Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Database hacked. Show all posts
Password Hashing
Cyber Crime Database Breach Database hacked Database Leaked Password Hashing

Here's why a Greece Hacker Easily Hacked Croatian University?

 

A hacker from Greece has published the database of the University of Rijeka in the context of Croatia supporting the anti-Serb movement. Reportedly, the hacker was fueled by the prevailing situation in the Balkans, and his acts were motivated by the same; addressing his Serbian brothers he wrote, "it's time to defend our land and our history". 

Hashing is a one-way road to security and a reliable password storage strategy that makes storing passwords less risky and complex by creating a strong foundation for securely storing passwords.
 
The database contains a table that compares every username with a password. The server receives a request for authentication with a payload containing a username and a password when a user logs in; then the username is being looked up in the database and matched with the stored password, and when the right match is being found, the user gets the access to the application or the website. 
 
The strength of security depends upon the format of storing the password, one of the most basic ways of password storage is 'cleartext', which however is also the least secure of all as it is readable data stored in the clear, for instance, unencrypted. To say, using cleartext for storing passwords is the real-world equivalent of writing them down on paper – here a digital one.  
 
Notably, the University website has been using Md5 to store the passwords which is yet another outdated format that can be easily cracked. Now coming back to hashing – it uses an algorithm to map data regardless of its size to a fixed length, one must not confuse hashing with encryption as encryption is a two-way function and hence reversible while hashing is a one-way function and hence is not reversible. The computing power required to reverse-hash something is unfeasible. 
 
What is salting?
 
Salting is a unique value that is added at the end of the password to distinguish its hash value from that of a similar password, without salting the same hash will be created for two identical passwords. It is done to strengthen security by complicating the cracking process. However, in the abovementioned hash, there are no additional values added to the passwords. 

They have simply used the md5 method without salting and as the main virtue of a secure hash function is to make its output difficult to predict, this method used by the University defies the whole purpose – making passwords weak and easy to crack. Some of the pre-cracked passwords are shown below. 



Read more »
IT Firm Hacked
Accounts Hacked China Cyber Crime Report Database hacked Hacked IT Firm Hacked

China hacked TCS, 7 other major firms: Report

‘Operation Cloud Hopper’ — a global cyber espionage campaign — first made headlines when Chinese hackers reportedly broke past IBM and Hewlett Packard Enterprise. Now, it seems that they weren’t the only ones attacked.

Hackers working for China’s Ministry of State security broke into networks of eight of the world’s biggest technology service providers in an effort to steal commercial secrets from their clients, according to sources familiar with the attacks.

Technology service providers such as Hewlett Packard Enterprise (HPE), IBM, Fujitsu, Tata Consultancy Services (TCS), NTT Data, Dimension Data, Computer Sciences Corporation (CSC) and DXC Technology, HPE’s spun-off services arm, were the target of Cloud Hopper attributed to the Chinese government by the United States and its Western allies.

It isn’t just TCS that was hacked. The service provider was used as a jumping off point to gain access to their client’s networks.

Meanwhile, China is denying all involvement in the attacks and companies are claiming that no sensitive information was compromised, but the Reuters report shows otherwise.

A U.S. indictment in December outlined an elaborate operation to steal Western intellectual property in order to advance China’s economic interests but stopped short of naming victim companies.

Reuters has identified more than a dozen victims who were clients of the service providers. That list includes Swedish telecoms giant Ericsson, U.S. Navy shipbuilder Huntington Ingalls Industries and travel reservation system Sabre.

HPE said it worked “diligently for our customers to mitigate the attack and protect their information.” DXC said it had “robust security measures in place” to protect itself and clients, neither of which have “experienced a material impact” due to Cloud Hopper.

NTT Data, Dimension Data, Tata Consultancy Services, Fujitsu and IBM declined to comment. IBM has previously said it has no evidence sensitive corporate data was compromised by the attacks.

