Search Results for “ZDNet”

April 29, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Mysterious Group of Ransomware Hackers Called ‘Light’ Breached the Network of Top Architectural Firm Zaha Hadid, Threaten to Release Stolen Files

A group of hackers who go by the name “Light” last week breached the network of Zaha Hadid Architects, one of the world’s leading architectural firms, responsible for hundreds of high-end building designs all over the world. The hackers stole files from the company’s network, encrypted files using ransomware, and are now threatening to release sensitive information on the dark web unless the company pays a hefty ransom demand. The hackers reached out to ZDNet to share a link to the website where they plan to release ZHA data. Among the files the hackers provided to ZDNet are payroll records, bank documents, files holding employee details, life insurance details, employee contracts, email inbox dumps, and more. Additional files included the SSL certificate for the website and user account credentials for the company’s Active Directory server. ZHA contacted law enforcement as soon as they learned of the hack, and refused to engage with the ransomware gang.

March 23, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Personal Details of More Than 538 Million Users of China’s Weibo Are For Sale on the Dark Web, Hacker Claims to Have Breached the Social Media Giant in Mid-2019

The personal details of more than 538 million users of Chinese social network Weibo that a hacker claims to have obtained in a mid-2019 breach are currently available for sale on the dark web and other places, according to ads seen by ZDNet and corroborating reports from Chinese media.  Among the data purportedly stolen and posted on the internet are real names, site usernames, gender, location, and, for 172 million users, phone numbers. Passwords are not included, which explains why the hacker is selling the Weibo data for only ¥1,799 ($250). Weibo said it notified authorities about the incident and that police are investigating.

April 19, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Data on Twenty Million Users of Third-Party Android App Called Aptoide Leaked on Dark Web Hacking Forum, Contains Personal Data

A hacker leaked on a popular hacking forum the details of 20 million users of Aptoide, a third-party app store for Android applications. The data, part of a larger batch of 39 million records, contains information on users who registered or used the Aptoide app store app between July 21, 2016, and January 28, 2018. Among the data are details such as the user’s email address, hashed password, real name, sign-up date, sign-up IP address, device details, and date of birth (if provided). ZDNet has contacted Aptoide for comment and to notify the company of the leaked data and has heard no response.

March 21, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Russian Hacking Group Digital Revolution Claims to Have Breached FSB Contractor, Publishes Technical Documents Uncovering Plans for IoT Botnet ‘Fronton’ Capable of Targeting Linux-Based Smart Devices

Russian hacker group Digital Revolution claims to have breached a contractor for Russia’s national intelligence service, the FSB and found details about a project intended for hacking Internet of Things (IoT) devices. BBC Russia broke the news, but ZDNet and the British news organization both examined 12 technical documents, diagrams, and code fragments published by the hackers for a 2017-2018 project called “Fronton.” The Fronton project describes the basics of building an IoT botnet and was put together following a procurement order placed by one of the FSB’s internal departments, unit No. 64829, which is also known as the FSB Information Security Center. They charge InformInvestGroup CJSC, a Russian company with a long history of fulfilling orders for the Russian Ministry of Internal Affairs, with building an IoT hacking tool that should specifically target internet security cameras and digital recorders (NVRs), which they deem ideal for carrying out DDoS attacks. InformInvestGroup appears to have sub-contracted the project to Moscow-based software company ODT (Oday) LLC, which Digital Revolution claims to have hacked in April 2019. The botnet was capable of targeting Linux-based smart devices, which account for the vast majority of IoT systems today and extend far beyond just internet security cameras and NVRs.

May 21, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Hacker Who Had Been Selling Stolen Personal Data of 40 Million Wishbone Users Has Now Made All the Files Available for Free

A hacker put up for sale the details of 40 million users registered on Wishbone, a mobile app that lets users compare two items in a simple voting poll. Now, however, the hacker has placed all of the files onto the web and is offering them as a free download on one of the hacking forums it had been sold on. The data was advertised across multiple hacking forums priced at 0.85 bitcoin ( or around $8000). The data includes user information such as usernames, emails, phone numbers, city/state/country, but also hashed passwords. The hacker claims the passwords are in the SHA1 format, but a sample reviewed by ZDNet contained passwords in the weaker MD5 format. The seller claims the hack of Wishbone took place early this year, and timestamps indicate that it occurred in January.

March 9, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Multiple Government-Backed Hacking Groups Are Exploiting Recently-Patched Flaw in Microsoft Exchange Email Servers

Multiple government-backed hacking groups are exploiting a recently-patched vulnerability in Microsoft Exchange email servers, cybersecurity firm Volexity reported, and ZDNet has confirmed. A source at the DOD confirmed that multiple government-backed hacking groups are exploiting a recently-patched vulnerability in Microsoft Exchange email servers, but, like Volexity, refused to name names. The groups are using a Microsoft Exchange email server flaw that is tracked under the identifier of CVE-2020-0688 and was patched last month. This exchange vulnerability is not easy to exploit, and experts believe nation-states and ransomware gangs are the only entities capable of mounting hacking campaigns that leverage it.

