Search the Community

Dear all MCFers Today someone hacked my credit card This is a 20 years aged card So many incurring monthly payee Actually the moment I received a OTP for online transaction I smelled a rat liao Immediately I reported to card centre Then CSO immediately blocked the card She go through all unbilled transactions with me Checking from when the card was compromised After verification she confirmed it is hacked more than a week But I don’t have sms alert for my 20 years old card So I don’t know what is happening Only OTP came...siao liao Ok this hacker got balls of steel I can say (He) used my card for all iTunes payments, Apple items, online automobile accessories and even dare to use my card to pay his mobile phone bill Do you think this hacker really no horse run? Card centre CSO also surprised that those transactions can track the hacker down Clever to hack but stupid to spend huh BTW sorry for so long winded I hope to share this so that bro and sis here can be more careful Best if some people can share more information about card security etc Thank you for reading my post PS. The troublesome part is I have to inform all payee about this and update all my new card details

https://www.hardwarezone.com.sg/tech-news-hacker-leak-190gb-samsung-data-source-code-security Hackers leak 190GB of data allegedly from Samsung, includes source code and biometric unlocking algorithms By Kenny Yeo - on 7 Mar 2022, 9:48am (Image source: Samsung) The Lapsus$ hacking group has just leaked a huge collection of data that they claim to be from Samsung. The leaked data is presently being shared on a torrent and is presented as three compressed files that amount to nearly 190GB. At the time of writing, the report says they are more than 400 peers sharing the file. And earlier, the group posted a screenshot with C/C++ directives in a Samsung software earlier. And according to the group, the torrent contains data of the following: Source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control) Algorithms for all biometric unlock operations Bootloader source code for all recent Samsung devices Confidential source code from Qualcomm Source code for Samsung’s activation servers Full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services If it looks bad, that's because it is. If the claims are accurate, Samsung is looking at a major breach that could cause substantial damage to the company. Lapsus$ is the same group behind the recent NVIDIA breach. They are demanding the graphics giant remove limitations on cryptocurrency mining or they will leak the company's source code. However, it is unknown at this time if they have made similar demands of Samsung. In a statement to The Korea Herald, Samsung says it is investigating the incident. Most recently, Samsung was caught throttling the performance of some apps. Source: BleepingComputer https://www.techspot.com/news/93663-nvidia-hackers-leak-190gb-sensitive-data-samsung.html Nvidia hackers leak 190GB of sensitive data from Samsung The leaks includes Samsung's encryption data and source code By Vann Vicente March 6, 2022, 10:12 AM What just happened? Lapsus$, a hacking group that leaked confidential information from Nvidia just last week, has reportedly moved to a new target: Samsung. The hackers have claimed an attack that leaked 190GB of confidential information from the South Korean technology giant, including encryption data and source code for Samsung's most recent devices. The hackers behind the Nvidia security breach are setting their sights on the biggest tech companies in the world. Last week, South American hacker group Lapsus$ claimed to have perpetrated a major hacking attack on Nvidia, stealing over 1TB of information and holding it ransom. The Telegraph reported that Nvidia's internal systems were "completely compromised." On Saturday, the hackers leaked nearly 190GB of data from Samsung, subsequently publishing the files through torrent. This reportedly includes sensitive information that may be used to compromise Samsung devices. The publication vx-underground, which tracks information about malware across the web, tweeted a message that Lapsus$ released to their followers. It alleges that the hack includes "source code from every Trusted Applet installed on all Samsung devices" and "confidential source code from Qualcomm." The leak also purportedly includes the algorithms for biometric unlock operations and the source code for Samsung Accounts, a login service associated with Samsung's mobile devices. According to Bleeping Computer, the torrent has been shared by more than 400 peers, and includes a text file that describes the content available in the download: "Part 1 contains a dump of source code and related data about Security/Defense/Knox/Bootloader/TrustedApps and various other items Part 2 contains a dump of source code and related data about device security and encryption Part 3 contains various repositories from Samsung Github: mobile defense engineering, Samsung account backend, Samsung pass backend/frontend, and SES (Bixby, Smartthings, store)" The Nvidia hack was reported to be a ransom plot, with the hackers threatening to leak Nvidia's mining limiter bypass algorithm. Lapsus$ claimed that Nvidia hacked them back but maintained that they still had a copy of Nvidia's confidential data. Currently, there is no information about an extortion plot associated with the Samsung incident, with all files in the hack being released simultaneously. It is unknown if Lapsus$ has attempted to extort Samsung for a ransom. Samsung has yet to respond to the security breach.

