-
Meta fired dozens of employees for hacking Facebook and Instagram user accounts
Over the past year, Meta Platforms has fired more than 20 employees and contractors for allegedly compromising and taking over user accounts. This was reported by The Wall Street Journal last week. Some of the cases of violations were related to bribery, the portal reports, citing sources and documents.Among those fired were contractors - security firms who worked at the company's facilities. They gained access to an internal tool through which employees helped “familiar users” access accounts if they forgot their password or their accounts were locked out.A system called "Oops" (Online Operations) is not...
-
Google service is used to distribute torrents
BleepingComputer experts report that attackers are using the Google Looker Studio data visualization service to increase the ranking of their fraudulent sites that distribute spam, torrents and pirated content.The SEO Poisoning attack uses the Google subdomain "datastudio.google.com" to increase trust in malicious domains. One user noticed that several pages of Google search results were filled with links to "datastudio.google.com". These links do not lead to Google Looker Studio, but are mini-sites that contain links to pirated content.For example, one such search result we clicked directs users searching for "Download Terrifier 2 (2022)" to bit.ly links,...
-
Significant events OVERVIEW in the field of information security over the past week
The most common passwords of 2022, the danger in Sophos and McAfee products, and the new tool that will be the next Cobalt Strike.NordPass has published a list of the most common passwords of 2022Most of them are simply repetitions of a single character, sequences of easy-to-guess numbers, direct typing of letters, or simple combinations such as "[email protected]".NordPass noted that such passwords can be cracked in less than 1 second, and also said that passwords containing the words "oscars", "batman", "euphoria", "encanto" (names of popular films and series) were most often used this year.Cisco Warns...
-
How to distinguish natural hashish from synthetic
Classic hashish is made from extracted cannabis trichomes, which contain the main psychoactive components of the herb and cannabinoids. But along with a briquette of a natural product, on the shelves of shops you can often find a Trojan horse, namely, synthetic hashish, which has nothing to do with the healing properties of natural hashish.Synthetics are made from the base that is used to create the legendary spice. By mimicking the psychological effects of marijuana, the substance can lead to serious health problems due to its neurotoxicity and deleterious effects on the circulatory system.A fake...
-
Apps with over 3 million installs leak 'Admin' search API keys
The Algolia API is used by approximately 11,000 companies to implement search and recommendation on websites and mobile apps.Algolia uses the Admin, Search, Monitoring, Usage and Analytics API keys. Of these keys, only Search is intended for user interaction and is available in front-end code to help you perform search queries in applications.The rest of the keys can only be accessed using the Admin key, which also provides an additional set of features:View/delete index;Adding/deleting records;Getting a list of indexes;Get/set index settings;Getting access logs.And if an attacker gets their hands on the administrator's API key, he...
-
Google finds 34 hacked versions of Cobalt Strike in the wild
According to a Google Cloud Threat Intelligence (GCTI) report, experts have found cracked versions of Cobalt Strike from 1.44 to 4.7, which include 275 unique JAR files. The latest version of Cobalt Strike is 4.7.2.Cobalt Strike is a legitimate commercial tool built for pentesters and red teams and focused on exploitation and post-exploitation. However, it has gained popularity among hackers of all stripes, from APT groups to ransomware operators.The tool consists of a Team Server that acts as a C&C server for managing infected devices, and a stager designed to deploy beacons that can be...
-
Ragnar Locker stole data from the Belgian police, although their target was the municipality
This data breach was one of the largest in the history of Belgium.Ragnar Locker hackers published stolen data on their website that they thought belonged to the municipality of the Belgian city of Zwijndrecht. But in fact, the published information belonged to the Zwijndrecht police.Experts analyzed the leaked data and found thousands of car license plates, fine records, files with criminal reports, police data, investigation reports and much more. This data breach puts not only people at risk, but also ongoing law enforcement operations.The Belgian media are calling this data leak one of the biggest...
-
TOP 10 most vulnerable passwords
Specops Software has published a study that analyzes the most popular passwords used in attacks on RDP (Remote Desktop Protocol) ports.RDP over TCP port 3389 is a popular way to provide remote network access to remote workers. Attacks on RDP ports are still popular for hackers, even as many employees return to the office. Currently, brute-force attacks top the list of attack vectors and account for 41% of all intrusions.In an analysis of over 4.6 million compromised passwords collected in October 2022 from the Specops Software honeypot system, the most common passwords used to attack...
-
Russian hackers XakNet hacked the website of the Ministry of Finance of Ukraine
The XakNet group, which calls itself Russian hackers, announced on its Telegram channel that it had completed the operation to hack the Ukrainian Ministry of Finance.The operation to break into the Ukrainian financial department lasted for several months. “Step by step, we compromised the enemy’s infrastructure, studied how everything works, pumping out documents along the way,” the hackers said in the post.The attackers claim that they allegedly managed to gain access to the mails of employees of the department, as well as seize more than a million files with electronic documents. The collected data is...
-
Google won a lawsuit against the creators of the Glupteba botnet
Google has won a lawsuit against two Russian citizens who created the Glupteba botnet. The company announced this on its blog last week.The District Court for the Southern District of New York imposed punitive damages on the defendants and their lawyers who are in the United States. The defendants were also asked to pay Google's legal costs. The defendants' motion to sanction Google was denied. The size of the sanctions is not reported.In 2021, Google destroyed the Glubteba malware infrastructure and sued Dmitry Starovikov and Alexander Filippov, who are said to have been involved in...
