link1s.site

The largest password leak in history exposes nearly 10 billion credentials

The largest collection of stolen passwords ever has been leaked to a notorious crime marketplace, according to cybersecurity researchers at Cybernews.

This leak, dubbed RockYou2024 by its original poster “ObamaCare,” holds a file containing nearly 10 billion unique plaintext passwords.

Allegedly gathered from a series of data breaches and hacks accumulated over several years, the passwords were posted on July 4th and hailed as the most extensive collection of stolen and leaked credentials ever seen on the forum.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world,” the researchers told Cybernews. “Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks.”

Credential stuffing attacks are among the most common methods criminals, ransomware affiliates, and state-sponsored hackers use to access services and systems.

Threat actors could exploit the RockYou2024 password collection to conduct brute-force attacks against any unprotected system and “gain unauthorized access to various online accounts used by individuals whose passwords are included in the dataset,” the research team said.

This could affect online services, cameras and hardware

This could affect various targets, from online services to internet-facing cameras and industrial hardware.

“Moreover, combined with other leaked databases on hacker forums and marketplaces, which, for example, contain user email addresses and other credentials, RockYou2024 can contribute to a cascade of data breaches, financial frauds, and identity thefts,” the team concluded.

However, despite the seriousness of the data leak, it is important to note that RockYou2024 is primarily a compilation of previous password leaks, estimated to contain entries from a total of 4,000 massive databases of stolen credentials, covering at least two decades.

This new file notably includes an earlier credentials database known as RockYou2021, which featured 8.4 billion passwords. RockYou2024 added approximately 1.5 billion passwords to the collection, spanning from 2021 through 2024, which, though a massive figure, is only a fraction of the reported 9,948,575,739 passwords in the leak.

Thus, users who have changed their passwords since 2021 may not have to panic about a potential breach of their information.

That said, the research team at Cybernews stressed the importance of maintaining data security. In response to the leak, they recommend immediately changing the passwords for any accounts associated with the leaked credentials, ensuring each password is strong and unique and not reused across different platforms.

Additionally, they advised enabling multi-factor authentication (MFA), which requires an extra form of verification beyond the password, wherever possible, to strengthen cyber security.

Lastly, tech users should utilize password manager software, which securely generates and stores complex passwords, mitigating the risk of password reuse across multiple accounts.