The personal details of some 40,000 job applicants have been leaked online, following a cyber attack on an employment agency here. Protemps Employment Services, which has an office at Paya Lebar Square, had its entire server swiped and deleted earlier this month. The personal details of about 40,000 people who submitted job applications to the company have since been uploaded online. The details include scans of their identity cards or passports, their phone numbers, salaries, jobs and home addresses. Most of the job seekers appeared to be Singaporean. The hackers, known as Desorden Group, said they were behind the attack on Oct 4, boasting about their heist on hacking forums on Oct 7. They made a video showing the stolen files and databases, with a message to Protemps, saying they had stolen all the files from the server and had wiped it clean. It also came with a warning for Protemps to "think carefully". The video is believed to have been sent to Protemps along with a ransom note. On Oct 14, Desorden Group uploaded the entire database online, making it accessible for the price of €2.10 (S$3.30). https://www.straitstimes.com/singapore/courts-crime/spore-employment-agency-hacked-ic-scans-and-salaries-of-40000-job-seekershttps://www.straitstimes.com/singapore/courts-crime/spore-employment-agency-hacked-ic-scans-and-salaries-of-40000-job-seekers 😱😱😱

https://www.asiaone.com/singapore/footage-50000-home-cameras-hacked-and-sold-porn-sites?utm_source=whatsapp&utm_medium=social-media&utm_campaign=addtoany Security cameras in Singapore homes have been hacked, with the footage stolen and shared online. Clips from the hacked footage have been uploaded on pornographic sites recently, with several explicitly tagged as being from Singapore. The videos, which can last from under a minute to more than 20 minutes, feature couples, breastfeeding mothers and even children. Most of them are in various states of undress or compromising positions. Many faces can be clearly seen in locations such as the living room and bedrooms. Some are seen using the toilet with the door ajar.

Any current or ex MB owners received this SMS?

But no evidence to suggest SingPass system has been compromised, IDA says Source: http://www.todayonline.com/singapore/1560-singpass-accounts-may-have-been-accessed-without-authorisation

