Oliver Hough – WindowsTechs.com

PasteBin just made it easier for hackers to avoid detection, researchers say

Posted on April 16, 2020 by Jeff Stone

A policy change at a seemingly innocuous website could make it more difficult to stop hackers, according to information security experts who track malicious software in the wild. PasteBin, a text repository where developers share internet code, said on Wednesday it has discontinued a service that charged users a $50 one-time fee to search the site for new data. Researchers had used the scraping API to scour PasteBin for cybercriminal activity, as hackers frequently posted stolen personal data and malicious code to the site. PasteBin has a lot of legitimate activity, including posts about software tests and blocks of banal code meant for cryptographic network protocols. The malicious activity makes up a fraction of the content, and is difficult to identify without scraping capabilities because of the construction of the site. A number of Twitter feeds, like @ScumBots and @leak_scavenger, were dedicated to catching malicious uploads early, and then distributing details early […]

The post PasteBin just made it easier for hackers to avoid detection, researchers say appeared first on CyberScoop.

Continue reading PasteBin just made it easier for hackers to avoid detection, researchers say→

Dating app Jack’d fined $240K for leaving private photos up for a year

Posted on July 2, 2019 by Lisa Vaas

The company behind the gay dating app left users’ private photos online for a year in spite of knowing about the security bugs.

Continue reading Dating app Jack’d fined $240K for leaving private photos up for a year→

Instagram data from 14 million profiles found in insecure database, researcher says

Posted on February 8, 2019 by Jeff Stone

Information about more than 14 million Instagram accounts is being kept in an insecure database that could render users vulnerable to hackers, a security researcher told CyberScoop Friday. Data including users’ profile names, stored links to profile pictures and their Instagram ID is available in the database, which researcher Oliver Hough found on the Shodan web scanning service. The database, physically located in the U.K., includes 14,526,602 entries, according to a screenshot Hough tweeted Friday. Entries also have empty fields for home addresses and telephone numbers, he said. It’s not clear who is logging the information. But Hough suggested a third party could be scraping Instagram and storing public data for analysis later, either for targeted marketing or another purpose. He suggested the information could be combined with unrelated databases of stolen passwords, which hackers could correlate with the usernames leaked here to try to infiltrate victims’ accounts. “On the black hat side […]

The post Instagram data from 14 million profiles found in insecure database, researcher says appeared first on CyberScoop.

Continue reading Instagram data from 14 million profiles found in insecure database, researcher says→

Creeps outed as massage app exposes database with workers’ comments

Posted on November 29, 2018 by Lisa Vaas

Popular massage-booking app Urban lets masseurs/masseuses log comments about creepy customers, and left its database wide open. Continue reading Creeps outed as massage app exposes database with workers’ comments→

Creeps outed as massage app exposes database with workers’ comments

Posted on November 29, 2018 by Lisa Vaas