link1s.site

The largest password leak in history exposes nearly 10 billion credentials

The largest collection of stolen passwords ever has been leaked to a notorious crime marketplace, according to cybersecurity researchers at Cybernews.

This leak, dubbed RockYou2024 by its original poster “ObamaCare,” holds a file containing nearly 10 billion unique plaintext passwords.

Allegedly gathered from a series of data breaches and hacks accumulated over several years, the passwords were posted on July 4th and hailed as the most extensive collection of stolen and leaked credentials ever seen on the forum.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world,” the researchers told Cybernews. “Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.”

Credential stuffing attacks are among the most common methods criminals, ransomware affiliates, and state-sponsored hackers use to access services and systems.

Threat actors could exploit the RockYou2024 password collection to conduct brute-force attacks against any unprotected system and “gain unauthorized access to various online accounts used by individuals whose passwords are included in the dataset,” the research team said.

This could affect online services, cameras and hardware

This could affect various targets, from online services to internet-facing cameras and industrial hardware.

“Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts,” the team concluded.

However, despite the seriousness of the data leak, it is important to note that RockYou2024 is primarily a compilation of previous password leaks, estimated to contain entries from a total of 4,000 massive databases of stolen credentials, covering at least two decades.

This new file notably includes an earlier credentials database known as RockYou2021, which featured 8.4 billion passwords. RockYou2024 added approximately 1.5 billion passwords to the collection, spanning from 2021 through 2024, which, though a massive figure, is only a fraction of the reported 9,948,575,739 passwords in the leak.

Thus, users who have changed their passwords since 2021 may not have to panic about a potential breach of their information.

That said, the research team at Cybernews stressed the importance of maintaining data security. In response to the leak, they recommend immediately changing the passwords for any accounts associated with the leaked credentials, ensuring each password is strong and unique and not reused across different platforms.

Additionally, they advised enabling multi-factor authentication (MFA), which requires an extra form of verification beyond the password, wherever possible, to strengthen cyber security.

Lastly, tech users should utilize password manager software, which securely generates and stores complex passwords, mitigating the risk of password reuse across multiple accounts.

