Anderson Cooper claims his Twitter account was hacked to call Trump a ‘tool’ and ‘pathetic loser‘
Anderson Cooper claimed that his Twitter account was hacked after sending a post that called Trump a “pathetic loser. While some felt the tweet didn’t sound like something Cooper would say, others said his assistant probably thought he was tweeting from an anonymous or private account when the post went out. However, CNN Communications later tweeted that someone had illegally gained access to Cooper’s account and posted the tweet. Joe Corrigan/Getty Images CNN anchor Anderson Cooper claims he was hacked after his Twitter account responded to a tweet from US President Donald Trump by calling him a “tool” and “pathetic loser. Just woke up to find out someone gained access to my Twitter account,” Cooper later tweeted. A CNN spokesperson later said in a statement that Cooper did not post the tweet. Prior to Wednesday, no new tweets were posted by the account since Sunday. The tweet immediately caught the eye of ecstatic Twitter users with many praising Cooper for standing up to the president. The network also said “geolocation tools” proved the tweet was sent from New York when Cooper was in Washington DC at the time. The reason I originally endorsed Luther Strange (and his numbers went up mightily), is that I said Roy Moore will not be able to win the General Election,” Trump tweeted.
Hackers can target Facebook, Paypal and other popular sites with 19-year-old ROBOT exploit
Over 25 of the most popular websites, including Facebook and Paypal, are vulnerable to attacks because of the resurgence of a 19-year-old exploit dubbed ROBOT. This would allow them to decrypt traffic on the targeted website, in turn causing the website to leak sensitive information. However, security researchers found that the exploit can still be used against websites today. This means neither the vendors of the affected products nor security researchers have investigated this before, although it’s a very classic and well-known attack. 8% of the top one million sites were also found to be vulnerable to the same attack. We were able to identify eight vendors and open source projects and a significant number of hosts that were vulnerable to minor variations of Bleichenbacher’s adaptive-chosen ciphertext attack from 1998. Researchers found that around 27 of the top 100 most popular websites, as ranked by Alexa, were vulnerable to the ROBOT exploit. ROBOT (Return of Bleichenbacher’s Oracle Threat), is a variant of the 1998 security vulnerability in the transport layer security protocol for web encryption that affected TLS servers that uses RSA encryption. According to security researchers Hanno Böck and Juraj Somorovsky from Hackmanit GmbH, Ruhr University Bochum, and Tripwire VERT’s Craig Young, the server implementation flaw could allow hackers to perform RSA decryption and key signing. ArsTechnica reported that the flow could also allow hackers to decrypt ciphertext even without having access to the secret decryption key.
What is Triton? Hackers create new Stuxnet-like malware that has already hit the Middle East
The hackers behind the Triton malware are likely state-sponsored iStock A new malware specifically designed to target industrial control systems (ICS) of critical infrastructure has been discovered by security researchers. Once on the SIS network, the attacker used their pre-built TRITON attack framework to interact with the SIS controllers using the TriStation protocol. The attacker could have caused a process shutdown by issuing a halt command or intentionally uploading flawed code to the SIS controller to cause it to fail,” FireEye researchers said. The targeting of critical infrastructure as well as the attacker’s persistence, lack any clear monetary goal and the technical resources necessary to create the attack framework suggest a well-resourced nation-state actor,” FireEye researchers said in a blog. Dubbed Triton by FireEye’s Mandiant and Trisis by Dragos, the malware is considered to be a serious threat and is in line with the four other ICS malware variants such as Stuxnet, Havex, Crashoverride and BlackEnergy2. According to Dragos researchers, attacks leveraging the malware could lead to loss of life but, such a scenario would be highly unlikely. Instead, the attacker made several attempts over a period of time to develop and deliver functioning control logic for the SIS controllers in this target environment. Specifically, the following facts support this assessment: The attacker targeted the SIS suggesting an interest in causing a high-impact attack with physical consequences. According to security researchers at Dragos, the malware targeted an unspecified firm in the Middle East. While previously identified in theoretical attack scenarios, targeting SIS equipment specifically represents a dangerous evolution within ICS computer network attacks.
