News & Updates

How do you check if a website asking for your credentials is fake or legit to log in?

By checking if the URL is correct?

By checking if the website address is not a homograph?

By checking if the site is using HTTPS?

Or using software or browser extensions that detect phishing domains?

Well, if you, like most Internet users, are also relying on above basic security practices to spot if that
Source: http://feeds.feedburner.com/TheHackersNews

The week closes with the news of another embarrassing data breach, the Coffee Meets Bagel confirmed a hack on Valentine’s Day.

The dating app Coffee Meets Bagel confirmed that hackers breached its systems on Valentine’s Day and may have obtained access to users’ account data.

The company notified the incident to account holders, the intrusion was discovered after an archive containing user data was offered for sale on the dark web for roughly $20,000 worth of Bitcoin,

Early this week, the Register revealed in exclusive that some 617 million online account details stolen from 16 hacked websites are available for sale on the dark web. Coffee Meets Bagel learned of the incident on Feb. 11, 2019.

The advertising for the sale of the huge trove of data was published in the popular Dream Market black marketplace, data are available for less than $20,000 worth of Bitcoin.

Data was collected from data breaches of popular websites including:

  • Dubsmash (162 million);
  • MyFitnessPal (151 million);
  • MyHeritage (92 million);
  • ShareThis (41 million);
  • HauteLook (28 million);
  • Animoto (25 million);
  • EyeEm (22 million);
  • 8fit (20 million);
  • Whitepages (18 million);
  • Fotolog (16 million);
  • 500px (15 million);
  • Armor Games (11 million);
  • BookMate (8 million);
  • CoffeeMeetsBagel (6 million);
  • Artsy (1 million);
  • DataCamp (700,000).

While some of the above websites are known to have been hacked (i.e. MyHeritage, MyFitnessPal) for some of them, including Coffee Meets Bagel, it is the first time that the security community was informed of their breaches.

Journalists at The Register have analyzed account records and confirmed they appear to be legit. Spokespersons for MyHeritage and 500px confirmed the authenticity of the data.

The Register report alleges that data belonging to 6.17 million Coffee Meets Bagel accounts (673 MB of data) were offered for sale. Data appears to be related to late 2017 and mid-2018.

“As always, we recommend you take extra caution against any unsolicited communications that ask you for your personal data or refer you to a web page asking for personal data,” reads the email sent to the users. “We also recommend avoiding clicking on links or downloading attachments from suspicious emails.” reads an email sent by the company to the users.

Stolen records include name, email address, age, registration date, and gender, but data breach notification issued by Coffee Meets Bagel only reports that names and email addresses prior to May 2018 were exposed.

According to the company, no financial data were exposed because the company doesn’t store it.

Coffee Meets Bagel hired a forensic firm to investigate the incident and assess its systems, at the time it is not clear how hackers have breached the company, it also started the audit of vendor and external systems.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(SecurityAffairs – Coffee Meets Bagel , hacking)

The post Coffee Meets Bagel dating app confirms data breach appeared first on Security Affairs.

Source: Security affairs

A hacker who was selling details of nearly 620 million online accounts stolen from 16 popular websites has now put up a second batch of 127 million records originating from 8 other sites for sale on the dark web.

Last week, The Hacker News received an email from a Pakistani hacker who claims to have hacked dozens of popular websites (listed below) and selling their stolen databases online.
<!
Source: http://feeds.feedburner.com/TheHackersNews

The bundle includes the neon red and neon blue Joy-Cons.

Enlarge / The bundle includes the neon red and neon blue Joy-Cons. (credit: Mark Walton)

Nintendo has released a new Switch bundle that pairs the popular game console with a $35 credit to its eShop digital store. The company announced the bundle last week, but the deal has now become available at various retailers, including Walmart (which lists it as being up for pre-order as of this writing), Amazon, GameStop, and Best Buy.

The bundle retails for $299.99, the Switch’s standard going rate, with the $35 credit available in the form of a download code packed with the console. Nintendo says the credit can be put toward any purchase in the eShop. The company has not provided a specific time frame for the new promotion, only saying that the bundle will be available while supplies last.

This isn’t the absolute best deal we’ve seen for the Switch—a handful of coupon codes and one-off promotions have dropped it as low as $225 in the past year. But those deals have typically been brief, and getting what effectively amounts to a $35 discount is still a pleasant bonus for those who have been interested in picking up the console. For reference, Nintendo’s primary Switch deal for Black Friday was simply bundling Mario Kart 8 Deluxe with the device.

Read 5 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Germany announced it is going to make its cyber capabilities available for the NATO alliance to help fight hacking and electronic warfare.

Germany is going to share its cyber warfare capabilities with the NATO alliance to protect members of the alliance against hacking and electronic warfare.

During the 2016 Warsaw Summit, NATO officially recognised cyberspace as a military operational domain. This means that the NATO alliance will respond with conventional weapons in case of a severe cyber attack confirming that the Internet is a new battlefield.
Each Ally is committed to improving its resilience to cyber attacks and the ability to promptly respond to cyber attacks, including in hybrid contexts. The Alliance aims to expand the scope of the NATO Cyber Range to allow allies in improving cyber capabilities and information sharing on threat and best practices.

NATO fears both nation-state hacking and attacks carried out by cyber criminals, their activities are becoming even more intense and urge a proper response from the alliance.

“NATO has designated cyberspace as a conflict domain alongside land, sea and air and says electronic attacks by the likes of Russia and China — but also criminals and so-called “hacktivists” — are becoming more frequent and more destructive.” reads a post published by AFP press.

NATO alliance

During a meeting of defence ministers held in Brussels on Thursday, Germany told allies that it would make both its defensive and offensive cyber capabilities available.

