Hacking the Election: Security Flaws Need Fixing, Researchers Say

Hackers could have easily infiltrated US voting machines in 2016 and are likely to try again in light of vulnerabilities in electronic polling systems, a group of researchers said Tuesday.

A report with detailed findings from a July hacker conference which demonstrated how voting machines could be manipulated concluded that numerous vulnerabilities exist, posing a national security threat.
The researchers analyzed the results of the “voting village” hacking contest at the DefCon gathering of hackers in Las Vegas this year, which showed how ballot machines could be compromised within minutes.
“These machines were pretty easy to hack,” said Jeff Moss, the DefCon founder who presented the report at the Atlantic Council in Washington. “The problem is not going away. It’s only going to accelerate.”
The report said the DefCon hack was just the tip of the iceberg — with potential weaknesses in voter databases, tabulating software and other parts of the system.
The researchers said most voting machines examined included at least some foreign-manufactured parts, raising the possibility that malware could be introduced even before the devices are delivered.
“This discovery means that a hacker’s point-of-entry into an entire make or model of voting machine could happen well before that voting machine rolls off the production line,” the report said.
“With an ability to infiltrate voting infrastructure at any point in the supply chain process, then the ability to synchronize and inflict large-scale damage becomes a real possibility.”
– No certainty on 2016 –
Harri Hursti, a researcher with Nordic Innovation Labs and a co-author of the report, said it’s impossible to say with certainty if votes were tampered with in 2016 because many systems “don’t have the capacity” to be audited.
The report said five US states operate entirely on paperless systems which have no paper trail to be reviewed and another nine states are partially paperless.
“The only way to know is if the hacker tells you,” he said, adding that “it can be done without leaving tracks.”
Douglas Lute, former US ambassador to NATO who presented the report, said in a forward to the report that the findings highlight “a serious national security issue that strikes at the core of our democracy.”
Although some researchers in the past have shown individual machines could be breached, this report suggests a range of vulnerabilities across a range of hardware, software and databases.
“What the report shows is that if relative rookies can hack a voting system so quickly, it is difficult to deny that a nefarious actor — like Russia — with unlimited time and resources, could not do much greater damage,” said University of Chicago cybersecurity instructor Jake Braun, another co-author.
The threat becomes all the more grave “when you consider they could hack an entire line of voting machines, remotely and all at once via the supply chain,” he added.
In presenting the findings, the researchers said members of the DefCon hacker community would work with academics and security researchers in a new coalition aimed at improving election security.

Πηγή : securityweek

Hackers are compromising websites to mine cryptocoins via user’s CPU

For the last couple of weeks, the trend of inserting code in websites that generate cryptocurrency has been growing like never before. What might worry some is that it uses visitor’s computers to start and finish the process.
Recently, Trend Micro, a cybersecurity firm discovered that hackers are compromising charity, school, and file sharing websites with a particular code that allows the site to use visitor’s CPU in order to generate cryptocurrency
By doing so, the code converts the visitor’s computer into a miner. This means the greater the number of computers the quicker will be the process of generating digital currency and in return, the greater the amount of money. In the end, the victim will suffer from expensive electricity bill.

Hackers are compromising websites to mine cryptocoins via user CPU
Gif credit: Bitminer
According to Rik Ferguson, vice-president of security research at Trend Micro “This is absolutely a numbers game. There’s a huge attraction of being able to use other people’s devices in a massively distributed fashion because you then effectively take advantage of a huge amount of computing resources.”
The security firm discovered that hundreds of famous websites are using the code. Some are using “Coin Hive” code, some are using JSE Coin script while some have no idea how the code got onto their websites.
To get rid of it, some site owners have simply removed the code while some have updated their security policies and issued patches. There are those who are still investigating the issue emphasizing on how their site was compromised and how the code ended up on it without triggering any warning.
BBC reported that developers of Coin Hive are also taking action against those misusing their code for malicious purposes. “We had a few early users that implemented the script on sites they previously hacked, without the site owner’s knowledge. We have banned several of these accounts and will continue to do so when we learn about such cases,” Coin Hive told BBC.
In a tweet, FiveM, a modification framework for GTA V said that they had issued a security update just to stop users from adding miners to their code.
CloudFlare, a content delivery network and Internet security service also booted off a torrent website for secretly mining cryptocurrency miner. The company said “mining code without notifying users. … We consider this to be malware.”
Last month, The Pirate Bay website was caught “testing” cryptocurrency miner while two domains owned by CBS Corporation’s premium cable network Showtime’s sites were also found to be mining cryptocoins without informing their visitors.
In another report, Trend Mirco said that hackers are also using smart home devices to generate cryptocurrency. “Trend Micro data shows that more and more home devices are being compromised—we blocked over 90% more home network attacks in September compared to July, and most of the attacks are attempting to mine cryptocurrency,” said Trend Micro.
Although it is a rare practice; if adopted on a long-term basis, it might replace ads for good as advertisements can be malicious and annoying at times. However, the fact that it hijacks computers for crypto mining deeply concerns users, therefore, website owners should allow users to choose whether they want the site to use their CPU for mining or not.

Πηγή : hackread

MyEtherWallet Notification - Email scam

A new scam.
This time, the hacker tries to steal logging data for the Ethereum wallet.
A site identical to the original was created with the intention of misleading users.

The email comes from an address that is unrelated to the website.*markus.reichenau@t-online.de*Although it could be directly from: myetherwallet.com.

Here you see the differences between the original and the fake websites.


And beyond that, the address difference is very clear!!! 

 myetherwallet.com vs myethlerwallet.com

Have fun & Stay safe!!! 

New bitcoin transaction scam!

Payments made by mistake on your account are already known as scams.
In this case I received an email saying that someone sent me bitcoins to my address and should check my account.