Sabre said it had disclosed a cybersecurity incident in 2015 and an investigation concluded no traveler data was accessed. A Huntington Ingalls spokeswoman said the company is “confident that there was no breach of any HII data,” via HPE or DXC.
Read more »
Sensitive data Leaked
Bypass of Sensitive data. Data Breach Database hacked Docker Hub Exposed records Sensitive data Leaked

Docker Hub hack exposes sensitive data of 190,000 users

                                                                   

An unauthorized person gained access to a Docker Hub database that exposed sensitive information for approximately 190,000 users. Docker says the hacker had access to this database only for a short moment and the data accessed is only five percent of Docker Hub's entire userbase.

This information included some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories used for Docker autobuilds.

GitHub and Bitbucket access tokens stored in Docker Hub allow developers to modify their project's code and have it automatically build, or autobuild, the image on Docker Hub. If a third-party gains access to these tokens, though, it would allow them to gain access to a private repositories code and possibly modify it depending on the permissions stored in the token.

Docker Hub lost keys and tokens which could have downstream effects if hackers used them to access source code at big companies.

Docker Hub is the official repository for Docker container images. It makes software tools for programmers and developers.

According to a security notice sent late Friday night, Docker became aware of unauthorized access to a Docker Hub database on April 25th, 2019.

Docker disclosed the breach in an email to customers and users of Docker Hub, its cloud-based service that’s used by several companies and thousands of developers all over the world. In the email, obtained by Motherboard, Docker said that the stolen data includes “usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.”

"On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data," said Kent Lamb, Director of Docker Support.

Experts Motherboard spoke to said that, in a worst-case scenario, the hackers would have been able to access proprietary source code from some of those accounts. Specifically, Docker allows developers to run software packages known as “containers.” It is used by some of the largest tech companies in the world, though it is not yet publicly known what information was accessed and which companies’ accounts were affected.
Read more »
Database hacked
bike-sharing Database hacked

Hacker attacks Copenhagen’s Bycyklen, deletes entire database


Bycyklen, Copenhagen’s public bike-sharing system, announced on Saturday that their entire database was erased in a hack by unknown hackers on the night between Friday and Saturday, causing their systems to be out of operation on Saturday.

“The manner in which the attack was performed is really primitive, but demonstrates that it was done by a person with a high level of knowledge of the IT structure of our system, and at the same time, we can see that the person(s) have entered using a password,” Bycyklen wrote in a Facebook post on Sunday, 6 May.

All of the organisation’s 1,860 bikes were affected by the hack, which had to be manually restored by Bycyklen staff, out of which only 200 were able to be restored by the organisation’s staff on Sunday.

The system works by using Android tablets attached to the bikes that connect to Bycyklen’s database to record the details of bikes spread across the city. Due to the erasure of the database, users were unable to unlock the bikes, and the staff had to manually reboot the Android tablets after tracking down the bikes.

The organisation launched a “treasure hunt” to track down the bicycles for the same, offering users an hour of free riding time as a reward for finding one.

In an update posted on its website on Monday, Bycyklen assured users that after analysing their servers, there have been “no signs that we have lost data.”

“The attack has been aimed directly at our business, not our users,” the company wrote. “We do not store payment card information. The only information we keep is our users' email addresses, phone numbers and their PIN codes for the Bycyklen bikes. In our databases we use "salted password hashing", that is, all PINs are encrypted and cannot be read or recreated, neither by Bycyklen nor any other player."

Currently active bicycles can be found using the organisation’s “Find a bike” page.

Read more »
Hacking News
Database hacked Hacking News

Edinburgh Council cyber attack, details of more than 13,000 stolen

For the second time in five years, Edinburgh City Council has been hacked again. More than 13,000 email addresses were stolen from the counsel’s database after a “malicious cyber attack” on 26 June.

A spokesman of the council said, “This was a malicious cyber attack on the council’s website which is hosted in a UK data centre. It was dealt with swiftly and at no point were any council services affected.”

“We want to reassure the public the ongoing security of our website is critically important,” he added.

According to a news report published on Edinburgh Evening News, cyber security experts have warned local authorities “don’t stand a chance” against hackers.