UK Christmas shoppers beware – hackers using Zeus Panda malware to steal your credit card data
Hackers are going after British Christmas shoppers’ credit card data, using the Zeus Panda banking Trojan. In most cases, hackers inject banking malware code of variants like Zeus Panda (aka Panda Banker) onto targeted banking sites, to harvest victims’ banking credentials and credit card information. According to security researchers at Proofpoint, who uncovered the recent Zeus Panda malware campaign, hackers have been targeting holiday shoppers since November, capitalising on the Thanksgiving, Black Friday and Cyber Monday shopping sprees. The timing and specific inject of these recent attacks are clearly focused on online holiday shoppers, travellers, and holiday activities, with far more retail-related and other non-banking, injects than we normally associate with a banking Trojan attack,” Proofpoint researchers said in his blog. The hackers behind the malware have injected malicious code onto popular online shopping sites such as Zara, as well as travel sites, video streaming sites and more. During the holidays, when many users will be travelling or using corporate devices from home, requiring the use of a VPN can ensure that computers are protected and banking Trojan-related traffic can be detected and blocked whether or not a user is physically in the office. However, security researchers observing the evolution of banking malware campaigns say that hackers have now begun injecting such malicious code into online payment sites, retailers’ sites, casinos and more. Proofpoint researchers recommend that companies and holiday shoppers use VPNs to avoid falling victim to such holiday-themed attacks. Researchers also warned that victims infected with Zeus Panda are often unaware of having been targeted by hackers, as the malware conducts man-in-the-middle attacks to surreptitiously steal credit card information. Proofpoint researchers say that although the first campaign they observed in November targeted Canadian companies, right before Thanksgiving, in December, hackers had begun targeting UK firms.
Blockchain Used By Indian State to Combat Cyber Attacks
The West Bengal government is planning to use blockchain technology to protect its documents from cyber attacks. West Bengal is an Indian state located in Eastern India on the Bay of Bengal. It is India’s fourth-most populous state, with over 91 million inhabitants. It has an area of 88,752 km2 (34,267 sq mi). A part of the ethno-linguistic Bengal region, it is bordered by Bangladesh in the east, and Nepal and Bhutan in the north; it shares borders with five Indian states: Odisha, Jharkhand, Bihar, Sikkim, and Assam. The West Bengal government is proposing a Cyber Security Center of Excellence that would be tasked to carry out blockchain technology at various departments. A senior official of the Information Technology Department said the proposed center will bring the best in academic, law enforcement and other sections under one roof for the best practices to counter cyber-attacks. He added that local police officers recently participated in a cyber security workshop conducted by the IT department at the center. The Cyber Security Center of Excellence will conduct research and development on cyber crimes for which the state government will partner with private firms. The state government is also planning to raise the awareness level about threats of cyber crimes and precautions that need to be exercised. Earlier this year, computers at some offices of the West Bengal State Electricity Distribution Company Limited were crippled by the WannaCry ransomware, a type of malicious software designed to block access to a computer system until a sum of money is paid. “We do not want such things to be repeated. We are trying to build foolproof security against these threats,” the official said.
Youbit hack: Bitcoin exchange forced to shut down after suffering the second attack in 8 months
South Korean authorities blamed North Korean hackers for the previous breach against Youbit Dan Kitwood/Getty Images South Korean Bitcoin exchange Youbit has been forced to shut down after being hit by hackers for the second time in just eight months. This is far from limited to Youbit and cryptocurrency exchanges, this year we’ve seen attacks on cryptocurrency wallets, countless initial coin offerings (ICOs), and even the launch of new cryptocurrencies such Bitcoin Gold,” Leigh-Anne Galloway, Cyber Resilience Lead at Positive. Earlier this week, South Korea’s spy agency, the National Intelligence Service (NIS), also blamed the proliferating North Korean hacker group Lazarus, for orchestrating attacks against several prominent South Korean cryptocurrency exchanges. The BBC reported that South Korea’s Internet and Security Agency (Kisa) has begun investigating the recent cyberattack against Youbit. The exchange was hacked in April and nearly 4,000 Bitcoins were stolen at the time – the stolen funds now amount to around $73m (£55m. Youbit confirmed that it was hacked once again on 19 December and that hackers stole 17% of its total assets. However, Kisa blamed North Korean hackers for the previous breach. However, this has been matched in equal measure by an increase of attacks on the cryptocurrency ecosystem. 2018 has been a remarkable year for cryptocurrencies, with Bitcoin hitting heights that even the most optimistic spectators wouldn’t have predicted. The Lazarus Group, apart from being actively involved in various cyber espionage campaigns, has targeted numerous cryptocurrency exchanges across the world. exchanges across the world.
