Tag Archives: hackers

Binance Smart Chain Halts After $100M Crypto Theft!

Binance Smart Chain Halts After $100M Crypto Theft!

Binance just shut down its blockchain, after getting hacked and losing over $100 million in crypto coins!

The shutdown prevented an even bigger loss of $566 million, but it defeated a key purpose of the blockchain – decentralisation.

 

Binance Smart Chain Halts After $100M Crypto Theft!

On Thursday, 6 October 2022, Binance Smart Chain was hit by a hacker who targeted 2 million Binance coins (BNB) worth $566 million.

The attack appeared to have started at around 2:30 PM EST, with the attacker’s wallet receiving two transactions of 1 million BNB coins.

Soon after that, the hacker tried to liquidate the BNB coins into other assets, by using a variety of liquidity pools.

Binance acknowledged the security incident several hours later, at 6:19 PM, and halted the BNB Smart Chain.

AT 7:51 PM EST, Binance CEO Changpeng “CZ” Zhao confirmed that an exploit was used in the BSC Token Hub to transfer the BNB coins to the attacker, and that they asked all validators to temporarily suspend the Binance Smart Chain. He also claimed that the funds are safe.

An exploit on a cross-chain bridge, BSC Token Hub, resulted in extra BNB. We have asked all validators to temporarily suspend BSC. The issue is contained now. Your funds are safe. We apologize for the inconvenience and will provide further updates accordingly.

 

Binance Smart Chain Almost Lost $566 Million!

The majority of the 2 million BNB coins worth $566 million remained on the BNB Smart Chain, and was made inaccessible to the hacker, after BSC was shut down.

This is rather ironic since blockchains like BSC are supposed to be decentralised, and not meant to be so easily turned off – a fact BNB Chain acknowledged.

Decentralized chains are not designed to be stopped, but by contacting community validators one by one, we were able to stop the incident from spreading. It was not that easy as BNB Smart Chain has 26 active validators at present and 44 in total in different time zones. This delayed closure, but we were able to minimize the loss.

Even so, a BNB Chain spokesperson later confirmed that about $100 to $110 million in funds were taken off the Binance Smart Chain, and CZ said that the impact was about a quarter of the last BNB burn.

Of the funds taken off-chain, BNB Chain was able to freeze about $7 million with help from their partners in the cryptocurrency community.

So far, about $2 billion has been lost in crypto hacks in 2022, with cross-chain bridges used to transfer tokens across blockchains a popular target.

BNB Chain said that it would introduce a new on-chain governance mechanism to fight and defend against future possible attacks.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Money | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

How To Turn On Two-Step Verification In Telegram!

Find out WHY you should turn on two-step verification in Telegram, and HOW to do that!

 

Why You Should Turn On Two-Step Verification In Telegram?

Two-Step Verification is a feature that protects your Telegram account from being hijacked by hackers and scammers.

It blocks illegal takeover of Telegram accounts, by requiring a secret password that only you know. And it lets you recover your account via email.

This prevents hackers or scammers from taking over your Telegram account, even if you accidentally share with them the login code.

Read more : Beware Of Telegram Screenshot Hack + Scam!

 

How To Turn On Two-Step Verification In Telegram!

In this guide, I will share with you how to turn on two-step verification in Telegram.

Step 1 : Open Telegram.

Step 2 : Go to Options > Settings > Privacy and Security.

Step 3 : Tap on the Two-Step Verification option.

Step 4 : In the Two-Step Verification screen, tap on the Set Password option.

Step 5 : Key in your preferred password, which can be any combination of capital or small letters and numbers.

Step 6 : You will need to key the same password again, to confirm it.

Step 7 : Next, you can create a hint to remind you of your password. This is optional, and you can skip it if you prefer.

But if you key one in, the hint will be displayed whenever you are asked to key in the password in the future.

Step 8 : After that, you will have the option of adding a Recovery Email address, just in case your account is hijacked.

This is optional as well, but I highly recommend you add a recovery email, which is simply the email address you use.

Step 9 : If you entered a Recovery Email address, Telegram will now send you an email with a 6-digit code to verify that email address.

Step 10 : Look for the Telegram verification code email, and key in the 6-digit verification code.

That’s it! You’re done! From now on, you will be required to key in the password whenever you log into a new device.

This will prevent hackers / scammers from taking over your account, even if you accidentally give them the Login code you receive by SMS.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

FBI + MI5 Issue Joint Warning On Chinese Spying!

The FBI and MI5 just issued a joint warning about economic spying and hacking operations by the Chinese government!

