Company That Routes Billions of Text Messages Quietly Says It Was Hacked

A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide. 

The company, Syniverse, revealed in a filing dated September 27 with the U.S. Security and Exchange Commission that an unknown “individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers.”

Keep reading

Scraped data of 1.5 BILLION Facebook users offered for sale on the dark web – reports

Facebook, Messenger, Instagram, and WhatsApp are all down, but CEO Mark Zuckerberg has another headache: The personal data of 1.5 billion customers, scraped from his platform, is reportedly being offered for sale on the dark web.

User IDs, real names, email addresses, phone numbers, and locations are among the data of more than 1.5 billion Facebook customers that’s up for sale, according to a report on the cybersecurity news outlet Privacy Affairs on Monday. The going price has been quoted as $5,000 for a million names.

The data “appears to be authentic” and was obtained through “scraping” – getting the information that users set to ‘public’ or allow quizzes or other questionable apps or pages to access.

It’s the “biggest and most significant Facebook data dump to date,” according to the publication – about three times greater than the April leak of 533 million phone numbers. Facebook said at the time this was “old data” and the security vulnerability responsible had been patched back in 2019.

Privacy Affairs reported that one purported buyer was quoted the price of $5,000 for a million entries. Another user claimed they had paid the seller but had received nothing, and the seller had not yet responded. The samples of data provided to the unnamed “popular hacking-related forum” appeared to be real, the outlet said.

Facebook, Messenger, WhatsApp, and Instagram, all owned by Zuckerberg’s social media behemoth, were struck by a serious global outage that began on Monday. However, the data dump doesn’t appear to be related to the outage itself.

Keep reading

Hackers claim to have stolen trove of data from Epik, web host for multiple right-wing platforms

A hacktivist group claims to have stolen a decade’s worth of data from web company Epik. The firm is known for hosting conservative platforms such as Parler and sites belonging to organizations like the Proud Boys.

On Monday, independent journalist Steven Monacelli shared a press release from hacking group Anonymous in which it claimed to have successfully infiltrated web domain registrar Epik. 

The group says it has stolen “a decade’s worth of data,” including information on Epik’s clients and users. The data, Anonymous claims, is “all that’s needed to trace actual ownership and management of the fascist side of the Internet that has eluded researchers, activists, and, well, just about everybody.” 

Anonymous said that the 180 gigabytes of data recovered by the hackers would be released for free public download. It has since been made available.

The group also claims that Epik did not encrypt any data, noting that everything including logins was there in plain text. They state that Russian developers allegedly used by Epik were bad at their jobs: “they probably enjoyed snooping through all your s**t just as much as we did.” The statement notes that credit card data wasn’t taken, adding, “FBI, we’re not in that game.”

Epik is no stranger to controversy. The firm hosts sites like free-speech focused Twitter competitor Gab, imageboard website 8chan, and Alex Jones’ InfoWars. It also hosts websites linked to the Proud Boys and Oath Keepers, a right-wing group that includes current and former military, law enforcement, and first-responder personnel who have sworn oaths to defend the US Constitution “from all enemies, foreign and domestic.” 

Keep reading

Secret terrorist watchlist with 2 million records exposed online

A secret terrorist watchlist with 1.9 million records, including classified “no-fly” records was exposed on the internet.

The list was left accessible on an Elasticsearch cluster that had no password on it.

Millions of people on no-fly and terror watchlists exposed

In July this year, Security Discovery researcher Bob Diachenko came across a plethora of JSON records in an exposed Elasticsearch cluster that piqued his interest.

The 1.9 million-strong recordset contained sensitive information on people, including their names, country citizenship, gender, date of birth, passport details, and no-fly status.

Keep reading

Hackers Hit Illinois Police Database Of Gun Owners

I suppose there’s one bit of good news for the tens of thousands of Illinois residents who’ve been waiting for a year or more for their Firearm Owner ID cards; thanks to the lengthy delays by the Illinois State Police their information wasn’t yet entered into a database that was the recent target of hackers attempting to gain access to the personal details of FOID card holders.

