Tuesday 19 December 2017

1.4 Billion Plain Text Passwords leaked

1.4 Billion Plain Text Passwords leaked


A new collective database 41  GB Massive data of 1.4 billion usernames ,email and password combinations -properly sorted and arranged into three level directories.
The links to download are floating in the dark web sites from few days back ,it came into light little that to some one posted on Reddit few days ago from where also one can download a copy and can verify its authenticity.


The last updated data in the data base is in end of November ,as per researches it has been a collection of 252 previous data breaches and credential lists.

The scariest part is none of the passwords is true and as per researchers testing the passwords verified to be true.

This collection consists of 385 million new credential pairs .318 million new users and 147 million passwords collected from previous dumps.


Windows 10 Default Password Manager allows hackers steal passwords


Default Windows 10 Password Manager allows hackers steal passwords  



Running Windows 10, then chances for your machine to contain a Pre-installed software that allows hackers to steal your credentials remotely.


A new feature Content Delivery Manager installs "suggested apps" without user's permission.

Google Project Zero researcher Tavis Ormandy said that he found a pre-installed famous password manager, called "Keeper," on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network.

The vulnerability affects the Keeper browser extensions, which, unless users opt out, are installed alongside the Keeper desktop application. The security hole allows attackers to steal passwords stored by the app if they can convince an authenticated user to access a specially crafted website.


Keeper released a patch within 24 hours of being notified by Ormandy. The fix has been rolled out with version 11.4.4 and it has already been delivered to Edge, Chrome and Firefox users via the browsers’ automatic extension update process. Safari users will need to manually update the extension.


“This potential vulnerability requires a Keeper user to be lured to a malicious website while logged into the browser extension, and then fakes user input by using a clickjacking and/or malicious code injection technique to execute privileged code within the browser extension,”
 Keeper said in a blog post informing customers of the vulnerability and the patch.

Tuesday 31 January 2017

TRUMP'S INNAGURATION EFFECT:Majority of the CC TV'S have been Hacked in Washington DC

TRUMP'S INNAGURATION EFFECT:Majority of the CC TV'S have been Hacked in Washington DC

Just days before the inauguration of President Donald Trump, cyber criminals infected 70 percent of storage devices that record data from feds surveillance cameras in Washington D.C. in a cyber attack.

Any guess, What kind of virus could have hit the storage devices?

Once again, the culprit is Ransomware, which has become a noxious game of Hackers to get paid effortlessly.

Ransomware is an infamous piece of malware that has been known for locking up computer files and then demanding a ransom in Bitcoins in order to help victims unlock their files.

Ransomware Infected 70% Surveillance Cameras in Washington D.C. 

This time the hackers managed to plant ransomware in 123 of its 187 network video recorders, each controlling up to four CCTVs used in public spaces throughout Washington D.C, which eventually left them out from recording anything between 12 and 15 January.

Officials told the Washington Post that the incident forced them to take the storage devices offline, remove the infection and rebooted the systems across the city, but did not fulfill any ransom demands by the hackers.

While the storage devices were successfully put back to rights and the CCTV cameras were back to work, it is still unclear if any valuable data was lost or if the ransomware infection merely crippled the affected computer network devices.


Washington's chief technology officer Archana Vemulapalli said the officials are now investigating the source of hacking, assuring that the incident was limited to the storage devices tied to closed-circuit TV system and did not affect other D.C. government networks.


Rise in Ransomware: Both in Numbers and Sophistication
Ransomware is the hackers sure-shot way to get paid effortlessly. The threat has been around for a few years, but nowadays it has become one of the most used types of hacking methods.

Recently, hundreds of guests of a luxurious hotel in Austria were locked out of their rooms when ransomware malware hit the hotel's IT system, and the hotel paid the attackers to get back the control of their systems.

We saw an enormous rise in Ransomware threats, both in numbers and sophistication. You would be surprised to know about Kill Disk data wiping software that encrypts files and asks for an unusually large ransom of around $218,000 in Bitcoins, but did not provide decryption keeps even after the payment has made.

Another weird ransomware variant was Popcorn Time that was designed to give victims options to either pay a ransom to hackers or infect two more people and have them pay the ransom to get a free decryption key.