Search This Blog

Latest News

IT expert warned about the danger of pirated files downloaded via torrent

 Sergey Ivanov, Director of Product Strategy at T1 Group, said that pirated files downloaded by users via torrent trackers may contain malic...

All the recent news you need to know

Anonymous Hacking Group Targets Controversial Web Hoster Epik

 

US-based web host and domain registrar Epik has confirmed an “unauthorized intrusion” in its systems, a week after members of hacktivist group ‘Anonymous’ claimed that the group had obtained and leaked gigabits of data from the hosting company, including 15 million email addresses.

The firm initially denied reports of the breach by saying, “'we are not aware of any breach. We take the security of our clients' data extremely seriously, and we are investigating the allegation.”

According to data breach monitoring service HaveIBeenPwned, the leaked information, comprising 180 GB of information, includes not just information on Epik's own customers, but also millions of other people and organizations' details, whose information Epik scraped via 'Whois' queries from other domain name registrars. 

The group claimed the attack was in retaliation for Epik’s habit of hosting questionable alt-right websites. “This dataset is all that’s needed to trace actual ownership and management of the fascist side of the internet. Time to find out who in your family secretly ran an Ivermectin horse porn fetish site, disinfo publishing outfit or yet another QAnon hellhole,” the group said. 

However, Anonymous did not reveal when the attack took place, but timestamps on the most recent files indicated that it likely occurred in late February.

Epik, which was founded in 2009 by current CEO Rob Monster, is known to serve a variety of far-right clients, including Parler, Texas GOP, Gab, and 8chan - all of which are said to have been turned down by mainstream IT providers due to objectionable content. 

Epik has started sending emails to impacted customers regarding an 'unauthorized intrusion', according to screenshots shared by cybersecurity expert Adam Sculthorpe and data scientist Emily Gorcenski. “As we work to confirm all related details, we are taking an approach toward maximum caution and urging customers to remain alert for any unusual activity they may observe regarding their information used for our services,'” reads Epik's email notice. 

Although the firm did not say in the message if customers' credit card details were exposed, it encouraged users to contact their credit card providers and “notify them of a potential data breach to discuss your options with them directly.”

pNetwork Suffered Loss In Bitcoins Worth $12 Million

 

While Hackers allegedly violated the protocol and seized $12.7 million in Bitcoin, pNetwork thus became the newest victim of the DeFi hack. Whilst suffering a loss of $12 million in bitcoins, the company claims it will reward the hacker with a bug bounty of $1.5 million if the funds are recovered. 

On the 19th of September 2021, at 5:20 pm UTC, a hacker conducted a multi pTokens attack on the pNetwork system. The pBTC-on-BSC cross-chain bridge, used by the bridge and 277BTC taken from the pBTC-on-BSC collateral, was the one successful. However, the suspicious activity was detected and the technical team intervened.

In the most recent security incident involving a decentralized funding system, the cross-chain project pNetwork stated on Sunday that the organization has indeed been hacked and has suffered losses worth 277 pBTC, a kind of packaged bitcoin, with a loss of more than $12 million. 

In a series of tweets announcing the incident, pNetwork said, "We're sorry to inform the community that an attacker was able to leverage a bug in our codebase and attack pBTC on BSC, stealing 277 BTC (most of its collateral). The other bridges were not affected. All other funds in the pNetwork are safe." 

"The bridges will run with extra security measures in place for the first few days," pNetwork said in a follow-up post. "This means slower transactions processing in exchange for higher security." 

For transactions that function on smart contracts on the Platform, the pBTK tokens are an equivalent value of bitcoin. pNetwork allows many blockchains, which include Binance Smart Chain, Ethereum, Eos, Polygones, Telos, xDAI, and Ultra. 

The company then corrected the error, suggested a remedy, and expected "everybody to review it. pNetwork has confirmed that all other network bridges have not been impacted and also that the leftover funds are protected. furthermore, the broken bridges will soon be back in service. The company also had a message to the "black hat hacker" with a "clean" 1 million dollars bounty if all money were returned. 

Although pNetwork recognizes that possibility of such an instance is little, this is no precedence. As previously reported, Poly Network likewise utilized other digital assets for almost $600 million. But Mr. White Hat finally refunded the cash and even dismissed the provided bond, since the project named the culprit. 

