News & Updates

This page redirected some would-be donors to a fake website controlled by hackers, Reuters reports. (credit: Democratic Congressional Campaign Committee)

Yet another cyber-attack has targeted a Democratic Party organization—or more specifically, the party’s donors. Reuters reports that the FBI is investigating a breach of the systems of the Democratic Congressional Campaign Committee. While the details of the alleged intrusion were not revealed, visitors to the DCCC’s site were apparently redirected to a malicious lookalike website mimicking the DCCC contribution page.

Visitors to the DCCC page who clicked a link to donate were directed to a look-alike domain name registered in June instead of the site of a donation processing contractor. The IP address of the fake site “resembled one used by Russian government-linked hackers suspected in the breach of the DNC,” Reuters’ Joseph Menn, Dustin Volz, and Mark Hosenball reported. Data collected included donor’s contact information, e-mail addresses, and possibly credit card information.

It is not clear whether the attackers were after financial information for credit card fraud, or if they were collecting personal data for use in directed attacks against donors. But the attack’s timing—or at least the registration of the domain used in the attack—matches up with the recent discovery of a Democratic National Committee breach. The DCCC shares office space with the DNC in Washington.

Read on Ars Technica | Comments


The notorious hacker Detox Ransome was searching for Heartbleed vulnerable servers when found and stole a Democratic National Committee DB in 2015.

According to The Epoch Times, the notorious hacker Detox Ransome stole Democrat Databases in 2015. In September 2015, the hacker breached a service linked to the operations of the Democratic National Committee accessing the internal database.

Detox Ransome has stolen usernames, passwords, and emails belonging people involved in the organizations connected to the Democratic National Committee (DNC).

The cyber security expert Edward Alexander provided to The Epoch Times evidence of the attack found on the dark web.

“I know he was sitting on those databases, I know he had them, and after he and I parted ways I’m sure he tried to monetize them somehow,” Alexander said.
Detox Ransome was in the headlines in August 2015 when he hacked a server of the BitDefender security firm that hosted the cloud-based management dashboards for its small and medium-sized business clients. The hackers leaked a list of credentials for more than 250 BitDefender accounts, as reported by the HackerFilm.

He also threatened to leak more customer data unless the company paid $15,000.

Alexander was introduced to Detox Ransome by another notorious black hat hacker, Detox Ransome told him over an online chat that he had hacked a website containing data belonging “Obama and Hilary campaign people,” the archive is a trove composed of “millions of emails.”

Detox Ransome hacked the Rogue Global Solutions website that was operated by campaign staff of President Barack Obama “with the desire to bring the technical innovations of the campaign to other political, governmental, and international organizations.”

Democratic National Committee (DNC) Chair, Representative Debbie Wasserman Schultz, Democrat of Florida, speaks at the DNC's Leadership Forum Issues Conference in Washington, DC, on September 19, 2014. AFP PHOTO/Mandel NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)

Democratic National Committee (DNC) Chair, Representative Debbie Wasserman Schultz, Democrat of Florida, speaks at the DNC’s Leadership Forum Issues Conference in Washington, DC, on September 19, 2014. AFP PHOTO/Mandel NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images) (Source The Observer)

Alexander and his team tried to contact the Rogue Global Solutions but were no more operative despite the server containing the data was still online and open to hackers.

“We tried to alert Rogue Solutions, but that’s when we found out they were no longer around and had folded up shop,” Alexander said.

It seems that the notorious hacker Detox Ransome exploited the Heartbleed flaw to compromise the server. He was scanning the web searching for vulnerable websites when discovered the Rogue Solution server.

The hacker used the Heartbleed vulnerability scanner, a free tool available online.

“The system contained more than 1GB of data in its databases that contained login credentials for key members of organizations and services connected to the DNC.” reported The Epoch Times. 

“When Detox Ransome was exfiltrating data from the networks of Rogue Global Solutions, he used a screenshare program to show Alexander what he had found. Alexander recorded the session for evidence and has provided Epoch Times with the video.”

The story, once again demonstrates the importance of a proper security posture, it is absurd to leave online sensitive data that are stored on a server that owners don’t update.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Democratic National Committee, Detox Ransome)

The post The Detox Ransome hacker stole Democratic National Committee DB in 2015 appeared first on Security Affairs.

Source: Security affairs

(credit: Julien GONG Min)

Microsoft plans to lay off nearly 3,000 more jobs over the next year across its smartphone hardware business and global sales division.

The latest cuts heap misery on Microsoft staff, after the software giant confirmed in May that 1,850 jobs would be lost at its mobile wing—even as its Windows and devices veep Terry Myerson insisted: “we’re scaling back, but we’re not out!”

Microsoft bought Nokia’s devices and services business in 2013 for €5.4 billion ($7.1 billion), bringing with it what would quickly unravel into one of the worst tech acquisitions of all time.

Read 5 remaining paragraphs | Comments


Landed Falcon 9 first stage test firing

On Thursday, SpaceX took another step toward reusing rockets when it fired the nine engines on the first stage of a Falcon 9 booster it launched in May. The company released video of the full-duration engine firing, which mimicked the length of a first-stage burn toward orbit, conducted at its test site in MacGregor, Texas.

This particular booster, which launched a Japanese communications satellite to geostationary transfer orbit on May 6, will not be re-flown. According to Spaceflight Now, the company designated it as a reference vehicle because it weathered extreme temperatures during its reentry into Earth’s atmosphere. The rocket will undergo additional tests as engineers determine the readiness of flown boosters for additional flights into space.

