1628474626
How I Hacked A Security Camera
All I wanted was a camera to monitor my pumpkin patch for pests, what I found was a wireless security camera that spoke with an accent and asked to speak with my fax machine. Join me as I engage in a signals analysis of the Amiccom 1080p Outdoor Security Camera and hack the signal to reverse engineer the audio tones used to communicate and configure this inexpensive outdoor camera. This journey takes us through spectrum-analysis, APK decompiling, tone generation in Android and the use of Ghidra for when things REALLY get hairy.
#hack #secutiy
1628430590
How to find WiFi Passwords using Python 2021|Hack WiFi Passwords|Python Script to find WiFi Password
Hack Wifi Passwords easily..
#wifi #python #passwords #wifipasswords #linux #coding #programming #hacking #hack
#wifi #hack #using #python #python #hacking
1627385160
How to get a FREE USA Number for Whatsapp | Fake Whatsapp Account Trick 2021 | Free Virtual Number
Get a FREE USA number for whatsapp,telegram or verification 100% WORKING
#usafreenumber #usa #whatsapp #whatsapphacks #hack #hacking #fake #fakenumber
1627076040
How to "Hack" Laravel: 3 Examples of Non-Validated Input
What happens if you forget to validate some input data? In this video, I will show you three examples.
#hack #laravel
1626263130
Instagram Account Details using Python 2021| How to check instagram Account using python
#hacking #instagram #hack #cybersecurity #coding #python
1621991318
Hacking Third-Party APIs on the JVM
Get your code behaving how you want it.
The JVM ecosystem is mature and offers plenty of libraries, so you don’t need to reinvent the wheel. Basic — and not so basic — functionalities are just a dependency away. Sometimes, however, the dependency and your use-case are slightly misaligned.
The correct way to fix this would be to create a Pull Request. But your deadline is tomorrow: you need to make it work now! It’s time to hack the provided API.
In this post, we are going through some alternatives that allow you to make third-party APIs behave in a way that their designers didn’t intend to.
#java #tutorial #api #hack #aspect-oriented programming #java agent #classpath shadowing #java reflection
1620997080
Become More Productive As A Developer With These Amazing VS Code Extensions
How can developers be extra productive? You’re a developer or you manage a team of developers, higher productivity can get you extra things done through constant resources in a very small-time.
You are currently here because you’re finding numerous ways to increase your productivity while development or off the table, so investing your time reading this post will be worthy.
Starting this post with a quote:
“Always deliver more than expected” - Larry Page
Must have VS Code Extensions
In brief VS Code is (Visual Studio Code) a very popular text editor that is maintained by Microsoft. As an easy and go-to-use text editor it has grown a lot in the Web Developers community. VS Code extensions allow you to add languages, debuggers, and **tools **to your installation to support your development workflow. Now let’s see what all extensions I use.
Tabnine
#resources #javascript #vscode #time-management #hack #coding
1616916493
How to find Wifi Password using Python |Wifi password hack using python
**### How to find Wifi Password using Python
**
Source Code: https://techhubb2020.blogspot.com/2021/02/how-to-find-wifi-password-using-python.html
Watch the Full Video Here :https://youtu.be/7MwTqm_-9Us
#wifi #hack #using #python #pythonn #hacking
1604228400
‘Among Us’ Mobile Game Under Siege by Attackers
The meteoric rise of the game Among Us appears to be outpacing its developer’s ability to keep up with malicious actors. On Sunday night, a specific ongoing attack forced InnerSloth, the company behind the game, to hastily roll out an update designed to kick bad actors off the game’s servers — likely along with some innocent players as well.
Among Us takes place in a space setting, where some platers are “crewmates,” and others are “imposters” that live among us. As crewmates prepare their ship for departure, they must locate and eliminate the imposters before they’re taken out themselves. It so far has 5.3 million downloads on Google Play alone.
InnerSloth is asking for patience while the company addresses this and other ongoing security concerns. InnerSloth is run by a three-person team consisting of one developer, one animator and game designer, and one artist. The game was released almost two years ago, but thanks to a long summer spent largely under quarantine its audience has exploded over the past few months.
