Tag Archive for: locking

How I Survived Hackers Locking My Accounts, Stealing $4,000


One day in late September, I woke up to an alarming text from my investment adviser, saying he had replied to the email I’d sent him. Problem was, I hadn’t sent him an email. Muttering expletives, I hurriedly checked online and saw that someone had logged in to my investment account and transferred out $4,000. I’d been hacked and robbed.

Up to then, I had felt safe from the scourges of phishing attacks and fraud, as I considered myself a savvy internet traveler. But it quickly became clear that cyberthieves were far more savvy than me. Within days, I was facing a full-on assault from online thieves.

Even before the $4,000 was stolen, I’d noticed unusual activity in my accounts. I had received fraud alerts on two credit cards within minutes, both of which I canceled.

Now, knowing the attack was real, I checked my online account at a large retail chain. Two smartphones were in the shopping cart, to be shipped to a sketchy mail drop point in Reisterstown, Maryland, a locale I’d never visited. My digital wallet had a Bancorp Bank credit card, which I hadn’t ordered. Did hackers have all my passwords?

Next, I discovered that my Amazon account had been locked due to suspicious activity. I hadn’t received any notifications from Amazon, so I called customer service. A smart representative advised me to check my email account and look at any filters that had been set up. As he suspected, hackers had blocked all emails from Amazon or my bank. This meant the hackers had not only my Amazon password but my email password too.

I suspected my computer might have malware, but two programs showed it was clean. My computer consultant mentioned that he’d once been hacked through his router, which he told me was the most vulnerable part of a home network, so I changed the router password and the Wi-Fi password too.

Next step was the time-consuming project of changing dozens of website passwords, one by one. When I opened my password manager and…

Source…

A security firm hacked malware operators, locking them out of their own C&C servers


This’ll put a smile on your face: We love hearing stories of bad actors getting their comeuppance. This one is great, though, because not only did a bunch of hacker wannabes get served (literally), several of them infected themselves with malware due to misconfiguring their own equipment.

Cybersecurity startup Buguard has been hard at work hacking hackers. Using an exploit it found, it has disrupted malware and ransomware servers, locking out their operators. TechCrunch notes that the firm has effectively taken five command-and-control (C&C) servers offline, four of which have gone entirely dark.

The counterattacks were made possible after the source code of a malware called Mars Stealer leaked online. Mars Stealer is a malware-as-a-service platform where hackers can rent server time to conduct attacks. Once the source code leaked, hackers started setting up servers independently rather than paying.

Before Buguard even got ahold of the code, inept hackers were already doing a decent job borking their servers on their own because of faulty installation instructions leaked with the code.

Victim logs and stolen data were entirely wide-open to the internet. According to Morphisec, wannabe malware operators following the flawed instructions wound up configuring their C&C servers to inadvertently grant “full access (777)” to the world. In some instances, the would-be hackers’ ineptitude left “critical assets” exposed.

Then Buguard came along and looked at the Mars Stealer source code and found a vulnerability. The researchers developed an exploit for the flaw that allowed them to break into the C&C servers, including ones that operators configured correctly, and take them over.

Once in the system, Buguard deleted the victim logs and stolen data and severed the infected computers’ connection to the C&C server. To add insult to injury, the researchers scrambled the Mars Stealer’s dashboard passwords so that the operators were locked out of their systems. The counterstrikes effectively put five servers out of commission since operators had to start over entirely from scratch reconfiguring their servers and reinfecting their victims. Of the five C&C systems Buguard…

Source…

Locking Down Cyber Security


Many operations are failing to manage the cyber security basics, and this is leaving businesses highly vulnerable.

Why is it that even well-run organisations seem unable to take the critical steps needed to protect themselves? In part it can be attributed to a failure to update ageing IT systems, rendering resilience to hacking, ransom and accidental data loss progressively weaker over time. Innovative IT systems installed 10 years are now archaic.

Furthermore, the different ways in which organisations operate, often using a mixture of new and old (sometimes incompatible hardware alongside complex and frequently poorly updated unpatched software renders many operations more vulnerable. These weaknesses are made worse by the trend to hybrid and remote work and BYOD policies.

In the last year, 39% of UK businesses reported cyber attacks, of which phishing attempts were the most common (83%). This figure has decreased slightly from 46% in 2020, although one in every 3,226 emails an executive receives is a targeted phishing attempt, also known as whaling attacks. 

With only a quarter (26%) of small business professionals considering cyber security to be a top priority, there is real scope for improvement if organisations are to limit the threat that fraud and other online crimes present to their operations. For many, the world of cyber security is a confusing one and it can be hard to know where to start. So what threats do companies face, and what can they do to maintain a secure and thriving ecosystem?

Complacency is the biggest threat to a business’s safety. Just 54% of UK businesses acted to identify cybersecurity risks in the last year and IT teams are often delayed in their response to fixing misconfigured technology and protective tools, leaving their companies open to attacks.

The problem is that most businesses are more focused on their profitability than security, with little consideration for the potential cost of an attack. Employees often use weak or repetitive passwords, or specific teams may employ processes that diverge from their company’s safety regulations. These transgressions can have a huge impact on the entire business;…

Source…

Hackers are locking dicks in chastity cages, and it’s got security experts worried – Hack


Imagine your phone buzzing. It’s a whatsapp from a number you don’t know.

Ok, weird, probably a scammer, but you take a look.

It’s a stranger, demanding one thousand dollars in bitcoin to release your dick from a hardened steel cage.

It sounds like something out of Black Mirror, but it is very real.

And it is prompting some in the adult industry to call for better safety standards from manufacturers, arguing they are putting people’s bodies at risk.

Want to lock your penis in a cage? There’s an app for that.

Chastity cages are not super mainstream sex toys, but they are pretty common in the BDSM community.

They largely do what they promise – lock your penis in a cage, to prevent you masturbating, having sex, or even getting a full erection.

Like a lot of other sex toys, they are going online.

The ‘Cellmate’ does not rely on an old-fashioned padlock and key, but rather uses an electronic key – meaning the wearer can hand control to anyone, anywhere, through an app.

It recently attracted attention after it was revealed hackers were able to gain access to people’s devices through the app, and lock them.

They were contacting users, and demanding a ransom of around A$1000 in bitcoin.

Terrifyingly, the device doesn’t have any kind of emergency release mechanism. Which led to reports of some people trying to use bolt cutters to get it off.

But thankfully, it seems a lot of the people hacked were not wearing the device at the time it was hacked and locked.

The manufacturer, Qiui, published a video demonstrating how to unlock the device with a screwdriver.

The company told Hack that they’ve updated the security features in version 3.0 of the app.

‘I like to be the boss in the bedroom, not the hacker’

Internet-connected sex toys are not new. In fact, they are really popular – and a global pandemic has helped them boom.

They range from simple toys like vibrators that can be remotely controlled online, to more intense toys like the Cellmate.

With many…

Source…