- The family of a Palestinian activist jailed for incitement says young woman’s account was hacked Yahoo News
- Over 150 Killed in West Bank Since Oct. 7.; Prominent Palestinian Activist Ahed Tamimi Arrested Democracy Now!
- Palestine Activist, Who Slapped Israeli Soldier When She Was A Teen, Held In West Bank | Gaza War Hindustan Times
- Prominent Palestinian protester Ahed Tamimi detained by Israeli troops over ‘fake’ Instagram post Sky News
- Israeli troops arrest Palestinian activist in West Bank over ‘inciting violence’ India Today
- View Full Coverage on Google News
Tag Archives: hacked
Pokémon World Championships Disqualifies Scarlet And Violet Pros Using Hacked Monsters – Nintendo Life
- Pokémon World Championships Disqualifies Scarlet And Violet Pros Using Hacked Monsters Nintendo Life
- Pokemon VGC player disqualified from World Championships for “genned” team Dexerto
- Pokemon World Championship challenger disqualified for using ‘genned’ team CharlieINTEL.com
- Pokémon Co. eliminates multiple pros from 2023 World Pokémon Championships for hacked data GoNintendo
- 2023 Pokémon World Championships Players Disqualified Over Hacked Pokémon Controversy Future Game Releases
- View Full Coverage on Google News
LastPass Hacked for the Second Time in Six Months
If you were planning on storing your precious codes in LastPass, the freemium password manager, my personal advice to you would be: maybe think again on that one. And if you do use it, maybe consider an alternative.
Why? Well, the password manager just got hacked. Again. That makes twice six months. Not great for a company that’s supposed to keep your digital keys secure!
In a blog post published Wednesday, LastPass admitted that, during a recent incident, a hacker was able to access “certain elements” of “customers’ information.” What kind of information? Unclear. Not very helpful!
LastPass claims that no customers’ passwords were impacted by the incident: “Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.” However, the company also implied that it’s not totally sure what customer information was viewed (and presumably stolen) by the hacker. “We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” wrote LastPass chief executive Karim Toubba, in the blog.
“In keeping with our commitment to transparency, I wanted to inform you of a security incident that our team is currently investigating,” Toubba wrote. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement.”
G/O Media may get a commission
This most recent incident is actually the result of a previous LastPass security incident that took place in August. During that episode, LastPass officials “detected some unusual activity within portions of the LastPass development environment.” At the time, the company said that there was “no evidence” that the incident had exposed any “customer data or encrypted password vaults.” However, it appears that whoever was responsible for that incident managed to hack back into LastPass and got ahold of some customer data—though, again, we’re not sure what kind.
“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information,” Toubba says. Gizmodo reached out to LastPass for more details and will update this story if they respond.
Of course, this isn’t the first time that LastPass has had security problems. It’s part of a longstanding pattern. The company seems to suffer through some sort of cyber faux pas year or two. From a mysterious security issue back in 2011 to a hacking episode in 2015 to vulnerabilities discovered in 2016, 2017, and 2019, LastPass has had its share of problems. This recent episode adds to its beleaguered history. Nobody’s saying security is easy, but you’d hope that a company whose entire business is keeping your passwords secure could handle it better.
Racist message sent to iPhones via Apple News from hacked Fast Company site
While breaches at media companies are not unheard of, the notification was one of the biggest violations of Apple’s “walled garden” in memory. There was nothing to indicate that user security was compromised beyond the upsetting wording.
“Fast Company’s Apple News account was hacked on Tuesday evening. Two obscene and racist push notifications were sent about a minute apart,” the magazine said by email. “The messages are vile and are not in line with the content of Fast Company. We are investigating the situation and have suspended the feed and shut down FastCompany.com until we are certain the situation has been resolved.”
An Apple spokesperson pointed to a tweet from Apple News that said: “An incredibly offensive alert was sent by Fast Company, which has been hacked. Apple News has disabled their channel.”
An incredibly offensive alert was sent by Fast Company, which has been hacked. Apple News has disabled their channel.