Here is what you need to know…

 

FBI + MI5 Issue Joint Warning On Chinese Spying!

On July 7, 2022, FBI Director Christopher Wray joined MI5 Director General Ken McCallum at the MI5 London headquarters to issue a joint warning about Chinese spying and cyberattacks.

Ken McCallum said that MI5 was running seven times as many investigations into China, as it had just four years ago. He also said that MI5 planned to double that to tackle the widespread attempts.

Christopher Wray, on the other hand, stressed that the FBI had substantially increased its investigations into China, and is currently managing about 2,000 problems, and opening about two counterintelligence cases every day.

The Chinese government is set on stealing your technology – whatever it is that makes your industry tick – and using it to undercut your business and dominate your market.

Maintaining a technological edge may do more to increase a company’s value than would partnering with a Chinese company to sell into that huge Chinese market, only to find the Chinese government and your partner stealing and copying your innovation.

Both McCallum and Wray alleged that the Chinese government is engaged in a “coordinated campaign” to “cheat and steal [technology] on a massive scale“.

They also stressed that China’s hacking programme dwarfs that of any other major country, and that it has a global network of intelligence operatives.

 

FBI + MI5 : China Also Preparing To Shield From Sanctions

Even more worrying is the fact that China is working to shield its economy from any future sanctions, obviously learning from how the West punished Russia for invading Ukraine.

This suggests that China is at least preparing for the possibility, if not the eventuality, of insulating its economy from potential sanctions, should it attack Taiwan.

Wray said that China is “trying to cushion themselves from harm if they do anything to draw the ire of the international community”, and that the Chinese government is pressuring Western businesses not to criticise Beijing or its policies.

He declined to say whether an invasion of Taiwan has become more likely due to these measures, but warn that Western investments in China could be similarly impacted by such a conflict.

Just as in Russia, Western investments built over years could become hostage, capital stranded. Supply chains and relationships disrupted.

Wray also shared that the Chinese government had directly interfered in a New York congressional election, because they did not want a candidate who was a critic and a former Tiananmen Square protestor to be elected.

China has for far too long counted on being everybody’s second-highest priority. They are not flying under the radar anymore.

Both Wray and McCallum said that the intention of the joint address was to “send the clearest signal” to the Chinese Communist Party (CCP), because if China decides to invade Taiwan, it would cause “one of the most horrific business disruptions the world has ever seen“.

Read more : US Mil Contractor Admits Selling Aviation Secrets To China!

 

FBI + MI5 : Examples Of Chinese Spying

McCallum shared some specific cases of Chinese spying activities that MI5 detected and thwarted.

Covert Theft

Late last year Chinese intelligence officer Shu Yenjoon was convicted in a US court on charges of economic espionage and theft of trade secrets from the US aviation sector.

Shu was active in Europe too: he’d been part of a prolific Ministry of State Security network targeting the aerospace sector.

MI5 worked with those being targeted in the UK to mitigate the risks until the FBI action could solve the problem for both of us.

Tech Transfer

Clandestine espionage methodology isn’t always necessary. Take the tale of Smith’s Harlow, a UK-based precision engineering firm. In 2017 Smith’s Harlow entered into a deal with a Chinese firm, Futures Aerospace. The first of three agreed technology transfers saw Futures pay £3m for quality control procedures and training courses.

You know how this ends: after further sharing of valuable IP, Futures abandoned the deal. Smith’s Harlow went into administration in 2020. As their Chairman put it: “They’ve taken what they wanted and now they’ve got it, they didn’t need the shell of Smith’s”.

Information Advantage

The CCP doesn’t just use intelligence officers posing as diplomats in the classic fashion. Privileged information is gathered on multiple channels, in what is sometimes referred to as the ‘thousand grains of sand’ strategy.

In Germany a retired political scientist and his wife who together ran a foreign policy think tank passed information to the Chinese intelligence services for almost ten years.

In Estonia a NATO maritime scientist was convicted for passing information to his Chinese handlers, who claimed to be working for a think tank.

Cultivating New Contacts

The deceptive use of professional networking sites is well known. Seemingly flattering approaches turn into something more insidious – and damaging.

In one example a British aviation expert received an approach online, ostensibly went through a recruitment process, and was offered an attractive employment opportunity. He travelled twice to China where he was wined and dined. He was then asked – and paid – for detailed technical information on military aircraft. The ‘company’ was actually run by Chinese intelligence officers.

Read more : China Should Worry About Russia Invading Ukraine!