Eris Loris Takes Over Among Us
This most recent round of attacks spammed players with ads from a player named Eris Loris, rendering the game useless. Players flooded the Among Us subreddit to report the activity.
“So far every single server I’ve joined is hacked by Eris Loris today,” one user with a NSFW handle name wrote two days ago. “I have tried maybe 40-plus games. Not a single one wasn’t hacked within 10-30 seconds.”
The breach uses bots to overwhelm the game with messages promoting a YouTube channel and Discord operated under the name Eris Loris, threatening to “blow up your phone,” and concluding with a “Trump 2020” endorsement.
Among Us Server Update
Forest Willard, InnerSloth’s resident programmer, announced a server update Sunday night that tries to identify bad actors on the game and kick them out before they cause trouble. But the move comes with a downside, some players might get kicked off inadvertently, which Willard added in a tweet is for the “greater good,” that players should view as “emergency maintenance.”
“The reason I didn’t roll this update out sooner is that I was afraid of false positives: You totally might see the game think you’re hacking when you’re not,” Willard said in a subsequent tweet. “I’ve done my best to find this kind of bug, but my hand is forced this time.”
Threatpost wasn’t able to contact the person behind the Eris Loris breach by the time of publication, but he told Kokatu he attacked Among Us because he thinks it’s funny to rile people up. He added that the blame for the damage to the game falls on InnerSloth and the team’s inability to scale up quickly enough.
“Among Us may be a small developer team, but that’s not my fault,” he added. “The game is at a scale bigger than most games. There is nothing stopping them from getting more developers, so the ‘it’s three people’ reasoning means nothing to me.”
Can Among Us Scale?
InnerSloth’s recent record might back up Eris Loris’ point about scale. A scroll through the Among Us subreddit shows breaches on the game are frequent, in addition to rampant cheating.
In early October, a massive spike in traffic kept shutting down the Among Us servers, according to Screen Rant.
But that hasn’t stunted the game’s growth yet. Among Us was the most downloaded mobile game in the world during September, with 83.8 million installs, according to SensorTower, which added that’s 40 times more than the same month last year.
And just last week New York Representative Alexandria Ocasio-Cortez went live on Twitch to play Among Us and promote voting, an event that drew in 435,000 viewers just to her stream alone, TechCrunch reported.
#hacks #web security #alexandria ocasio-cortez #among us #among us 2 #among us subreddit #aoc #bots #breach #cybersecurity #eric loris #game servers #gaming #hack #hackers #innersloth #kicked off #mobile game #security breach #server update
1603526400
Researcher: I Hacked Trump’s Twitter by Guessing Password
Dutch ethical hacker Victor Gevers claims it only took five attempts to guess the password to President Donald Trump’s Twitter account — “maga2020!”.
That’s all he needed to hijack the @realdonaldtrump handle, according a report from Dutch newspaper de Volksrant, because it lacked even the most basic two-factor authentication (2FA), exposing major flaws in the digital security surrounding the President.
While Threatpost has not been able to independently verify the veracity of Gevers’ claim of the Oct. 16 hack of Trump’s Twitter, several professionals have analyzed screenshots and vouch for their authenticity, according to Dutch magazine Vrij Nederland, which added that Gevers works for the Dutch government by day and runs the ethical hacking GDI Foundation in his spare time — and so is well regarded within the country’s security community.
Twitter Safety & 2FA
Twitter, however, said it is dubious about the report.
“We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today,” a Twitter spokesperson said in a statement responding to Threatpost’s inquiries. “We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
An announcement on Sept. 17 from Twitter Safety said the company was sending in-app notifications “requiring” or “strongly recommending” enhanced security measures, including a requirement for a strong password, to members of government and journalists in the run-up to the election.
The policy goes on to “strongly encourage” these accounts enable 2FA but does not say it’s a requirement.
2FA requires users have a one-time generated code, sent by email or text, which needs to be entered to login. This keeps bad actors from accessing the account even if they have the username and password.
Duty to Report
Gevers said that after he successfully hacked the president’s Twitter account he went to great lengths to report the vulnerability, sending emails, screenshots and social-media messages to various U.S. government entities through Twitter, Parler and other platforms, de Volkskrant reported. Days later, he found the 2FA to be in place and two days after that, he received a friendly email from the Secret Service thanking him.
