Alleged Uber Hacker Leaked 90 Videos of Grand Theft Auto 6 Test Build
Hacker had access to LastPass's internal systems for four days, Uber says hacker did not access sensitive user data, Couple claims they hacked hotel chain for fun, Kiwi Farms admits breach, more
Check out my latest CSO column that looks at the importance of international partnerships in fighting cybercrime and how leaders from across the globe spoke at this year’s Billington Cybersecurity Summit about the need for collaboration to manage persistent threats.
A user on GTAForums by the name of teapotuberhacker, who say they were also the eighteen-year-old behind the recent Uber hack, posted 90 videos they claim come from a test build of Grand Theft Auto 6, running with "GTA 5 and 6 source code and assets.”
Bloomberg reporter Jason Schreier confirmed the leak in a tweet, saying, "Not that there was much doubt, but I've confirmed with Rockstar sources that this weekend's massive Grand Theft Auto VI leak is real. The footage is early and unfinished, of course. This is one of the biggest leaks in video game history and a nightmare for Rockstar Games.”
The hacker says they are accepting offers of over $10,000 for the GTA V source code and assets but are not selling the GTA 6 source code at this time. GTA’s developer, Rockstar Games, has not released a statement. (Jody Macgregor / PC Gamer and Lawrence Abrams / Bleeping Computer)
Related: PCMag.com, WCCFtech, The Tech Outlook, TechSpot, PCMag.com, Neowin, Reddit-hacking, SlashGear » security, TechCrunch, Kotaku, Dextero, Polygon, Engadget, The Vergem Axios, Dual Shockers, The Straits Times Tech News, Marketwatch, Research Snipers, Firstpost, Asia One Digital, TechCentral, Reuters.com, Security Affairs, TRT World, TechWorm, iTech Post, Times of India, Tech Circle, TechDator, TRT World, Times of India, NDTV Gadgets360.com, Fortune, The Straits Times Tech News, Asia One Digital, iTech Post, TechWorm, TechWorm, Security Affairs, The Stack, Firstpost, Security Affairs, BetaNews, Cyber Kendra, Forbes, TechCentral, TechCentral, GTA Forums
Password organizer LastPass says the attacker behind its August security breach had internal access to the company's systems for four days until they were detected and evicted.
LastPass CEO Karim Toubba said that the company's investigation, carried out in partnership with cybersecurity firm Mandiant, found no evidence the threat actor accessed customer data or encrypted password vaults. Toubba also said the investigation found that the threat actor could impersonate the developer after he "had successfully authenticated using multi-factor authentication."
He also said the company had not found evidence that the attacker tried to inject malicious code. (Sergiu Gatlan / Bleeping Computer)
Related: The Hacker News, Security News | Tech Times, Engadget, DataBreachToday.com, Tech-Economic Times, BetaNews, gHacks, Softpedia, MobileSyrup.com, iPhone in Canada Blog, Reddit-hacking, Mashable, Marketwatch, Polygon - All, Polygon - All, eTeknix, The Nerd Stash, HotHardware.com, Business Insider, SlashGear » security, Digital Trends, The Verge, LastPass
Uber said that all its services were operational following what security professionals say is a severe breach, claiming there was no evidence the hacker accessed sensitive user data.
Screenshots the hacker shared with security researchers indicate they obtained full access to the cloud-based systems where Uber stores sensitive customer and financial data, highlighting the severe nature of the breach. However, how the hacker gained access to Uber’s systems was a common social engineering technique where they posed as a colleague, persuading an Uber employee into surrendering their credentials.
Security researchers who communicated with the hacker said there was no indication that the hacker had done any damage or was interested in anything more than publicity. (Frank Bajak / Associated Press)
Related: CNBC, Ars Technica, Wired, Associated Press, Mashable, Wall Street Journal, The Verge, Cyberscoop, The Register - Security, Teiss, README_ - Medium, DealStreetAsia, Forbes, SecureReading, CNN.com, Asia One Digital, Group IB, The Hacker News, Bloomberg
A couple from Vietnam, who call themselves TeaPea, contend that they carried out a destructive cyber-attack against Holiday Inn owner Intercontinental Hotels Group (IHG) “for fun,” providing screenshots that IHG confirmed are genuine.
They say they first tried a ransomware attack, then deleted large amounts of data when they were foiled. They accessed the FTSE 100 firm's databases thanks to an easily found and weak password, Qwerty1234. TeaPea says they gained access to IHG's internal IT network by tricking an employee into downloading a malicious piece of software through a booby-trapped email attachment.