— Apple News (@AppleNews) September 28, 2022
While the magazine’s site was defaced, an article that was labeled sponsored content gave the hackers’ description of how the break-in occurred.
That account said the group had gotten into the company’s WordPress program and found keys to functions including the Apple News programming interface.
Apple News users receive racist messages after Fast Company hacked
New York
CNN Business
—
The financial news publication Fast Company took the extraordinary step Tuesday night of shutting down its website after the outlet said it was hacked, resulting in a pair of obscene push notifications containing racist language being sent to Apple News subscribers.
A spokesperson for the publication told CNN in a statement that its “content management system account was hacked on Tuesday evening.”
“As a result, two obscene and racist push notifications were sent to our followers in Apple News about a minute apart. The messages are vile and are not in line with the content and ethos of Fast Company,” the statement said. “We are investigating the situation and have shut down FastCompany.com until the situation has been resolved.”
The statement also said the hack was “apparently related” to a “hack of FastCompany.com that occurred on Sunday afternoon, when similar language appeared on the site’s home page and other pages. We shut down the site that afternoon and restored it about two hours later.”
“Fast Company regrets that such abhorrent language appeared on our platforms and in Apple News, and we apologize to anyone who saw it before it was taken down,” the statement said.
People who attempted to access the website were greeted by a 404 page on Tuesday night, indicating the website was taken entirely offline. It was not immediately clear how long the site would be disabled.
Apple News also addressed the incident in a statement posted to its Twitter account.
“An incredibly offensive alert was sent by Fast Company, which has been hacked,” the company said. “Apple News has disabled their channel.”
It was not immediately clear who was responsible for the hack or how severe it was.
Solana, Nomad crypto wallets are hacked, with losses in the tens of millions
“An exploit allowed a malicious actor to drain funds from a number of wallets on Solana,” the company said via Twitter. “Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time.”
The hack is believed to have taken hold on wallets such as Slope and Phantom. These are “hot wallets” — that is, wallets that allow for lightning-fast transactions because they are always connected to the internet, as opposed to “cold wallets,” which usually require a USB drive and have long periods of disconnection. Solana — which at one time had the fifth-most-popular token before a slide — has made a name for itself as a blockchain that can transfer funds extremely quickly.
The news follows Monday’s revelation from Nomad, a so-called blockchain bridge, which acknowledged that about $190 million had been taken from it after a hacker infiltrated its system. The attack was known as a “free-for-all,” because the hacker’s original code allowed anyone to copy it and steal the crypto for themselves. It is not known where the money went.
Nomad said its executives were working with law enforcement and a blockchain data firm called TRM Labs to locate the funds, with no update as of Wednesday afternoon. It said they were working on “investigation/recovery” as well as “technical fixes.”
In an unusual move, the company early Wednesday provided an address for anyone who might have chosen to grab the money in a noble act of protection.
“Dear white hat hackers and ethical researcher friends who have been safeguarding ETH/ERC-20 tokens, please send the funds to the following wallet address on ethereum,” it said on Twitter. It is not known whether any good Samaritans took the company up on its offer.
A blockchain bridge allows consumers to swap crypto from one blockchain to another — say, from bitcoin to ethereum — making it vulnerable on what security experts call “both sides,” weaknesses on either blockchain. These bridges also tend to be newer and, in some cases, more hastily designed. In March, another blockchain bridge known as Ronin was hacked for amounts totaling more than $600 million in crypto.
“To date, approximately $1.8 billion has been stolen from these services and it’s worrying that their security standards don’t seem to match the huge amounts of capital being entrusted to them,” Tom Robinson, co-founder and chief scientist of Elliptic, said in an email to The Washington Post, referring to bridges.
Meanwhile, the Solana case has prompted concern because it was made vulnerable by factors out of its control. While some argue the hack does not show that any of the industry’s foundations are shaky — “This wasn’t a core blockchain problem, likely seems like one app someone built was buggy,” crypto mogul Sam Bankman-Fried told Fortune on Wednesday — it highlighted to critics the interconnectedness of crypto networks and the inability of any one part to fully vet all the others.
