Dark web marketplace AlphaBay hacked

The web of illegality, web hidden behind TOR, Dark Web has it's own websites, one of the best known marketplace AlphaBay, where one can buy sell from gums to drugs, has got hacked and over 200,000 messeges compromised.

Earlier this week, the hacker known as Cipher0007, had found "high-risk" bug in AlphaBay witch allows him to copy over 200,000 private messeges between sellers & buyers. In a forum post the hacker said the two security flaws could be exploited to snatch private messages.

The hacker was able to read firstname, lastname, addresses, nicknames and tracking ID's. He also reviled number of screenshots as proof.

After that AplhaBay awarded that hacker for finding such a risky bug. The attacker was paid for disclosing the flaws rather than selling them on or releasing the stolen information to the public. In return, Cipher0007 revealed his methods and several hours later AlphaBay developers were able to close the loopholes.

Bill Gates could become world's first trillionaire

A report by Oxfam International said that considering that Bill Gates' fortune is growing at 11 per cent per year since 2009, he could become the world's first trillionaire soon.

When Gates left Microsoft in 2006, his net worth was USD 50 billion, according to Oxfam. By 2016, his wealth had increased to USD 75 billion, “despite his commendable attempts to give it away through his Foundation,” the report said.

For the hypothetical analysis, Oxfam researchers applied the rate of growth he has been enjoying, 11 per cent per year since 2009, to Gates’ current levels of wealth (over USD 84 billion, according to Forbes).

According to research firm Oxfam International, the world would get its first trillionaire in the next 25 years, when Bill Gates becomes around 86 years old. A report by Oxfam International said that considering that Bill Gates’ fortune is growing at 11 per cent per year since 2009, he could become the world’s first trillionaire soon.

Source : Indian Express

Ransomware hosted on Google Play Store!

Google Play, the official market for Android apps, was caught hosting a ransomware app that infected at least one real-world handset, security researchers said Tuesday.

You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.

the malicious app locked the device and displayed the above message 👆

The ransomware was dubbed Charger and was hidden inside an app called EnergyRescue, according to a blog post published by security firm Check Point Software. Once installed, Charger stole SMS contacts and prompted unsuspecting users to grant it all-powerful administrator rights.

An analysis showed that Charger checked the local settings of an infected device and wouldn't execute the app's malicious payload if the device was located in Ukraine, Russia, or Belarus. The behavior was likely an attempt to prevent the developers from facing legal actions in those countries.

Source : Arstechnica

The New York Times twitter account hacked

The New York Times Video Twitter account posted a fake news tweet about Russia planning to launch a missile attack on the United States.

Two follow up tweets on the account — which has more than 259,000 followers — claimed to come from OurMine, a hacker group that has breached high-profile Twitter accounts for Marvel, Netflix and Twitter founder Jack Dorsey.

Another tweet claimed the Times tweet came from the same hacker who posted a fake announcement about Britney Spears’ death last month on the Sony Music account.

“We deleted a series of tweets published from this account earlier today without our authorization. We are investigating the situation,” the account wrote in a subsequent tweet.

 According to reports from August 2016, hackers thought to be working for Russia broke into the email accounts of New York Times reporters earlier that year. The FBI investigated the reports.

source : NY daily news

Clash of Clans creator Supercell Hacked

Supercell, which created Clash of Clans and other games such as Clash Royale, Boom Beach and Hay Day, has revealed that an attack on its member forums leaked user details online.

Over a million user accounts were compromised in the breach, Motherboard reported, with usernames, email addresses, IP addresses and hashed passwords among the leaked information passed on by breach notification site LeakBase.

Supercell confirmed that it had suffered a breach, which apparently occurred back in September 2016, and urged users to change their passwords immediately.

The company told Motherboard that, “Our preliminary investigation suggests that the breach happened in September 2016 and it has since been fixed.”

In a statement posted on its user forums, Supercell added, “We take any such breaches very seriously and we follow very strict policies when it comes to security. Please note that this breach only affects our Forum service. Game accounts have not been affected.”

Source :Express

Whatsapp feature allows hackers to Intercept & Read your Encrypted messeges

After introducing "end-to-end encryption by default" last year, WhatsApp has become the world's largest secure messaging platform with over a billion users worldwide.

But if you think your conversations are completely secure in a way that no one, not even Facebook, the company that owned WhatsApp, can intercept your messages then you are highly mistaken, just like most of us and it's not a new concept.

