Search the Community

https://www.straitstimes.com/singapore/broadband-provider-whizcomms-server-breached-by-third-party-customers-information-stolen UPDATED 9 MINS AGO SINGAPORE – Broadband service provider WhizComms notified customers on Wednesday that its Web server had been breached, resulting in a third party stealing their personal information. In an e-mail seen by The Straits Times, the firm said that the data breach affected some customers only, with those affected receiving it. The third party who accessed the firm’s Web server had downloaded scanned images of customers’ personal information, including their NRICs, work permits and tenancy agreements. There was no indication that contact and payment information had been stolen, although the e-mail warned affected customers to look out for any suspicious activities that used their identities. “With scam calls and fraudulent activities already on the rise, we recommend that you continue to be vigilant, especially for any potential signs of identity fraud,” the e-mail added. WhizComms markets itself as having the cheapest 1 Gbps (gigabit per second) plan, which it offers at $32.40 per month for a 24-month contract. Its broadband service is powered by Singtel. It did not disclose the number of people affected, nor did it say when it first detected the breach. It said that the unauthorised access had already been contained, and it is working with the police, the Personal Data Protection Commission (PDPC) and the Infocomm Media Development Authority. It added that it was strengthening its safeguards to prevent a reoccurrence of such incidents. The Straits Times has contacted WhizComms for more information. Meanwhile, a PDPC spokesman said the commission has been notified of the incident and is investigating.

https://www.hardwarezone.com.sg/tech-news-hacker-leak-190gb-samsung-data-source-code-security Hackers leak 190GB of data allegedly from Samsung, includes source code and biometric unlocking algorithms By Kenny Yeo - on 7 Mar 2022, 9:48am (Image source: Samsung) The Lapsus$ hacking group has just leaked a huge collection of data that they claim to be from Samsung. The leaked data is presently being shared on a torrent and is presented as three compressed files that amount to nearly 190GB. At the time of writing, the report says they are more than 400 peers sharing the file. And earlier, the group posted a screenshot with C/C++ directives in a Samsung software earlier. And according to the group, the torrent contains data of the following: Source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control) Algorithms for all biometric unlock operations Bootloader source code for all recent Samsung devices Confidential source code from Qualcomm Source code for Samsung’s activation servers Full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services If it looks bad, that's because it is. If the claims are accurate, Samsung is looking at a major breach that could cause substantial damage to the company. Lapsus$ is the same group behind the recent NVIDIA breach. They are demanding the graphics giant remove limitations on cryptocurrency mining or they will leak the company's source code. However, it is unknown at this time if they have made similar demands of Samsung. In a statement to The Korea Herald, Samsung says it is investigating the incident. Most recently, Samsung was caught throttling the performance of some apps. Source: BleepingComputer https://www.techspot.com/news/93663-nvidia-hackers-leak-190gb-sensitive-data-samsung.html Nvidia hackers leak 190GB of sensitive data from Samsung The leaks includes Samsung's encryption data and source code By Vann Vicente March 6, 2022, 10:12 AM What just happened? Lapsus$, a hacking group that leaked confidential information from Nvidia just last week, has reportedly moved to a new target: Samsung. The hackers have claimed an attack that leaked 190GB of confidential information from the South Korean technology giant, including encryption data and source code for Samsung's most recent devices. The hackers behind the Nvidia security breach are setting their sights on the biggest tech companies in the world. Last week, South American hacker group Lapsus$ claimed to have perpetrated a major hacking attack on Nvidia, stealing over 1TB of information and holding it ransom. The Telegraph reported that Nvidia's internal systems were "completely compromised." On Saturday, the hackers leaked nearly 190GB of data from Samsung, subsequently publishing the files through torrent. This reportedly includes sensitive information that may be used to compromise Samsung devices. The publication vx-underground, which tracks information about malware across the web, tweeted a message that Lapsus$ released to their followers. It alleges that the hack includes "source code from every Trusted Applet installed on all Samsung devices" and "confidential source code from Qualcomm." The leak also purportedly includes the algorithms for biometric unlock operations and the source code for Samsung Accounts, a login service associated with Samsung's mobile devices. According to Bleeping Computer, the torrent has been shared by more than 400 peers, and includes a text file that describes the content available in the download: "Part 1 contains a dump of source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other items Part 2 contains a dump of source code and related data about device security and encryption Part 3 contains various repositories from Samsung Github: mobile defense engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smartthings, store)" The Nvidia hack was reported to be a ransom plot, with the hackers threatening to leak Nvidia's mining limiter bypass algorithm. Lapsus$ claimed that Nvidia hacked them back but maintained that they still had a copy of Nvidia's confidential data. Currently, there is no information about an extortion plot associated with the Samsung incident, with all files in the hack being released simultaneously. It is unknown if Lapsus$ has attempted to extort Samsung for a ransom. Samsung has yet to respond to the security breach.