While the hacks involved discrete entities, blockchain bridges and hot wallets also underline what many crypto enthusiasts say is so appealing about the form: ease of use. The former allows disparate blockchains to communicate — potentially as essential to a coming tech era as, say, people with AT&T and Verizon phone plans being able to talk to one another was to an earlier one.
And cold storage, while safer, would seem to undercut what lies at the heart of crypto’s appeal, which is to allow for transfers without the delays and waits of traditional bank transactions.
On social media Wednesday, many showed images of their wallets suddenly displaying zero balances, while others questioned hot wallets. “So you’re telling me storing my entire net worth on a google chrome extension would be considered a bad move?” one wag wrote of Phantom.
But experts say the issue may be more serious than that. Finding solutions, they note, might mean making sacrifices within the goals envisioned by crypto idealists.
“One of the advantages to opening up the banking system this way is the speed and lower barrier to transactions,” said William Callahan III, a former Drug Enforcement Administration special agent who now serves as director of government and strategic affairs for a company called the Blockchain Intelligence Group. “But what these hacks show is we need to take a step back and question that idea of accessibility, since speed is also part of the problem. We need to balance speed with security.”
Still, Callahan said, he believed such shoring-up was possible. “Blockchain bridges need to step up their protection, while maybe consumers need to use more cold storage,” he added.
The need for speed might be diminishing on its own as some people exit cryptocurrency. Bitcoin, a strong barometer of crypto activity, has lost 50 percent of its value in 2022 as investors have shed the asset, though it has seen a rebound from its sub-$19,000 price in June to hover around $23,000 in recent weeks.
Elden Ring Publisher Hacked, Ransomware Group Claims
Bandai Namco, the Japanese publisher behind the Ace Combat, Dragon Ball Z, and Dark Souls games, appears to be the latest major gaming company to suffer a major hack. The ransomware group BlackCat added the Elden Ring publisher to its list of victims earlier today, though it’s not yet clear the extent of the damage or how much money the group is demanding.
“ALPHV ransomware group (alternatively referred to as BlackCat ransomware group) claims to have ransomed Bandai Namco,” vx-underground, a group that monitors malware source code on the web, posted on Twitter Monday. Attached was a screenshot of the ALPHV ransomware blog where the group tracks its targets, with Bandai Namco listed under the threat of “data soon” as of July 11.
Bandai Namco did not immediately respond to a request for comment. Vx-underground has previously reported on other hacks, including the infamous Lapsu$ one, before the companies themselves have confirmed them. The ransomware watch group DarkFeed also shared a screenshot of BlackCat’s claimed hack earlier today. Vx-underground and DarkFeed didn’t immediately respond to a request for comment either.
BlackCat, members of which were believed to also be involved in the Colonial Pipeline hack last year, have been ramping up ransomware attacks, according to some computer security analysts as well as the FBI. Most recently, the hacks have resulted in BlackCat posting private employee data online if the victims refuse to pay up. In the past, the group has demanded millions, and targeted school districts and other public entities in addition to for-profit companies.
If legitimate, this would be just the latest in a longline of recent hacks at major gaming companies. Capcom was hit in late 2020, with several of its upcoming unannounced releases like Dragon’s Dogma 2 leaking at the time. A now famous hack of graphics chip manufacturer Nvidia ended up leaking tons of other big gaming projects like Kingdom Hearts 4. CD Projekt Red, the Polish studio behind The Witcher 3 and Cyberpunk 2077, had employee data and the source code for one of its games stolen in early 2021. Even FIFA publisher Electronic Arts was hit, with the alleged perpetrators trying to get media outlet Vice to blackmail the company on its behalf.
It’s unclear how much of the seeming uptick in security breaches is due to new techniques deployed by hackers vs. the greater challenges companies faced when moving to working from home during the global pandemic. Capcom blamed part of its vulnerability on remote work. At the same time, the blockchain network hosting crypto gaming juggernaut Axie Infinity suffered one of the most expensive hacks in history earlier this year, reportedly all because an employee fell for an elaborate phishing scheme.
