Posts

5 Actionable Tips to Keep Your Passwords From Being Hacked


It’s no secret that the internet has become a breeding ground for hackers and criminals. The headlines are full of stories about people getting their identities stolen, their money drained from bank accounts, or worse yet, being blackmailed.

It’s not just celebrities who have been hacked either – it happens to ordinary citizens too. And the scary thing is that hacks at times do occur due to weakness from your side. Here’s how to arm yourself well.

1) Use a Password Manager

You might think that because your passwords are different on every site, they would be safe – but this isn’t always true. All of those sites can be breached by one hacker if he gets into any of them.

They can then use the information there to access all your other accounts. This is why you need a password manager.

With it, you can have unique and complex passwords for each site while still only remembering one master password that will unlock all of them at once. You even don’t have to place your master password. Password Managers come with several built-in security features so they can be accessed only by you.

It’s essential to seek professional help on the different forms of password hacks. This way, you learn the best ways to safety. If it’s phishing, for instance, professional guidance in business and enterprises will show you how best to enlighten you on the threats to your business security.

In the modern world, it’s worthwhile to learn about the different routes cybercriminals use in laying traps.

2) Utilize Multi-Factor Authentication

Don’t think that just because you have a secure password with numbers and letters, numbers, and special characters make it safe from being hacked. That’s not enough to protect your accounts anymore. Hackers are now targeting the user themselves by utilizing phishing and social engineering.

Criminals will wait until you’re logged in before they try to hack you. So, before logging in through your password, the site…

Source…

FBI email servers hacked in a recent hacker-security researcher feud


FBI

Source:
TechViral

FBI or the Federal Bureau of Investigation has recently been compromised in a dark web feud between hackers. The hackers have allegedly hacked into FBI email servers to send messages to a dark web security researcher. This is something that was unexpected to any of us, but it turns out that the FBI’s security enhancements have to be updated, and they were not as good as they claimed it to be.

There are hackers that lay low on the dark web and then there are security research companies that target these hackers to bring them down. This time, the rivalry has become public as the hackers hacked into the Federal Bureau of Investigation which, according to a report by Bleeping Computer and Engadget, has confirmed the breach. FBI told the reporters that their systems were compromised early on 13th November to send fake messages to Vinny Troia, the leader of dark web security research companies- Shadowbyte and NightLion.

Now, as mentioned in a report by Engadget, Spamhaus, a non-profit intelligence organization shed light on these fake messages. However, they confirmed that the hackers have used legitimate FBI systems to conduct the attack, using email addresses that were found in the FBI’s database for the American Registry of Internet Numbers, among multiple other sources. This is an enormous hack that could have led to a disaster but the hackers used it only to target the dark web researcher. The reported further note that more than 10,000 addressed were involved in receiving these fake messages in a total of two waves, according to Engadget and Bleeping Computer.

Troia, the security researcher who was the recipient of these fake emails says that this could have something to do with “Pompomourin”, an entity that has attempted an attack on the researcher in the past, however, there is no official confirmation for the same, yet. As a precautionary measure, the FBI has asked the email recipients to report fake emails like to its Cybersecurity and Infrastructure Security Agency or the Internet Crime Complaint Centre.

Source…

FBI email servers were hacked to target a security researcher


The FBI appears to have been used as a pawn in a fight between hackers and security researchers. According to Bleeping Computer, the FBI has confirmed intruders compromised its email servers early today (November 13th) to send fake messages claiming recipients had fallen prone to data breaches. The emails tried to pin the non-existent attacks on Vinny Troia, the leader of dark web security firms NightLion and Shadowbyte.

The non-profit intelligence organization Spamhaus quickly shed light on the bogus messages. The attackers used legitimate FBI systems to conduct the attack, using email addresses scraped from a database for the American Registry for Internet Numbers (ARIN), among other sources. Over 100,000 addresses received the fake emails in at least two waves.

The FBI described the hack as an “ongoing situation” and didn’t initially have more details to share. It asked email recipients to report messages like these to the bureau’s Internet Crime Complaint Center or the Cybersecurity and Infrastructure Security Agency. Troia told Bleeping Computer he believed the perpetrators might be linked to “Pompomourin,” a persona that has attacked the researcher in the past.

Feuds between hackers and the security community aren’t new. In March, attackers exploiting Microsoft Exchange servers tried to implicate security journalist Brian Krebs using a rogue domain. However, it’s rare that they use real domains from a government agency like the FBI as part of their campaign. While that may be more effective than usual (the FBI was swamped with calls from anxious IT administrators), it might also prompt a particularly swift response — law enforcement won’t take kindly to being a victim.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Source…

Printer plays AC/DC, Samsung Galaxy S21 hacked twice


Pwn2Own: Printer plays AC/DC, Samsung Galaxy S21 hacked twice

Trend Micro’s ZDI has awarded $1,081,250 for 61 zero-days exploited at Pwn2Own Austin 2021, with competitors successfully pwning the Samsung Galaxy S21 again and hacking an HP LaserJet printer to play AC/DC’s Thunderstruck on the contest’s third day.

Contestants earned $70,000 during the fourth day, $238,750 on the third day, $415,000 on the second, and $362,500 during the first day.

The Synacktiv team won the contest after getting $197,000 in cash for their zero-days and 20 Master of Pwn points, with a six-point lead over the DEVCORE team, which finished with 14 points and earned a total of $140,000.

Over the four days of competition, the contestants compromised printers, routers, NAS devices, and speakers from Canon, HP, Western Digital, Cisco, Sonos, TP-Link, and NETGEAR after exploiting 61 previously unknown security flaws known as zero-day vulnerabilities.

The full Pwn2Own Austin 2021 schedule and the results following each challenge are available here.

Pwn2Own Austin 2021 final leaderboard
Pwn2Own Austin 2021 final leaderboard (ZDI)

Sam Thomas (@_s_n_t) from team Pentest Limited (@pentestltd) was the one who compromised the Samsung Galaxy S21 running the latest Android 11 security updates on the third day using a unique three-bug chain and earning $50,000.

The Samsung Galaxy S21 escaped a hacking attempt on the first day after F-Secure Labs’ Ken Gannon didn’t get his zero-day exploit to work within the allotted time.

Mr L and Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) of STARLabs were able to get code execution on the Samsung Galaxy S21 on the second day of Pwn2Own.

However, despite their success and winning $25,000, their attempt was tagged as a “collision” after it was revealed that they used a bug known to the vendor. 

The third day of Pwn2Own also saw the F-Secure Labs team turning an HP LaserJet printer into a jukebox using a stack-based buffer overflow to play AC/DC’s Thunderstruck. 

At this edition of…

Source…