The official story from the Illinois State Police, at least at first, was that there was an “attempted” breach of personal information, but that hackers weren’t able to actually gain access. Over at The Truth About Guns, however, John Boch reported that he’s been hearing something different from a few local gun shops.

The Illinois State Police have reportedly told some gun dealers that hackers breached their security protocols. The gun dealers sharing this information with me wished to remain anonymous out of fear of retribution from the Governor’s office.

What’s more, according to those inside the ISP, an unspecified amount of gun owners’ personal data was reportedly downloaded by the hackers.

This past weekend, the website was shut down completely for an upgrade to remedy the security vulnerabilities that the hackers exploited.

And after keeping mum about the cyberattack for most of the week, on Friday afternoon, the Illinois State Police finally admitted that the personal details of more than 2,000 FOID holders have been “possibly” compromised.

Keep reading

Hackers Scrape 90,000 GETTR User Emails, Surprising No One

Hackers were able to scrape the email addresses and other data of more than 90,000 GETTR users.

On Tuesday, a user of a notorious hacking forum posted a database that they claimed was a scrape of all users of GETTR, the new social media platform launched last week by Trump’s former spokesman Jason Miller, who pitched it as an alternative to “cancel culture.” The data seen by Motherboard includes email addresses, usernames, status, and location. 

One of the people whose email is in the database confirmed to Motherboard that they are indeed registered to GETTR. Motherboard also verified the database by attempting to create an account with three email addresses that appear in the database. When doing that, the site displayed the message: “The email is taken,” suggesting it’s already registered. 

It’s unclear if the database contains the usernames and email addresses of all users on the site. 

Keep reading

Your IoT Device is Likely Spying on You through Backdoor Security Flaws

Many people are used to trading privacy for convenience these days. After all, this is how those with nefarious agendas get people to adopt technology that continually spies on them. IoT technology is no different. A recently discovered security vulnerability from a major manufacturer of IoT devices has exposed just how dangerous this technology can be. The following article from TweakLibrary details how this sort of surveillance technology can wreak havoc upon our lives. – Truth Unmuted Editor Jesse Smith

This Security Vulnerability Could Change An IoT Device Into A Nasty Spy

IoT has had a remarkable impact on our lives. We now have devices connected over a network that are capable of making our lives much easier and comfortable. From smartphones to smartwatches to internet-powered doorbells, door alarms, security cameras, speakers, door locks, lights, bulbs, and baby monitors, the list is just endless. However, with this boon, a bane looms around and that is, miscreants can hack into these devices and if not acted upon promptly, they can wreak havoc on our lives. But, when can hackers feed on IoT devices? The answer is when they sniff a security vulnerability or when we as users don’t practice healthy security habits.

We’ll get into the security habits on a user’s part later in the blog but, let’s first discuss how a security vulnerability can lead a hacker into your IoT device and then into your personal or professional life. Quite recently, a security vulnerability has hit IoT devices. This security flaw can give access to your IoT audio and video feeds and turn into a spying tool.

What is This Security Vulnerability All About? How Severe Is The Security Flaw

As per the researchers at Nozomi Networks Lab and DHS, the security flaw can let malicious attackers tamper with an IoT device. They can easily convert a given IoT device such as a home security camera, a baby monitor, or a smart doorbell into a spying tool. Owing to this vulnerability, they can steal crucial data or spy on video feeds as well. Apart from intruding into one’s personal lives through the aforementioned channels, an attacker can even steal crucial business data such as data related to customers, employees, or even production techniques. The security flaw is indeed very severe. So much so that the Common Vulnerability Scoring System (CVSS) rates it at 9.1/10 on a severity scale.

How Did This Security Flaw Surface?

The flaw is a supply chain bug that was discovered in a software component (P2P SDK) manufactured by a company called ThroughTek who is one of the prominent suppliers of IoT devices. The P2P’s SDK gives remote access to audio/ video streams over the internet. The SDK is found in smart sensors, security cameras such as baby and pet monitoring cameras,  doorbells, etc. and it help a viewer gain access to audio/ video streams. The flaw affects P2P’s version 3.1.5 or before. As Nozomi has demonstrated, the older versions of the SDK allow data packets to be intercepted while in transit. A hacker can refurbish these packets into complete audio or video streams.

