Search Results for “ZDNet”

September 16, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Misconfigured Database Exposed Personal Records of Most Ecuadorians Including Nearly Seven Million Children

In one of the biggest breaches in the country’s history, the personal records of most of Ecuador’s population, including 6.78 million children, was left exposed online in a misconfigured Elasticsearch server owned by an Ecuadorian analytics service named Novaestrat, Noam Rotem and Ran Locar of vpnMentor discovered and ZDNet confirmed.  The server contained a total of approximately 20.8 million user records, a number larger than the country’s total population count due to duplicate records. The exposed data contained names, information on family members/trees, civil registration data, financial and work information, as well as data on car ownership. The most extensive data appears to be have been collected from the Ecuadorian government’s civil registry. ZDNet and vpnMentor confirmed records for the country’s president, and even Julian Assange, who once received political asylum from the small South American country, and was issued a national ID number (cedula).  Other data appeared to be imported or scraped from BIESS, or the Banco del Instituto Ecuatoriano de Seguridad Social, and contained financial information for some Ecuadorian citizens, such as account status, account balance, credit type, and information about the account owner, including job details. The data also appeared to be imported or scraped from AEADE, or the Asociación de Empresas Automotrices del Ecuador, and contained information on car owners, and their respective cars, including car models and car license plates. The database was eventually secured later last week, but only after vpnMentor reached out to the Ecuador CERT (Computer Emergency Response Team) team.

Related: CISO MAG, Fast Company, Security Affairs, TechNadu, Security – Computing,, Dark Reading, Threatpost, vpnMentor, The Independent, BusinessLine – Home, The Hindu – News, Techradar, Silicon Republic, The Next Web, Latin American Herald Tribune, RAPPLER, Channel News Asia

Tweets:@fernanillescas @RayRedacted @TonyRomm @jwarnette @steveranger

CISO MAG: Unprotected Database Leaks 198 Million Car Buyers’ Personal Data
Fast Company: The personal data of almost everyone in Ecuador has been leaked
Security Affairs: Data leak exposes sensitive data of all Ecuador ‘citizens
TechNadu: The Whole Population of Ecuador Was Exposed Online
Security – Computing: Unsecured database of 16.6 million Ecuadorean citizens found by security researchers Database leaks data on most of Ecuador’s citizens, including 6.7 million children
Dark Reading: Data Leak Affects Most of Ecuador’s Population
Threatpost: Marketing Analytics Company Leaks Deep Profiles of Entire Ecuador Population
vpnMentor: Report: Ecuadorian Breach Reveals Sensitive Personal Data
The Independent: Ecuador: Entire country's population has personal data exposed online
BusinessLine – Home: Personal data of almost entire population of Ecuador leaked online
The Hindu – News: Almost entire population of Ecuador has online data leaked
Techradar: Generate a return on data capital with autonomous database capabilities
Silicon Republic: Sensitive data of almost every citizen of Ecuador leaked
The Next Web : Colossal Ecuador leak exposes data of 20M individuals — including Julian Assange
Latin American Herald Tribune: Ecuador Acknowledges Massive Data Leak, Blames Previous Government Officials
RAPPLER: Almost entire population of Ecuador has online data leaked
Channel News Asia: Almost entire population of Ecuador has online data leaked

@fernanillescas: "The leaky server is one of the, if not the biggest, data breaches in Ecuador's history, a small South American country with a population of 16.6 million citizens." @AECIb @DINARDAP
@RayRedacted: When a leak of this magnitude hits the USA, it could potentially be catastrophic to our economy.Individual data privacy is a national security concern.
@TonyRomm: oh you know just a casual security incident that exposes *most of an entire country's personal data*
@jwarnette: I mean, if you're going to leak data... do it on an epic scale.Database leaks data on most of Ecuador's citizens, including 6.7 million children via @ZDNet & @campuscodi
@steveranger: Fascinating reporting by @campuscodi The lesson to take from stories like this? If there is a digital version of information about you, it has probably already leaked. Database leaks data on most of Ecuador's citizens, including 6.7 million children:

September 19, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Gang Behind Gootkit Malware Left Two MongoDB Databases Exposed on the Internet Without a Password

