By 25 februari 2019 juli 24th, 2019 Podcast
Deel dit bericht!

Podcast 26

Cyberaanval Australisch parlement, gebruikersdata in de uitverkoop en Facebook’s CSRF bounty

Door: Lex Borger; 24 februari 2019


Cyberaanval Australisch parlement
Australia’s parliament confirmed that is investigating a suspicious security incident

A government cybersecurity expert said one difficulty in identifying the perpetrators was that the hackers used tools that had not previously been seen.

The nations most likely to carry out such an attack are China and Russia, security experts said, though Iran, Israel and North Korea also have sophisticated cyberwarfare capabilities.

Nation states zijn behoorlijk actief geweest, getuige de volgende berichten:
Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies
Alleged Iran-linked APT groups behind global DNS Hijacking campaign
North Korea’s Lazarus Hackers Found Targeting Russian Entities

Gebruikersdata in de uitverkoop
Hacker puts up for sale third round of hacked databases on the Dark Web

Today, the hacker published eight more hacked DBs containing data for 92.76 million users. The biggest name in today’s batch is GfyCat, the famous GIF hosting and sharing platform.

Hacker ‘Gnosticplayers’ gaat door met gebruikersdata verkopen.

Hacker Breaches Dozens of Sites, Puts 127 Million New Records Up for Sale

During an interview with The Hacker News, the hacker also claimed that many targeted companies have probably no idea that they have been compromised and that their customers’ data have already been sold to multiple cyber criminal groups and individuals.

Facebook’s CSRF bounty
Facebook flaw could have allowed an attacker to hijack accounts
Facebook paid a $25,000 bounty for a critical CSRF vulnerability

“This bug could have allowed malicious users to send requests with CSRF tokens to arbitrary endpoints on Facebook which could lead to takeover of victims accounts. In order for this attack to be effective, an attacker would have to trick the target into clicking on a link.” wrote the expert.


Security consultant