"Corrupt Politicians GPT" "Fiscal Bill GPT", Kenyan protesters use AI to "protest"
In the past few weeks of anti-government activities in Kenya, AI tools have been creatively used by protesters to serve protests. According to the US "Flag" News Agency on July 5, protests in Kenya triggered by the 2024 fiscal bill are still continuing. In the past few weeks, Kenyan protesters, mainly young people, have creatively developed a series of AI tools to assist anti-government activities. The Kenyan government expressed concern about the risks associated with the use of AI tools in protests. Kelvin Onkundi, a software engineer in Kenya, developed the "Fiscal Bill GPT", which operates similarly to ChatGPT and can receive questions about the fiscal bill and generate responses. Martin Siele, a reporter from the "Flag" News Agency, analyzed: "The 'Fiscal Bill GPT' can convert professional terms in many legislative fields into easy-to-understand information for protesters, helping Kenyans understand the potential impact of the fiscal bill." Another software engineer, Marion Kavengi, developed the "SHIF GPT" to provide Kenyans with information about the upcoming Social Health Insurance Fund (SHIF). In addition to AI tools designed to help people understand controversial policies, protesters have also developed "Corrupt Politicians GPT" to assist protest demonstrations. After entering the name of a politician on the platform, the platform will generate a list of corruption scandals about the politician in chronological order. Developer BenwithSon wrote on the social platform X on June 28: "'Corrupt Politicians GPT' allows people to search for any scandal related to any politician. I have seen some leaders stand at the forefront of the political arena, but they are corrupt behind the scenes." Kenyan Chief Minister and Foreign Minister Mudavadi issued a communiqué to ambassadors of various countries in Nairobi on July 2 local time on protests and relevant government measures, expressing concerns about the use of AI and false information in protests. Mudavadi said: "AI technology is used by people with ulterior motives, which will fill the global information system with false narratives." The Kenya Times reported on June 30 that AI technology enables people to force the government to increase transparency and strengthen accountability, and its role in Kenyan political activities is becoming increasingly prominent. Martin Siller believes that AI is reshaping African political behavior in many ways. AI is a new tool for both governments and opposition parties in Africa, but Kenya is one of the African countries with the most developers, and its young protesters are particularly good at using AI technology to fight the government. The 2024 fiscal bill voted and passed by the Kenyan National Assembly on June 25 clearly stated that additional taxes will be levied to repay the interest on high sovereign debt, triggering large-scale demonstrations. After President Ruto announced the withdrawal of the tax increase bill on the evening of the 26th, demonstrations in many parts of Kenya continued. According to Reuters on July 3, Kenyan anti-government protesters are re-adjusting their activities to prevent the protests from turning into violent incidents.
Turkey has cancelled a 40 percent tariff on Chinese cars, and BYD has invested $1 billion to build a factory
Byd has grown rapidly in China over the past few years, becoming the country's best-selling car brand and the world's biggest selling electric car brand. Byd opened its first electric car factory in Southeast Asia on Thursday in Thailand. Byd also took over a former Ford Motor Co. plant in Brazil and has been looking for a site for a Mexican plant. Europe's first automotive plant is under construction in Hungary. Byd's second-quarter sales jumped to a record 982,747 vehicles, up more than 40 per cent from a year earlier. Although the company's sales in Europe have been sluggish so far, it is making a big marketing push in the region to replace Volkswagen as the main automotive sponsor of the European Championship. According to a recent Fortune report, officials said that Turkish President Recep Tayyip Erdogan is expected to announce the agreement for BYD to build the plant at a signing ceremony on Monday in Manisa province, where the plant will be built. The officials spoke on condition of anonymity because they were not authorized to speak publicly. Byd representatives declined to comment. Turkish Industry and Technology Minister Mohamed Fatih Kassir said in May that he was in advanced discussions with BYD and Chery on investment in Turkey. The new plant will improve BYD's access to the European Union, as Turkey has a customs union agreement with the EU. The European Union this week announced temporary punitive tariffs on electric vehicles imported from China, with BYD imposing an additional 17.4 percent tariff on top of the existing 10 percent tariff. Other Chinese carmakers have been hit with higher tariffs. Investing in Turkey would strengthen the presence of Chinese carmakers in Europe at a time of escalating trade tensions.
Porsche AG reports sharp fall in China deliveries
July 9 (Reuters) - German sportscar maker Porsche (P911_p.DE), opens new tab said on Tuesday that global vehicle deliveries were down 7% in the first half of the year compared to the same period in 2023, primarily driven by a 33% year-on-year drop in China. Porsche, majority-owned by Volkswagen (VOWG_p.DE), opens new tab, is highly exposed to the EU-China tariff tensions, with deliveries to China accounting for nearly 20% of global deliveries. An HSBC analyst pointed to weakness in the European car market, saying that "the market is, understandably, worried about China pricing weakness and the prospect of needing to pay dealer compensation." Overall, Porsche delivered 155,945 cars worldwide during the first six months of the year. In North America, deliveries were down 6% year-on-year. Meanwhile, in Porsche’s home market of Germany, deliveries increased by 22% to 20,811 vehicles.
Google extends Linux kernel support to 4 years
According to AndroidAuthority, the Linux kernel used by Android devices is mostly derived from Google's Android Universal Kernel (ACK) branch, which is created from the Android mainline kernel branch when new LTS versions are released upstream. For example, when kernel version 6.6 is announced as the latest LTS release, an ACK branch for Android15-6.6 appears shortly after, with the "android15" in the name referring to the Android version of the kernel (in this case, Android 15). Google maintains its own set of LTS kernel branches for three main reasons. First, Google can integrate upstream features that have not yet been released into the ACK branch by backporting or picking, so as to meet the specific needs of Android. Second, Google can include some features that are being developed upstream in the ACK branch ahead of time, making it available for Android devices as early as possible. Finally, Google can add some vendor or original equipment manufacturer (OEM) features for other Android partners to use. Once created, Google continues to update the ACK branch to include not only bug fixes for Android specific code, but also to integrate the LTS merge content of the upstream kernel branch. For example, the Linux kernel vulnerability disclosed in the July 2024 Android security bulletin will be fixed through these updates. However, it is not easy to distinguish a bug fix from other bug fixes, as a patch that fixes a bug may also accidentally plug a security vulnerability that the submitter did not know about or chose not to disclose. Google does its best to recognize this, but it inevitably misses the mark, resulting in bug fixes for the upstream Linux kernel being released months before Android devices. As a result, Google has been urging Android vendors to regularly update the LTS kernel to avoid being caught off guard by unexpectedly disclosed security vulnerabilities. Clearly, the LTS version of the Linux kernel is critical to the security of Android devices, helping Google and vendors deal with known and unknown security vulnerabilities. The longer the support period, the more timely security updates Google and vendors can provide to devices.
South African rand stable as markets await US interest rate hints
JOHANNESBURG, July 9 (Reuters) - The South African rand was little changed in early trade on Tuesday, as markets awaited the Federal Reserve chair's testimony in Washington and U.S. June inflation data for clues on the country's future interest rate path. At 0644 GMT, the rand traded at 18.1300 against the dollar , near its previous close of 18.1175. "The rand has opened marginally softer at 18.13 this morning, and we expect trading to remain range-bound in the short term," said Andre Cilliers, currency strategist at TreasuryONE. Markets will listen to the tone of Fed Chair Jerome Powell's testimony in Washington on Tuesday and Wednesday and look to June inflation data out of the U.S. later this week for hints on the future interest rate path in the world's biggest economy. "Analysts will be gauging the Fed's response to the recent softer U.S. economic and labour data, with markets already starting to price in two rate cuts this year," Cilliers added. The risk-sensitive rand often takes cues from global drivers like U.S. economic policy in the absence of major local factors. South Africa's benchmark 2030 government bond was slightly stronger in early deals, with the yield down 1 basis point at 9.74%.