The criminal gang behind the Gootkit malware left two MongoDB databases connected to the internet without a password, which allowed security researcher Bob Diachenko to download all the group’s data and gain insight into their operations. Gootkit is a dangerous information-stealing trojan focused on gathering a vast array of information from infected victims, and sending this data to remote servers. But it’s main functions are now focused on stealing data from browsers and logging what users enter inside web forms. The databases analyzed by Diachenko and ZDNet appeared to be aggregating data from three Gootkit sub-botnets, and a total of 38,653 infected hosts. Diachenko said he found the servers on July 4, and they were both taken down by July 10.

September 23, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Coordinated Campaign to Steal Popular YouTube Channels Uses Phishing Emails to Swipe Account Credentials, Reassign Channels to New Owners and Change Channel’s Vanity URL

A coordinated campaign that consisted of messages luring users to phishing sites, where hackers logged account credentials, has hit YouTube users over the past few days, especially creators in the auto-tuning and car review community, a ZDNet investigation has discovered. High-profile accounts from the YouTube creators car community, including channels such as Built, Troy Sowers, MaxtChekVid, and Musafir, have fallen victim to these attacks, although other YouTube creators also reported having their accounts hijacked last week.  The hackers are using phishing emails to lure victims to fake Google login pages, where they collect users’ account credentials, break into Google accounts, reassign popular channels to new owners and then change the channel’s vanity URL, giving the original account owner and his followers the impression that their account had been deleted. One of the victims, Life of Palos, says the hackers were capable of bypassing two-factor authentication on users’ accounts and might have used Modlishka, a reverse proxy-based phishing toolkit that can also intercept 2FA SMS codes.

Related: Security – Computing, TechNadu, Verdict, Daily Dot

Tweets:@campuscodi @GearsOfJustice @dextresen

September 25, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Online Dating App Heyyo Left Server Open Without Password, Exposed Personal Details, Images, Location Data and More for Nearly 72,000 Users

Online dating app Heyyo left a server, an Elasticsearch instance, open without a password exposing the personal details, images, location data, phone numbers, and dating preferences for nearly 72,000 users, believed to be the app’s entire userbase, security researchers from WizCase discovered. Despite efforts to reach the company behind the app over almost a week, the leaky server was only taken down today, after ZDNet reached out yesterday to Turkey’s Computer Emergency Response Team (CERT).

October 15, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Chinese State-Sanctioned Hacking Group Turbine Panda Conducted Multi-Year Campaign to Steal Intellectual Property to Build Country’s C919 Airplane, Local Hackers and Security Researchers Carried out the Tasks

One of China’s most ambitious hacking operations known to date, an effort that aimed to help Comac, a Chinese state-owned aerospace manufacturer, build its own airliner, the C919 airplane, in competition with Airbus and Boeing, involved a coordinated multi-year hacking campaign that systematically went after the foreign companies that supplied components for the C919 aircraft, a new report from CrowdStrike reveals. The goal of the operation was to steal the necessary intellectual property to manufacture all of the C919’s components inside China. CrowdStrike said that the Ministry of State Security (MSS) tasked the Jiangsu Bureau (MSS JSSD) to carry out these attacks, with the MSS recruiting local hackers, including some from China’s local underground hacking scene, along with security researchers rather than turn to China’s military cyber-operatives. The group involved in the operation, which Crowdstrike said it tracked as Turbine Panda, was hugely successful but ultimately made a series of mistakes and encountered problems, the biggest of which came in late 2018 when western officials arrested Xu Yanjun, the MSS JSSD officer in charge of recruiting insiders at foreign companies.

