Tag Archive for: list

Hospitals urged to tighten DDoS defenses after health data found on Killnet list

/in


The Killnet hacktivist group is actively targeting the health sector with DDoS attacks, claiming to have successfully exfiltrated data from a number of hospitals within the last month, according to a Department of Health and Human Services Cybersecurity Coordination Center alert.

In fact, users found and publicly shared global health and personal information belonging to global health organizations on the alleged Killnet list on Jan. 28.

John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, warned that “As of today, we understand that some of the named entities were, in fact, targeted by DDoS attacks.”

However, the impact of the activity was found to be “minimal and temporary with no impact to care delivery services,” he added. Although DDoS attacks don’t typically cause significant damage, the traffic surges brought on by these cyberattacks can cause website outages that can last for several hours or days.

As such, provider entities should ensure they have adequate DDoS protection for their web hosting.

Killnet is notorious for launching DDoS attacks with “thousands of connection requests and packets to be sent to the target server or website per minute, slowing down or even stopping vulnerable systems,” according to a December HC3 alert that followed a successful attack on a U.S. healthcare entity.

The group operates multiple public channels for recruitment purposes and has suspected ties with Russian government organizations like the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service (SVR). But the connections have not been confirmed. 

What’s clear is that the group’s senior members have extensive experience with deploying DDoS attacks, having “previously operated their own DDoS services and botnets. Most of these operations rely on publicly available DDoS scripts and IP stressers.

But researchers are divided on the group’s impact, noting the group has failed at pivoting their attack models. In October, for example, Killnet successfully blocked the infrastructure of J.P. Morgan but was unable to disrupt the bank operations.

The Department of Justice seized 48 internet domains tied to some of…

Source…

Hacking Forum Exposes Entire US No Fly List Of Over 1.5M Names As TSA Investigates

/in


hero hacking forum exposes us no fly list tsa investigates news
Earlier this month, a Swiss hacker who goes by the name maia arson crimew exfiltrated a copy the US government’s No Fly List from an insecure server. This list, which names individuals who are forbidden from flying anywhere within US borders, is a subset of the Terrorist Screening Database and is kept hidden from the public. However, this list is now publicly available after an unknown actor posted the version accessed by crimew to BreachForums.

Crimew originally came into possession of this list when browsing the Jenkins servers on ZoomEye, which, similar to Shodan, lets users search for servers connected to the internet. The hacker happened to come across a Jenkins server operated by the airline CommuteAir. After digging through this server for a time, crimew discovered credentials for the company’s Amazon Web Services (AWS) infrastructure. The hacker then used the credentials to connect to this infrastructure, which crimew found to contain a 2019 copy of the No Fly List, as well as a “selectee” list. This second list likely names all those who are subject to Secondary Security Screening Selection (SSSS).

In a blog post published by crimew, the hacker acknowledges that these lists are sensitive in nature before stating, “[I] believe it is in the public interest for this list to be made available to journalists and human rights organizations.” Crimew accordingly made the lists available for access upon request, requiring that applicants be journalists, researchers, or other parties with legitimate interest. The service hosting the lists, Distributed Denial of Secrets, further states that requests will probably be rejected if interested individuals don’t provide sufficient information to verify their identities and if said individuals are “hacktivist[s] that want to exploit the data” or “researcher[s] without a clear journalist or academic project.”

breach forums post tsa no fly list
BreachForums post sharing the No Fly List (click to enlarge)

Despite the apparent limitations on who can access this information, someone managed to obtain a copy of the lists and posted them for free on BreachForums. According to BleepingComputer, the No Fly List contains 1,566,062 entries and the…

Source…

Swiss hacker succeeds in gaining access to US government’s no-fly list: Local media

/in


Mandatory cookies are used on our website www.aa.com.tr in order to provide you with a better service. These cookies cannot be disabled via the “Cookie Control Panel”. You can view the cookies used on our site via the “Cookie Control Panel” and change your preferences.


Necessary Cookies


This cookie is used to distinguish between humans and bots. This is beneficial for the web site, in order to make valid reports on the use of their web site.


Functional Cookies


Remembers the user’s selected language version of a website.


Performance/Analytical Cookies


Registers a unique ID that is used to generate statistical data on how the visitor uses the website.Used by Google Analytics to throttle request rate.


Advertising/Marketing Cookies


This cookie is used to collect information on consumer behavior, which is sent to Alexa Analytics. (Alexa Analytics is an Amazon company.)

Source…

Hacker claims attack on U.S. airline, stolen no-fly list was out of boredom

/in


The Transportation Security Administration is investigating cybersecurity chaos at CommuteAir after a hacker claimed to have accessed the regional airline’s systems and grabbed a no-fly list.

The hacker told The Washington Times they likely could have canceled and delayed flights and developed physical credentials for airline employees.

CommuteAir said it was not able to validate all of the hacker’s claims.

The hacker, who identifies as “maia arson crimew,” communicated with The Times via email. The hacker also explained the hack in a blog post titled “How to Completely Own an Airline in 3 Easy Steps.”

The hacker cited boredom as motivation and wrote that they were not responsible for the computer system failure that grounded all airlines in the U.S. on Jan. 10.

Source…