Let's Understand the  With A Simple Scenario:

Suppose user A and B want to chat, and for which WhatsApp has automatically exchanged their public keys through its server.
Now every message sent from user A will get encrypted using the private key of A and the public key of B, which can be decrypted by user B only, using the public key of A and the private key of B.

Suppose: User B is offline, and user A has sent some messages to user B. But meanwhile, for some reason, the user B had to change the device and reconfigured same Whatsapp account on it. A fresh installation will force user B to re-generate new public and private keys pair for the same account.
And, later, whenever user B will come online again, the device will receive rest of the undelivered messages sent by A.
But How user B can decrypt messages, which were supposed to be encrypted using the old public key of B ?

That's because, when user B comes online again, Whatsapp automatically exchange new keys b/w users without informing them and to successfully deliver same messages, WhatsApp of A will re-encrypt them using the newly received public key of B.

This is where the all get wrong.

If a hacker (suppose user C) intentionally replace the public key of B with its own, all undelivered messages will get automatically re-encrypted and delivered to C, which can only be decrypted by private key of user C (hacker).

source : The Geek App By Alien Skills

11 lesser known facts about facebook co-founder Mark Zuckerberg

1. Facebook is blue because Zuckerberg is color-blind. Zuckerberg suffers from red/green colour blindness, which means the colour he can most easily see is blue.

2. Zuckerberg learnt Chinese in the year 2010 just to communicate with his girlfriend Priscilla Chan's family members.

3. As per a report in Business Insider, Zuckerberg doesn't own a TV.

4. He dropped out of Harvard University to devote himself full-time to Facebook.

5. His annual salary at Facebook is 1 USD.

6. Microsoft and AOL tried to hire him when he was in high school just when he had designed Synapse, a program that used artificial intelligence to learn users' music-listening habits.

7. Zuckerberg turned vegetarian in 2011 and stated that he would only eat the meat of animals that he killed himself.

8. Mark, at the age of 13 had already created a basic computer network for his family, dubbed "Zucknet", which allowed the computers in the family and his father's dental office to send messages to each other through pinging.

9. Mark Zuckerberg holds about 50 patents to his name. The first was issued in November 2004 for the technology behind the Synapse Media Player.

10. He possesses a Hungarian sheepdog named Beast, which has a Facebook page with over 2 million fans.

11. In July 2011, Zuckerberg became the most followed user on Google's social network Google+, surpassing its co-founders Larry Page and Sergey Brin.

Hello Kitty Database Hacked, 3.3 Million User Details Breached

Hello Kitty parent company Sanrio, has been breached including 3.3 million user credentials.

 The breach was originally reported in December 2015, but at the time Sanrio denied any data was stolen as part of the breach. The breach was tied to a misconfigured MongoDB installation that was discovered by security researcher Chris Vickery.

 On Sunday a website that specializes in harvesting leaked credentials called LeakedSource, said the Sanrio database of 3,345,168 million users has surfaced. The disclosure was part of the website’s January 2017 update.

 Unfortunately, someone did copy the database before the configuration error was fixed. It just isn’t clear when that copy was made. On Sunday, Salted Hash learned that the Sanrio database was added to The LeakedSource index.

Google's parent company killed its solar-powered internet-drone program

X, a division of Google’s parent company Alphabet, is ending its solar-powered drone program, reassigning members of the Titan team to other projects.

News of Titan's demise comes two days after Bloomberg reported that Alphabet plans to sell Terra Bella, its satellite-imaging service.

Google bought a company called Titan Aerospace in 2014. It had been developing solar-powered drones that could fly for several days at a time and take images of earth or beam down internet.

When Google reorganized into Alphabet in 2015, Titan was folded into X. Titan was then lumped into Project Wing, the X division that works on delivery drones.

An X representative, Jacquelyn Miller, told Business Insider that X will instead focus on Project Loon, which makes high-altitude balloons, for delivering internet from the sky.

The end of Titan is the latest example of Alphabet's attempt to trim the fat and focus on projects it believes can generate growth opportunities.

Brother-sister duo accused of hacking Italy's 18,000 email accounts of elite

A brother-sister hacker duo has been arrested by Italian police for developing a customised malware and hacking into email accounts of Italy's elite.

Giulio Occhionero, 45, a nuclear engineer, and his sister Francesca Maria Occhionero, 48, both of whom reside in Rome, have been charged with launching a massive cyberespionage campaign that targeted two former Italian prime ministers, a Vatican cardinal, the president of the European Central Bank and thousands of others, according to reports.

The siblings have been accused of hacking at least 18,000 email accounts, which belonged to Italian businessmen, bankers, and politicians, including former prime ministers Matteo Renzi and Mario Monti.