ThroughTek’s Defence

ThroughTek has countered this bug in version 3.3 that was released in mid-2020. Though the issue is that quite many devices still run the older build. Secondly, as per ThroughTek, to conduct an attack, a prospective attacker will need to have extensive knowledge of network sniffer tools, network security, and encryption algorithm.

Keep reading

See the light: Philips Hue smart bulbs can be hacked and used to install malware

We’ve all heard the horror stories of hackers remotely steering smart cars off the road, but even the smallest of smart devices can lead to big problems if they’re not monitored carefully.

This was on full display when a flaw was discovered that exposed the home networks of people using the very popular Philips Hue smart bulbs. Researchers from cyber security firm Check Point revealed how a bug enabled them to infiltrate the bulbs with a drone that hovers outside a building. They were able to gain access to the bulbs as well as the control bridge that leads to the users’ network, which means it is possible to compromise a person’s home network or even that of a business or smart city using the bulbs.

To infiltrate the users’ network, the researchers exploited a previously discovered bug that Philips hadn’t fixed that allowed them to control aspects of the bulb like brightness and color. After lowering and raising the brightness or changing the color to trick the user into believing the bulb had a glitch, the user would then reset the product by deleting it from their app and then attempting to rediscover it. However, once they rediscovered the compromised bulb, it was able to offload malware onto the control bridge. The users’ home network is linked to this central hub, which means the malware or spyware could infect the entire network.

Check Point Research Head of Cyber Research Yaniv Balmas said: “Many of us are aware that IoT devices can pose a security risk, but this research shows how even the most mundane, seemingly ‘dumb’ devices such as light bulbs can be exploited by hackers and used to take over networks or plant malware.”

Keep reading

Can We Talk About Joe Biden’s Horrible Choice to Give Putin a List of Things Not to Cyberattack?

“I gave (Putin) a list, if I’m not mistaken I don’t have it in front of me, 16 specific entities, 16 defined as critical infrastructure” that Putin should not cyberattack, Biden said.

We have questions.

Did Biden make Putin pinky swear, cross his heart and hope to die if he attacks items on the list anyway?

Does that list allow Putin a free hand to go and cyberattack anything in the United States that isn’t on it? “You didn’t put it on list, comrade, so we hack it,” Putin chuckles as he text Xi with a string of laughing emojis.

On what planet is it a good idea to give a potential adversary a list of things you do not want him to attack?

When you play Risk, the classic game of world conquest, do you give your competitors a list of countries you don’t want them to attack? Would you expect them to abide by that?

When you play Stratego, the classic strategy war game of intrigue, do you tell your opponent where your spies and bombs are? Do you honestly expect to win if you do that?

When you run for office, do you go meet with your competitor and hand them a list of the skeletons in your closet with a plea not to go after them? Would you expect any of those items to not end up in the media within a nanosecond?

Keep reading

CYBERCRIME: THE NEW FEAR-PORN

Remember that Solarwinds hack last December? Remember how the Government blamed the Russians – again? Well, it turns out the hackers were working from within the United States.

So, why haven’t these ‘Russian’ hackers been arrested?

Why haven’t the FBI, NSA, or the Cybersecurity and Infrastructure Agency, (CISA) identified anyone responsible? In fact, none of these alphabet agencies even detected the cyberattack.

If it wasn’t for FireEye, a private cybersecurity company, the hack would have gone unnoticed and the perpetrators would still be accessing data…

The Solarwinds hack was huge, affecting nine Federal Agencies and over 100 private companies. Microsoft’s President called it “the largest and most sophisticated attack the world has ever seen” and the work of “at least 1,000 very skilled, very capable engineers”.

All the people it took to carry this out, and we’re supposed to believe there’s no trail of evidence that could lead to the perpetrators. The truth is, investigators know exactly where to look.

The hackers used Amazon cloud servers.

Keep reading