Hacken Token
$ -- --.--

Weekly Digest #15

DHS warns against using Chinese hardware and digital services

The DHS (US Department of Homeland Security) has published a “business advisory” warning US companies against using hardware equipment and digital services created or linked to Chinese companies.

These Chinese products could contain backdoors, bug doors, or hidden data collection mechanisms that could be used by Chinese authorities to collect data from foreign companies and forward the information to local competitors to further China’s economic goals to the detriment of other countries.

Read more

Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack

Four nation-states advanced persistent threats (APTs) hacked Al Jazeera producers, journalists, executives, and anchors, with a zero-day exploit for Apple iPhone.

The firm said that the perpetrators could belong to up to four APTs, including potentially those linked to Saudi Arabia and the United Arab Emirates. All of the operators used the NSO Group’s infamous Pegasus spyware.

Pegasus is a mobile phone solution that enables customers to exploit and monitor devices remotely.

Read more

FBI & Interpol disrupt Joker’s Stash, the internet’s largest carding marketplace

Officials from the US FBI and Interpol have seized a small number of servers used by Joker’s Stash, the internet’s largest marketplace for buying & selling stolen cards, temporarily disrupting the site’s activity.

Interpol described the server seizures as an ongoing “coordinated police operational activity” but declined to elaborate further.

These are websites that use top-level domains (TLDs) managed by Emercoin, a blockchain company. Records for these domains are stored inside a blockchain and cannot be transferred to anyone else without the domain owner’s cryptographic signature.

Read more

Hacker Dumps Crypto Wallet Customer Data; Active Attacks Follow

From a June attack against cryptocurrency wallet firm Ledger, customer data is now public and actively being used in attacks.

This Monday, hackers dumped sensitive data stolen earlier this year from the Ledger cryptocurrency wallet’s website.  This information includes such data: Email addresses, Names, Phone numbers, Physical addresses. And in a twist that surprised no one, the data is now actively being exploited in phishing campaigns.

According to the report, the first includes email addresses of 1,075,382 people who subscribed to the Ledger newsletter.

Read more

Swedish university fined $66,000 for GDPR violations

A Swedish university has been fined SEK550,000 ($66,000) for storing sensitive personal information in the cloud without sufficiently protecting the data.

Umeå University violated the General Data Protection Regulation (GDPR) by failing to properly secure data related to a research study on male sexual health, the Swedish Data Protection Authority has ruled.

The reports contained information on suspicion of a crime, name, personal identity number, contact details, and sensitive data about sexual life and overall health.

It was also faulted for failing to report the data breach under GDPR laws, which came into effect in May 2018.

Read more

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

    hackenproof logo

    The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.