Earlier this year, Bandai Namco took the servers for Dark Souls I, II, and III offline after a dangerous remote code execution (RCE) exploit was discovered.
Bored Ape Yacht Club and Otherside Metaverse Discord servers reportedly hacked
The Bored Ape Yacht Club has been hacked again by a phishing scam that allowed thieves to steal more than a quarter million dollars worth of NFTs, reports say.
A manager account from the firm and and Otherside Metaverse was compromised this week, allowing hackers to access their accounts, CoinGape reported.
Once inside the scammers sent out phishing links posed as ‘exclusive giveaways’ for the NFT fans, stealing 145 Ethereum, which is about $257,515.65.
It comes just over a month after the group lost $3million from another set of scammers.
Pictured, the phishing scam that was sent out to members of the Bored Ape Yacht Club and Otherside Metaverse discord groups
The scam allegedly made off with about 145 Ethereum, which is about $257,515.65
Bored Ape Yacht Club focuses on buying and selling Bored Ape NFTs (pictured, one previously sold). The group had been targeted by thieves last month who made off with $3million
Data from PeckShield, a blockchain security firm, revealed that a total of 32 NFTs were stolen by Saturday, including one Bored Ape Yacht Club token, two Mutant Apes NFTs, Five Otherside NFTs and one Bored Ape Kennel Club token through the phishing attack.
NFTs, or Non-Fungible Tokens, are bitcoin-like digital tokens that act like a certificate of ownership, and live on a blockchain.
The scam was reportedly sent out through the account of a manager with the username BorisVagner, who enticed members of the discord groups with free tokens.
The breach comes more than a month after the Bored Ape Yacht Club, the biggest player in the NFT game, suffered major hacks in April, making off with four Bored Apes and a slew of other NFTs that totaled $3million.
Seth Green has created an animated show, in which a Bored Ape cartoon character works at a real Manhattan bar, White Horse Tavern, in the West Village
Hackers had targeted the group’s Instagram account and sent phishing links to members, who unknowing clicked on the posts and lost their valuable NFTs, The Guardian reported.
Jacke Moore, a global cybersecurity adviser, said that while Instagram attacks are nothing new, the close community over the Bored Ape NFTs can allow phishing scams to have devastating success.
‘This takeover has had a huge consequence and resulted in a mass robbery of digital assets,’ More told the Guardian regarding the April hack.
‘Similar to when physical art is stolen, there will be questions over how they would now be able to sell on these assets, but the problems in NFTs still prevail and users must remain extremely cautious of this still very new technology.’
Confidence in the Boared Ape Yacht Club continues to shake after Actor Seth Green fell for another scam where the copyright of his Bored Ape NFT that was set to be used for an upcoming TV show was stolen from him.
The actor, 48, was set to use a cartoon version of the NFT, Fed Simian, for his new cartoon, White Horse Tavern.
It features the real bar in Manhattan’s West Village, and imagines one of the bartenders is Fred Simian, who is part of an NFT collective called Bored Ape Yacht Club.
The character which Green bought is animated, and interacts with real actors in the 1880s bar.
But now production on the show has ground to a halt, after the lead character was ‘kidnapped’.
Green announced on May 17 that the character had been stolen. He has pleaded for its return on social media, and also insisted that he can still broadcast the show, because Fred Simian was stolen and copyright rules do not apply.
But Fred was sold on using cryptocurrency – a totally unregulated market – meaning the NFT’s unidentified new owner could well exercise a copyright claim if a likeness of Fred is broadcast without permission.
Putin Celebrates Victory Day, Russian TV Channel Rutube Hacked
Protesters in Poland drenched Moscow’s ambassador to Warsaw in red paint after swarming a local cemetery for Soviet soldiers who died in World War II, chasing the diplomat away and disrupting his embassy’s attempts to commemorate the end of the conflict.