While that didn’t do much to explain how it came to be that Trump didn’t have basic protections on his Twitter account, Gevers speculated to de Volkskrant that it has something to do with his age, adding, “…elderly people often switch off two-step verification because they find it too complicated.”
This isn’t the first time Gevers was reportedly able to commandeer the infamous Twitter handle. In 2016, he was part of a group of self-described “grumpy old hackers” who accessed Trump’s Twitter account by guessing the password “yourefired,” Vrij Nederland reported. The group tried to alert team Trump that, “he had his digital fly open,” with no response at the time, Vrij Nederland added.
Gevers told de Volkskrant that it was recent headlines about presidential candidate Joe Biden’s son, Hunter Biden being hacked that inspired him to start spot-checking accounts for U.S. political figures.
“Doing spot checks, that’s my work: Look for any leaks in security,” he said. When he got to Trump’s account, he tried a few variations, expecting to get locked out after the fourth failed attempt, instead he hit the jackpot on try number five, according to de Volkskrant.
Gever’s reaction, according to Vrij Nederland? “Not again!”
Election & Data Security
This report comes at a time when U.S. law-enforcement officials warn Russia and Iran are actively engaging in election interference through hacked voter-registration information.
Cybercriminals are “going after the minds of the American people and their trust in the democratic institutions that we use to select our leaders, “Matt Olney, director of Talos’ Threat Intelligence and Interdiction at Cisco told Threatpost this week.
The good news is that the public is getting smarter about information security.
“Everybody has a role in election security,” Olney explained. “And that includes the election community who have gone at that problem aggressively over the last four years; [and] the public, which has largely adopted a more skeptical eye towards information as it comes out, for better or worse.”
#breach #hacks #web security #2fa #dutch researcher #hack #password #trump #trump hack #twitter #two factor authentication #victor gevers #weak password
1602990000
Barnes & Noble Hack: A Reading List for Phishers and Crooks
Barnes & Noble is warning that it has been hacked, potentially exposing personal data for shoppers – and offering phishers an early holiday gift.
The book purveyor sent out emailed notices to customers very late Wednesday night and in the wee hours of Thursday morning, warning that a cyberattack happened on October 10, “which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems.”
Some indications — such as its Nook e-reader service being taken offline starting last weekend — also point to a possible ransomware attack, though the company hasn’t yet confirmed that. Some store workers told an e-reader blog that their physical registers were having trouble over the weekend, too.
In any event, Barnes & Noble said that its IT team “doesn’t know” yet if customer info was exposed, but the systems that were hit contained personal data, so it may have been. The potential trove includes personally identifiable information tied to the bookseller’s ecommerce activities, including email addresses, billing and shipping addresses, and telephone numbers; as well as transaction and purchase histories.
On the payment-card front, financial data is “encrypted and tokenized and not accessible,” according to the notice. “At no time is there any unencrypted payment information in any Barnes & Noble system.” The notice also didn’t mention names or dates of birth being part of the database.
As far as only the financial data – and not the personal data – being encrypted, Mark Bower, senior vice president at comforte AG, told Threatpost that this approach is all too common.
“We’ve seen a repeating pattern in recent scaled breaches like this case – partial protection of sensitive data perhaps for compliance, but not the full gamut within the scope of customer data privacy and trust responsibility,” he said. “Fundamentally, organizations have an increasing obligation to their customers to secure a lot more than just the minimum. Privacy regulations like California Consumer Privacy Act (CCPA) are transferring increasing data rights to citizens over data management and security, and today, business leaders have to consider personal data as a trusted donation, not just data acquisition.”
The decision not to encrypt personal data could be a problem for the company, according to Erich Kron, security awareness advocate at KnowBe4.
“For the organization itself, this is liable to be a costly issue as many data breaches are,” he told Threatpost. “Because the organization sells to such a wide variety of geographically dispersed customers, there is a potential for significant fines being levied by various entities for a failure to protect the consumer’s information.”