“Just as we provide army, air force and naval forces to NATO, we are now also in a position to provide NATO capabilities on the issue of cyber within the national and legal framework that we have,” German Defence Minister Ursula von der Leyen said.

Germany is not alone, the US, Britain, Denmark, the Netherlands and Estonia have all announced the availability of their offensive cyber capabilities to the alliance.

NATO members hope that the announcement of the sharing for offensive capabilities would work as a deterrent for threat actors.

Members of the alliance that already share conventional military means, aims to share their cyber capabilities for NATO missions and operations.

Potential targets of these operations can include any connected system, ranging from computers and mobile devices, to ICS systems in critical infrastructure.

“In a sign of the growing importance NATO countries attach to the cyber battlefield, this year Britain said it would spend 65 million pounds (74 million euros/$83 million) on offensive capabilities.” concludes AFP.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(SecurityAffairs – NATO alliance, Germany)

The post Germany makes its cyber capabilities available for NATO alliance appeared first on Security Affairs.

Source: Security affairs

By Waqas

A dark web hacker going by the online handle of “Gnosticplayers” is selling a massive trove of user data stolen after compromising websites of several popular companies. The data which amounts to over 126 million accounts includes emails and passwords, etc. and is currently available on the dark web’s infamous Dream marketplace. Who’s involved? The […]

This is a post from HackRead.com Read the original post: Dark Web hacker selling 126M accounts stolen from new data breaches

Source: https://www.hackread.com/feed/

Apps on an iPhone X.

Enlarge / Apps on an iPhone X. (credit: Samuel Axon)

Rival tech giants like Google and Facebook aren’t the only companies abusing Apple’s enterprise certifications to distribute unapproved apps in the Apple App Store on iOS, according to reports from Reuters and TechCrunch.

Apple’s Enterprise Developer Program is intended to facilitate distribution of apps across devices internally within corporations, governments, and other organizations. Apple explicitly forbids its use for any other purpose in its terms of service.

But the Reuters report describes the use of enterprise certificates to distribute pirated versions of popular iOS software like Minecraft, Spotify, and Pokémon Go. For example, a free version of Minecraft (which is normally a premium app) is distributed by TutuApp using the method. Another pirate distributor, AppValley, offers a version of the Spotify app with the ads that support Spotify and the music artists stripped out completely.

Read 8 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Paradise coal plant.

Enlarge / A coal train passes beside two cooling towers during unloading operations at the Tennessee Valley Authority Paradise Fossil Plant in Paradise, Kentucky, on Tuesday, Aug. 13, 2013. (credit: Luke Sharrett/Bloomberg via Getty Images)

On Thursday, the Tennessee Valley Authority (TVA), a federally owned utility that operates in Tennessee and Kentucky, voted 5 to 2 to close two coal-fired power-generating units by 2023, according to the Chattanooga Times Free Press.

The decision includes closing the last coal-fired unit at the Paradise Fossil Plant by 2020, as well as closing the coal-fired Bull Run Steam Plant by 2023. On Thursday morning, the TVA tweeted: “The TVA Board votes to retire Paradise Unit 3 and Bull Run within the next few years. Their decision was made after extensive reviews and public comments and will ensure continued reliable power at the lowest cost feasible. We will work with impacted employees and communities.”

The TVA announced back in August that it would review the viability of the two generators. According to the Times Free Press, the TVA’s Chief Financial Officer John Thomas estimated that “the retirement of the two plants will save TVA $320 million, because the plants are the least efficient of TVA’s coal plants and are not needed to meet TVA’s power needs.”

Read 4 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

What happens when more people get their hands on <em>Tetris</em> pieces in a single online match? A lot more than you might realize.

Enlarge / What happens when more people get their hands on Tetris pieces in a single online match? A lot more than you might realize. (credit: Aurich Lawson / Getty Images)

In an interview with Ars Technica last year, Brendan Greene, the game designer best known for PlayerUnknown’s Battlegrounds (PUBG), offered a throwaway opinion: every genre should have a battle royale mode. It wasn’t necessarily the best-received suggestion at the time, as backlash against the battle royale phenomenon had begun, but Greene was in a good position to say it. He’d already struck gold multiple times slapping battle royale into other games as a modder.

Since then, we’ve mostly seen battle royale options land in PUBG-like shooters, but Wednesday’s Nintendo Direct presentation shook everything up with its own surprise launch. Tetris 99, a Nintendo-published game, would launch immediately on Wednesday as a “free” perk, with zero microtransactions, for paying Nintendo Switch Online customers.

Shortly after cataloguing the Direct’s firestorm of announcements, I booted up my Nintendo Switch and confirmed two things. First, this was Tetris.

Read 23 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Google’s Waymo risks repeating Silicon Valley’s most famous blunder

Enlarge (credit: Aurich Lawson / Getty Images / Waymo)

Everyone in Silicon Valley knows the story of Xerox inventing the modern personal computer in the 1970s and then failing to commercialize it effectively. Yet one of Silicon Valley’s most successful companies, Google’s Alphabet, appears to be repeating Xerox’s mistake with its self-driving car program.

Xerox launched its Palo Alto Research Center (PARC) in 1970. By 1975, its researchers had invented a personal computer with a graphical user interface that was almost a decade ahead of its time. Unfortunately, the commercial version of this technology wasn’t released until 1981 and proved to be an expensive flop. Two much younger companies—Apple and Microsoft—co-opted many of Xerox’s ideas and wound up dominating the industry.

Google’s self-driving car program, created in 2009, appears to be on a similar trajectory. By October 2015, Google was confident enough in its technology to put a blind man into one of its cars for a solo ride in Austin, Texas.

Read 65 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/