Several hundred Ukrainians and Poles surrounded Ambassador Sergey Andreyev as he attempted to lay a wreath in front of a 115-foot-tall, Soviet-star-topped obelisk, built by authorities in 1949, just as Moscow was imposing Communist rule in Poland. The surrounding grounds hold the remains of about 20,000 Soviet soldiers who gave their lives to defeat Nazi Germany, a sacrifice Russia marks annually on its May 9 Victory Day.
Mr. Andreyev was blocked by the crowd shouting “murderers” and “fascists” as several flung blood-colored paint into his face and eyes. Nearby, demonstrators held up photos from the Ukrainian town of Bucha, whose brief occupation by the Russian military in March saw hundreds of civilians killed and buried in mass graves.
Before leaving the Soviet-era memorial, Mr. Andreyev said that he was proud of Russian President Vladimir Putin, and referred to parts of eastern Ukraine that he said now belonged to Russia. Polish police on hand, meanwhile, arrested a handful of pro-Russian protesters, leaving the Ukrainians and Poles who opposed the war mostly in peace.
Russia’s embassy had already canceled plans for a larger memorial service at the cemetery, whose obelisk by Monday had been vandalized in blue and yellow graffiti reading: “Kill Putin.” Warsaw Mayor Rafał Trzaskowski had called for the service to be banned, tweeting: “No Polish public institution should lend a hand to this initiative… I have no consent for the aggressor’s festival in Warsaw.”
Russia’s embassy issued a short statement lamenting that Polish authorities opposed a ceremony that it said “is about the celebration of the anniversary of the victory over Fascism, thanks to which the Polish state exists today!”
The Soviet Union lost about 27 million people during the war: about 14 million of them Russian, and another seven million Ukrainian. To advocate for his invasion of Ukraine, Mr. Putin has reached back into that history, which Russians broadly see as a collective sacrifice that, among other outcomes, freed Poland from Nazi occupation.
But few Poles feel that the Soviet Union liberated them when—after first carving up Poland in a 1939 pact with Nazi Germany—it returned, five years later, and imposed nearly a half-century of Communist rule.
Elden Ring players that picked up hacked underpants are getting banned
Elden Ring players can leave each other gifts in the game’s multiplayer component. Sometimes that’s a sweet piece of equipment or a powerful sword. Other times, however, it’s a pair of underwear that will get you banned.
The underpants in question are the infamous hacked drawers known as Deathbed Smalls. Basically, if you find a pair of fancy undies on the ground leave them there. Players that have tempted fate and picked them up are reporting that they’ve been “soft-banned” from Elden Ring. There are numerous warnings on the Elden Ring sub-Reddit, as spotted by Vice.
“After 220 hours, I pick up some underwear and it’s all over,” one player wrote.
Image: FromSoftware via Fighter PL on YouTube
Elden Ring, like FromSoftware’s other games, follows a general rule for wearables: If you see it on someone else, you can probably wear it, too, which leads to a massive fashion scene for fans. In Elden Ring in particular, players found that Fia — a lady you can hug in Elden Ring — is wearing a piece of fancy lingerie under her dress. FromSoftware, however, appeared to have cut the undies from the final version of Elden Ring, opting only to get Fia’s Deathbed Dress and robe.
But that doesn’t mean the underpants are inaccessible. Horny players quickly figured out that they can be hacked into the game. Players have been trading and begging each other to drop the panties all over the Elden Ring sub-Reddit. Sometimes, it appears to be an accident: A player picks up random stuff dropped by outsiders, unknowingly grabbing them.
Now, some players are getting a warning: Delete the panties or get soft-banned. A soft-ban means a player can still use multiplayer, but are instead tossed into a “quarantine” queue with other soft-banned players. In messages to soft-banned players posted to Reddit, FromSoft said players must remove the item, sometimes deleting an entire save file, to prevent themselves from being suspended.
Fia’s underpants aren’t the only illegal item in Elden Ring, according to players. Bans have also reportedly been meted out for the “fetal position” gesture. Polygon has reached out to publisher Bandai Namco for added clarification.