"Our attack was originally planned to be a ransomware, but the company's IT team kept isolating servers before we had a chance to deploy it, so we thought to have some funny [sic]. We did a wiper attack instead," one of the hackers said. (Joe Tidy / BBC News)
Troubled hate site Kiwi Farms admitted it had been breached in a statement on its website and the Telegram messaging forum.
“Assume your password for Kiwi Farms has been stolen,” it said. “Assume your email [and] any IP [internet protocol] you’ve used on your account in the past month has been leaked. The unknown hacker attempted to export 120,000 user data files, which led to the site crashing. It is believed that Vsys, an offshore hosting site used as a proxy by Kiwi Farms, was compromised, resulting in the breach.
Kiwi Farm’s admin shut the website down shortly after and restored it to a backup version dating from September 17. Under intense pressure from the internet community, Cloudflare withdrew its cybersecurity services from Kiwi Farms, forcing the malicious site to cast about for new protection from attack. (Damien Black / CyberNews)
Bell Technical Solutions, a subsidiary of Bell Canada, announced a data breach after the Hive ransomware group added the company to its leak site, claiming to have attacked it on August 20.
The company said that its servers containing “operational company and employee information” were involved in a recent cyberattack. In addition, an unknown number of customers who booked technician visits also had their names, addresses, and phone numbers leaked during the incident.
The company said it plans to notify the customers who had their information accessed but noted that Bell Technical Solutions operates on its own IT system separate from Bell and any of its other subsidiaries. (Jonathan Greig / The Record)
Akamai said that on September 12, it successfully detected and mitigated the now-largest DDoS attack launched against an unnamed Eastern European customer on the Prolexic platform, with traffic abruptly spiking to 704.8 Mpps in an aggressive attempt to cripple the organization’s business operations.
The victim is the same one who, in July, was the subject of what was then a record-breaking attack that peaked at 853.7 Gbps (gigabits per second). This latest attack was roughly 7% higher than the July attack. According to Akamai, the victim has been bombarded with DDoS attacks relentlessly since then. (Bill Toulas / Bleeping Computer)
Researchers at Vectra say that Microsoft Teams stores authentication tokens in unencrypted plaintext mode, allowing attackers to potentially control organizational communications.
The flaw affects the Windows, Mac, and Linux desktop apps built using Microsoft's Electron framework. Microsoft is aware of the issue but has no plans for a fix since an exploit would require network access. (Steve Dent / Engadget)
Researchers at the University of Michigan and Zhejiang University in China discovered that optical emanations from video screens reflected in the lenses of glasses could be used to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.
They believe the possible applications of this attack range from causing discomforts in daily activities, such as bosses monitoring what their subordinates are browsing in a video work meeting, to business and trading scenarios where the reflections might leak critical negotiation-related information.
Popular video meeting application Zoom already provides a video filter in its Background and Effects settings menu that consists of reflection-blocking opaque cartoon glasses. Skype and Google Meet lack that defense. (Thomas Claburn / The Register)
According to an analysis by Advance Democracy Inc., a nonprofit, nonpartisan organization that conducts public-interest research and investigations, one hundred and fifty-two different Russian state-sponsored disinformation accounts produced material about Linda Sarsour, a Palestinian-American organizer of the epic 2017 Women’s March on Washington on the eve of Donald Trump’s inauguration.
Public archives of Twitter accounts known to be Russian contain 2,642 tweets about Ms. Sarsour, many of which found large audiences. The goal of the Twitter campaign, like most Russian social media manipulation, was to drive further wedges into the political divisions among American citizens.
Over the eighteen months after the march, Russia’s troll factories and its military intelligence service put a sustained effort into discrediting the movement by circulating damning, often fabricated narratives around Ms. Sarsour. Moreover, her activism made her a lightning rod for Mr. Trump’s anti-Muslim base.
Feminism was an obvious target for Russian trolls because it was viewed as a “Western agenda” and hostile to the traditional values that Russia represented, Russian troll Artyom Baranov who worked at one of the disinformation initiatives, said. (Ellen Barry / New York Times)
Unsealed documents filed by plaintiffs in privacy user profiling litigation in California offer details on a handful of apps Facebook audited and internal reports on what it found.
The revelations provide a glimpse into the privacy-free zone Facebook was presiding over when Cambridge Analytica helped itself to millions of users' data, the vast majority of whom did not know their info had been harvested for voter-targeting experiments. Games maker Zynga and Yahoo were two third-party apps audited by Facebook.
