link1s.site

The largest password leak in history exposes nearly 10 billion credentials

The largest collection of stolen passwords ever has been leaked to a notorious crime marketplace, according to cybersecurity researchers at Cybernews.

This leak, dubbed RockYou2024 by its original poster “ObamaCare,” holds a file containing nearly 10 billion unique plaintext passwords.

Allegedly gathered from a series of data breaches and hacks accumulated over several years, the passwords were posted on July 4th and hailed as the most extensive collection of stolen and leaked credentials ever seen on the forum.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world,” the researchers told Cybernews. “Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.”

Credential stuffing attacks are among the most common methods criminals, ransomware affiliates, and state-sponsored hackers use to access services and systems.

Threat actors could exploit the RockYou2024 password collection to conduct brute-force attacks against any unprotected system and “gain unauthorized access to various online accounts used by individuals whose passwords are included in the dataset,” the research team said.

This could affect online services, cameras and hardware

This could affect various targets, from online services to internet-facing cameras and industrial hardware.

“Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts,” the team concluded.

However, despite the seriousness of the data leak, it is important to note that RockYou2024 is primarily a compilation of previous password leaks, estimated to contain entries from a total of 4,000 massive databases of stolen credentials, covering at least two decades.

This new file notably includes an earlier credentials database known as RockYou2021, which featured 8.4 billion passwords. RockYou2024 added approximately 1.5 billion passwords to the collection, spanning from 2021 through 2024, which, though a massive figure, is only a fraction of the reported 9,948,575,739 passwords in the leak.

Thus, users who have changed their passwords since 2021 may not have to panic about a potential breach of their information.

That said, the research team at Cybernews stressed the importance of maintaining data security. In response to the leak, they recommend immediately changing the passwords for any accounts associated with the leaked credentials, ensuring each password is strong and unique and not reused across different platforms.

Additionally, they advised enabling multi-factor authentication (MFA), which requires an extra form of verification beyond the password, wherever possible, to strengthen cyber security.

Lastly, tech users should utilize password manager software, which securely generates and stores complex passwords, mitigating the risk of password reuse across multiple accounts.