0.54798743 BTC = 1.830 EUR ... well... I do not think it bothers such a mistake..

Let's star: 
1.What does transmitel.com have to do with bitcoin transactions?
Transmite.com- Security systems - Barcelona Owned by TRANSMITEL S.L. 
2.Email was sent to 6 addresses, so 6 wrong transactions?

All the hyperlinks have a hidden secret.

See it? Blockchain.com has become Blockchlain.info!
So.. when you will try to go on blockchain page for login.... you will do it on a diffrent page.
Do not worry, the website is already closed!

The consequences are understandable.
If you log in, someone will be in possession of your data and possibly your account.

Have fun & Stay safe! 

Hunting Paypal Scammer – Busted 100%

Here’s a new software that promises to increase your revenue.
The point is you do not have to believe in miracles.
Everything looks good, but if you try to log in to your Paypal account, the data will be sent without realizing it.
Data is sent to the email of the person who posted and you have all the chances of losing even the few money you have in your account.

Today i will try to find the ”hacker” for you!
Paypal doubler scam
To have time for account changes, it will ask you to wait 72 hours for the payment.
Paypal doubler scam Paypal doubler scam
Once you’ve added your data, the software logs in to a google account and sends the data.
Paypal doubler scam Paypal doubler scam Paypal doubler scam
Because of Google’s security, I can not log in because does not recognize my device.
Paypal doubler scam 
I have to admit that I have pressed several times to call and send message to the number attached on the account.
I hope I’ve stressed him a little!

If we want to catch the hacker, we just need to send an email identical to the one that comes from Google, where we can attach what we already have:

  • Email  – ***sans@gmail.com
  • Phone number – (…) …_.. 02
  • Password – Nofreewifihere2468
The search on Google and you will find something like that:
Somewere i’ve that his name is Saif.. ok.
Look who gives good comment on the youtube video:

  • A învăţat la Dr. Phillips High School
  • Trăieşte în Ocoee, Florida

Mission completed!

Have Fun & Stay Safe!

Fake Paypal – Scam

Here we have the old story…. a email that says you got some money from someone… you are pushing the link and the scam starts!!!
Email: secure@@help-report.net
Host: h–ps://www.check-your-account.systems/
All the logs are going to pyplresult@@gmail.com

So… open your eyes and do not be a scam victim!!!

Source : Cyber security news & tools

[2017] Best Bitcoin Doubler x2 100% (with Proofs) – Scam

Surce: Youtube
Search: bitcoin doubler
Source Link: watch?v=VDgrGJCZZPE

Here we have the proof of working bitcoin doubler, but… DO NOT try to double your bitcoins!
In the youtube video description will find the link for this super website: cryptuse.com

There we see crazy information about ”secure” transactions, deposits, investments… and more!
After the payment you just have to wait…. 100 Years!

Let me show you where is the problem!
Google search: bitcoin doubler script

So… everything is fake!!
The owner will take your bitcoin and nothing else will happen.
Ponzi Scheme Scam
Avoid getting scammed. Huge list of Bitcoin scams and scammers. Report a scam here and browse Bitcoin scammer listings.

Scam definition:
A fraudulent scheme performed by a dishonest individual, group, or company in an attempt obtain money or something else of value. Scams traditionally resided in confidence tricks, where an individual would misrepresent themselves as someone with skill or authority, i.e. a doctor, lawyer, investor. After the internet became widely used, new forms of scams emerged such as lottery scams, scam baiting, email spoofing, phishing, or request for helps. These are considered to be email fraud. Also see phishing, scheme.

Stay safe and DO NOT trust everything you see on the Internet!!!

Source : Cyber security news & tools

You Are Hacked !?!

This video is a presentation of our vulnerability. 
 It is very easy to become a victim without realizing it.
To prevent this happening, we must prevent such incidents.

Source : Cyber security news & tools

Hacking tool infected with Password Stealer

Hacking tool presented on youtube,but infected with Password Stealer.
So.. DO NOT download everything they give you !

Source : Cyber security news & tools

''Magic'' tool backdoored with remote control tool & AdWare

Another one ''Magic'' tool backdoored with remote control tool & AdWare

Malware spread on Google Maps,Github & Amazon

Everything started from a google search for infected files. The most commun are crack, keygen etc. I’ve found a ‘hide ip keygen’ and the link locations was very unusual…. Google Maps.

The google maps mark send’s me to some .ru link for download.
Analysing the .exe i found that the applications have’s conections with amazonas.com requesting for downloaad other applications.




Let’s see the last one.

I will play with screen.exe
Sens request’s to win3.online & win3.ru

  • /cfgUser?uid= -user tony-lyamin@yandex.com -xmr
  • /filesUrl avdeeff1985/master
  • /registerUser?uid=
  • /getStatus?uid=
  • /checkConnection aAvh5S

Also: hxxps://github.com/ytisf/theZoo/zipball/master

…and some others link connections:

  • github.com/angryziber/ipscan/releases/download/3.5.1/ipscan-3.5.1-setup.exe
  • github.com/uxmal/reko
  • github.com/gogo2017/space/commit/054c7ef793b902202b7a28f6505997b0c8dd19ab
  • raw.githubusercontent.com/LoukaV3rm/Sumonexs/master/RC7%20Update%20with%20memcheck.exe
  • raw.githubusercontent.com/wso-shell/WSO/master/WSO.php
  • raw.githubusercontent.com/LoukaV3rm/Sumonexs/master/Elevation%207%20Auto%20Inject.exe
So… i think there it is alot of actions for one single keygen!?!
Also, if you have time… on win3.online may find some vulnerability’s!
You also may create a hacker profile, starting from all these informations:

Tony… Anthony/ Lyamin/1985 …..
Search: Google,Facebook etc.

Have fun and stay safe!!!