Tag: hackers

  • Hackers target Indian comedian Bharti Singh’s YouTube channel

    Hackers target Indian comedian Bharti Singh’s YouTube channel

    Indian comedian Bharti Singh and her husband, Harsh, are dealing with a setback after their popular YouTube channel, ‘Bharti TV Network,’ was hacked.

    In a video, Harsh expressed sadness and frustration about the hack. The hackers not only took over their channel but also changed its name.

    This hack disrupted their plan to upload a new podcast. Bharti and Harsh are now asking YouTube India for help to regain control and stop further damage.

    Harsh also asked their followers for any information or support to help recover the channel quickly.

  • Massive data breach: 2.2 million Pakistani citizens’ personal information for sale online

    Massive data breach: 2.2 million Pakistani citizens’ personal information for sale online

    According to a report from Geo News, the personal data of 2.2 million Pakistani citizens has been compromised and put up for sale online. This breach occurred when hackers gained unauthorised access to a private company-made database that is utilised by hundreds of restaurants. 

    The hackers have even gone so far as to display some citizens’ data as samples in their online sale advertisement. In their claim, the hackers asserted, “We have hacked the databases of over 250 restaurants,” and they listed numerous food outlets. 

    The compromised citizen data includes contact numbers and credit card details. The affected software is widely used by many restaurants across the country. Furthermore, details such as the number of transactions and the amounts paid by citizens are available for purchase online. 

    The hackers are demanding 2 Bitcoins in exchange for the compromised citizen data, which equates to approximately $54,000, considering that one Bitcoin is valued at $27,000 based on market sources. In Pakistani rupees, this amounts to over Rs15 million. 

    As of now, the Federal Investigation Agency’s (FBR) cybercrime circle has not received any complaints regarding this incident. 

    It is worth noting that the federal government recently issued a directive advising all information technology (IT) and financial institutions, including regulators, to avoid collaborating with, installing, or using Indian-origin artificial intelligence (AI) and information and communication technology (ICT) products.  

    This advisory was issued due to concerns that these products could pose a constant, concealed, and force multiplier threat to Pakistan’s critical information infrastructure (CII). 

    The government shared this cybersecurity advisory with federal and provincial ministries and sectoral regulators. The advisory highlighted that globally, AI products and services are widely employed by various industries, including the financial and banking sectors, to accelerate their growth. 

    The document also noted that the fintech sector in Pakistan, along with some banks, was engaged with Indian-origin companies that offered IT products, cybersecurity solutions, and AI solutions.  

    The use of Indian security products and solutions was considered a potential threat to Pakistan’s CII, particularly the banking sector, due to the possibility of backdoors or malware collecting logs, data traffic analysis, and personal identifiable information (PII).  

    Additionally, it pointed out the risk of direct Indian ingress into Pakistan’s CII through technical means and access control with passive monitoring capability. 

  • Hackers put 200 million Twitter users’ private information for sale on dark web

    Hackers put 200 million Twitter users’ private information for sale on dark web

    Anyone can now download the data of more than 200 million Twitter users for free.

    According to Privacy Affairs‘ security researchers, who confirmed the database that’s currently posted on a hacker forum, this most recent data dump, which contains account names, handles, creation dates, follower counts, and email addresses, turns out to be the same — albeit cleaned up — leak reported last month that affected more than 400 million Twitter accounts.

    According to Privacy Affairs CEO and founder Miklos Zoltan, the removal of duplicate accounts is what caused the number of accounts to be cut in half. But this time, he added, “the data is available for download by anyone for free, as opposed to being marketed for sale at $200,000, as it was in December.”

    According to Zoltan’s blog article detailing the breach, some of the well-known individuals and companies in the new 63GB database leak include Donald Trump Jr., Google CEO Sundar Pichai, SpaceX, the US National Basketball Association, CBS Media, and the World Health Organization.

    There is no information on whether the Christmas Day Twitter account hack of British Education Secretary Gillian Keegan is connected. Miscreants hijacked Keegan’s account in that instance, altered her profile photo to one of Elon Musk, and sent out a string of tweets endorsing cryptocurrency.

    The exposed account owners are still at risk even if the disclosed data does not contain users’ phone numbers, physical addresses, or passwords, according to Zoltan.

    “Privacy Affairs cybersecurity experts reviewed the published data and believe this latest leak could lead to social engineering attacks and doxxing.”