Related: CSO Online, Slashdot, Crowdstrike (PDF)

Tweets:@crowdstrike @campuscodi

July 21, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Hacking Group ‘0v1ru$’ Breached a Contractor for Russia’s FSB Stealing 7.5TB of Data and Exposing Top Projects Including Effort to Deanonymize Tor Traffic

On July 13, a group of hackers known as 0v1ru$ breached SyTech, a contractor for Russia’s national intelligence service FSB, stealing information about internal projects the company was working on behalf of the agency. The group hacked into SyTech’s Active Directory server from where they gained access to the company’s entire IT network, including a JIRA instance, stealing 7.5TB of data from the contractor’s network, and defacing the company’s website with a “yoba face,” an emoji popular with Russian users that stands for “trolling.” The group shared the stolen data with Digital Revolution, another hacking group who last year breached Quantum, another FSB contractor. Digital Revolution shared the stolen files in greater detail on their Twitter account and with Russian journalists. Two of the notable projects that were exposed in the breach are Nautilus-S, one for deanonymizing Tor traffic, and Hope, one which analyzed the structure and make-up of the Russian segment of the internet. SyTech has taken down its website since the hack and refused media inquiries.

Related: Security Affairs, Zero Hedge, The Merkle, Reddit-hacking, Forbes,,, Slashdot, Cyber Kendra, Boing Boing, CNET, HackRead, Daily Mail, Engadget


Security Affairs: 0v1ru$ hackers breach FSB contractor SyTech and expose Russian intel projects
Zero Hedge: Russia’s Spy Agency Hit In Massive Hack; 7.5 TB Of Data Stolen In ‘Largest Data Breach In History’
The Merkle: Hackers Confirm Russia’s FSB Still Aims to Deanonymize Tor Traffic
Reddit-hacking: Hackers breach FSB contractor, expose Tor deanonymization project and more | ZDNet
Forbes : Russia’s Secret Intelligence Agency Hacked: ‘Largest Data Breach In Its History’ Russian FSB Intel Agency Contractor Hacked, Secret Projects Exposed Hackers breach FSB contractor, expose Tor deanonymization project and more
Slashdot: Is Russia Trying to Deanonymize Tor Traffic?
Cyber Kendra: Russia’s Intelligence FSB Contractor Hacked, 7.5TB Data Stolen
@troyhunt: FSB data breach: “The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world.”
@SecurityCharlie: Hackers breach FSB contractor, expose Tor deanonymization project and more
@campuscodi: Hackers breach FSB contractor, expose Tor deanonymization project …
Boing Boing: Massive trove of Russian spy-agency docs hacked from private sector contractor and passed onto media
CNET: Hackers reportedly breach contractor for Russian intelligence, exposing secret projects
HackRead: Hackers steal 7.5TB of data from Russian Intel Agency FSB’s contractor
Daily Mail: ‘The largest data leak in the history of Russian intelligence’
Engadget: Hackers broke into a contractor for Russia’s spy agency

@riskybusiness: The breach at that Russian FSB contractor is getting a lot of attention over its Tor de-anonymisation project. The Russian government put that project out to public tender years ago.

August 23, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Ukranian Secret Service Investigating Nuclear Power Plant Breach Where Employees Were Using Network to Mine Cryptocurrency

The Ukrainian Secret Service (SBU) is investigating a potential security breach at a local nuclear power plant after employees connected parts of its internal network to the internet so they could mine cryptocurrency. Viewed as a potential breach of state secrets due to the classification of nuclear power plants as critical infrastructure, the incident might have used the mining rigs as a pivot point to enter the nuclear power plant’s network and retrieve information from its systems, such as data about the plant’s physical defenses and protections investigators fear.  The incident took place in July at the South Ukraine Nuclear Power Plant, located near the city of Yuzhnoukrainsk, in southern Ukraine. Investigators seized equipment from the power plant’s administrative offices and not from the distribution plant.

Related: TechNadu, Infosecurity Magazine, Security Affairs, SecurityWeek, fossBytes, Unian, Forbes, The Next Web, RT, CoinTelegraph, NewsBTC

