Uh oh. Looks like your using an ad blocker.
Our site is support by ads that help to pay our hosting costs. Please disable or whitelist us within your ad blocker to help us keep the site online.
All money generate by ads and donations is used to pay the hosting costs of the site, for more information about our income and expenses please see our donation page.
Police in Minnesota want to solve a crime by combing through Google search history. Officers in Edina, a city of around 50,000 people, got a warrant compelling Google to divulge information about people who searched for the name of a financial fraud victim between Dec. 1, 2016 and Jan. 7, 2017. Someone convinced a credit union to wire $28,500 from an Edina mans account by creating a fake passport using the mans name alongside a photo of someone else. In their warrant application, police stated that the fake photo came up by googling the victims name, but did not come up in other search engines. The warrant for the five-week period compels Google to hand over information regarding anyone who searched the victims name, including email addresses, social security numbers, birthdates, IP addresses and information related to the content the user is viewing/using.
Disclosure is not currently an option. Rather than share the now-classified technological means that investigators used to locate a child porn suspect, federal prosecutors in Washington state have dropped all charges against a man accused of accessing Playpen, a notorious and now-shuttered website. The case, United States v. Jay Michaud, is one of nearly 200 cases nationwide that have raised new questions about the appropriate limitations on the governments ability to hack criminal suspects. Michaud marks just the second time that prosecutors have asked that case be dismissed. The government must now choose between disclosure of classified information and dismissal of its indictment, Annette Hayes, a federal prosecutor, wrote in a court filing on Friday. Disclosure is not currently an option. Dismissal without prejudice leaves open the possibility that the government could bring new charges should there come a time within the statute of limitations when and the government be in a position to provide the requested discovery. The Department of Justice is currently prosecuting over 135 people nationwide whom they believe accessed the illegal website. However, in order to find those people, federal authorities seized and operated the site for 13 days before closing it down. During that period, the FBI deployed a Tor exploit that allowed them to find out those users real IP addresses. The use of Tor, which obscures and anonymizes IP addresses and browser user agents, makes it significantly more difficult for individuals to be tracked online. With the exploit, it became extremely easy for suspects to be identified and located. The DOJ has called this exploit a network investigative technique, (NIT) while most security experts have labelled it as malware.
A dark web vendor is reportedly selling over 1 million decrypted Gmail and Yahoo accounts on an underground marketplace. The accounts listed for sale allegedly contain usernames, emails and plaintext passwords. The cybercriminal allegedly selling the accounts is believed to be using the handle SunTzu583. The dark web vendor is allegedly selling 100,000 Yahoo accounts, from the 2012 Last.fm data breach, for 0.0079 bitcoins ($10.75). Another 145,000 Yahoo accounts from the 2013 Adobe breach and the 2008 MySpace hack were also reportedly found listed for sale, for 0.0102 bitcoins. SunTzu583 is also reportedly selling 500,000 Gmail accounts for 0.0219 bitcoins. The accounts allegedly come from the 2008 MySpace hack, the 2013 Tumblr breach and the 2014 Bitcoin Security Forum breach, according to a report by HackRead. Yet another 450,000 Gmail accounts were also listed for sale by the same vendor for 0.0199 bitcoins, from various other data breaches that took place between 2010 and 2016, including Dropbox, Adobe and other big name hacks. The data has allegedly been checked by matching it to data on popular data breach notification platforms such as HaveIBeenPwned. However, the data listed for sale has not been independently verified as being valid. It has become increasingly commonplace for hackers to sell user accounts from older data breaches on underground marketplaces, as a way to make a quick buck. These hacked and stolen accounts are used by cybercriminals to perpetuate other crimes such as identity theft. It is highly advisable that users adopt safe security practices and change their account passwords in the event that their accounts are found to be a part of any massive data breaches.
LeakedSource, a legally and ethically questionable website that sold access to a database of more than 3.1 billion compromised account passwords, has disappeared amid an unconfirmed report that its operator was raided by law enforcement officers. Leakedsource is down forever and will not be coming back, a person using the handle LTD wrote Thursday in an online forum. Owner raided early this morning. Was not arrested, but all [solid state drives] got taken, and Leakedsource servers got subpoenaed and placed under federal investigation. If somehow he recovers from this and launches LS again, then I will be wrong. But I am not wrong. Attempts to reach LeakedSource operators for comment were not successful.
Flaw allows hackers to execute arbitrary shell commands on affected devices. Several models of Netgear routers are affected by a publicly disclosed vulnerability that could allow hackers to take them over. An exploit for the vulnerability was published Friday by a researcher who uses the online handle Acew0rm. He claims that he reported the flaw to Netgear in August, but did not hear back. The issue stems from improper input sanitization in a form in the routers web-based management interface and allows the injection and execution of arbitrary shell commands on an affected device. The U.S. CERT Coordination Center (CERT/CC) at Carnegie Mellon University rated the flaw as critical, assigning it a score of 9.3 out of 10 in the Common Vulnerability Scoring System (CVSS). Netgear confirmed the vulnerability over the weekend and said that its R7000, R6400 and R8000 routers might be vulnerable. However, another researcher performed a test and reported that other routers from Netgears Nighthawk line are also affected. These include: R7000, R7000P, R7500, R7800, R8500 and R9000. Users can check if their models are affected by accessing the following URL in a browser when connected to their local area network (LAN): http://[router_ip_address]/w . If this shows any information other than a error or a blank page, the router is likely affected.