    The genuine names and locations of individuals can be ascertained by combining the hacked email addresses connected to Twitter accounts with other publicly accessible data. Additionally, nation state goons and criminals continue to use phishing emails as a successful entry point for social engineering attacks.

    Of course, spammers or con artists can also utilise the listed email addresses; all they need to do is persuade one victim to click on a harmful link.

    Researchers cautioned that despite this week’s data leak having fewer accounts, it may be more dangerous because the thieves are giving away the entire information for free.

    “It is not certain at this moment how exactly this data was obtained,” Zoltan noted. “The most likely method used could have been the abuse of an application programming interface (API) vulnerability.”

    The data was allegedly hacked in 2021 due to a security flaw that Twitter claimed to have closed last year.

  • How to identify and protect your mobile from cyber attacks

    How to identify and protect your mobile from cyber attacks

    Smartphones are ideal targets for hackers as they contain so much personal information all in one place, from email and phone contacts to banking and social media details. This information can be used by hackers to steal identities, sell them on the dark web, and perform a variety of other cybercrimes.

    Cybercriminals are always refining their methods, making their attacks increasingly difficult to spot. We have heard of the phone and call tapping but recently there has been a debate that if WhatsApp calls can be tapped.

    Can WhatsApp audio or video call be hacked?

    Bugging can occur at all kinds of levels from political worthies to average people with no technological wisdom. A cyber security expert claims that since nothing is impossible and no code is perfect, WhatsApp’s end-to-end encryption makes it safer.

    However, WhatsApp employs some of the best coders around, and the business has invested heavily in the security of its messenger. Therefore, for not-so-pro hackers, it is ‘almost impossible’ to hack WhatsApp.

    All WhatsApp conversations—video or audio—are encrypted from beginning to end. Although the implementation of that encryption can’t be examined for security because the app is closed-source.

    However, let’s presume it’s solid. Any video or audio data sent during your video chats that are end-to-end encrypted can only be decoded on the device you’re using to make the call. So even if anyone were to intercept the data, they couldn’t decrypt it, it’d be useless. Not ‘leakable’ in that manner.

    Unless you exploit your smartphone by doing these and have it compromised by:

    • Installing third-party apps or particularly APKs (not from the play store) which are modified by developers
    • Allowing hackers to install malware on your phone so they can access anything by clicking on a link
    • Installing fake WhatsApp, such as WhatsApp PLUS or GB WHATSAPP

    Man-in-the-middle (MITM) attacks or even data sniffing can be used to collect video processing from your device. However, a hacker must first get access, which it does by utilising social engineering to trick you into clicking links or downloading files.

    By simply copying the WhatsApp database file and encryption key from your phone by using some software, anyone may read your message.

    Each WiFi network adapter smartphone has a 12-character MAC address, a unique identification number that can be falsified. Hackers can use the MAC address of your phone to replicate your WhatsApp on their system.

    How to protect your WhatsApp account

    • Never give your phone to someone you don’t trust.
    • Keep your messages locked down with a different key so that no one else can see your messages.
    • Go to your WhatsApp settings and select “log-out from all browsers” or a comparable option if you are signed into numerous devices using your number to access WhatsApp Web.

    How to enable two-step verification

    To enable two-step verification, open WhatsApp > Settings > Account > Two-step verification > Enable.

    You will be prompted to create a password at this step, which will stop someone else from using your phone number for WhatsApp verification.

    Additionally, according to the experts, hackers won’t be able to track the user’s whereabouts if they don’t get access to any vital information.

    Phantom Calls

    A call is deemed Phantom if there is no one chatting from the other side. They all come from various numbers, and you won’t be able to hear any of them. You should report PTA if you frequently receive phantom calls. Most likely, a hacker is attempting to access your mobile device if you receive excessive random calls.

    Random messages

    We must have gotten several texts from unknown sources. Just checking a text message will not cause your phone to be hacked. You should use caution when clicking on links or using coupon coupons in communications, though. Consider whether the link looks authentic before clicking it to ensure that your personal information won’t be disclosed.

    Malicious links

    You can accidentally tap a malicious link and wind up installing spyware on your phone, that may transmit private information to hackers, if you are unable to identify this fake message. Or else, you can be taken to phishing websites that request information from your private accounts.

