Posts

. Hacking News — learn more about it — The Hacker News


Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

January 22, 2021Ravie Lakshmanan

SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access ( SMA ) that are used to provide users with remote access to internal resources. “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products,” the company exclusively told The Hacker News. The development comes after The Hacker News received reports that SonicWall’s internal systems went down earlier this week on Tuesday and that the source code hosted on the company’s GitLab repository was accessed by the attackers. SonicWall wouldn’t confirm the re

Source…

Former ADT technician admits to hacking into customer’s accounts to watch real-time video feeds in homes


DALLAS, Texas — A former security technician faces up to five years in prison after admitting to authorities that he repeatedly hacked into home video camera feeds.

Telesforo Aviles, 35, pleaded guilty Thursday in federal court to charges of computer fraud, according to the U.S. Attorney’s Office for the Northern District of Texas.

Aviles worked for ADT security and accessed around 200 customer accounts more than 9,600 times, the FBI said.

“Mr. Aviles admits that contrary to company policy, he routinely added his personal email address to customers’ “ADT Pulse” accounts, giving himself real-time access to the video feeds from their homes,” U.S. Attorney spokesperson Erin Dooley said in a statement. “In some instances, he claimed he needed to add himself temporarily in order to “test” the system; in other instances, he added himself without their knowledge.”

The incidents took place over a period of four and a half years.

ADT officials told the Dallas Morning News that the affected customers were alerted to the intrusions and that the company “deeply regrets” the incidents.

“This defendant, entrusted with safeguarding customers’ homes, instead intruded on their most intimate moments,” said Acting U.S. Attorney Prerak Shah in a statement. “We are glad to hold him accountable for this disgusting betrayal of trust.”

“Mr. Aviles took note of which homes had attractive women, then repeatedly logged into these customers’ accounts in order to view their footage for sexual gratification,” authorities said. “Plea papers indicate he watched numerous videos of naked women and couples engaging in sexual activity inside their homes.”

Authorities said the case is a reminder for people to practice ‘cyber hygiene by reviewing authorized users and routinely changing passwords.

If you believe you’ve become a victim of cybercrime, you can contact the FBI’s Internet Crime Complaint Center at 1-800-225-5324.

Source…

CSUF cybersecurity students test their ‘ethical hacking’ abilities – Orange County Register


It has been said that the best defense is a good offense. So, although many cybersecurity experts and firms go to great lengths to defend themselves from attack, the idea of “offensive security” has become an important component in computer science.

On Jan. 7-10, a squad of Cal State Fullerton students had a chance to test its offensive capabilities by competing in the National Collegiate Penetration Testing Competition. Junior-high snickering that the name conjures aside, the tournament is one of the top collegiate cybersecurity competitions in the country.

Corporations and countries are always looking to build a better mousetrap, and the mice — or hackers — will always look for new ways to beat, circumvent, infiltrate or otherwise disable them.

As a result, offensive security studies approach the field from a hacker’s perspective by exploring how to attack systems. There’s even a term in the lexicon: “ethical hacking.”

According to Mikhail Gofman, director of Cal State Fullerton’s Center for Cybersecurity, independent attack-testing companies have become a robust part of the industry and thousands of security jobs are out there, many that pay well.

“This is the kind of skill set that is very much in demand,” he said.

The tournament was created in 2015 and held virtually this year for the first time due to the pandemic. The tourney featured an international field of 15 schools, including Rochester Institute of Technology, Stanford, Cal Poly Pomona, Bournemouth University in England and RIT-Dubai.

A year after failing to make the tournament, the Titans qualified with a fourth-place finish in the Western Regionals behind City College of San Francisco, Cal Poly and Stanford.

Sixty-seven universities from across the globe competed in their respective qualifying competitions.

This year, RIT, the traditional home for the national competition in nonpandemic times, won the title, followed by Stanford and Cal Poly Pomona. Teams out of the top three were not individually named.

In 2018, Fullerton finished in second place in the national finals.

The Titan team will return all but one of its members to school next year.

Cal State Fullerton junior Josiah Peedikayil…

Source…

Former ADT Technician In North Texas Pleads Guilty To Hacking Home Security Cams, Faces Up To 5 Years In Prison


DALLAS (CBSDFW.COM) – A home security technician has pleaded guilty to repeatedly hacking into customers’ video feeds, announced Acting U.S. Attorney for the Northern District of Prerak Shah.

Telesforo Aviles, a 35-year-old former ADT employee, pleaded guilty to computer fraud on Thursday, Jan. 21, in federal court.

“This defendant, entrusted with safeguarding customers’ homes, instead intruded on their most intimate moments,” said Acting U.S. Attorney Prerak Shah. “We are glad to hold him accountable for this disgusting betrayal of trust.”

“The defendant used his position of employment to illegally breach the privacy of numerous people. The FBI works with our law enforcement partners to thoroughly investigate all cyber intrusions and hold criminals accountable for their actions,” said FBI Dallas Special Agent in Charge Matthew J. DeSarno. “Cyber intrusions do not only affect businesses, but also members of the public. We encourage everyone to practice cyber hygiene with all their connected devices by reviewing authorized users and routinely changing passwords. If you become the victim of a cybercrime, please contact the FBI through ic3.gov or 1-800-CALL FBI.”

According to plea papers, Aviles admits that contrary to company policy, he routinely added his personal email address to customers’ “ADT Pulse” accounts, giving himself real-time access to the video feeds from their homes.

In some instances, he claimed he needed to add himself temporarily in order to “test” the system; in other instances, he added himself without their knowledge.

According to the U.S. Attorney’s Office, Aviles took note of which homes had attractive women, then repeatedly logged into these customers’ accounts in order to view their footage for sexual gratification, he admits.

Plea papers indicate he watched numerous videos of naked women and couples engaging in sexual activity inside their homes.

Over a four and a half year period, Aviles secretly accessed roughly 200 customer accounts more than 9,600 times without their consent, he admits.

Aviles, who waived indictment and was charged via an information, now faces up to five years in federal prison.

The Federal…

Source…