 

Chinese Response To FBI + MI5 Spying Allegations

Chinese government officials naturally rejected spying allegations by the FBI and MI5.

A spokesman for the Chinese embassy in Washington, Liu Pengyu, called the accusations groundless and said that China “firmly opposes and combats all forms of cyber-attacks“, and would “never encourage, support or condone cyber-attacks“.

His statement also said that the Taiwan issue was “purely China’s internal affair” and that there was “no room for compromise or concession“. It also said that China “will strive for the prospect of peaceful reunification with utmost sincerity and efforts“, but noted that China would “reserve the option of taking all necessary measures in response to the interference of foreign forces“.

Chinese foreign ministry spokesperson Zhao Lijian did not address the claims directly, but accused the United States of being the real danger instead.

The relevant US politician has been playing up the so-called China threat to smear and attack China. Facts have fully proven that the US is the biggest threat to world peace, stability and development.

We urge this US official to have the right perspective, see China’s developments in an objective and reasonable manner and stop spreading lies and stop making irresponsible remarks.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | EnterpriseTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did Hackers Release Pfizer + Moderna Vaccine Death Data?!

Did hackers just crack the Pfizer and Moderna servers, and publicly released the hidden vaccine death data that they stole?!

Take a look at the viral claim, and find out what the facts really are!

 

Claim : Hackers Stole, Released Pfizer + Moderna Vaccine Death Data!

People are sharing links to articles that claim that hackers just stole and released vaccine death data from Pfizer and Moderna servers!

Here is an example, which is rather long, so feel free to skip to the next section for the facts!

GOOD NEWS!!!! Hackers broke into all the pharmaceutical companies and stold all the medial data on vaccines thank God!!!! The Great Awaking has lifted off!!! Forward this link everywhere!!!!

**Displays number of deaths and disabilities associated with each batch/lot number = indication of relative toxicity of one batch/lot compared to another
**No one currently knows the reason why some batches/lots are associated with excessive deaths, disabilities and adverse reactions (up to 50 x). Until we do know, it is best to be cautious
**[“Batch-code” = “Lot Number” = the number they write on your vaccination card.]

 

Truth : Hackers Did Not Steal / Release Pfizer + Moderna Vaccine Death Data!

This is yet another example of FAKE NEWS created and promoted by disinformation websites like Before It’s News, How Bad Is My BatchBest News Here, and here are the reasons why…

Fact #1 : Pfizer + Moderna Servers Were Not Hacked

Those websites falsely claimed that hackers broke into Pfizer and Moderna servers, and stole their (hidden) vaccine death data.

There is no evidence the Pfizer and Moderna servers were ever hacked, or had any data stolen.

Fact #2 : All Data Are Publicly Available

Despite claiming at the start that the data provided in the website was stolen from Pfizer and Moderna servers, the article ends with a statement that all of the data was really sourced from VAERS.

Data Source
• All data is sourced from VAERS, a public database of over 700,000 adverse reaction reports for Moderna, Pfizer and Janssen Covid 19 vaccines in the USA. 
Our intention is to present the VAERS data in an accessible and unadulterated form, that can be easily verified using the links below

In other words – they falsely claimed that the data was provided by hackers who broke into Pfizer and Moderna servers. The data were all from VAERS, which is publicly available.

Fact #3 : VAERS Data Cannot Be Used As Evidence

Like the British Yellow Card system, VAERS is an open reporting system that lets ANYONE from ANYWHERE file a report, without verification.

VAERS reports are not only easily faked, they are easily abused, which why the CDC explicitly warned that :

  • Reports may include incomplete, inaccurate, coincidental and unverified information.
  • The number of reports alone cannot be interpreted or used to reach conclusions about the existence, severity, frequency, or rates of problems associated with vaccines.

But anti-vaccination activists and disinformation websites LOVE to use VAERS, because they can easily manipulate the reports to create a fake narrative.

Read more : Here’s How Antivaxxers Create Fake News Using VAERS!

Fact #4 : Pfizer + Moderna Released Their Data In 2020

Both Pfizer and Moderna submitted data from their COVID-19 vaccine clinical trials to health authorities across the world, like the US FDA and EMA in Europe in November 2020.

The release of clinical trial data, which would include post-vaccination adverse events, is necessary for any health authority to approve their vaccines.

