Latest news with #whitehat
Daily Mail
3 days ago
- Daily Mail
'Mother of all data breaches' sees Internet users urged to act after Apple and Google passwords are exposed
Cybersecurity researchers have uncovered what the call the 'mother of all breaches' with the discovery of a collection of 30 databases that contain over 16 billion individual records, including passwords, for government accounts as well as social media log ins for Apple, Google, Facebook, Telegram, and others. Some of the datasets had vague names such as 'logins' or 'credentials', which made it hard for the team to figure out exactly what they contained but some gave clues about where the data came from. According to the researchers, the records were most likely compiled by cybercriminals using various info-stealing malware, though they noted that some data may also have been collected by so-called 'white hat' hackers. Also known as ethical hackers, 'white hat' hackers were security professionals who use their manipulating skills to identify vulnerabilities and weaknesses in computer systems, networks, and software - with the permission of the system's owner. The team at Cybernews, which found the records, said the information available to the wider Internet was only briefly, before it was locked down, but it's not possible to determine who owned the databases. With over 5.5 billion people worldwide using the Internet, researchers warned that a staggering number of individuals probably had some of their accounts compromised. Users across the globe were urged to change their passwords immediately to protect their data from falling into the hands of cybercriminals. Researchers said: 'The inclusion of both old and recent info-stealer logs makes this data particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices.' Cybernews noted that its researchers identified a database of 184 million records that was previously uncovered in May, found by data-breach hunter and security researcher Jeremiah Fowler. The security site said: 'It barely scratches the top 20 of what the team discovered. Most worryingly, researchers claim new massive datasets emerge every few weeks, signaling how prevalent info-stealer malware truly is.' The May discovery not only contained secure login data for millions of private citizens, but also had stolen account information connected to multiple governments around the world. While looking at a small sample of 10,000 of these stolen accounts, researcher Fowler found 220 email addresses with .gov domains, linking them to over 29 countries, including the U.S., UK, Australia, Canada, China, India, Israel, and Saudi Arabia. Fowler told WIRED: 'This is probably one of the weirdest ones I've found in many years. 'As far as the risk factor here, this is way bigger than most of the stuff I find, because this is direct access into individual accounts. This is a cybercriminal's dream working list.' In total, Fowler discovered 47 gigabytes of data with sensitive information for accounts on sites including Instagram, Microsoft, Netflix, PayPal, Roblox, and Discord. The best action to take to protect your accounts would be to change the passwords and activate Two-Factor Authentication, which added another layer of security to logging in by sending a secure code to your phone or email. The unprotected database was managed by World Host Group, a web-hosting and domain name provider founded in 2019. Once Fowler confirmed that the exposed information was genuine, he reported the breach to World Host Group, which shut down access to the database. World Host Group's Seb de Lemos told WIRED: 'It appears a fraudulent user signed up and uploaded illegal content to their server.' Fowler added that 'the only thing that makes sense' is that the breach was the work of a cybercriminal because there's no other way to gain that much access to information from so many servers around the world. The cybersecurity expert warned that the breach also posed a major national security risk. Exploiting government email accounts could allow hackers and foreign agents access to sensitive or even top-secret systems. The stolen data could also be used as part of a larger phishing campaign, using one person's hacked account to gain private information from other potential victims.
Tahawul Tech
30-05-2025
- General
- Tahawul Tech
'Our mission is to develop highly skilled cybersecurity professionals who can protect their nations' digital sovereignty.' – Yuliya Danchina, Positive Technologies
Positive Technologies is on a mission to equip the next-generation of cybersecurity professionals with the skills needed to help nations protect their digital sovereignty, following the official launch of their Positive Hack Camp, which runs from July 26 to August 10th. Positive Hack Camp combines intensive training in ethical hacking, real-world practical exercises, and international experience sharing. Prospective applicants must submit their registration before June 15. Positive Hack Camp is a global educational initiative by Positive Technologies with the support of the Russian Ministry of Digital Development and CyberEd, a partner of the Cyberus foundation. The program brings together young professionals from around the world, offering them top-tier, hands-on experience from Positive Technologies, a leader in result-driven cybersecurity. Last year's cyber camp brought together over 70 participants from 20 countries across Africa, Asia, Latin America, and the Middle East. From July 26 to August 10, over 100 future cybersecurity leaders will engage in training sessions, hands-on labs, and workshops based on real-world cybersecurity challenges. The program will be led by white-hat hackers from Positive Technologies – researchers credited with discovering thousands of critical vulnerabilities. Their findings have contributed to enhanced security for companies such as Apple, Cisco, Dell, Google, IBM, Microsoft, Mitsubishi, Oracle, and PayPal. Beyond training, the camp offers cultural tours, cross-border networking, and friendship-building activities – creating a global cybersecurity community. 'Positive Hack Camp is a unique program uniting talents to build a more secure digital future. Our mission is to develop highly skilled cybersecurity professionals who can protect their nations' digital sovereignty. Through intensive training and hands-on sessions, participants learn to prevent, detect, and combat cyberthreats. As a leader in result-driven cybersecurity, Positive Technologies is proud to share our expertise with the global community', – Yuliya Danchina, Positive Technologies Customer and Partner Training Director, Head of Positive Education. This program, conducted in English, is for students and young professionals over 18, who are aspiring ethical hackers, ready to grow fast and build international contacts. Safety, food, accommodation, and chaperoning for the participants are included. Applications must be submitted on the official website by June 15, 2025.
