OpManager: A single console to manage your complete IT infrastructure. Click here for a 30-day free trial.
Welcome Guest | Sign In
LinuxInsider.com
Other Shoe Drops in CyberVor Hack Attack
September 02, 2014
Domain name registrar Namecheap on Monday reported that it was besieged Sunday night by cyberattackers who employed username and password data possibly stolen by the so-called CyberVor hacker gang. "CyberVor" is the name Hold Security used last month when it reported the theft of 1.2 billion online credentials. However, the "vast majority" of the malicious login attempts were unsuccessful.
Victimized Celebs Blamed for Their Indecent Exposure
September 02, 2014
Apple on Tuesday issued a statement blaming the posting online of more than 100 celebrities' photos in various stages of dishabille on a highly targeted hack attack to gain access to their usernames, passwords and answers to security questions. None of the cases investigated resulted from any breach in the company's systems, including iCloud or Find my iPhone, Apple maintained.
Russian Hackers Sack US Banks: Report
August 29, 2014
Hackers appear to have stolen data from JPMorgan Chase and at least one other U.S. bank in retaliation for economic sanctions against Russia. The raid on the banks' computer systems reportedly resulted in the theft of gigabytes of sensitive data. JPMorgan did not confirm the incident. However, the FBI is conducting an investigation into reports of cyberattacks on U.S. banks.
Hacker Attacks on Healthcare Providers Jump 600 Percent
August 28, 2014
The recent data breach at Community Health Systems, in which Chinese hackers stole the personal information of 4.3 million patients, was another sign of a disturbing trend: Healthcare providers are coming under cyberattack at an alarming rate. "We've seen a 600 percent increase in attacks on the healthcare sector in the last 10 months," said Carl Leonard, senior manager at Websense Security Labs.
Sony DDoS Attack May Have Been Smokescreen
August 25, 2014
Sony's PlayStation and Sony Entertainment networks were taken down over the weekend by a distributed denial of service attack. The hackers, who call themselves the "Lizard Squad," also forced authorities to divert a plane Sony Entertainment president was on by tweeting that there might be a bomb on board. A hacker with the handle "FamedGod" later claimed responsibility for the DDoS attack.
OS Flaw Leaves Android Wide Open for App Hack Attacks
August 22, 2014
A flaw in Android's GUI framework let university researchers hack into applications with up to 92 percent success. They tested apps from Gmail, H&R Block, Newegg, WebMD, Chase Bank, Hotels.com and Amazon. "Changes in the shared memory side channel allow an attacker to infer if there is an activity transition going on in the foreground," said researcher Zhiyun Qian, an assistant professor at UCR.
Security Researchers Lay Bare TSA Body Scanner Flaws
August 22, 2014
The U.S. Transportation Security Administration, part of the Department of Homeland Security, has spent more than a billion dollars on full-body scanners designed to strengthen airport security. It turns out that at least one model of scanner in use for four years -- the Rapiscan Secure 1000 full-body scanner -- easily could have been foiled by a savvy bad actor.
Is Open Source an Open Invitation to Hack Webmail Encryption?
August 21, 2014
In a move influenced by Edward Snowden's revelations about the NSA's email snooping, Yahoo and Google last week announced that they were cooperating on end-to-end encrypting their webmail products. While the open source approach has proven its value over and over again, the idea of opening up the code for security features to anyone with eyeballs still creates anxiety in some circles.
Russian Gang's Credentials Theft Exposes Web's Wild, Wild West Side
August 12, 2014
News that a Russian gang has stockpiled more than a billion purloined user name and password combinations has revved up the Internet's reputation as a post industrial Wild, Wild West. Just how much havoc will be raised by the gang remains to be seen. The data thieves so far appear content to use their ill-gotten trove for spamming, according to Hold Security, which discovered the credential cache.
Cyberspies Help Themselves to DHS Contractor's Data
August 08, 2014
USIS, the contractor that did the background checks on Washington Navy Yard shooter Aaron Alexis and NSA leaker Edward Snowden, on Thursday reported that its computer systems have been breached. "Our internal IT security team recently identified an apparent external cyberattack on USIS' corporate network," said US Investigation Services in a statement.
Russian Cybergang Stockpiles 1.2B Unique Stolen Credentials
August 07, 2014
A Russian cybercriminal gang so far has stolen 4.5 billion credentials, of which 1.2 billion appear to be unique, Hold Security has announced. The credentials belong to more than 500 million email addresses. Two reports released Tuesday may help explain why the cybergang was so successful. About 92 percent of the 800 top consumer websites evaluated failed the OTA's 2014 Email Integrity Audit.