The US FDA released the briefing documents Pfizer and Moderna submitted to the Vaccines and Related Biological Products Advisory Committee (VRBPAC) in December 2020 :

Fact #5 : FDA Started Releasing Pfizer Documents In 2021

On 27 August 2021, a group that called themselves Public Health and Medical Professionals for Transparency (PHMPT) filed a Freedom of Information Act (FOIA) request with the US FDA to gain access to all of their documents related to the Pfizer COVID-19 vaccine.

The US FDA started releasing the Pfizer documents on 17 November 2021. They were then ordered by US District Judge Mark Pittman to speed up the release of those documents on 6 January 2022.

As of 2 May 2022, the US FDA had already released 238 documents related to the Pfizer COVID-19 vaccine, containing thousands of pages.

Read more : Did Pfizer Try To Hide 158K Vax Adverse Events For 75 Years?

Fact #6 : Before It’s News Is Known Fake News Website

Before It’s News is known for creating and spreading fake news – not just misinformation, but also disinformation about everything from MH17 conspiracy theories to anti-vaccination claims.

Everything posted by Before It’s News must be considered FAKE NEWS, until proven otherwise.

Please help us FIGHT FAKE NEWS by sharing this fact check article out!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Science | Fact CheckTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Can Hackers Use Good Morning Greetings To Hack You?

Can hackers use Good Morning videos, pictures and messages to hack your devices, and steal your data?

Find out what is happening, and what the FACTS really are!

 

Claim : Hackers Are Using Good Morning Messages To Hack You!

This post about Chinese hackers using Good Morning videos, pictures and messages to hack your devices, keeps going viral on social media and WhatsApp.

It’s a long message, so just skip to the next section for the facts!

Dear friends, please delete all welcome photos and videos in Good Morning format and the like. Read below the article to the end, which will be clear why I ask about it. From now on I will only send personally prepared greetings.

Read it all !!! Send this message urgently to as many friends as you can to stop the invasion.

Olga Nikolaevna Lawyer: Caution:

ATTENTION

For those who like to send Good Morning pictures! Good day! Good evening!

Do not send these “good” messages.

Today, Shanghai China International News sent SOS to all subscribers (this is the third reminder) that experts recommend: please do not send good morning, good night, pictures and videos,.

 

Truth : Good Morning Greetings Not Being Used To Hack You!

Many of us get spammed with Good Morning or Good Night messages every day from family and friends.

While they often clog up Facebook, Telegram and WhatsApp groups, they really do NOT allow hackers to hack your devices.

Here are the reasons why Good Morning messages are very irritating, but harmless…

Fact #1 : Shanghai China International News Does Not Exist

The news organisation that was claimed to be the source of this warning – Shanghai China International News –  does not exist!

Fact #2 : Good Morning Greetings Not Created By Hackers

Hackers (from China or anywhere else) have better things to do than to create these Good Morning pictures and videos.

They are mostly created by websites and social media influencers for people to share and attract new followers.

Fact #3 : No Fraud Involving Good Morning Messages

There has been no known fraud involving Good Morning or even Good Night messages, videos or pictures.

Certainly, half a million victims of such a scam would have made front page news. Yet there is not a single report on even one case…. because it never happened.

Fact #4 : Image-Based Malware Is Possible, But…

Digital steganography is a method by which secret messages and other data can be hidden in digital files, like a photo or a video, or even a music file.

It is also possible to embed malicious code within a Good Morning photo, but it won’t be a full-fledged malware that can execute by itself.

At most, it can be used to hide the malware payload from antivirus scanners, which is pretty clever to be honest…

Fact #5 : Image-Based Malware Requires User Action

In January 2019, cybercriminals created an online advertisement with a script that appears innocuous and would pass any malware check.

However, the image itself has an “almost white” rectangle that is recognised by the script, triggering it to redirect the user to the cybercriminals’ website.

Once there, the victim is tricked into installing a Trojan disguised as an Adobe Flash Player update.

Such a clever way to bypass malware checks, but even so, this image-based malware requires user action.

You cannot get infected by the Trojan if you practice good “Internet hygiene” by not downloading or installing anything from unknown websites.

Fact #6 : Malicious Code Executes Immediately

If you accidentally download and trigger malware, it will execute immediately. It won’t wait, as the hoax message claims.

Deleting Good Morning or Good Night photos or videos will free up storage space in your phone, but it won’t prevent any malware from executing.

There is really no reason for malware to wait before it infects your devices. Waiting will only increase the risk of detection.

Whether the malware serves to take over your device, steal your information or encrypt it for ransom, it pays to do it at the first opportunity.

Now that you know the facts, please SHARE this article with your family and friends!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Did 13 Yr Sun Jisu Hack Facebook, WhatsApp, Instagram?