“The attack is believed to have taken place on Friday, June 26, with council officials alerted by its data centre provider. No details have been released regarding the source of the attack, which targeted 
the council’s website service provider,” the report read.

The Information Commissioner has been informed of the incident, as has the UK government’s computer emergency response team, which monitors incidents of hacking against the public sector.

The council is now contacting 13,134 individuals who have had their details stolen. Similarly, the city’s director of corporate governance, Alastair Maclean, has been asking them to change any passwords used to access the council’s website.

Napier University cyber security expert Professor Bill Buchanan warned that hackers would be likely to try to use the data in “phishing” scams, which attempt to con victims out of sensitive information like bank details and passwords using bogus e-mails.

“Data like this is worth a lot. It is really quite sloppy to lose that information. Without a doubt, in this case, the intruders could link e-mails to the council in some way. A targeted phishing e-mail could say, in regards to a parking ticket, ‘You contacted us in May, please could you click on this link and give your details. G-mail addresses in particular are quite sensitive because they tend to be the core of your online identity. If an intruder can get into that address, they can access every single account,” Buchanan added.

In December 2011, the personal information of people who had contacted the council’s debt advice service was taken, with potential victims advised to check bank and credit card statements.
Read more »
European Cyber army
Database hacked Database Leaked European Cyber army

European Cyber Army leaks 60k credentials compromised from Syrian sites


More than 60,000 accounts details have been leaked by a hacker from European cyber army(ECA) going by handle "Zer0Pwn".

The database dump is said to be compromised from two syrian websites : job.sy and realestate.sy.

Hacker posted a sample data in a paste(http://pastebin.com/7Y13ULux) entitled "ECA vs. Assad" along with a link to full database dump.  The dump contains names, email ids, passwords, phone number and other details.

While the passwords compromised from job.sy are encrypted, the passwords from realestate.sy are in plain text format.

Lee J from Cyber War News analyzed the full database dump and reported that database dumps from realestate.sy contain more than 4000 unique login credentials and database dumps from jobs.sy contains more than 50,000 login credentials.

Some other members from ECA has attacked syrianmonster.com and compromised admin's login credential.


Read more »
hacker news
Database hacked Database Leaked hacker news

Vegastripping.com hacked, database leaked


A hacker with the twitter handle @zVapor has claimed to have hacked VegasTripping website(Vegastripping.com), a website providing guide for Las Vegas Hotel & Casino.

Speaking to E Hacking News, the hacker told a SQL Injection vulnerability in the Board section allowed him to compromise the database server.  The vulnerability has been fixed at the time of writing.

The hacker leaked all user information compromised from the target server in pastebin(http://pastebin.com/raw.php?i=ujgVuvX1).

The database dump contains usernames, hashed passwords, email address, country and other details.  It includes the credentials of admin account.

The hacker also doxed the admin account and published the personal info(address, phone number) of the admin.

If you ever have signed up for this website and used the same password anywhere else, you are recommended to change it now.
Read more »
Security Breach
Breaking News Database hacked Hacking News Security Breach

JPMorgan Chase & Co's UCard website hacked, 465,000 users affected

JPMorgan Chase & Co, an American multinational banking and financial services holding company, has issued warning to around 465,000 card users regarding a security breach that might have allowed hackers to steal personal information.

According to the Reuters, the cyber attack happened back in July on their UCARD website "www.ucard.chase.com". However, the breach was only detected in the mid-September.

The company says the personal info of customers are encrypted. However, during the cyber attack, some data temporarily "appeared in plain text in files the computers use to log activity".

Though small amount of data was accessed, the company found no evidence showing that sensitive data such social security number, email id,date of birth were compromised.

Only Ucard users are affected by this security breach, others are not affected. Affected customers are being offered free credit-monitoring services for one year.

The company says it has fixed the issued and FBI & Secret service are investigation the incident to find out the attackers behind the breach.
Read more »
Subscribe to: Posts (Atom)