HackDig : Dig high-quality web security articles for hackers

REvil gang threaten to auction celebrity data from Mariah Carey, Lebron James, MTV and more

byLisa VaasWhat would you do if your law firm to the stars were to be presented with this choice: pay us $42 million or we’ll sell Mariah Carey’s confidential legal documents on the dark web on 1 July?… followed by a carefully laid out schedule to sell personal correspondence, contracts, agreements, non-disclosure agreements, court conflicts and
Publish At:2020-06-26 06:27 | Read:297 | Comments:0 | Tags:Celebrities Data loss Hacked Privacy Ransomware Security thr

Twitter apologizes for leaking businesses’ financial data

byLisa VaasTwitter apologized on Tuesday for sticking business clients’ billing information into browser cache – a spot where the uninvited could have had a peek, regardless of not having the right to see it.In an email to its clients, Twitter said it was “possible” that others could have accessed the sensitive information, which incl
Publish At:2020-06-25 07:17 | Read:185 | Comments:0 | Tags:Data loss Privacy Security threats Twitter advertising platf

Hacker indicted for stealing 65K employees’ PII in medical center hack

byLisa VaasA Michigan man has been indicted for the 2014 hack of the University of Pittsburgh Medical Center’s (UPMC’s) HR databases and theft of employees’ personal information – information that he allegedly wound up selling on the dark web to crooks who used it to file thousands of bogus tax returns.The 43-count indictment, returne
Publish At:2020-06-22 09:47 | Read:195 | Comments:0 | Tags:Data loss Law & order Security threats arrest Detroit Justin

Babylon mobile health app mixes up patient consultation videos

byPaul DucklinMobile health app Babylon, which states its company mission as putting “an accessible and affordable health service in the hands of every person on earth”, has admitted to a software bug that went one step further than that.According to a BBC report, an app user in the UK ended up with other people’s health service data in his
Publish At:2020-06-10 09:05 | Read:178 | Comments:0 | Tags:Data loss babylon data breach Health Care

Botnet blasts WordPress sites with configuration download attacks

byPaul DucklinSecurity researchers at WordFence, a company that’s focused on securing WordPress, have reported a burst of old-school attacks that are after your WordPress configuration data.In a default installation of WordPress, whether you’ve installed it yourself or are using a hosted service, the configuration file wp-config.php should be off
Publish At:2020-06-05 12:25 | Read:248 | Comments:0 | Tags:Data loss Patching vulnerability wordfence Wordpress

You DID change your password after that data breach, didn’t you?

byPaul DucklinUntil a few years ago, received wisdom for passwords included advice to change them all on a regular and frequent basis, just because you could.The laudable idea was that this reduced the length of time you’d be exposed if your password were breached, and you’d therefore “obviously” be safer as a reult.Ironically, this b
Publish At:2020-06-04 13:15 | Read:320 | Comments:0 | Tags:Data loss data breach passwords

Nuclear missile contractor hacked in Maze ransomware attack

byLisa VaasThe US is protected by what’s known as a nuclear triad: a three-pronged attack force that consists of land-launched nuclear missiles, nuclear missiles on submarines, and aircraft equipped with nuclear bombs and missiles.One of the triad’s legs – the land-based LGM-30 Minuteman intercontinental ballistic missile (ICBM) – has
Publish At:2020-06-04 08:45 | Read:259 | Comments:0 | Tags:Data loss Government security Ransomware Security threats ba

Woman stalked by sandwich server via her COVID-19 contact tracing info

byLisa VaasMayo? Mustard? Creep who takes your sandwich order plus the personal details you handed over for contact tracing?That’s not what I ordered, said a woman in Auckland, New Zealand, whose trip to a Subway fast-food shop led to a restaurant worker reaching out to pester her on Facebook, Instagram, Messenger and via text.As the local news outlet
Publish At:2020-05-18 12:28 | Read:384 | Comments:0 | Tags:Data loss Privacy Security threats breach contact tracing co

49 malicious Chrome extensions caught pickpocketing crypto wallets

byLisa VaasGoogle has kicked 49 malicious Chrome browser extensions out of its Web Store that were posing as cryptocurrency wallets in order to drain the contents of bona fide wallets. The extensions were discovered by researchers from MyCrypto – an open-source interface for the blockchain that helps store, send and receive cryptocurrency – and
Publish At:2020-04-16 07:57 | Read:675 | Comments:0 | Tags:Cryptocurrency Data loss Google Google Chrome Malvertising M

Slack in the security spotlight – lessons for collaboration servers

byPaul DucklinResearchers at German pentesting company Enable Security just published an intriguing blog post about a security problem they found in the popular online collaboration tool Slack.The short version is that they uncovered a way to poke around inside the private parts of Slack’s network, so they disclosed it, Slack fixed it and paid them a $
Publish At:2020-04-08 12:12 | Read:555 | Comments:0 | Tags:Data loss Vulnerability NAT Slack TURN vulnerability

Marriott International confirms data breach of up to 5.2 million guests

byAnna BradingMarriott International has today announced that it has suffered a data breach affecting up to 5.2 million people.The hotel chain says it uses an application to help provide services to its guests. Beginning mid-January this year, the login credentials of two employees at a franchised property were used to access guest information on this app.Wh
Publish At:2020-03-31 12:15 | Read:473 | Comments:0 | Tags:Data loss data breach Marriott International

Exchange rate service’s customer details hacked via AWS

byDanny BradburyOnline exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database, according to a notification letter published on Twitter this week.Open Exchange Rates provides foreign exchange data for over 200 currencies worldwide, including digital ones. Software developers can access it using an
Publish At:2020-03-20 11:29 | Read:468 | Comments:0 | Tags:Data loss Security threats Amazon Web Services data exposure

Confessions app Whisper spills almost a billion records

byDanny BradburyResearchers who uncovered a data exposure from mobile app Whisper earlier this week have released more details about the incident.Whisper is an app from MediaLab, a mobile app company that owns a host of other apps including the popular messaging service Kik. It offers a kind of anonymous social network service that allows people to post thei
Publish At:2020-03-13 08:48 | Read:551 | Comments:0 | Tags:Data loss Privacy Security threats app privacy data exposure

It’s not a breach… it’s just that someone else has your data

byPaul DucklinUK telephone, TV and internet provider Virgin Media has suffered a data breach.Or not, depending on whom you ask.TurgenSec, the company that alerted Virgin Media to the breached information – or, at least, to the inadvertently disclosed database – says that it “included personal information corresponding to approximately 900,0
Publish At:2020-03-09 15:52 | Read:686 | Comments:0 | Tags:Data loss data loss phishing Virgin Media

Cathay Pacific fined over crooks slurping its database for over 4 years

byLisa VaasThe UK’s Information Commissioner’s Office (ICO) said on Wednesday that it’s fined Cathay Pacific Airways £500,000 (USD $647,015, €576,992) for failing to secure passengers’ personal details, leading to malware being installed on its server that harvested millions of people’s names, passport and identity details, dates of b
Publish At:2020-03-06 08:12 | Read:572 | Comments:0 | Tags:Data loss Law & order Privacy Security threats brute force a

Tools

Tag Cloud