WiFi Insecurity: Crying Wolf or Big Bad Wolf?
August 07, 2014
Can a hacker take over a passenger jet by sneaking in through its WiFi or in-flight entertainment system? The possibility of that occurring, as suggested by cybersecurity firm IOActive, has security experts hot under the collar. Ruben Santamarta, principal security consultant at IOActive, is scheduled to present the team's findings Thursday at the Black Hat security conference.
Retailers Harassed by Backoff Malware
August 05, 2014
The U.S. Department of Homeland Security last week sounded an alarm warning retailers of a family of malicious programs aimed at compromising point-of-sale systems. Attackers used such software last year in massive data breaches that nicked millions of consumer records at Target and Nieman Marcus. Variants of the Backoff family have turned up in at least three forensic investigations.
Tor Has Been Breached - What Now?
August 01, 2014
News that two Carnegie-Mellon CERT researchers have developed an inexpensive way to breach the Tor network has the project, privacy advocates, and probably criminals who use the network equally concerned. The Tor Project posted has advised relays to upgrade to Tor 0.2.r.23e or 0.2.5.6-alpha to close the protocol vulnerability used by the researchers.
That Innocent Little Thumb Drive Could Be Big Security Trouble
August 01, 2014
USB flash drives could be at risk of a pernicious attack on their firmware. Over the past two decades, USB devices, aka "thumb drives," have proliferated all over the world, because USB has proven to be a versatile standard. That versatility, though, also makes USB devices vulnerable to what could be a very nasty firmware attack, noted Karsten Nohl and Jakob Lell of Secure Research Labs.
Hackers Back to Their Old Tricks
July 30, 2014
Old tricks that have helped hackers penetrate computers for months or longer worked again last week at Goodwill and Stubhub. Taking a page from the gang that pillaged payment card and personal information from Target last year, hackers clipped payment card information from an undisclosed number of Goodwill Industries International customers. It's believed point-of-sale systems were compromised.
Android's Fake ID Could Put Millions in Jeopardy
July 30, 2014
An Android vulnerability that exists in every version from v2.1 Eclair to v. 4.3 Jelly Bean could expose millions of users, Bluebox Security has warned. The flaw lets attackers fake the certificates of specially privileged parties, such as Adobe and Google Wallet, and serve them up with malware that bypasses detection by Android. Attackers then can take over every app running on an Android device.
Chinese Turn the Screws on Microsoft
July 28, 2014
China is ramping up its campaign against Microsoft, following its ban in May on the installation of Windows 8 on government computers. Officials of China's State Administration for Industry & Commerce reportedly have made unannounced visits to Microsoft offices in Beijing, Shanghai, Guangzhou and Chengdu. They apparently questioned staff in at least one office.
iOS Insecurity - Designed by Apple?
July 22, 2014
The long-held belief that Android is the least secure of mobile OSes was shattered by security researcher and expert iOS hacker Jonathan Zdziarski over the weekend. Zdziarski unveiled a host of iOS vulnerabilities, the scope of which was staggering. They include undocumented services that bypass backup encryption and can be accessed both via USB and wirelessly.
Google's Project Zero Cybersecurity Watch: No Excuses
July 15, 2014
Google on Tuesday announced Project Zero, an effort to speed up the security bug-fixing process. A team of cybersecurity experts will go after vulnerabilities in any and all software, notify the vendors, and then file bug reports in a public database so users can track the issuance of patches. The Project Zero team has promised to send bug reports to vendors in as close to real-time as possible.
What's Eating Internet Security?
July 15, 2014
It's a given that hackers can and do penetrate websites with laughable ease, ranging from those of retailers to those of the United States government. It certainly doesn't help the security-minded to know that the U.S. National Security Agency and other countries' spy agencies, including the UK's GCHQ and the West German intelligence agency, are tapping into online communications at will.
Critical Infrastructure Companies Lack Cyberdefenses
July 11, 2014
Companies providing the world's critical infrastructure are woefully unprepared for cyberattacks despite the increasing threat level, evidenced by the release of the Stuxnet worm and the Shamoon virus in recent years, found a survey conducted by the Ponemon Institute and Unisys. Nearly 70 percent of the 599 surveyed companies in the past 12 months have reported at least one security breach.

See More Articles in Hacking Section >>
Facebook Twitter LinkedIn Google+ RSS