Dark Overlord, Ethereum hack, data van Duitse politici gelekt, zoeken naar gebreken
Door: Lex Borger; 13 januari 2019
De hacking groep Dark Overlord heeft bij de verzekeringsmaatschappij Hiscox duizenden documenten gestolen, o.a. met betrekking tot 9/11:
The Dark Overlord hacking group claims to have stolen a huge trove of documents from the British insurance company Hiscox,
Hackers stole “hundreds of thousands of documents,” including tens of thousands files related to the 9/11 terrorist attacks.
Het motief van Dark Overlord is geld. Ze verkopen de documenten aan wie ervoor wil betalen:
“If you’re a terrorist organisation such as ISIS/ISIL, Al-Qaeda, or a competing nation state of the USA such as China or Russia, you’re welcome to purchase our trove of documents.”
Volgens de Russische media is er een tweede ronde van documenten gepubliceerd.
Coinbase delisted Ethereum Classic (ETC) after detecting “a deep chain reorganization of Ethereum Classic blockchain.” Put another way, nearly $500,000 was spent twice.
“The feasibility of a 51 percent attack is dependent solely on the availability and cost of mining equipment,” Cornell cryptographer Emin Gün Sirer told The Verge. As that equipment gets cheaper and more available, the attacks become more common. “Bear markets also cause hashpower to be turned off,” Sirer continued, “which then can be rented and used for attacks.”
Data van Duitse politici gelekt
Data belonging to hundreds of German politicians, including Chancellor Angela Merkel, were exposed online due to a massive leak that is the biggest data dump of its kind in the country.
Simon Hegelich, a political scientist at Munich’s Technical University, told to Bloomberg that it looks like the hackers got the passwords to Facebook accounts and Twitter profiles and worked their way up from there.
“It’s a very elaborately done social engineering attack,” he said Friday by phone. “It’s a lot of data that’s been dumped.”
Zoeken naar gebreken
Krebs on Security – Scanning for Flaws, Scoring for Security
What’s remarkable is how many organizations don’t make an effort to view their public online assets as the rest of the world sees them — until it’s too late.
A 96-page report (PDF) released this week by a House oversight committee found the Equifax breach was “entirely preventable.” For 76 days beginning mid May 2017, the intruders made more than 9,000 queries on 48 Equifax databases.
… companies with advanced “security maturity” also are regularly taking a hard look at what their outward-facing security posture says to the rest of the world, fully cognizant that appearances matter