Did the 13 year-old Chinese hacker, Sun Jisu, hack Facebook, WhatsApp and Instagram, causing them to fail for more than 6 hours?

Take a look at the new viral claim, and find out what the FACTS really are!

 

Claim : 13 Year-Old Sun Jisu Hacked Facebook, WhatsApp, Instagram!

On 4 October 2021, Facebook and ALL of its messaging and social media platforms went down for about six hours, including Messenger, WhatsApp and Instagram!

Some websites and people on Twitter and Facebook started claiming that the failure was due to a 13 year-old Chinese hacker called Sun Jisu / Sun Ji Su / Sun Jiso / Sun Ji Soo.

There are quite a number of these claims, so just SKIP to the next section for the facts!

International media claimed that “China” was behind the suspension of social media services in the world.

According to Reuters, a Chinese hacker named “Sun Jisu” is responsible for stopping the services of “Facebook”, “WhatsApp” and Instagram, and added that the Chinese hackers are only 13 years old.

The Chinese hacker “Sun Ji Su” has topped the famous search engines and Twitter platforms during the past minutes, after disabling WhatsApp, Instagram and Facebook today 2021 in all countries of the world, amid questions among activists about the details of this information.

 

Truth : Sun Jisu Doesn’t Exist, Did Not Hack Facebook, WhatsApp, Instagram!

The truth is – this is just fake news created by fake news / clickbait websites to go viral and get money through ads.

Here are the reasons why…

Fact #1 : International Media Did Not Blame China

No mainstream media blamed China for the bizarre 6-hour downtime of Facebook, WhatsApp, Instagram and Messenger.

Practically all of them referred to cybersecurity specialists who pointed at DNS failure as the most likely cause, not a state actor like China.

Clickbait / fake news websites intentionally added that false claim to “trigger” Chinese netizens and Sinophiles to share their fake news.

Read more : US Refused WHO Investigation Of Fort Detrick For COVID-19?

Fact #2 : Reuters  + NYT Did Not Report On Any Chinese Hacker

Reuters did not report that a 13 year-old Chinese hacker called Sun Jisu was responsible for the bringing down Facebook, WhatsApp, Instagram and Messenger.

Neither did the New York Times write about a 13 year old hacker attacking Facebook.

These are complete lies that are easily verified with a quick check on the Reuters and New York Times websites.

Fact #3 : 13 Year-Old Sun Jisu / Sun Ji Soo Does Not Exist

There is no 13 year-old Chinese hacker called Sun Jisu / Sun Ji Su / Sun Ji So / Sun Ji Soo. He does NOT exist.

In addition, Sun Jisu / Sun Ji Soo is a Korean name, not Chinese. This is a mistake that a non-Asian person would make.

Fact #4 : That Was An Old Picture Of Wang Zhengyang

The fake news websites used a picture of Chinese hacking prodigy, Wang Zhengyang, speaking at the 2014 Chinese Internet Security Conference.

Wang Zhengyang was 13 year-old at that time, and would be 20 years old this year – 2021. Here are two more pictures of him speaking at that event.

Wang Zhengyang at 2014 Chinese Internet Security Conference

Fact #5 : Facebook Services Were Brought Down By Configuration Changes

Facebook services were not brought down by a hacker, but configuration changes their own engineering team initiated internally.

Facebook’s Vice-President of Infrastructure, Santosh Janardhan, confirmed that “configuration changes” on their “backbone routers” caused the 6-hour long failure.

Our engineering teams have learned that configuration changes on the backbone routers that coordinate network traffic between our data centers caused issues that interrupted this communication. This disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt.

He also asserted that it was a faulty configuration change, and no user data was compromised.

Our services are now back online and we’re actively working to fully return them to regular operations. We want to make clear at this time we believe the root cause of this outage was a faulty configuration change. We also have no evidence that user data was compromised as a result of this downtime.

Read more : Why Facebook, Messenger, WhatsApp, Instagram Went Down!

Fact #6 : Access Problems Were Caused By Same Servers

Facebook run their internal systems through the same servers, so they became inaccessible when those servers were taken offline.

This included security systems that controlled the fob door locks, with a New York Times reporter tweeting that Facebook staff were unable to gain access to an unspecified office using their keycards.

However, many Facebook staff are working from home due to COVID-19 precautions, so this was only a big problem for engineers trying to gain access to the Facebook data centre in Santa Clara, California.