https://www.thestar.com.my/news/nation/2017/10/31/msia-sees-biggest-mobile-data-breach-over-46-million-subscribed-numbers-at-risk-from-scam-attacks-an/ M’sia sees biggest mobile data breach Tuesday, 31 Oct 2017 By Royce Tan and Sharmila Nair PETALING JAYA: The personal details of some 46.2 million mobile number subscribers in Malaysia are at stake in what is believed to be one of the largest data breaches ever seen in the country. From home addresses and MyKad numbers to SIM card information, the private details of almost the entire population may have fallen into the wrong hands. Malaysia’s population is only around 32 million, but many have several mobile numbers. The list is also believed to include inactive numbers and temporary ones bought by visiting foreigners. With this leak, Malaysians may be vulnerable to social engineering attacks and in a worst-case scenario, phones may be cloned. It is also said that 81,309 records from the Malaysian Medical Council, Malaysian Medical Association (MMA) and Malaysian Dental Association were also leaked. The leak of the mobile data was reported earlier this month on online forum and news site lowyat.net, which reported that it was thought to originate from a massive data breach in 2014. Yesterday, the site “confirmed” that 46.2 million mobile numbers were leaked online. Lowyat.net founder Vijandren Ramadass told The Star that all information it received on the matter was handed over to the Malaysian Communications and Multimedia Commission (MCMC). Asked what sort of action would be needed, he said: “Telcos need to admit that this breach actually happened and should inform all their customers what should be done.” It is believed that the MCMC and police are collaborating on the investigation. Network and security strategist Gavin Chow said the most common social engineering attack examples were phone and messaging scams. “Scammers pretend to be someone calling or texting from the telco since they can prove they have the target’s personal details,” said Chow, who is with cybersecurity and malware protection company Fortinet. He added that the scammers would then try to trick the victim in various ways. These include transferring funds into their accounts and installing “telco applications” containing malware or spyware, which will be used to exploit the target in future. “The devices would likely not be hacked directly, but anyone with the data dump information and a little creativity may convince unsuspecting victims to install malware on their devices. “Users need to be alert when receiving calls and messages from strangers. Do not get tricked into sharing more personal details, transferring funds or installing apps,” he said. Technology strategist Dinesh Nair said there was not much that consumers could do, but they should change their SIM card, for starters. “Your name, address, phone number, the IMSI (international mobile subscriber identity) and the IMEI (international Mobile Equipment Identity), which are tied to your device are all out there. “I’m sure my data is there as well. People with really good technical skills will be able to clone someone’s phone and that’s the worst-case scenario,” he said. Dinesh added that while no one knew where the breach occurred, the fact that the details were out there pointed to a leak of some sort. “How it happened, we can’t tell but with so much released from different telcos at the same time, it must come from a single source,” he added. Bar Council cyber law and information technology committee co-chairman Foong Cheng Leong said assuming that the leak was after the enforcement of the Personal Data Protection Act 2010, there might have been a breach of the Act’s Security Principle by the data users. “The Security Principle requires data users to process personal data securely, but there is not much customers can do other than file a complaint with the Personal Data Protection Commissioner,” he said. Digi said in a statement that it prioritised the privacy of its customer data. “The authorities are looking into the matter and we’ll continue to support them,” the statement read. Celcom Axiata Bhd said it was “collaborating closely with the authorities to assist in the investigation”, a sentiment echoed by Maxis Bhd, which also said it “fully supports the investigation”. Representatives from U Mobile declined to speak about the leak, while representatives of TuneTalk could not be contacted for comments at press time. MMA president Dr Ravindran R. Naidu said a police report was lodged more than a week ago when news of the leak surfaced. “Of course, no system is unhackable. Even the US Department of Defence has been hacked. “However, we have been in the process of upgrading our IT system for the last year or so and the new servers will be more secure. “We will also be upgrading our operational security measures and introducing a new SOP for our staff to minimise the risk of a repeat of this episode,” he said. Related story: Data breaches nothing new, says expert

....including addresses and phone numbers of famous TCS actresses are out in the open liao. "Singapore Hall of Shame" ( dun dare to post actual link. Else i face wall for 7-7-49 days also no use )

Hacker trying to make PM look bad and SPF look incompetent?

Don

I can't access Asiaone.com this morning. My web browser showing this error message. Anyone else also got this warning?

People's Association website http://www.pa.gov.sg is hacked by a team of Brazilian hackers!

Any Bro here got their Origin ID hacked? ----------------------- http://www.geek.com/articles/news/origin-a...anged-20121114/ Update

Made payment for credit card bill today and realised too late that 20 plus purchases made online for Android Apps were actually fradulent. I had warned my son before to be careful and prudent with any Apps purchases. Upon taking a closer look at the statement, I found out that the purchases we made over a few days in February and when asked, my son denied any knowledge of them. Checking his Samsung G2 tonight, I knew he had told the truth. 95% of his Android Apps are all free. Logging in to his Gmail account and checking the history, I found 2 IP addresses which were *unknown. Damage for hacked account and subsequent fradulent use = S$200+. Thank goodness! Hurriedly cancelled the credit card record in Google Wallet and also changed the Gmail password. Most of the transactions were for buying credits for dunno what Zombie Killer game.