ChatGPT: Explained to Kids(How ChatGPT works)
Chat means chat, and GPT is the acronym for Gene Rate Pre trained Transformer. Genrative means generation, and its function is to create or produce something new; Pre trained refers to a model of artificial intelligence that is learned from a large amount of textual materials, while Transformer refers to a model of artificial intelligence. Don't worry about T, just focus on the words G and P. We mainly use its Generative function to generate various types of content; But we need to know why it can produce various types of content, and the reason lies in P. Only by learning a large amount of content can we proceed with reproduction. And this kind of learning actually has limitations, which is very natural. For example, if you have learned a lot of knowledge since childhood, can you guarantee that your answer to a question is completely correct? Almost impossible, firstly due to the limitations of knowledge, ChatGPT is no exception, as it is impossible to master all knowledge; The second is the accuracy of knowledge, how to ensure that all knowledge is accurate and error free; The third aspect is the complexity of knowledge, where the same concept is manifested differently in different contexts, making it difficult for even humans to grasp it perfectly, let alone AI. So when we use ChatGPT, we also need to monitor the accuracy of the output content of ChatGPT. It is likely not a problem, but if you want to use it on critical issues, you will need to manually review it again. And now ChatGPT has actually been upgraded twice, one is GPT4 with more accurate answering ability, and the other is the recent GPT Turbo. The current ChatGPT is a large model called multimodality, which differs from the first generation in that it can not only receive and output text, but also other types of input, such as images, documents, videos, etc. The output is also more diverse. In addition to text, it can also output images or files, and so on.
Zuckerberg surfed and drank beer on vacation, Musk: I prefer to work
After Meta CEO Mark Zuckerberg posted a video on his Facebook and Instagram accounts of his free time during the Independence Day holiday on the X platform, Musk said, "I prefer to work." Zuckerberg posted a video of himself surfing on a hydrofoil in a tuxedo, waving an American flag and drinking a beer, and wrote: "Happy birthday America." The video quickly went viral, and after greg shared it on the X platform, Musk replied: "I hope he continues to have fun on the yacht." I prefer to work." Musk, a workaholic, attended the 29th annual Barron Investment Conference in November 2022, where he said: "My workload went from 78 hours a week to 120 hours a week..." In 2018, he slept on the floor of the Gigafactory in Fremont in an effort to ramp up production of the Tesla Model 3.
Ukrainian Presidential Office: Russia's attacks on multiple locations in Ukraine have killed 36 people
The Ukrainian presidential office said on July 8 local time that Russia's large-scale attacks on many parts of Ukraine have killed 36 people and injured 140 others. According to the Ukrainian State Emergency Service, a total of 619 rescue workers and 132 equipment participated in the rescue work across Ukraine that day. Ukrainian President Zelensky said on social media on the 8th that Russia launched more than 40 missiles of various types at Ukraine that day. Residential buildings and infrastructure in many cities in Ukraine were damaged in varying degrees of attacks, and a children's hospital was destroyed. Rescue departments are currently conducting emergency rescue on the scene. The Russian Ministry of Defense issued a statement on the 8th local time saying that Ukrainian officials' claim that Russia used missiles to attack Ukrainian civilian facilities was untrue. The damage suffered by Kiev was caused by the fall of missiles launched by the city's air defense system.
NHTSA opens recall query into about 94,000 Jeep Wrangler 4xe SUVs
July 9 (Reuters) - The National Highway Traffic Safety Administration (NHTSA) has opened a recall query into 94,275 Stellantis-owned (STLAM.MI), opens new tab Jeep SUVs over a loss of motive power, the U.S. auto safety regulator said on Tuesday. The investigation targets Jeep's Wrangler 4xe hybrid SUVs manufactured between 2021 through 2024. Chrysler had previously recalled, opens new tab the same model in 2022 to address concerns related to an engine shutdown. A recall query is an investigation opened by safety regulators when a remedy to solve an issue appears inadequate. The complaints noted in the new report include both failures in vehicles that received the recall remedy and those not covered by the prior recall, the NHTSA said.
Google may bring Google Wallet for Indian users
Google Wallet can help you store your IDs, driving license, loyalty cards, concert tickets and more. You can also store your payment cards and use tap to pay to pay anywhere Google Pay is accepted. Google wallet is available in various countries but Google never launched it in India. Google let indian users stick with the Gpay which facilitates UPI payments. Tap to pay is not part of it. Also we can not store things such as IDs and Passes in indian version of Gpay. This might change and Google may launch Google Wallet in India. With the recent version of Google Wallet and Google Play Services, Google has added some flags and code which indicate that Google is working on something for Indian users regarding wallet. The first change I noticed recently when going through the Google Play Services apk was addition of two new flags Both flags are part of com.google.android.gms.pay package in the Google Play Services. This package contains all the flags for features of Gpay/Wallet. Google does server side flipping of flags to enable/disable features for users. So both these flags doesn't really provide any info about what features enabling these flags is going to bring. But the point here is that Google Wallet is not launched in India so why Google added these flags inside Play Services ? The answer could be that Google may be working on bringing Google Wallet to India. It can enable tap to pay, store payments and various other features for Indian users which we don't have in the current Gpay for India. I found similar flags in the analysis Google Wallet APK - These flags are also disabled by default. But this is again a clear indication of Google working towards something for Indian users. In both cases, enabling the flags doesn't bring anything noticeable UI or feature because there is nothing much added besides flags. Google has dogfood/testing versions internally, so the code will show up slowly in upcoming versions. The last piece of code I found is also from Google Play Services. In case you don't know, Google was working on Digilocker integration in the Google Files app which was supposed to bring your digital document inside the app such as driving license, COVID certificates, aadhar card. But Google has ditched the effort of bringing these features and they removed the "Important" tab (where digilocker was supposed to be integrated) from the Google Files app completely. So things are going to change and here is how. This is the code which I found in the Google Play Services - So the word "PASS" along with PAN, DRIVERS LICENCE, VACC CERTIFICATE & AADHAR CARD, is clear indication of the possibility of Google adding support for these directly through Google Wallet using Digilocker, just like Samsung Pass does it. This code is not old as I have checked older beta versions of Play Services where this code is not present. Here is a string which was added in a previous beta version a few weeks ago but I completely ignored it because it didn't make any sense without flags and the other code - This addition was surprising because there was nothing regarding digilocker before in the Play Services. In the words "pay_valuable", the "pay" to Wallet/Gpay and "valuable" refers to the things like Passes, loyalty cards and transit cards. Since we are talking about digilocker, these "valuable" are driving license, vaccination certificate, PAN card and Aadhar card which can be store in Google Wallet after digilocker integration. That's all about it. We will know more about it in upcoming app updates or maybe Google can itself annouce something about this.