👽 Shubham khadgi blog 👽

The hacker behind the breach has been arrested after they bragged about hacking Capital One. Capital One Financial Corporation, a United States-based bank holding company has suffered a massive data breach in which personal and financial data of over 106 million customers has been accessed and stolen. Out of 106 million, 100 million customers are US-based while 6 million are from Canada. The data breach took place on March 22nd and 23rd earlier this year but the company identified the incident on July 19, 2019. According to a  press release  from the company, the data accessed in the breach includes information on customers who applied for the company’s credit card from 2005 through early 2019. This information includes names, addresses, phone numbers, email addresses, zip/postal codes, dates of birth and self-reported income. Furthermore, credit scores, payment history, limits, balances and contact information of the company’s credit card users were also accesse...

The malware attack involves two stages including one in which existing cryptomining malware is removed. The IT security researchers at Trend Micro have discovered a new malware campaign targeting Elasticsearch databases in the wild. The campaign takes advantage of unprotected or publicly available Elasticsearch databases, infect them with malware before turning them into botnet zombies to carry out distributed-denial-of-service (DDoS) attacks. According to researchers, the malware used in the attack is Setag backdoor originally discovered in 2017. Setag is equipped with capabilities like launching DDoS attacks and stealing system information. Further analysis into the binaries unveiled presence of BillGates malware as well. BillGates malware surfaced back in 2014 bearing the same capabilities as Setag including launching DDoS attacks and compromising the targeted device. Attack’s workflow (Image: Trend Micro) The malware attacks in two stages. In the first stage of t...

MegaCortex ransomware was discovered in May this year. iNSYNQ, a United States-based Cloud hosting provider has been hit by a massive ransomware attack crippling its cyberinfrastructure preventing customers from accessing their accounting data. It must be noted that iNSYNQ provides cloud-based QuickBooks accounting software and services. The ransomware attack, according to iNSYNQ, took place on July 16th but the company released limited information which is being criticized by customers and IT security community. Though, since the company’s files were locked by ransomware understandably, restoring trove of data takes time.  It was only on July 19th at 4:40 p.m. ET when iNSYNQ updated its customers with a status on its support website stating that “iNSYNQ experienced a ransomware attack on 7/16/19 perpetrated by unknown malicious attackers. The attack impacted data belonging to certain iNSYNQ clients, rendering such data inaccessible.” “As soon as iNS...

Slack data breach took place in 2015 but the company became aware of the incident recently through its bug bounty program. Slack has suffered a data breach in which thousands of users have been affected. As a result, the company is resetting passwords of thousands of impacted users. The data breach took place back in 2015 but the company recently became aware of the incident in which unknown hackers managed to steal database containing profile related information of Slack users including usernames, email addresses, and encrypted passwords. However, hackers inserted malicious code to extract plaintext passwords which were entered by users at the time of the breach. Slack further revealed that it became aware of the data breach through its bug bounty program after someone contacted the company with a list of its users’ emails and passwords. Slack claims that the list belongs to 2015 data breach. In a  security notice , Slack acknowledged the breach and stated that only ...

Sprint Corporation, an American telecommunications company has announced that it has suffered a data breach after unknown hackers accessed customer accounts credentials using the Samsung.com “add a line” website. Originally, the company was informed about the breach on June 22nd, 2019. The personal information which was accessed in the incident included full names, phone numbers, billing address, device ID,  device type, subscriber ID, account creation date, account number, monthly recurring charges, upgrade eligibility and add-on services. Although, it is unclear how many customers have been impacted, the breach notification notice [PDF] sent to customers stated that “Your account PIN may have been compromised, so we reset your PIN just in case in order to protect your account.” The company further said that all targeted accounts were re-secured on June 25, 2019. “Sprint has taken appropriate action to secure your account from unauthorized access an...

IRpair and Phantom are the first-ever collections of anti-facial recognition glasses and sunglasses designed to block facial recognition, eye tracking & infrared radiation including 3D IR surveillance cameras during both day and night. Facial recognition technology is the single biggest tool for authorities to keep an eye on suspected (and unsuspected) individuals; but thanks to Snowden leaks, it would appear that most of the victims of such technologies have been unsuspected users. The growing use of facial recognition technology at airports in the United States to its misuse in China to  track minorities ; it all raises serious concerns over user privacy and in particular, just how much do authorities know about you. For instance, in Southeast China, the police used facial recognition technology to locate and detain a suspect  among a crowd of over 60,000 people.  The incident occurred at a pop concert where the popular Hong Kong sing...

The flaw allowed anyone with knowledge of brute force attack to hack Instagram accounts without raising any suspicion. How to hack Instagram account? This is something that every Tom, Dick, and Harry wants to know since with over a billion users, Instagram is the world’s largest photo and video-sharing social networking service. While people are making living out of Instagram, it has also become a lucrative target for hackers and other malicious elements. That is why any vulnerability targeting the social network giant is a big thing and Facebook knows it. Recently, Laxman Muthiyah, an IT security researcher and bug bounty hunter from India discovered a  critical vulnerability in Instagram that would allow an attacker to hack Instagram account without the victim’s knowledge or permission – All that under 10 minutes. The vulnerability existed in the password reset mechanism of Instagram’s mobile version which, like any other platform, lets users recov...

Today, there are still many people who think that the Internet is as a comprehensive encyclopedia of the world. However, their number is decreasing. There are more and more people who rightfully consider the Internet as a means of earning money. It can attract a large number of new customers to your business, notify everyone and everything about what you are and what valuable services you provide for a mere penny. The Internet can help you earn money even when you do not have any business offline. All you need is to have your own website (or sometimes even a social media profile). Of course, you cannot have a website without purchasing a hosting plan. Selecting the best hosting service is a difficult and thorny path. To stay away from mistakes, you need to learn a lot and read plenty of useful articles. Suppose you have already found a suitable hosting provider and launched your website. Now the moment has come when you want to see the benefits of your work and earn money. And ...