The FBI said it had provided support to the Italian probe into the cyberespionage campaign that targeted victims in Europe and the US. The Italian police confirmed that US authorities would help determine how the hackers infiltrated systems and stole data. Police added that the data sought by the hackers had financial value.

Stephen Hawking Says A.I. Could Be Our 'Worst Mistake In History'

The world's most famous physicist is warning about the risks posed by machine superintelligence.

Looking further ahead, there are no fundamental limits to what can be achieved: there is no physical law precluding particles from being organised in ways that perform even more advanced computations than the arrangements of particles in human brains.

So, facing possible futures of incalculable benefits and risks, the experts are surely doing everything possible to ensure the best outcome, right?

Wrong. If a superior alien civilisation sent us a message saying, "We'll arrive in a few decades," would we just reply, "OK, call us when you get here – we'll leave the lights on"? Probably not – but this is more or less what is happening with AI.

Although we are facing potentially the best or worst thing to happen to humanity in history. All of us should ask ourselves what we can do now to improve the chances of reaping the benefits and avoiding the risks.

Families of ISIS victims sue Twitter for being 'weapon for terrorism

The families of three Americans killed in ISIS terror attacks are suing Twitter for allegedly knowingly providing support for the terrorist group and acting as a "powerful weapon for terrorism."

The suit was filed over the weekend in a federal court in New York City on behalf of the relatives of three U.S. nationals who were killed by ISIS in the March 22, 2016, terrorist attacks in Brussels and the Nov. 13, 2015, terrorist attacks in Paris. At least 32 people died in the Brussels attack and about 130 in the attack in Paris.

The suit alleges that Twitter has violated, and continues to violate, the U.S. Anti-Terrorism Act.

"Twitter's social media platform and services provide tremendous utility and value to ISIS as a tool to connect its members and to facilitate the terrorist group's ability to communicate, recruit members, plan and carry out attacks, and strike fear in its enemies," the suit alleges.

Twitter did not reply to a request for comment.
If Twitter loses the lawsuit and is ordered to pay significant damages, the impact on other social networks would be chilling.

Russia Asks Apple & Google To Remove LinkedIn From App Stores

The problems of LinkedIn and Microsoft in Russia have been rising in recent months. Failure to comply with the rules imposed led to the social network being banned.

 The decision to ban LinkedIn Russia was taken in October 2016 in response to the decision of a court case. Failure to comply with the decision to maintain local users’ data on Russian territory has thus ended.

 Immediately, LinkedIn was blocked.but there are also other ways to access (VPN).

But now the Russian government wants to completely terminate this access and has asked Apple and Google to remove the LinkedIn app from their stores when access is made on Russian territory.

 However, Apple and Google have yet to respond to this request.

The End of Yahoo! CEO To Resign; Yahoo To Change Its Name To Altaba

Spotted on The Register's twitter feed: Yahoo! Submission to The SEC. Most of the board is leaving, including CEO Marissa Mayer.

The company has been  changing its name to Altaba Inc. At one time Yahoo was a series of directories on a University's computers, where you could browse a hierarchical list of websites by category. And here we are watching the company's demise.

According to the regulatory filing, the changes will take place after the sale of its core business is completed with Verizon for roughly $4.8 billion. The Wall Street Journal notes : "Verizon officials have indicated all options remain possible, including renegotiating the terms of the deal or walking away."

FBI hacked! Hacker leaks FBI usernames & passwords online

The premier investigative agency of United States of America, Federal Bureau of Investigations (FBI) had its website content management system hacked. A hacker with Twitter handle of CyberZeist claimed that he had managed to breach into Plone CMS used by FBI for its website. CyberZeist also leaked around 150 logins, including email addresses and encrypted passwords online.

 CyberZeist said he breached the Plone CMS, also being used by the FBI, in late December using a zero-day that was discovered by somebody else. CyberZeist stated that the zero-day can be used against several other organizations including the EU Agency for Network Information and Security along with Intellectual Property Rights Coordination Center.

CyberZeist exploited the flaw on 22nd December. The hacker exploited a zero-day vulnerability in the Plone CMS, an Open Source Content Management software used by FBI to host its website, and leaked personal data of 155 FBI officials to Pastebin, including their names, passwords, and email accounts.

Additionally, the hacker says that the zero-day he used to compromise the CMS website is already being sold on Tor, so he won’t share more details until the exploit is no longer available for purchase.


The attack is “devoted to the Anonymous movement,” and CyberZeist says that he was already contacted by various sources to sell the zero-day, but he declined.