Shocking data leak exposes private details of ‘virtually every’ American household
Yes, it’s another leak of millions of consumers’ data. UpGuard said the database used “anonymised record IDs to identify households” – meaning no names were included – but noted that collectively it could likely identify US citizens. Modern marketing executives use massive troves of consumer data to help tailor advertising campaigns and create strategies based on household demographics. Taken together, the exposed data reveals billions of personally identifying details and data points about virtually every American household,” wrote Dan O’Sullivan, a threat researcher at UpGuard, which found the leaked files, in a blog post published Tuesday (19 December. Markus Spiske/Unsplash A cybersecurity firm says it discovered a weakly protected database that was leaking personal information relating to millions of American households. One lengthy database with household data – seemingly compiled for marketing – was titled “ConsumerView. Indeed, an Experian brochure about the ConsumerView product from 2016 revealed that it holds “data on more than 300 million individuals and 126 million households. The leaky cloud database has now been cordoned off from the internet, Alteryx has said. The security company said that Alteryx offers a package called “Designer with Data” which is touted as having “analytics-ready demographic, segmentation, and firmographic data from Experian, D&B, the US Census Bureau, and more. The] data provides a highly detailed database of tens of millions of Americans’ personal, financial, and private lives,” O’Sullivan wrote.
Android malware ‘Catelites Bot’ can pretend to be 2,200 banks – and will drain your account
The new strain of Android malware has the ability to pose as more than 2,200 banks, experts said Pixabay/Creative Commons A new strain of Android malware has the ability to pose as more than 2,200 banks – including Santander and Barclays – in order to steal passwords and plunder accounts. While the manipulative mobile banking screens don’t resemble the original banking apps, the power lies within the malware’s shotgun approach: Targeting millions of users of thousands of banks to increase the likelihood a few victims will fall for the trick. These won’t fool tech-savvy users, but others may still fall victim to the phishing pages: Fake overlay screens pull in the logos of actual banks Avast Labs Catelites Bot uses the “overlay screens” to dupe users, and if details are entered they will be sent to the hackers. The malware spreads via unofficial sources, so for users it’s important to set their phone to only accept app downloads from official app stores, like Google Play, and to double-check if their banking app is clean by looking their app’s interface to see if it has drastically changed. The malware has the ability to automatically and interactively pull Android banking applications’ logos and names from the Google Play Store,” he continued. Catelites Bot has developed a sophisticated way to target more than 2,200 banks worldwide with fake mobile banking app interfaces,” said Avast mobile threat researcher Nikolaos Chrysaidos. As noted, it is able to stealthily adopt logos and mobile app names of banks, and use generic login templates in an attempt to hijack usernames, passwords and credit card information. While we don’t have any evidence that the Catelites Bot actor is linked to CronBot, it is likely that Catelites members.
Android malware posing as porn can literally make your phone’s battery explode
The device’s battery bulged out of the phone’s case after being infected for 2 days Kaspersky Lab A strain of Android malware found lurking on third-party application stores is so packed full of nefarious capabilities it can cause physical damage to smartphones. Its creators have implemented almost the entire spectrum of techniques for attacking devices: the Trojan can subscribe users to paid services, send SMS messages to any number, generate traffic and make money from showing advertisements, use the computing power of a device to mine cryptocurrencies, as well as perform a variety of actions on the internet. According to Kaspersky Lab, it is the app’s crypto-mining that causes the battery to bulge. The app was caught posing as anti-virus and porn apps Kaspersky Lab. Security experts from Moscow-based anti-virus company Kaspersky Lab said Monday (18 December) that a newly discovered Trojan – dubbed Loapi – exploited a handset to the extent that within two days of infection it caused the battery to bulge out of the phone’s cover. If it detects a real anti-virus app, it claims it is malware and urges the user to delete it. The malware was posing as at least 20 variations of anti-virus software and porn applications. They wrote: “Loapi is an interesting representative from the world of malicious Android apps. The blog post added: “The only thing missing is user espionage, but the modular architecture of this Trojan means it’s possible to add this sort of functionality at any time. Luckily for Android fans, Loapi was not in the Google App Store.
Nissan data breach: Over 1 million customers’ sensitive data feared stolen by hackers
However, the auto giant also said that it is still investigating the breach to determine what data may have been stolen by hackers and how many customers were impacted. The offer is also available to customers not impacted by the breach – this appears to be a move to cover all their bases since Nissan is still unsure about how many customers have been affected by the breach. Although the details of the breach are still murky, Nissan says that the hack may have impacted all of its current and past customers – around 1. Nissan says that at present, there is no evidence to indicate that customers outside Canada were affected by the breach. Auto giant Nissan confirmed that its Canadian branch has been hit by hackers. We sincerely apologize to the customers whose personal information may have been illegally accessed and for any frustration or inconvenience that this may cause,” Alain Ballu, president, Nissan Canada Finance, said in a statement. Nissan said in a press release that customers’ payment card information was not affected. The auto giant also said that it is working with law enforcement authorities to resolve the issue. It is feared that hackers may have likely stolen millions of customers’ private and sensitive information including names, addresses, vehicle identification number (VIN), vehicle make and model, credit score, loan amount and monthly payments. However, it was nine more days before the firm informed customers about the breach.