By 14 januari 2019 juli 24th, 2019 Podcast
Deel dit bericht!

Podcast 23

Dark Overlord, Ethereum hack, data van Duitse politici gelekt, zoeken naar gebreken

Door: Lex Borger; 13 januari 2019


Dark Overlord
Security Affairs – Dark Overlord hacking crew publishes first batch of confidential 9/11 files

De hacking groep Dark Overlord heeft bij de verzekeringsmaatschappij Hiscox duizenden documenten gestolen, o.a. met betrekking tot 9/11:

The Dark Overlord hacking group claims to have stolen a huge trove of documents from the British insurance company Hiscox,

Hackers stole “hundreds of thousands of documents,” including tens of thousands files related to the 9/11 terrorist attacks.

Het motief van Dark Overlord is geld. Ze verkopen de documenten aan wie ervoor wil betalen:

“If you’re a terrorist organisation such as ISIS/ISIL, Al-Qaeda, or a competing nation state of the USA such as China or Russia, you’re welcome to purchase our trove of documents.”

Volgens de Russische media is er een tweede ronde van documenten gepubliceerd.

Ethereum hack
CSO online – Ethereum Classic cryptocurrency suspended after attackers steal nearly $1.1M

Coinbase delisted Ethereum Classic (ETC) after detecting “a deep chain reorganization of Ethereum Classic blockchain.” Put another way, nearly $500,000 was spent twice.

The Verge – Why the Ethereum Classic hack is a bad omen for the blockchain

“The feasibility of a 51 percent attack is dependent solely on the availability and cost of mining equipment,” Cornell cryptographer Emin Gün Sirer told The Verge. As that equipment gets cheaper and more available, the attacks become more common. “Bear markets also cause hashpower to be turned off,” Sirer continued, “which then can be rented and used for attacks.”

Data van Duitse politici gelekt

Security Affairs – Hackers leak data on hundreds of German Politicians, including Chancellor Merkel

Data belonging to hundreds of German politicians, including Chancellor Angela Merkel, were exposed online due to a massive leak that is the biggest data dump of its kind in the country.

Simon Hegelich, a political scientist at Munich’s Technical University, told to Bloomberg that it looks like the hackers got the passwords to Facebook accounts and Twitter profiles and worked their way up from there.

“It’s a very elaborately done social engineering attack,” he said Friday by phone. “It’s a lot of data that’s been dumped.”

Zoeken naar gebreken
Krebs on Security – Scanning for Flaws, Scoring for Security

What’s remarkable is how many organizations don’t make an effort to view their public online assets as the rest of the world sees them — until it’s too late.

A 96-page report (PDF) released this week by a House oversight committee found the Equifax breach was “entirely preventable.” For 76 days beginning mid May 2017, the intruders made more than 9,000 queries on 48 Equifax databases.

… companies with advanced “security maturity” also are regularly taking a hard look at what their outward-facing security posture says to the rest of the world, fully cognizant that appearances matter


Security consultant