Both firms produced apps for Facebook’s platform, which appeared to have extensive access to users’ friends’ data, suggesting they would have been able to acquire data on far more Facebook users than had downloaded the apps themselves, including some potentially sensitive information. Other examples cited in the documents include several apps created by developers called AppBank, which made quiz apps, virtual-gifting apps, and social gaming apps that likewise collected far more data than their use cases suggested. (Natasha Lomas / TechCrunch)
Researchers at Proofpoint say that threat actors are exploiting the death of Queen Elizabeth II in phishing attacks to lure their targets to sites that steal their Microsoft account credentials.
The attackers are also attempting to steal their victims' multi-factor authentication (MFA) codes to take over their accounts. In their campaign, the phishing actors impersonate "the Microsoft team" and try to bait the recipients into adding their memo onto an online memory board "in memory of Her Majesty Queen Elizabeth II." If they do so, the targets are sent to a phishing landing page where they're asked first to enter their Microsoft credentials.
The attackers use a new reverse-proxy Phishing-as-a-Service (PaaS) platform known as EvilProxy promoted on clearnet and dark web hacking forums, which allows low-skill threat actors to steal authentication tokens to bypass MFA. The UK’s National Cyber Security Centre warned of cybercriminals exploiting the Queen's death for their own gain in phishing campaigns and other scams. (Sergiu Gatlan / Bleeping Computer)
A few Twitter users discovered how to hijack an automated tweet bot dedicated to remote jobs, running on the GPT-3 language model by OpenAI. Using a newly discovered technique called a "prompt injection attack," they redirected the bot to repeat embarrassing and ridiculous phrases.
The bot is run by Remoteli.io, a site that aggregates remote job opportunities and describes itself as "an OpenAI-driven bot which helps you discover remote jobs which allow you to work from anywhere." It would typically respond to tweets directed to it with generic statements about the positives of remote work. However, after the exploit went viral and hundreds of people tried it for themselves, the bot shut down late yesterday.
These hacks follow data researcher Riley Goodside's discovery of the ability to prompt GPT-3 with "malicious inputs" that order the model to ignore its previous directions and do something else. Simon Willison posted an overview of the exploit on his blog coining the term "prompt injection" to describe it. (Benj Edwards / Ars Technica)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added half a dozen vulnerabilities to its Known Exploited Vulnerabilities and ordered federal agencies to follow vendor’s instructions to fix them.
The oldest bug that CISA ordered federal agencies to patch is from 2010 and was used to spread the Stuxnet worm that damaged the centrifuges at the Natanz uranium enrichment plant to slow the country’s advancements towards developing nuclear weapons. (Ionut Ilascu / Bleeping Computer)
Related: Security Affairs
The European Commission has proposed to protect journalists in member states from spyware surveillance by introducing the European Media Freedom Act (EMFA), a major legal package to protect journalists and editorial independence, uphold press freedom and ultimately safeguard democracy in the European Union.
The EMFA provides “strong safeguards against the use of spyware against media, journalists and their families.” Greek journalists Thanasis Koukakis, Stavros Malichoudis, and Eliza Triantafillou testified in the European Parliament that they had become targets of state-sanctioned surveillance because of their work. (DW)
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
While this may be a known and intended feature of the browsers, it raises concerns about what happens to the data after transmission and how safe the practice might be, particularly regarding password fields. In cases where Chrome Enhanced Spellcheck or Edge's Microsoft Editor (spellchecker) were enabled, "basically anything" entered these browsers' form fields was transmitted to Google and Microsoft. (Ax Sharma / Bleeping Computer)
Thomas Knudsen and Samy Younsi of Necrum Security Labs discovered two vulnerabilities in wireless local area network devices commonly used on aircraft that could expose users to hacking.
The vulnerabilities were found in the FLEXLAN FXA2000 and FXA3000 series devices from CONTEC Co. Ltd., a Japanese electronics manufacturer. The vulnerabilities in the devices, mainly used in airplanes for Wi-Fi access, could allow an attacker to take over the devices.
CONTEC said there are “possibilities of data plagiarism, falsification and system destruction with malicious programs if this vulnerability was exploited by malicious attackers.” Firmware updates for both devices that address the vulnerabilities have been released. (Duncan Riley / Silicon Angle)
The U.S. Senate confirmed Nathaniel Fick as the country’s first-ever cyber ambassador.
Fick will head the State Department’s Bureau of Cyberspace and Digital Policy, an office that opened in April and is intended to address gaps in the government’s global cyber response. (James Reddick / The Record)