#breach #hacks #web security #barnes & noble #data breach #email notice #fraud #hack #personal #personal information #phishing #pii #purchase history #reading lists #transaction history
1602806400
Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs
Researchers are warning of an ongoing Office 365 credential-phishing attack that’s targeting the hospitality industry – and using visual CAPTCHAs to avoid detection and appear legitimate.
CAPTCHAs – commonly utilized by websites like LinkedIn and Google – are a type of challenge–response test used to determine whether or not the user is human, such as clicking on the parts of a grid that have a specific object pictured. Cybercriminals have previously utilized CAPTCHAs as a way to defeat automated crawling systems, ensure that a human is interacting with the page and make the phishing landing page appear legitimate.
Though the use of CAPTCHAS in phishing attacks is nothing groundbreaking, this attack shows that the technique works – so much so that the attackers in this campaign used three different CAPTCHA checks on targets, before finally bringing them to the phishing landing page, which poses as a Microsoft Office 365 log-in page.
“Two important things are happening here,” said researchers with Menlo Security, in a post this week. “The first is that the user is made to think that this is a legitimate site, because their cognitive bias has trained them to believe that checks like these appear only on benign websites. The second thing this strategy does is to defeat automated crawling systems attempting to identify phishing attacks.”
Menlo Security’s Director of Security Research, Vinay Pidathala, told Threatpost said that researchers are unsure of how many users were specifically targeted, however, the industries targeted by this campaign were primarily technology, insurance, and finance and banking.
The multiple CAPTCHAs serve as backups, in case the first one gets defeated by automated systems, said researchers.
In the first CAPTCHA check, targets are simply asked to check a box that says “I’m not a robot.”
After that, they are then taken to a second CAPTCHA that requires them to select for instance all the picture tiles that match bicycles, followed by a third CAPTCHA asking them to identify, say, all the pictures that match a crosswalk. Attackers also do not use the same CAPTCHAs – researchers said, during their testing they came across at least four different images utilized.
Finally, after passing all these checks, the target is taken to the final landing page, which impersonates an Office 365 log-in page, in an attempt to steal the victims’ credentials.
#cloud security #web security #captcha #compromised email #credential theft #domain #email credentials #hack #menlo security #microsoft #office 365 #phishing #phishing attack #recaptcha #scam
1602799200
NFL, NBA Players Hacked in Would-Be Cyber-Slam-Dunk
NFL and NBA athletes whose social-media accounts were taken over have been thrown the ball of justice.
Multiple professional and semi-pro athletes were victimized by two men who infiltrated their personal accounts, according to testimony in federal court on Wednesday. Trevontae Washington of Thibodaux, La., and Ronnie Magrehbi, of Orlando, Fla., faced separate judges in the Eastern District of Louisiana and the Middle District of Florida, respectively, and were charged with one count of conspiracy to commit wire fraud, and one count of conspiracy to commit computer fraud and abuse.
Federal prosecutors alleged that between December 2017 and April 2019, Washington and Magrehbi actively took part in illegal schemes to gain access to social media and other personal online accounts of the players.
Washington allegedly specialized in NBA and NFL players, and phished for their credentials by taking advantage of public platforms like Instagram. He would send them messages with embedded links to what appeared to be legitimate social media log-in sites, prosecutors said, but these were actually phishing pages used to steal the athletes’ user names and passwords. Once the athletes entered their credentials, they would be sent to Washington, who, along with others allegedly locked the athletes out of their accounts. They also used the credentials against other accounts, banking on password reuse. Prosecutors claimed that Washington then sold access to the compromised accounts to others for amounts ranging from $500 to $1,000.
Magrehbi, meanwhile, is alleged to have obtained access to accounts belonging to one professional football player, including an Instagram account and personal email account. Magrehbi took a ransomware-like tack, prosecutors said, and extorted the player. He demanded payment in return for restoring access to the accounts – and was paid, according to Department of Justice documents. However, even though the player sent funds on at least one occasion, portions of which were transferred to a personal bank account controlled by Magrehbi – he was double-crossed and the athlete never regained access, prosecutors said.
The DoJ has not released the names of the affected players.
