposed to hackers. But here’s good news Good news for Android P Users,

Google will require operators to wave regularly security updates for their Android Devices. While highlighting the future security settings in Android P at Google I/O Developer Conference,

Android platform CEO  David Kleidermacher announced that the organization had modified its OEM deals to add regular security patches for all devices to update Android security

“We’ve also worked on building security patching into our OEM agreements. Now this will really…lead to a massive increase in the number of devices and the user receiving regular security patches,” XDA Developers quoted Kleidermacher as saying.

As the company has not shared term of the bonds, it is unclear if the terms are approved only for flagship devices, or all new devices launched with Android P or older and breathing devices already in the market.

As of now, there are not several details about the updated Android partner agreement, however, maybe new advances made by Google developers  will clearly have a huge impact on the overall state of Android security and benefit billions of Android users