At no time was this security issue caused by a hacker. It was due to the same servers that went offline.

Read more : Why Facebook, Messenger, WhatsApp, Instagram Went Down!

Now that you know the truth, please SHARE this fact check with your family and friends!

Also, please STOP SHARING fake stories created by fake news / clickbait websites!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | Software | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

CD PROJEKT RED Hack : Source Codes + Docs Stolen!

CD PROJEKT RED just had their source codes and internal documents stolen in a MAJOR HACK, and they may all end up being leaked!

 

CD PROJEKT RED Hack : Source Codes Stolen, Servers Encrypted!

On 9 February 2021, CD PROJEKT RED announced that their data – including source codes and internal documents – were stolen in a hack, and could possibly be leaked.

Their servers were also encrypted in a secondary ransomware attack by the same hackers, but they had backups of the encrypted data.

CD PROJEKT RED publicly ruled out negotiating with the hackers, or giving in to their demands.

This would likely mean that their source codes and internal documents will eventually be released publicly by the hackers.

The only silver lining – CD PROJEKT RED noted that they do not have any evidence that the personal data of their employees were accessed or stolen.

 

CD PROJEKT RED Hack : The Hackers’ Threats

According to the ransom note left on their servers, the hackers stole :

  • FULL source codes for Cyberpunk 2077, Witcher 3, GWENT and the unreleased version of Witcher 3.
  • ALL of their internal documents on accounting, administration, legal, HR, investor relations and more

They also encrypted all of their CD PROJEKT RED’s servers, but acknowledged that they would most likely recover the data from their backups.

The hackers are giving the CD PROJEKT RED team 48 hours to contact them to negotiate.

If there is no agreement, they threaten to sell or leak the source codes, and release their internal documents to the media.

They claim that the internal documents will make CD PROJEKT RED look bad, causing their stock prices to fall and their investors will lose trust in them.

 

CD PROJEKT RED : Official Statement On Hack

This is the official statement by CD PROJEKT RED on the hack :

Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.

An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.

We will not give in to the demands nor negotiate with the factor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.

We are still investigating the incident, however at this t time we can confirm that – to the best of our knowledge – the compromised systems did not contain any personal data of our players or users of our services.

We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate the incident.

 

Recommended Reading

Go Back To > Cybersecurity | Games | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


How Hackers Attack Healthcare During COVID-19 Pandemic!

Even during the COVID-19 pandemic, hackers have been attacking the healthcare system already buckling under pressure.

Take a look at the first part of a newly-released documentary on how hackers are attacking the healthcare system, and what it means for us and the world!

 

How Hackers Attack Healthcare During COVID-19 Pandemic!

Cybercriminals and state-sponsored hackers do not care that almost a million people have died from COVID-19. In fact, they see the pandemic as an opportunity.

Over the last few months, the creators of this documentary spoke to hospitals, law enforcement agencies, health organisations and research centres across the world, to understand how they are coping with increased cyberattacks and malware.

This particular feature was directed by Didi Mae Hand, and produced by Max Peltz.

 

Hackers Increased Attacks On Healthcare During COVID-19 Pandemic

The documentary reveals a shocking surge in cyberattacks on healthcare systems during the COVID-19 pandemic. The World Health Organisation (WHO), for example, reported a 5X increase in cyberattacks on its systems since March 2020.

State-sponsored hackers are mainly looking for biodata, including research on COVID-19 vaccines. Meanwhile, cybercriminals are capitalising on the fact that hospitals may be more willing than usual to pay a ransom.

For example, the Brno University Hospital, which was responsible for running a big share of COVID-19 testing in the Czech Republic, was held to ransom and forced to shut down its IT network at a critical time.

Fortunately, the surge in cyberattacks was met with an incredible response by the cybersecurity community. Some 3000 cybersecurity volunteers created the CV19 group to provide hospitals and healthcare institutions with free support to protect their systems.

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


AMD GPU Source Code Hack : What’s Going On?

In case you missed it, AMD suffered a massive cybersecurity breach, losing the source codes to their Navi 10, Navi 21 and Arden GPUs in a hack!

Here is a summary of how the hack went down, and what this could mean for AMD and their partners…

 

AMD GPU Source Code Hack : A Quick Summary

A hacker managed to get her hands on AMD source codes for current and future graphics products, and has apparently tried to blackmail AMD.

After that failed, she leaked some of the source codes on Github, and threatened to release everything if she does not find a buyer.

The hacker recently leaked some of the source codes on Github, which was quickly removed after AMD issued a DMCA notice.

