Tag Archives: breach

WiFi Finder app exposes 2 million network passwords!

“WiFi Finder” is a popular hotspot finder app that is used to locate free wifi spots nearby.  Unfortunately, the company utilized a database with minimal security to store information such as the Wi-Fi network name, its exact geolocation, its basic service set identifier (BSSID) and network password. All this data was stored in plain text. While the app developer claims the app only stores passwords for public hotspots, after a review of the data, countless home Wi-Fi networks were also discovered.

The biggest threat to free Wi-Fi security is the ability for the hacker to position himself between you and the connection point. So instead of talking directly with the hotspot, you’re sending your information to the hacker, who then relays it on. While working in this setup, the hacker has access to every piece of information you’re sending out on the Internet: important emails, credit card information and even security credentials to your business network. Once the hacker has that information, he can — at his leisure — access your systems as if he were you.

Utilizing free Wi-Fi in public locations is a major security risk, however, there may come a time when your only option is an unsecured, free, public WiFi hotspot, and your work simply cannot wait. If you must use public Wi-Fi there are a few steps you should take to stay safe (well….as safe as possible….because you shouldn’t use public Wi-Fi).

What to do:

  1.  Use a Virtual Private Network (VPN).
  2. Disable file sharing on your device.
  3. Log out of accounts when you are done.
  4. Only visit sites using HTTPS.
  5. Disable Wi-Fi auto-connect.
  6. Turn off Wi-Fi (and Bluetooth) when not in use.
  7. Access Web sites that do not hold sensitive or personally identifiable information (i.e. don’t do your banking while waiting for your flight).

While not all Wi-Fi is a security risk, without the right protection your personal information could become public information.

HSBC suffers major security breach as hackers launch cyber attack on bank’s servers

HACKING group OurMine claim they took down US and UK HSBC servers following a spate of cyber attacks on major tech firm bosses.


The hacking group announced details of the security breach on its website, including links to HSBC’s US and UK sites.

In a shock strike, the so-called security firm took the major bank’s UK and US servers offline on Tuesday.

In a statement, the cyber attackers wrote: “Hello Guys, today we checked HSBC Bank security, and their website was able to be attacked!, and now we took it down.

“If you are working on HSBC Bank, please contact us…we will stop the attack and we will let you know how to protect it from people attacks!”

BREACH: It is not know whether the hack caused any disruption for HSBC’s online customers

TARGETED: OurMine claims it can “help you with your accounts security”

By early Wednesday, HSBC’s U.S. and U.K. websites appeared to be working normally.

OurMine positions itself on its website as an account and company security firm. “We scan the whole company websites and staffs and give you the weaknesses and how to fix it,” it says.

Buzzfeed reports the company recently claimed to have attacked social media accounts of prominent CEOs in order to promote its business. One if its most prominent alleged attacks was in early June, when it claimed it took over Facebook CEO Mark Zuckerberg’s social media accounts. Since then, it claims to have also targeted accounts of the several CEOs including Google’s Sundar Pichai, Uber’s Travis Kalanick, and Twitter’s Jack Dorsey.

In December, it claimed it attacked WikiLeaks.

In a second post on Tuesday, the group announced it “stopped the attack” after “a staff of HSBC talked with us”.

It is not know whether the hack caused any disruption for HSBC’s online customers.

Daily Star Online has contacted HSBC for comment.

SECURITY BREACH: The group announced it “stopped the attack” after talking to the bank.

This seems to be an everyday occurrence in today’s “Digital Age”.  Make sure you change your passwords regularly….l.



Hackers would like to join your LinkedIn network – and you’d probably accept them


BELCHATOW, POLAND - APRIL 11, 2014: Photo of Linkedin social network homepage on a monitor screen.

Is that Linked contact really who they say they are?

Research demonstrates how a willingness to connect to strangers on LinkedIn might be putting your company at risk.

For many LinkedIn is a handy way of keeping up with old colleagues and maybe even finding a new job — and many think that the bigger their network of contacts, the better.

So if a contact request comes in from a recruiter, even one they had never heard of before, many might think there would be little harm in accepting.

But what if that wasn’t a recruiter, but rather a hacker using a fake profile in order to gain access to you, your contact details, and the rest of your network? In connecting you’ve potentially put yourself and your company at risk of being hacked, breached, or otherwise targeted by cybercriminals.

Certainly people are often more than willing to accept a request from a complete stranger to join their network on LinkedIn.

In fact, according to a survey of 2,000 people by cybersecurity researchers at Intel Security, nearly one quarter (24 percent) say they’ve connected to someone they don’t know on LinkedIn, thus potentially allowing hackers to access to a wealth of information which could be used for spear-phishing, malware drops, and other nefarious means.

“We’re opening ourselves up to the world without any real consideration with regards to who we’re allowing on our network,” Raj Samani, CTO of EMEA for Intel Security.

Once provided with access to a person’s network, malicious actors are able to gather data and research potential targets for attacks, potentially even eventually connecting up to senior executives and CEOs.

If a hacker successfully gains access to the contact details of an executive, they could potentially use the trust associated with someone in a senior position to carry out fraud and other criminal activities.