Customers of consumer electronics retailer Audio House may have had their personal details, such as names and contact numbers, stolen by a hacking group that had allegedly hacked furniture retailer Vhive. Audio House told customers in an e-mail that it was alerted on Monday (May 31) that hacking group Altdos might have gained unauthorised entry into its servers. The group claimed to have accessed the retailer's membership database, stolen information from it and used the data to blackmail Audio House, the retailer added. The company is now working with the police and other authorities, as well as a team of Web experts, to ascertain if its servers had been breached and to what extent. The police confirmed a report was lodged and they are investigating the matter. Audio House told The Straits Times that its database contains information of about 180,000 customers, adding that Altdos had threatened the company through e-mails, which it has not responded to. It said Altdos had used fear tactics to pressure the company to pay it, as well as use Audio House as a case study to blackmail other firms in future. In previous hacking incidents, Altdos, operating mainly in South-east Asia, had stolen customer data from companies, blackmailed the compromised firm, leaked the data online when their demands were not met, and publicised the breaches. In the Audio House breach, the data that could have been stolen included members' names, e-mail addresses, home delivery addresses, contact numbers, credits with the company, and members' past sales transaction records. Audio House said all customer payment details and credit card information are handled by a third party payment gateway, so no credit card information was stored or possibly breached. "All our members' eCashback and credits are safely stored with us, and you will still be able to use them in your purchases with us," the firm said. The retailer added it had strengthened its firewall and the system's security after the incident, and had suspended its website temporarily to conduct more tests and the firewall upgrade. Apologising for the potential breach, Audio House advised customers who receive any spam e-mails from Altdos not to respond to it. The company also urged customers not to spread unverified information about the incident that could bolster the hacking group's efforts. Those who need help can contact Audio House. Personal data of 30,000 users of NTUC's e2i job services may have been breached 580,000 SIA KrisFlyer and PPS members affected by external data leak Altdos had previously claimed responsibility for hacking Vhive. The furniture retailer had said its server was hacked on March 23. Compromised information included customers' names, physical and e-mail addresses and mobile numbers, but did not include identification numbers or financial information, said the furniture retailer. In an e-mail to affected customers in early April, Altdos said it managed to hack into Vhive three times in nine days and claimed to have stolen information related to more than 300,000 customers and nearly 600,000 transaction records. The group said it would leak 20,000 customer records daily, until its demands to Vhive's management were met. Cyber-security experts had previously said personal details stolen by hackers could be used by cyber criminals to, among other things, send victims personalised phishing e-mails that would allow them to steal passwords or drop ransomware to lock up digital files until the crooks are paid. https://www.straitstimes.com/tech/tech-news/audio-house-customer-data-possibly-stolen-by-hackers

for the past few months I have been getting notifications from wechat that someone is logging into my account at a new device and I will be kicked out of my a/c if the login is successful. initially I thought maybe my wife's iPhone had logged into my a/c unknowingly on home wifi ... but since last night got samsung phone try to log into my a/c !! anyone also got this issue ?? these hackers damn free ... just whack only ... I only use wechat to communicate with my family ... nothing worth hacking also ... *I have both whatapps and wechat ... I know some may complain about privacy issues with wechat but its damn functional.