She has treated to release all of the stolen source codes, if she does not find a buyer for them,.

 

AMD GPU Source Code Hack : The Timeline

November 2019

A hacker called Palesa hacked into an unprotected computer / server, where she found and downloaded AMD source codes, which were determined to be for :

  • the current Navi 10 GPU (based on RDNA)
  • the upcoming Navi 21 GPU (based on RDNA 2), as well as
  • the Arden SoC for the Microsoft Xbox Series X console.

The source code was unexpectedly achieved from an unprotected computer / server through some exploits.

I later found out about the files inside it. They weren’t even protected properly or even encrypted with anything which is just sad.

Palesa told TorrentFreak that she valued the source codes at $100 million, but did not reveal how she came to that mind-blowing valuation.

Credit : WCCFTech

December 2019

Palesa contacted AMD, allegedly to blackmail them into paying for the return of the source codes.

Mid-March 2020

Rumours started circulating that a hacker obtained the source codes for Navi 10, Navi 21 and Arden.

24 March 2020

AMD discovered that some of the source codes were uploaded to the new xxXsoullessXxx repository on Github, as the project called AMD-navi-GPU-HARDWARE-SOURCE.

They issued a DCMA notice, notifying Github that, “This repository contains intellectual property owned by and stolen from AMD.” and that “The original IP is held privately and was stolen from AMD.

Github took down that repository, as well as four other repositories that AMD later identified as forks :

25 March 2020

When contacted by TorrentFreak, Palesa said that she will leak all of the stolen source codes if she does not get a buyer for them :

If I get no buyer I will just leak everything.

AMD issued this statement on the theft of their graphics IP :

At AMD, data security and the protection of our intellectual property are a priority. In December 2019, we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products, some of which were recently posted online, but have since been taken down.

While we are aware the perpetrator has additional files that have not been made public, we believe the stolen graphics IP is not core to the competitiveness or security of our graphics products. We are not aware of the perpetrator possessing any other AMD IP.

We are working closely with law enforcement officials and other experts as a part of an ongoing criminal investigation.

 

AMD GPU Source Code Hack : What Was Leaked So Far?

According to WCCFTech who spoke to people who have vast experience with Verilog, and viewed those source codes, this was what was leaked so far :

  • Partial Verilog files that are typically used in the construction of processors.
  • The Verilog files in question represent a single and isolated function(s) on the GPU – NOT the whole/actual GPU blueprint.
  • Based on the leaker’s screenshots, the files not yet leaked are more of the same and also nowhere close to being a complete “source code”.
  • These Verilog files are built on a proprietary schematic that is only compatible with AMD’s internal design language (in other words, these are going to be close to useless to a third party).

 

AMD GPU Source Code Hack : The Implications

From what those experts told WCCFTech, the leaked source codes :

  • cannot be used to design or reverse engineer any of the three GPUs.
  • cannot be used to easily determine product specifications
  • cannot be used to bypass security features on AMD GPUs, although they may reveal vulnerabilities that can be exploited
  • does not contain any “crown jewel” IP

That said, their opinions are based on what was leaked so far. It is possible that Palesa may have at lot more that she has not revealed.

But considering the fact that she took the step of leaking some source code, they are likely not useful or important enough to be worth the trouble, especially now that a criminal investigation is underway.

What this leak has likely achieved is put a target on Palesa’s back, cause some embarrassment to AMD, and force them to relook at their cybersecurity measures and protocols.

 

Recommended Reading

Go Back To > Cybersecurity | Computer | Software | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Microsoft : Cybersecurity Trends + How To Stay Safe In 2020!

As part of Safer Internet Day (SID), Antony Cook from Microsoft shared the key cybersecurity trends in 2020, and how we can stay safe against those dangers.

Even if we are experienced techies, it is enlightening to find out what Microsoft believes are the cybersecurity threats that we should be looking out for in 2020.

 

Microsoft : Key Cybersecurity Trends In 2020!

Cybersecurity Trend #1 : Less Ransomware But More Attacks

Ransomware has declined in recent years, dropping more than 60% from its peak. But Microsoft sees a rise in other types of cyberattacks.

Attackers have learned that ransomware attracts too much attention from law enforcement, and organisations have gotten better at backing up their data.

So hackers are moving onto other activities like cryptocurrency malware and phishing, where they can more easily profit with less attention.

Cybersecurity Trend #2 : Mining Malware Will Be Big!

Attackers are often acting for financial benefit, so they will make big bets on cryptocurrency, especially in Bitcoin.