“Instagram is built as a mobile-first experience, which means that these attackers knew they could build a mobile-specific phishing campaign to increase the likelihood of success,” Hank Schless, senior manager of security solutions at Lookout, told Threatpost. “Since we carry our mobile devices with us all the time, we trust them to be inherently secure. Threat actors know this and socially engineer targets through SMS, social media and third-party messaging apps and convince them to click a malicious link.”
#government #hacks #web security #account takeover #charged #department of justice #extortion #federal court #federal crimes #hack #nba #nfl #players #ronnie magrehbi #social media accounts #trevontae washington
1602669600
Emotet Emails Strike Thousands of DNC Volunteers
On Thursday, hundreds of U.S. organizations were targeted by an Emotet spear-phishing campaign, which sent thousands of emails purporting to be from the Democratic National Committee and recruiting potential Democratic volunteers.
Emotet has historically utilized a variety of lure themes leveraging current events – from COVID-19 to Greta Thunberg. However, the threat actor behind the malware, TA542, has not directly leveraged political themes in their messaging before. That changed with Thursday’s email campaign, which featured Word Document attachments labeled “Team Blue Take Action,” which actually infected victims with Emotet.
“The shift to using politically themed lures comes days after the first of several 2020 U.S. presidential debates,” said researchers with Proofpoint in a Thursday post. “The debate received widespread media coverage, and as Election Day draws nearer, many voters are likely feeling compelled to volunteer for political causes or for the election in some way.”
The email messages had the subject line “Team Blue Take Action,” with a message body taken directly from a page on the Democratic National Committee’s (DNC) website (democrats.org/team-blue) said researchers. This message body describes Team Blue, which is the DNC’s 2018 volunteer recruitment program – and says that Team Blue is being relaunched for the 2020 campaign. The email then asks the recipient to open the attached document.
This Word Document contains macros, which, if enabled, will download and install Emotet. Currently, researchers said they are also seeing a second stage payload following Emotet infections within this campaign, which either come in the form of the Qbot trojan or The Trick.
Beyond the email subject line “Team Blue Take Action,” researchers also observed other subject lines, including “Valanters 2020,” “List of Works” and more, with varying file names such as “Detailed information.doc” and “Volunteer.doc.”
Though disinformation is a key concern for many as the November U.S. presidential elections draw near, researchers believe that this lure was simply used to convince as many voters – fired up after Tuesday evening’s debate – to click as possible.
“It’s unlikely that this shift is driven by any specific political ideology,” they said. “Like earlier use of COVID-19 or Greta Thunberg lure themes, TA542 is attempting to reach as many intended recipients as possible by capitalizing on a popular topic.”
Emotet started life as a banking trojan in 2014 and has continually evolved to become a full-service threat-delivery mechanism. It can install a collection of malware on victim machines, including information stealers, email harvesters, self-propagation mechanisms and ransomware.
Emotet returned earlier in July after a five-month hiatus, when researchers spotted the malware in a campaign that has spammed Microsoft Office users with hundreds of thousands of malicious emails since Friday. The malware first emerged in 2014, but has since then evolved into a full fledged botnet that’s designed to steal account credentials and download further malware.
Emotet was last seen in February 2020, in a campaign that sent SMS messages purporting to be from victims’ banks. Once victims clicked on the links in the text messages, they are asked to hand over their banking credentials and download a file that infects their systems with the Emotet malware. Also in February, researchers uncovered an Emotet malware sample with the ability to spread to insecure Wi-Fi networks that are located nearby to an infected device.
#hacks #malware #web security #democratic national committee #dnc #emotet #hack #malware #microsoft #spam #spear phishing #team blue #us presidential elections #volunteer recruitment #voting
1601056800
Activision Refutes Claims of 500K-Account Hack
After reports surfaced that 500,000 Activision accounts may have been hacked, impacting online Call of Duty (CoD) players, the gaming giant is disputing the claim.
The alleged breach was first flagged by the #oRemyy account on Twitter, and was quickly amplified by others, who claimed that accounts were being taken over and credentials changed, so that the legitimate users couldn’t recover them. The claims were picked up by gaming news outlet Dexterto.com.
#breach #hacks #web security #000 #500 #account takeover #accounts #activision #ato #breach #brute forcing #call of duty #denies #gaming #hack #passwords #two factor authentication