Looking forward to self driving autonomous vehicle in the near future ? Why wait ? You can now remotely hack someone's modern car via your 3G/4G cellnet into the vehicle's CANBUS network. Question is what are you going to do with it when empowered with that remote control. http://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/

35-year-old James Raj Arokiasamy has been charged under the Computer Misuse and Cybersecurity Act for carrying out suspected hack attacks. Lawyer M Ravi © shows the charge sheet for James Raj, the suspected "Messiah" hacker, to reporters outside the Subordinate Courts on Nov 12, 2013. (TODAY/Sion Touhig) SINGAPORE: A 35-year-old man has been charged with hacking the website belonging to Ang Mo Kio Town Council. James Raj Arokiasamy is accused of doing so from a unit in Dorchester Apartment at Jalan Sri Hartamas in Kuala Lumpur, Malaysia, on October 28 at about 1.35pm. He is said to have committed the offence by accessing the content management system of the town council and modifying the contents by adding the image of a Guy Fawkes mask to the website. James Raj is also said to have added a banner with the text: "I have been to various sites and seen how they take the initiative to secure their systems. You have a brain & you have money. You had a choice. Don't blame external factors (Anonymous) for this hack. The Messiah ;)". He also allegedly added a banner with a text stating that Member of Parliament Ang Hin Kee would like to resign from his post. Besides one charge under the Computer Misuse and Cybersecurity Act, James Raj also faces three prior drug charges, which have been amended. He is accused of consuming drugs on May 25, 2011. Earlier in court, the prosecution applied for the accused to be remanded at the Institute of Mental Health for psychiatric evaluation. It also asked for him to be further remanded thereafter to help with police investigations. The prosecution said James Raj had told the police that he suffers from attention deficit hyperactivity disorder, borderline disorder and has suicidal tendencies. It added that since investigations are still in the preliminary stages, no access should be granted to third parties. This request was met with strong objections by James Raj's lawyer, Mr M Ravi, who argued that so far, he has not had access to his client. He said such access should be granted after the accused is held for 48 hours and that denial would be a breach of the constitution. But the prosecution rebutted that under the law, an individual can be held as long as a 20-day period. Mr Ravi also asked the court for permission to speak with his client for five minutes, which was denied. The district judge has asked both parties to come back in the afternoon to sort out the matter. If convicted of hacking a website, an offender can be jailed up to three years and fined S$10,000. On a second or subsequent conviction, the maximum sentence is five years' jail and S$20,000 fine. For consuming drugs, James Raj is looking at 10 years' jail and a S$20,000 fine on each count. Hope this guy gets put away for a long long time...

Hacker trying to make PM look bad and SPF look incompetent?

A disgruntled former employee from a Texas car dealership apparently took out his frustrations on the company's customers by remotely immobilizing their cars. Over 100 people in the Austin area found their cars uncontrollably honking or completely disabled after the employee allegedly used an internet-based system to cause the problems. Police in Texas arrested Omar Ramos-Lopez, 20, on computer intrusion charges after investigating the complaints. Ramos-Lopez had been an employee at the Texas Auto Center until last month. "We initially dismissed it as mechanical failure," Texas Auto Center manager Martin Garcia was quoted as saying. "We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery." Texas Auto Center uses Webtech Plus to disable vehicles whose owners are behind on payments. The system connects to a small box installed under the dashboard, and allows the dealership to disable the ignition or trigger the horn. Running vehicles are not affected by the commands. The investigation was carried out by the Austin Police Department's High Tech Crime Unit. The incidents took place during the last week of February, when Ramos-Lopez allegedly used a former co-worker's account to access a customer database.

do they did this for fun? www.mazdaclubsg.org

Why Apple Can't Stop iPhone Hackers AT&T and Apple may face an uphill battle prosecuting hackers who untether the iPhone from the AT&T wireless network by Olga Kharif It sure sounds like a steal. On Aug. 31, George Hotz plans to trade in his iPhone for a metallic blue Nissan (NSANY) 350Z sports car and three brand-new iPhones. But the 17-year-old's device is no ordinary Apple phone. Hotz hacked his iPhone and unlocked it so that it can be used on a variety of cell-phone networks, becoming the first person known to have done so. The person buying Hotz's phone, Terry Daidone, believes he's the one getting the deal because Hotz has agreed to work for him at his cell-phone refurbishing company, CertiCell. Daidone says he doesn't plan to sell unlocked iPhones just yet. Rather, he says that he wants Hotz to teach CertiCell's technicians the secrets to unlocking other kinds of cell phones. But that could change