Quoted from http://www.straitstimes.com/BreakingNews/S...ory_533788.html A FULL-TIME national serviceman, one of four victims of a series of knife attacks in Kallang on Sunday, lay bleeding by the Pan-Island Expressway for seven hours before he was spotted. Half his left hand, along with four fingers had been hacked off, and he had deep cuts to his neck, face and abdomen; a part of his scalp had been sliced open. But at least Mr Ang Jun Heng, 19, was alive. Of the remaining three victims of the still-unknown slasher or slashers, one is dead, and the other two, like Mr Ang, are in intensive care at Tan Tock Seng Hospital. The police said yesterday that they had yet to make an arrest. They declined to comment when asked whether the attacks were the work of one person or several, nor would they confirm whether or not the attacks were related. All the police spokesman would say was that investigations were ongoing and no possibilities had been ruled out. The four victims appear not to have known each other. Aside from Mr Ang, the other three, including the dead man, are Indian nationals aged between 24 and 44. Here on work permits, they live and work in different places. I will be very careful when I am walking around town...

Happened in Wuxi City in Jiangsu Province, China. YOngxin International...not sure whether the CEO is S'porean anot since his surname is quite unique. He was attacked in his office and succumbed to his injuries. Fierce employee sial...but confirm kena death sentence... Anyone wana try here also? http://www.yongxin-international.com/ http://news.omy.sg/News/Local%2BNews/Story...511-134089.html 员工持斧闯公司　总裁无锡遭砍死 员工不满被调职，携斧头闯入公司，砍死本地上市公司总裁濮德兴！ 中资企业永鑫国际（Yong Xin International）集团主席兼总裁濮德兴（47岁），是在本月4日于无锡厂内办公室遭袭击身亡。 据中国媒体报道，嫌犯是一名55岁的男性行销人员濮玉清，他因不满被调职而带着一把斧头往董事长办公室要求收回成命，并在要求被拒后行凶。 事后嫌犯濮玉清当场被抓，并在初审时透露这个行凶动机。该集团是在昨晚接近9时半发布了董事长被袭身亡的消息。永鑫国际在昨日股市未开市便要求暂停交易。 永鑫国际去年刚转亏为盈，濮德兴上个月18日来新时还接受媒体的访问，没想不久后竟发生这样非常不幸且令人震惊的事件。 濮德兴曾被选为无锡市优秀青年企业家，在1995年他创办江苏锡厦铝业有限公司，2000年创办永鑫精密合金板带制造企业，2007年领导永鑫国际在我国挂牌上市。 永鑫国际董事会昨日在文告中宣布，为使业务顺利运作，该集团董事会宣布濮德兴的父亲濮永法将接替主席兼总裁职位，女儿濮晓芳将受委为执行董事。 濮永法为濮德兴的父亲，他也是永鑫精密材料的联合创办人。濮德兴的女儿濮晓芳毕业于澳洲墨尔本大学商业系，之前在渣打银行上海分行接受管理培训及工作。

Hmm ...this is interesting ... Was trying to find out some model from KIA http://singapore.kia-global.com/ Mainpage shows hacked by Terroist crew ...This is bad ... Am i going to the wrong website ??

someone had hacked into the forum and now its down for maintenance. Any other car forum kana also??? think we must all be careful....

how come cannot access the forums one..for the past week

Our poor brothers over the other side [inline hacked.jpg]

While still awaiting a Japanese copy of the electrical diagram, I've "decoded" / reverse-engineered the door mirror operation of the VRG, @ here. Why would I do this you ask? I'm planning to automate this! Some ideas so far: 1. On engine shutdown, fold mirrors 2. On engine startup, unfold mirrors 3. On reverse gear, tilt mirrors down (to watch rear curb) 4. On button press, move mirrors to preset position ("normal") 5. On button press, move mirrors to preset position ("outer" - on slip road to join highway)