Tweets:@kimzetter @el33th4xor @campuscodi

TechNadu: Ukrainian Nuclear Power Plant Employees Have Been Caught Mining Cryptocurrency
Infosecurity Magazine: Ukrainian Nuke Plant Workers Tried to Mine Cryptocurrency
Security Affairs: Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency
SecurityWeek: Illegal Cryptocurrency Mining at Ukraine Nuclear Plant Exposed Sensitive Data
fossBytes: Ukranian Employees Connect Nuclear Plant To Internet To Mine Cryptocurrency
Unian: SBU busts cryptocurrency miners at Ukrainian power plantForbes: Bitcoin Hackers Charged As Nuclear Power Plant Security Compromised
The Next Web: Thief jeopardizes state secrets by using nuclear power plant to mine cryptocurrency
RT: Ukrainian nuclear power plant used to mine cryptocurrency, putting state secrets at risk
CoinTelegraph: Ukraine: Crypto Miners Arrested for Compromising Nuclear Plant Security
NewsBTC: Ukrainian Power Plant Officials Accused of Unauthorised Cryptocurrency Mining

@kimzetter: This one is going to be a staple in security conference slidedecks for years. Thank you, Ukraine.
@el33th4xor: I hope we don't have a second Chernobyl because some idiot connected a nuclear power plant to the Internet just so he can mine a PoW coin. via @ZDNet & @campuscodi
@campuscodi: -incident happened at the South Ukraine Nuclear Power Plant -mining rigs found in administrative office -rigs also found in nearby military barracks used by the Ukranian National Guard -also not the first incident of its kind (see photo below)

October 10, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Hackers Breached Cloud-Hosted Online Store Provider Volusion Impacting More Than 6,500 Stores Including Sesame Street Live Online

Hackers breached the infrastructure of Volusion, a provider of cloud-hosted online stores, and are delivering malicious code known as Magecart malware that records and steals payment card details entered by users in online forms. The breach impacted more than 6,500 stores. The most notable store affected is the Sesame Street Live online store, which has been taken down earlier today after another journalist reached out. Marcel Afrahim, a researcher at security firm Check Point, discovered the malicious code when he was browsing on the Sesame Street Live store. The incident took place this week after hackers gained access to Volusion’s Google Cloud infrastructure, where they modified a JavaScript file and included malicious code that logs card details entered in online form. In a tweet, Volusion said it was working on the issue.

Related: THE INQUIRER,, Security Affairs, TechNadu, Cyberscoop, Security – Computing, Futurism, SC Magazine, BBC News, Noteworthy – The Journal Blog, Bleeping Computer, Trend Micro,

Tweets:@TrendMicroRSRCH @Volusion @BiellaColeman @Joseph_Marks_ @campuscodi

THE INQUIRER: Sesame Street store among 1, 2… er, 6,500 victims of Volusion hack : Hackers Compromise Volusion, Steal Card Details From 6,500 Websites
Security Affairs: Hackers compromised Volusion infrastructure to siphon card details from thousands of sites
TechNadu: Volusion Breach Results in Massive Credit Card Compromise Operation
Cyberscoop: Breach at e-commerce provider gave hackers an entry to Sesame Street
Security – Computing: Up to 20,000 ecommerce websites at risk of Magecart attacks following Volusion server compromise
Futurism: Criminals Hacked the “Sesame Street” Store, Stole Credit Card Info
SC Magazine: Magecart attack on e-commerce service impacts Sesame Street store and many more
BBC News: Cookie monster eats data from Sesame Street store
Noteworthy – The Journal Blog: Sesame Street Store & Volusion customers are comprised; how the cookie monster is stealing credit card info
Bleeping Computer: C is for Credit Card: MageCart Hits Volusion E-Commerce Sites
Trend Micro : FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops Volusion Payment Platform Sites Hit by Attackers

@TrendMicroRSRCH: @Volusion Hi! We sent you a Direct Message. Looking forward to your reply.
@Volusion: Thanks for contacting us. Our team has been working tirelessly on a fix for this and we will be updating everyone once a solution has been deployed. We appreciate your willingness to help!
@BiellaColeman: Disappointed that this is yet another commercial breach and not a story about Sesame Street's first full episode on hacking.
@Joseph_Marks_: Alternate lede: How do you get to Sesame Street? With malicious Javascript code.
@campuscodi: Hackers breach Volusion, a cloud-based provider of online stores, to collect card details from thousands of site—up to 6.5k stores impacted (including Sesame Street online store)—hackers altered a JS file hosted on the company's Google Cloud account

September 12, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Surveillance Vendor Has Been Using Complex and Sophisticated SMS-Based Attack Method ‘Simjacker’ for Two Years to Track and Monitor Individuals, Report