    Therefore, if you receive a text message advertising a great offer that requires you to click on a link in order to activate it, wait before doing so. As these links will direct you to a trap. This can considerably decrease the risk of someone hacking into your phone using messages.

    By avoiding suspicious links and only downloading apps from Apple and Google stores, we can reduce the risk of being hacked.

  • Apple warns of security flaw that lets hackers take full control of iPhones, iPads and MacBooks

    Apple warns of security flaw that lets hackers take full control of iPhones, iPads and MacBooks

    To protect against two security loopholes that might let hackers take full access to a user’s iPhone, iPad, or Mac, Apple owners have been warned to update their products immediately.

    Apple stated that there are solid reports suggesting that hackers have already been taking advantage of the flaws in both cases to attack users.

    According to Apple, one of the software flaws affects the kernel, the most core component of the operating system used by all devices. The other has an impact on WebKit, the engine that powers the Safari web browser.

    By accessing the settings menu on a mobile device or the “about this Mac” menu on a computer, users of macOS Monterey can get the update.

    According to experts, a hacker could gain “complete admin access to the device” and “run any code as if they were you, the user,” according to Apple’s explanation of the vulnerability.

    People “in the public spotlight,” such as activists or journalists, who could be the focus of sophisticated nation-state eavesdropping, should pay special attention to updating their software, according to Tobac.

    The vulnerabilities were previously categorised as “zero-day” issues since a fix had been made available for them for zero days prior to the fix’s release. Such flaws are extremely lucrative on the open market, and cyberweapon dealers will pay thousands or even millions of dollars for them.

  • Crypto heist: Hackers steal $100 million from Harmony blockchain bridge

    Crypto heist: Hackers steal $100 million from Harmony blockchain bridge

    A blockchain bridge titled Harmony, which helps in transferring cryptocurrency tokens between each other, recently disclosed that $100 million in digital currency was stolen on Thursday morning from its Horizon bridge.

    Harmony revealed that its Horizon Ethereum Bridge was a victim of a “malicious attack” in a blog post outlining the incident.

    Harmony said that its separate bridge used for bitcoin wasn’t affected by the hack and that its funds and assets are safe. They have notified other exchanges and stopped its bridge “Horizon” to prevent further transactions as the company investigates the heist. 

    In order to track down the hacker and recover the stolen money, the platform has started working with local law enforcement and forensic experts.

    The hack and ransacking of Horizon weren’t the first this year. In March, cybercriminals stole about $620 million worth of cryptocurrency from a network used to process in-game transactions for Axie Infinity, one of the world’s most popular NFT video games.

  • Facebook locks accounts that have not activated ‘Facebook Protect’

    Facebook has decided to lock Facebook accounts that did not activate the ‘Facebook Protect’ feature. Facebook has sent e-mails to all its users, however, many of them did not respond to it.

    Many users have received e-mails with the subject, “Your account requires advanced security from Facebook Protect.”

    In the e-mail, Facebook sent a link and requested users to click the link and activate ‘Facebook Protect’ for more protection. It also warned if users did not activate this feature, users would not have access to their profile after the deadline, March 17.

    However, some users did not respond to it at all as they considered it a spam message.

    According to Facebook, this feature is “a program designed for people that are likely to be highly targeted by malicious hackers, including human rights defenders, journalists, and government officials.”

    Facebook sent emails through security@facebookmail.com. As the deadline to activate ‘Facebook Protect’ passed, many users have lost access to their accounts.

    Some users have been facing issues to turn on the feature, ‘Facebook Protect’.

    https://twitter.com/EpicSwitzer/status/1504902966083346433
    https://twitter.com/itzzdaniela/status/1504215679167172608?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1504215679167172608%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.geo.tv%2Flatest%2F406143-facebook-is-now-locking-out-people
  • Police arrest four ATM hackers, including a couple

    Police arrest four ATM hackers, including a couple

    The Punjab police arrested four people, including a couple, for hacking into an ATM in Jhelum’s Dina.

    According to reports, the police were able to arrest the suspects with the help of CCTV camera footage. A case has also been filed.

    The hackers would use a skimming device to hack into the machine and record the data of people who came and used the ATM. Jhelum DPO Hamid Abid said the group put the device in the morning and took it out at night. He said “The Dina SHO searched for the group for several hours and then finally caught them red-handed when they came to remove the device at night.”

    The suspects are reportedly from Lahore.