This test plan is part of SpaceX’s plans to re-fly the first booster it landed at sea, the rocket it used in April to launch a cargo delivery mission to the International Space Station. That first stage had an easier ride back to the surface because it boosted a payload into low-Earth orbit, rather than the much higher geostationary altitudes common for communications and spy satellites.

Read 2 remaining paragraphs | Comments


The Snowden-tanglement of Hollywood has begun in earnest, and that’s not just a coy reference to Oliver Stone’s upcoming, eponymous film. The worlds of hacking, digital transparency, and bombastic espionage are all coming together whenever possible these days. And in terms of how computer savvy is employed on-screen, we’ve seen the good (Mr. Robot) and the bad (Spectre).

Get ready for the ugly. Jason Bourne, the fifth film in the series, hits theaters this weekend with a few very good things going for it, including a few gargantuan action sequences and some stellar lead performances from Matt Damon, Tommy Lee Jones, and Vincent Cassel. But someone at Universal clearly wanted its globe-trotting, CIA-loaded thriller to hit a bunch of cultural-relevance bullet points, and the results are some of the most embarrassing technological shoe-horning you’ll see in a film this year.

Go ahead, set your laptop on fire

Matt Damon’s Bourne hasn’t become a hacker since his last turn as the secret super-agent in 2007. In fact, he has checked out from anything resembling duty, instead turning to a life of… boxing to the death. (Really.) We find Bourne on the Grecian-Albanian border, busing from one bloody, bare-knuckled brawl to the next, and the only thing that interrupts his new, wholly unexplained career detour is a visit from an old CIA comrade, Nicky Parsons (played once more by Julia Stiles).

Read 13 remaining paragraphs | Comments


Facebook’s legal war with Brazilian government seems to be never-ending.

Facebook-owned cross-platform messaging service WhatsApp has already been blocked a total of three times in Brazil since December for failing to comply with a court order asking the company to access WhatsApp data under criminal investigation.

But, now the Brazilian government has taken an even tougher step.


Scammers exploit the recent a wave of attacks to trick victims with phishing offensive and steal sensitive data from the unaware users.

Crooks always exploits the media attention on tragic events for their illegal activities and trick victims with social engineering techniques. Experts observed scammers in the past exploiting news like the crash of Malaysia Airlines Flight MH17 or the  Boston marathon attack.

Now terrorism is always in the headlines, people fear possible new attacks so it’s normal that crooks will try to exploit the situation.

The Czech news portal iDNES reported that scammers have been exploiting the news of a fake ‘terrorist act’ in Prague for cyber attacks.

The idea was to trick victims into revealing personal data in the wake of recent attacks in Europe.

The fake news reports a “deadly attack” in Prague that killed more than 300 people and 600 injured. The scammers use to exploit Facebook to spread the fake news, the choice of the delivery mechanism is not causal, social media allow attackers to reach wide audience instantaneously.

scammers Prague attack

Facebook has reportedly been blocking the phishing pages used in this campaign.

be aware of suspicious links and change passwords immediately if you believe to have been tricked.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Facebook, scammers)

The post Scammers exploit recent wave of attacks to trick victims with phishing attacks appeared first on Security Affairs.

Source: Security affairs

QRLJacking is an attack technique devised by a cyber security researcher to Hijack bypass QR Code Based Quick Login System.

Many desktop applications such as Line, WeChat, and WhatsApp allow users to authenticate themself with the Secure Quick Response Login method that relies on QR-code. The QR-code-based authentication system allows users to quickly access a website without providing a password.

The QR-code-based authentication system allows users to quickly access a website without providing a password.

In the Secure Quick Response Login mechanism, the website would display a QR code to the user, the users just have to scan it with a mobile phone app.

Once the QR code is scanned, the site would authorize the user’s access. This method is considered more secure of passwords because it is resilient to attacks such as MiTM and brute-forcing, but unfortunately, hackers have found a way to defeat it with an attack method dubbed QRLJacking (aka Hijacking QR Code Based Login System).

The Egyptian cyber security expert Mohamed Abdelbasset Elnouby demonstrated how to hack accounts from services that implement the Login with QR code authentication. The researcher published a proof-of-concept demonstrating the QRLJacking technique, the attacker just needs to convince the victim into scanning the attacker’s QR code.

QRLJacking attack

Mohamed detailed the QRLJacking attack to the colleagues at THN and also gave them a live demonstration, via Skype.

Below the attack sequence:

  1. The attacker initializes a client side QR session and clones the Login QR Code into a phishing page.
  2. The attacker then sends the phishing page to the victim.
  3. If convinced, the victim scans the QR Code with a specific targeted Mobile App.
  4. The mobile app sends the secret token to the target service to complete the authentication process.
  5. As a result, attacker, who initializes a client side QR session, gains control over the victim’s account.
  6. Then the service starts exchanging all the victim’s data with the attacker’s browser session.

Below the video PoC:

The attackers need to do to initialize a successful QRLJacking attack is to write a script to regularly clone the expirable QR Codes and refresh the ones displayed on the phishing website which they created, because as we know a well implemented QR Login process should have an expiration interval for the QR codes,” the explanation reads.

An attacker can exploit the QRLJacking to take over accounts for services that rely on the vulnerable QR-Code-based Login authentication.

For further information give a look to the QRLjacking page published by the expert on Github.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – QRLJacking , hacking)

The post QRLJacking — How to bypass QR Code Based Login System appeared first on Security Affairs.

Source: Security affairs