Related:  Infosecurity Magazine, Economic Times, Security Affairs, Zero-Day Initiative, Volexity, Security – Computing, Threatpost, WinBuzzer,, NDTV, E Hacking News, HackRead

May 19, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Smart Car Source Code for Mercedes-Benz Vans Along With Passwords and API Tokens for Daimler’s Internal Systems Leaked Online

The source code for “smart car” components installed in Mercedes-Benz vans, and the passwords and API tokens for Mercedes’ maker Daimler’s internal systems, were leaked online over the weekend after Till Kottmann, a Swiss-based software engineer, discovered a Git web portal belonging to Daimler AG. Kottmann said that he was able to register an account on Daimler’s code-hosting portal, and then download more than 580 Git repositories containing the source code of onboard logic units (OLUs) installed in Mercedes vans. He says Daimler failed to implement an account confirmation process, which allowed him to register an account on the company’s official GitLab server using a non-existent Daimler corporate email. However, none of the files included an open-source license, suggesting this was proprietary information that was not meant to have been made public. After ZDNet and threat intelligence firm Under the Breach, which discovered the passwords and API tokens, reached out today to Daimler, the company took down the GitLab server from where Kottmann downloaded the data.

March 10, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Microsoft and Partners Disrupt Necurs Botnet, One of the Top Malware Botnets Known to Date

Microsoft announced today a coordinated take-down among 35 partners of the Necurs botnet, one of the most significant spam and malware botnets known to date, believed to have infected more than nine million computers worldwide. Microsoft said the effort was the result of eight years of tracking and planning, which ultimately broke the Necurs DGA, the botnet’s domain generation algorithm, the component that generates random domain names. Because Necurs authors register DGA-generated domains weeks or months in advance, Microsoft and its partners were able to accurately predict over six million unique domains that would be created in the next 25 months. Microsoft and its partner are now able to block and prevent the Necurs team from registering. Also, Microsoft’s legal team intervened and obtained a court order last week, on March 5, granting Microsoft control over existing Necurs domains that were being hosted in the US.

Related: Cyberscoop, Microsoft, The Hacker News, BitSight Security Ratings Blog,, The Mac Observer, GeekWire, MSPoweruser, Slashdot

Tweets:@campuscodi @MaryJoFoley @jeffstone500 @cyberscoopnews

Cyberscoop: Microsoft strikes back at Necurs botnet by preemptively disabling hacking tools
Microsoft: New action to disrupt world’s largest online criminal network
The Hacker News: Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide
BitSight Security Ratings Blog: Joint Effort with Microsoft to Disrupt Massive Criminal Botnet Necurs Microsoft Takes Control of Necurs U.S.-Based Infrastructure
The Mac Observer: Microsoft and 35 Countries Take Down ‘Necurs’ Botnet
GeekWire: Microsoft helps take control of Necurs, a ‘prolific’ botnet that infected 9M computers worldwide
MSPoweruser: Microsoft disrupts Necurs, a botnet that has infected nine million computers globally
Slashdot: Microsoft Orchestrates Coordinated Takedown of Necurs Botnet

@campuscodi: Microsoft orchestrates coordinated takedown of Necurs botnet - Company said it broke Necurs DGA - This allowed MSFT to get a list of 6 million future C&C server domains - Domains reported to be blocked
@MaryJoFoley: Microsoft's coordinated takedown of Necurs, one of the largest spam and malware botnets known to date, believed to have infected more than nine million computers worldwide: (by ZDNet's @campuscodi)
@jeffstone500: Microsoft just kneecapped Necurs, a massive hacking tool used to send spam and launch ransomware attacks. It's a big, interesting move involving a court order and international cooperation.
@cyberscoopnews: Microsoft strikes back at Necurs botnet by preemptively disabling hacking tools by @jeffstone500

March 18, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Trend Micro Pushes Out Patches for Two Zero-Day Flaws in Its Products, Warns of Three Other Severe Vulnerabilities

Antivirus company Trend Micro released patches to address two zero-day flaws in its products. The two zero-days impact the company’s Apex One and OfficeScan XG enterprise security products. The zero-days required hackers to have valid credentials for a victim’s workstations, which means they were most likely deployed in a post-compromise scenario after hackers had already infiltrated a company’s internal network. They were also most likely used to either disable the security products or elevate the attackers’ privileges on machines running the two Trend Micro antivirus products. These two vulnerabilities are the second and third Trend Micro antivirus bugs exploited in the wild in the last year. In the same bulletin in which Trend Micro revealed these zero-days, it further warned about the presence of three other vulnerabilities, all of which received a severity rating of 10 out of 10 on the CVSSv3 vulnerability scale.

Related: CyberSecurity Help s.r.o., GeekWire, Dark Reading: Vulnerabilities / Threats, Help Net Security, Infosec.cert, SecurityWeek, Trend Micro


May 31, 2020
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Database for Formerly Top Dark Web Service Hosting Provider Leaked Online, Data Can Be Used to Identify Owners of Dark Web Portals

A hacker who goes by the name of KingNull uploaded a copy of Daniel’s Hosting (DH) database online. DH had been the largest free web hosting provider for dark web services until shortly after the hacker breached DH earlier this year, on March 10, 2020. Two weeks after the breach, DH shut down its service for good, urging users to move their sites to new dark web hosting providers. Around 7,600 websites, a third of all dark web portals, went down following DH’s shutdown. The leaked data includes 3,671 email addresses, 7,205 account passwords, and 8,580 private keys for .onion (dark web) domains. Threat intelligence firm Under the Breach, which examined the database, said the leaked data can be used to tie the owners of leaked email addresses to certain dark web portals.