China's generative AI patents are far ahead of the US!
The World Intellectual Property Organization (WIPO) recently said that China filed 38,000 artificial intelligtion-related generative AI patents from 2014-23, while the United States filed 6,276 of the 50,000 patents filed by all countries. Of the 50,000 applications, 25 percent were filed last year.The top five inventor regions are: China (38,210 inventions), the United States (6,276 inventions), the Republic of Korea (4,155 inventions), Japan (3,409 inventions) and India (1,350 inventions).
Hamas chief says latest Israeli attack on Gaza could jeopardise ceasefire talks
AIRO, July 8 (Reuters) - A new Israeli assault on Gaza on Monday threatened ceasefire talks at a crucial moment, the head of Hamas said, as Israeli tanks pressed into the heart of Gaza City and ordered residents out after a night of massive bombardment. Residents said the airstrikes and artillery barrages were among the heaviest in nine months of conflict between Israeli forces and Hamas militants in the enclave. Thousands fled. The assault unfolded as senior U.S. officials were in the region pushing for a ceasefire after Hamas made major concessions last week. The militant group said the new offensive appeared intended to derail the talks and called for mediators to rein in Israel's Prime Minister Benjamin Netanyahu. The assault "could bring the negotiation process back to square one. Netanyahu and his army will bear full responsibility for the collapse of this path," Hamas quoted leader Ismail Haniyeh as saying. Gaza City, in the north of the Palestinian enclave, was one of Israel's first targets at the start of the war in October. But clashes with militants there have persisted and civilians have sought shelter elsewhere, adding to waves of displacement. Much of the city lies in ruins. Residents said Gaza City neighbourhoods were bombed through the night into the early morning hours of Monday. Several multi-storey buildings were destroyed, they said. The Gaza Civil Emergency Service said it believed dozens of people were killed but emergency teams were unable to reach them because of ongoing offensives. Gaza residents said tanks advanced from at least three directions on Monday and reached the heart of Gaza City, backed by heavy Israeli fire from the air and ground. That forced thousands of people out of their homes to look for safer shelter, which for many was impossible to find, and some slept on the roadside.
South Korean government decides not to punish interns who resign
South Korea's Minister of Health and Welfare Cho Kyu-hong said at a press conference on the 8th local time that after comprehensively considering the suggestions of frontline interns and the situation on the front line of medical care, the government decided that from that day on, all interns and residents who resigned would not be given administrative sanctions such as revoking their medical licenses. Cho Kyu-hong also said that for interns and residents who have returned to work and those who have resigned and are preparing to re-register for internship courses in September, the government will make special cases to try to minimize the internship gap and not affect the relevant doctors from obtaining specialist medical licenses. Cho Kyu-hong said that the government believes that in order to minimize the diagnosis and treatment gaps for critically ill and emergency patients and ensure the smooth training process of interns and residents, it is in the public interest, so it has made a decision not to punish interns and residents who resigned. It is hoped that major hospitals will complete the resignation processing of doctors who have not returned to work before July 15 and determine the scale of vacancies. Previously, large general hospitals in South Korea, such as Seoul National University Hospital, Yonsei University Severance Hospital, and Seoul Asan Medical Center, suspended or limited their medical services in an effort to cancel all penalties against interns and residents.
Hedge fund Elliott challenges court verdict it lost against LME on nickel
LONDON, July 9 (Reuters) - U.S.-based hedge fund Elliott Associates on Tuesday urged a London court to overturn a verdict supporting the London Metal Exchange's (LME) cancellation of nickel trades partly because the exchange failed to disclose documents. The LME annulled $12 billion in nickel trades in March 2022 when prices shot to records above $100,000 a metric ton in a few hours of chaotic trade. Elliott and market maker Jane Street Global Trading brought a case demanding a combined $472 million in compensation, alleging at a trial in June last year that the 146-year-old exchange had acted unlawfully. London's High Court ruled last November that the LME had the right to cancel the trades because of exceptional circumstances, and was not obligated to consult market players prior to its decision. Lawyers for Elliott told London's Court of Appeal that the LME belatedly released documents in May detailing its "Kill Switch" and "Trade Halt" internal procedures. It also newly disclosed an internal report that Elliott said detailed potential conflicts of interest at the exchange. "It was troubling that one gets disclosure out of the blue in the Court of Appeal for the first time," Elliott lawyer Monica Carss-Frisk told the court. Jane Street Global did not appeal the ruling. "If we had had them (documents) in the proceedings before the divisional court, we may well have sought permission to cross examine." LME lawyers said the new documents were not relevant. "The disclosed documents do not affect the reasoning of the divisional court or the merits of the arguments on appeal," the exchange said in documents prepared for the appeal hearing. "Elliott's appeal is largely a repetition of the arguments which were advanced, and rightly rejected." The LME said it had both the power and a duty to unwind the trades because a record $20 billion in margin calls could have led to at least seven clearing members defaulting, systemic risk and a potential "death spiral". Elliott said the ruling diluted protection provided by the Human Rights Act and also wrongly concluded the LME had the power to cancel the trades.
Google extends Linux kernel support to 4 years
According to AndroidAuthority, the Linux kernel used by Android devices is mostly derived from Google's Android Universal Kernel (ACK) branch, which is created from the Android mainline kernel branch when new LTS versions are released upstream. For example, when kernel version 6.6 is announced as the latest LTS release, an ACK branch for Android15-6.6 appears shortly after, with the "android15" in the name referring to the Android version of the kernel (in this case, Android 15). Google maintains its own set of LTS kernel branches for three main reasons. First, Google can integrate upstream features that have not yet been released into the ACK branch by backporting or picking, so as to meet the specific needs of Android. Second, Google can include some features that are being developed upstream in the ACK branch ahead of time, making it available for Android devices as early as possible. Finally, Google can add some vendor or original equipment manufacturer (OEM) features for other Android partners to use. Once created, Google continues to update the ACK branch to include not only bug fixes for Android specific code, but also to integrate the LTS merge content of the upstream kernel branch. For example, the Linux kernel vulnerability disclosed in the July 2024 Android security bulletin will be fixed through these updates. However, it is not easy to distinguish a bug fix from other bug fixes, as a patch that fixes a bug may also accidentally plug a security vulnerability that the submitter did not know about or chose not to disclose. Google does its best to recognize this, but it inevitably misses the mark, resulting in bug fixes for the upstream Linux kernel being released months before Android devices. As a result, Google has been urging Android vendors to regularly update the LTS kernel to avoid being caught off guard by unexpectedly disclosed security vulnerabilities. Clearly, the LTS version of the Linux kernel is critical to the security of Android devices, helping Google and vendors deal with known and unknown security vulnerabilities. The longer the support period, the more timely security updates Google and vendors can provide to devices.
About UsPrivacy PolicyTerms of Use
Copyright 2020 - 2024
www.link1s.site