A major SMS-based attack method dubbed Simjacker has been exploited for the last two years by an unnamed surveillance vendor in multiple countries to track and monitor individuals, researchers at Adaptive Mobile say.  In what the researchers say is a leap in complexity and sophistication over other mobile attack models, Simjacker sends an SMS message to a victim’s phone number which contain hidden SIM Toolkit (STK) instructions that are supported by a device’s S@T Browser, an application that resides on the SIM card, rather than the phone. Simjacker then instructs a victim’s phones to hand over location data and IMEI codes, which the SIM card would later send via an SMS message to a third-party device, where an attacker would log the victim’s location. Victims don’t see these messages inside their inboxes our outboxes which allows attackers to silent track their locations throughout the day.

Related: The Hacker News, Business Wire Technology News, Help Net Security, Adaptive Mobile, Ars Technica, Help Net Security, HackRead, Cyberscoop,The Hacker News, Threatpost, ZDNet Security, Slashdot, SecurityWeek

Tweets:@_odisseus @joeuchill @josephfcox @rondeibert

The Hacker News: New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS
Business Wire Technology News: AdaptiveMobile Security Uncovers Sophisticated Hacking Attacks on Mobile Phones, Exposing Massive Network Vulnerability
Help Net Security: Simjacker vulnerability actively exploited to track, spy on mobile phone owners
TAdaptive Mobile: Simjacker – Next Generation Spying Over Mobile
Ars Technica: Hackers are exploiting a platform-agnostic flaw to track mobile phone locations
Help Net Security: Simjacker vulnerability actively exploited to track, spy on mobile phone owners
HackRead: Simjacker vulnerability lets attackers track your location with an SMS
Cyberscoop : Meet ‘Simjacker,’ a nasty mobile vulnerability researchers say puts 1 billion phones at risk
The Hacker News: New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS
Threatpost: 1B Mobile Users Vulnerable to Ongoing ‘SimJacker’ Surveillance Attack
ZDNet Security: Simjacker attack exploited in the wild to track users for at least two years
Slashdot: New Simjacker Attack Exploited In the Wild To Track Users For At Least Two Years
SecurityWeek: Simjacker: SIM Card Attack Used to Spy on Mobile Phone Users

@_odisseus: Announcing the existence of a vulnerability that we call #Simjacker exploited the last 2 years by a sophisticated threat actor. Technical details during the Virus Bulletin Conference, London, 3rd October 2019. H/T @fs0c131y cc: @0xrb Preliminary:
@joeuchill: has anyone played around with Simjacker?
@josephfcox: This is a pretty wild attack. Leveraging vectors in the SIM card to get location data, other information on targets. Because it's SIM card, its platform agnostic. Being used by a company that sells surveillance capabilities to governments
@rondeibert: "The main Simjacker attack involves a SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the UICC (SIM Card) within the phone to ‘take over’ the mobile phone" << New mobile attack.

September 18, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
GitHub Announces Support for PHP Projects, Acquisition of Security Analysis Platform Semmle and Certification as CVE Numbering Authority

Microsoft-owned GitHub plans to add support for a Dependency Graph for Composer-based PHP projects. The Dependency Graph feature is intertwined with the Security Alerts (Vulnerability Alerts) feature,  meaning that GitHub users will also be eligible to receive automatic security alerts for vulnerabilities in the dependencies of their PHP-based projects. GitHub launched the Security Alerts feature, one of its most useful features, to great success in November 2017 for JavaScript and Ruby projects and later expanded it to Python projects in July 2018 and to Java and .NET projects in October 2018. Separately, GitHub announced the acquisition of Semmle, a security analysis platform, which it said will be used to improve GitHub’s vulnerability scanning process. On top of that GitHub also announced that it received a certification as a CVE Numbering Authority (CNA), which means GitHub will be able to automatically assign CVE numbers, identifiers for security flaws, on its own.

Related: Dark Reading, Venture Beat, The Register – Security, TechCrunch, Bleeping Computer, SiliconAngle News, MSPowerUser, GitHub, GitHub Blog, ZDNet