Security daily (11-07-2020)

Russian hacker Yevgeniy Nikulin found guilty on most serious charges after years of legal wrangling

A U.S. jury has found an accused Russian hacker guilty on charges that he hacked LinkedIn and Formspring in a pair of 2012 data breaches in which he stole credentials belinging to more than 100 million Americans. Yevgeniy Nikulin was found guilty after just hours of deliberation, roughly eight years after he first infiltrated the U.S. social media companies in a successful attempt to steal data about American web users. He also was found guilty of trafficking Formspring data, and damaging a computer belonging to a Formspring employee in excess of $5,000. The jury found Nikulin not guilty on a charge that he committed the crime for financial gain. “Nikulin’s conviction is a direct threat to would-be hackers, wherever they may be,” U.S. Attorney David Anderson said in a statement. “Computer hacking is not just a crime, it is a direct threat to the security and privacy of Americans. American […] The post Russian hacker Yevgeniy Nikulin found guilty on most serious charges after years of legal wrangling appeared first on CyberScoop. (CyberScoop)

LiveAuctioneers security breach puts users at risk

LiveAuctioneers, the online website which broadcasts live auctions selling antiques, art, and collectibles, has warned that user details have fallen into unauthorised hands following a security breach. (Graham Cluley)

How to Host Your Own Tor Hidden Service with a Custom Onion Address

A mention of the deep web can bring to mind images of drugs, hackers, and other criminal activity. Despite the presence of these elements, the Tor network is a valuable tool for preserving privacy and anonymity. And browsing the deep web and any hidden services can be as simple as downloading the Tor Browser.

So what's a hidden service? It's pretty much the same thing as a website on the regular internet, only it uses Tor's technology to stay secure. In some cases, someone who creates a hidden service, also known as an onion service, can remain anonymous. Anyone can create a hidden service... more (Null Byte « WonderHowTo)

Signal's New PIN Feature Worries Cybersecurity Experts

(News ≈ Packet Storm)

The Secret Service Tried To Catch A Hacker With A Malware Booby Trap

(News ≈ Packet Storm)

EMV / Contactless Cards Mimicked With Magstripe Versions

(News ≈ Packet Storm)

Russian Hacker Found Guilty For Dropbox, LinkedIn, Formspring Breaches

(News ≈ Packet Storm)

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content, and even upload unauthorized videos.

The Indian video sharing app, called Chingari, is available for Android and iOS (The Hacker News)


/security-daily/ 12-07-2020 23:44:22