They will focus more on mining malware that lets them use your computer to mine cryptocurrency coins without being detected.

Coin mining software is easily available, and cybercriminals have put malware into many widely-shared and used software. They are also trying to inject these malware through websites illegally streaming copyrighted content like the latest movies.

Cybersecurity Trend #3 : Embedded Threats

Attackers are now more sophisticated, targeting legitimate and trusted software supply points to deliver malware. There have been many examples of this attack vector :

  • a routine update for a tax accounting application,
  • popular freeware tools which have backdoors forcibly installed,
  • a server management software package,
  • an internet browser extension or site plugin,
  • malicious images which active scripts when clicked,
  • peer-to-peer applications

In those cases, attackers were able to change the code of legitimate software that people trust and install without hesitation, allowing them to “hitch a ride”.

This attack vector is very dangerous and frustrating, because it takes advantage of the trust that consumers and IT departments already have for legitimate software.

Cybersecurity Trend #4 : Phishing Scams

Phishing continues to be one of the most effective ways to compromise systems, because it targets human decisions and judgment.

Microsoft noted that the percentage of inbound emails that were detected as phishing messages increased 250% throughout 2018, and they expect the final figures for 2019 to show the same trend.

 

Microsoft : How To Stay Safe In 2020!

Here is a summary of what Microsoft believes we should do to stay safe online against cybersecurity threats in 2020 :

Cybersecurity Tip #1 : Practice Good Security Hygiene

  1. Keep your operating system and software updated.
  2. Turn on email and browser protections.
  3. Apply the cybersecurity configurations that your hardware and software vendors recommend.
  4. Stay away from any unfamiliar software or websites.
  5. Use only legitimate software, and not just your key applications.

Cybersecurity Tip #2 : Implement More Access Controls

System administrators should implement more access controls, using Zero Trust or at least privilege models.

This will limit hackers that successfully break into your network from accessing more than a segment.

Cybersecurity Tip #3 : 3-2-1 Backup!

Make sure you create and keep backups, and the cloud is a great tool for this.

Microsoft recommends adhering to the 3-2-1 rule – keep three backups of your data on two different storage types, with at least one backup offsite.

Cybersecurity Tip #4 : Keep Vigilant!

Even if we implement strong cybersecurity measures, we must remain vigilant, and keep an eye out for suspicious activity.

Not just system administrators, but users as well. If you see anything suspicious – report it to your IT department immediately.

It can be anything from a sudden slowdown in your computer’s performance, to strange web pages and images appearing.

 

Recommended Reading

Go Back To > Computer SystemsHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Sophos Global Report : Cyberattacks On Cloud Honeypots!

Sophos has just released their global report – Exposed: Cyberattacks on Cloud Honeypots with very alarming findings for servers worldwide! Get the full details and find out what this means for your business and IT operations!

 

Cyberattacks On Cloud Honeypots

A cloud honeypot is a cloud-based system set up to resemble targets of cybercriminals. When attached, they enable security experts to study the cyberattacks.

During the course of the study, Sophos had set up honeypots in 10 most popular Amazon Web Services (AWS) centers in the world like :

[adrotate group=”2″]
  • California
  • Frankfurt
  • Ireland
  • London
  • Mumbai
  • Ohio
  • Paris
  • Sao Paolo
  • Singapore
  • Sydney

 

Cyberattacks On Cloud Honeypots Report Findings

During the 30 day period, Sophos reported:

  • A cloud honeypot that was set up in Brazil was attacked a mere 52 seconds after it went live.
  • Cloud servers were attacked an average 13 times per minute.
  • More than 5 million attacks were attempted on the network of honeypots in the 30 day period

This data sends a very chilling warning to every company worldwide of the real danger cyberattackers/cybercriminals present.

Cybercriminals are constantly scanning for weak and vulnerable open cloud buckets. They are the points of entry into servers or other networks.

“The Sophos report, Exposed: Cyberattacks on Cloud Honeypots, identifies the threats organizations migrating to hybrid and all-cloud platforms face.

The aggressive speed and scale of attacks on the honeypots shows how relentlessly persistent cybercriminals are and indicates they are using botnets to target an organization’s cloud platforms.

In some instances, it may be a human attacker, but regardless, companies need a security strategy to protect what they are putting into the cloud,” said Matthew Boddy, security specialist, Sophos.

“The issue of visibility and security in cloud platforms is a big business challenge, and with increased migration to the cloud, we see this continuing.”

 

Recommended Reading

Go Back To > Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!