The company stated that “We are adding additional security measures on the bridges as we reactivate them (more on this in the risk management section). Currently, we are also doing some extra checks on the transactions before they are broadcasted — this is not necessary, but something we are temporarily doing to be on the safe side and extra cautious.” 

It should be noted that the network's indigenous cryptocurrency – PNT – has dropped by 20% within 24-hour and is presently below $1.

Russian Electronic Voting System Struck by 19 DDoS Attacks in One Day

 

Yandex, the Russian technology and search engine powerhouse, disclosed last week that it had been hit by one of the world's biggest DDoS attacks ever recorded. 

A distributed denial-of-service (DDoS) attack involves flooding a website or service with a large amount of internet traffic until it stops working and eventually goes down. Cybercriminals have been known to create botnets and launch DDoS attacks using hacked systems or vulnerable/exposed Internet of Things (IoT) devices. 

Russia's remote electronic voting system has now become the next victim of the campaign, as to what appears to be a continuation of targeted DDoS attacks. 

According to reports, the 8th Russian State Duma (lower house) elections took place between September 17 and September 19. Voters had to head to the polls to cast their vote for the heads of nine Russian regions and 39 regional parliaments. 

According to Russian news agency Tass, remote electronic voting took place in six locations, including Sevastopol and the regions of Kursk, Murmansk, Nizhny Novgorod, Rostov, and Yaroslavl. 

Around 19 DDoS attempts were thwarted, according to Mikhail Oseevsky, president of Rostelecom. The head of the country's major digital service provider, Rostelecom, told the reporters at the Central Election Commission's information centre that some of the DDoS assaults were very short, spanning only a few minutes, while the biggest lasted 5 hours and 32 minutes. 

“It (the DDoS attack) began early in the morning and ended in the middle of the day,” Oseevsky disclosed. 

Many of the country's digital resources, including the elections, state services websites, and the CEC's portal, were attacked, according to Oseevsky. 

He continued by stating that there have been several efforts to launch large-scale attacks on these resources. The department, on the other hand, was well-prepared to combat and minimise the threat, according to the president. 

The assaults arose from a number of different countries which include: 
  • India 
  • China 
  • Brazil 
  • Russia 
  • Germany 
  • Thailand 
  • Lithuania 
  • Bangladesh 
  • United States 
According to the elections commission, three targeted cyberattacks were documented from abroad, two of which targeted the centre's main website and the third was a DDoS attack.

FTC: Health App and Device Makers Should Comply With Health Breach Notification Rule

 

The Federal Trade Commission on 15th September authorized a policy statement reminding makers of health applications and linked devices that gather health-related data to follow a ten-year-old data breach notification rule. The regulation is part of the agency's push toward more robust technology enforcement under Chair Lina Khan, who hinted that more scrutiny of data-based ecosystems related to such apps and devices could be on the way. 

In written remarks, Chair Lina Khan stated, "The Commission will enforce this Rule with vigour." According to the FTC, the law applies to a range of vendors, as well as their third-party service providers, who are not covered by the HIPAA breach notification rule but are held liable when clients' sensitive health data is breached. 

After being charged with studying and establishing strategies to protect health information as part of the American Recovery and Reinvestment Act in 2009, the FTC created the Health Breach Notification Rule. 

The rule requires suppliers of personal health records and PHR-related companies to notify U.S. consumers and the FTC when unsecured identifiable health information is breached, or risk civil penalties, according to the FTC. "In practical terms, this means that entities covered by the Rule who have experienced breaches cannot conceal this fact from those who have entrusted them with sensitive health information," the FTC says. 

Since the rule's inception, there has been a proliferation of apps for tracking anything from fertility and menstruation to mental health, as well as linked gadgets that collect health-related data, such as fitness trackers. 

The FTC's warning comes after the agency and fertility mobile app maker Flo Health reached an agreement in June over data-sharing privacy concerns. According to the FTC, the start-up company misled millions of women about how it shared their sensitive health data with third-party analytics firms like Facebook and Google, in violation of the FTC Act. 

According to privacy attorney Kirk Nahra of the law firm WilmerHale, the FTC's actions on the Health Breach Notification Rule "are an interesting endeavour to widen how that rule has been understood since it was implemented."

"It is focusing attention on a much larger group of health-related companies, and changing how the FTC has looked at that rule and how the industry has perceived it. I expect meaningful challenges to this 'clarification' if it is put into play," he notes. 

Failure to comply might result in "monetary penalties of up to $43,792 per violation per day," according to the new policy statement.