NATO Server Hacked, Files Published
You know, that just has to suck. I was a little late getting around to talking about this story (and dozens of others). The hackfest free for all seems to continue unabated. A zero day is at the root of this problem apparently. One that it isn’t in the wild.
Lulz attacks: US orders review as Senate site hacked
US officials said they have ordered a security review after hackers managed to break into the Senate website at the weekend. An official said the incident had been “inconvenient”, but had not compromised the security of the staff. The confirmation came after Lulz Security, a loosely aligned group of hackers, said it had carried out the attack for fun and posted files online.
Citi Credit Card Data Breached for 200,000 Customers
Citigroup said Thursday hackers acquired personal information on about 200,000 credit-card holders, the financial institution’s second announced breach this week. The attack, first reported by the Financial Times, comes amid a host of cyber intrusions into well-known companies, including Google, Sony, EMC, Lockheed Martin and L-3.
Sony now 'hyper vigilant' regarding user account security
Considering the fallout from recent hack attacks made against several of Sony’s entertainment properties, it comes as little surprise to learn that the Japanese electronics giant is ramping up its online protection.
More pointedly, the president of Sony Computer Entertainment Europe (SCEE) has said the company is now being “hyper vigilant” where the security of user data is concerned.
…
“We’ll try our absolute best to try and make our system as secure as we possibly can,” he added.
So either Sony didn’t try their absolute best before or he is saying everything remains at status quo?
Why we secretly love LulzSec
Although large sections of the security community will deny it if you ask them, they’re secretly enjoying watching LulzSec’s campaign of mayhem unfold. So far the “hacker group” has penetrated systems owned by Sony, PBS, the “FBI affiliate site” Infragard, security company (hah!) Unveillance and Nintendo, among others. They’re posting proprietary developer code. They’re bringing back Tupac and Biggie. They’re advising Nintendo on more secure httpd configurations. And they’re issuing funny press releases via Twitter and Pastebin.
Report: Norwegian Military Hit by Cyber Attack in March
The Norwegian military has admitted it was hit by a “massive” phishing cyber attack in March, according to a report from Techworld.com. The attack began in an e-mail sent to select members of the defense ministry from what appeared to be another Norwegian government agency. An enclosed attachment containing a virus was discovered, warnings were issued and no classified information was taken, the military.
Gmail Hackers Phished Victims for Months
An independent security researcher who was among the first to investigate a large scale phishing attack aimed at U.S. government and military personnel says that attackers controlled victim accounts for months and repeatedly phished victims during that time. Mila Parkour, a Washington D.C. based independent says that victims of the account takeovers were repeatedly phished over almost a year by attackers believed to be located in China. Parkour said in an instant message conversation with Threatpost on Thursday that the group or individuals responsible for the attack controlled those accounts for more than a year and repeatedly targeted both the legitimate account owner and his or her associates during that time.
A Weiner Schnitzel
Congressional member and famous womanizer, Anthony Weiner was caught sexting a picture of his penis to a coed via Twitter. He claims it was a prankster who did it, by hacking his account. Indeed, the guy who broke the story, @PatriotUSA76, has also been Twitter-stalking the congressman for the last month. What’s the likely truth? It’s impossible to say. Celebrities famous for their womanizing are frequently caught sexting pictures. At the same time, hackers frequently break into celebrity accounts and cause mischief. The back-story (the womanizing, the stalking) supports either conclusion equally.
DroidDream Returns, Dozens of Apps Pulled From Android Market
Researchers have identified a second large batch of apps in the Android Market that have been infected with the DroidDream malware, estimating that upwards of 30,000 users have downloaded at least one of the more than 30 infected apps. Google has removed the apps from the market. There are at least 34 applications that researchers have found in the Android Market in the last few days that had a version of the DroidDream malware dropped into them. Once a user installs one of the infected applications, the malicious component, which researchers have dubbed DroidDream Light, will kick in once the user receives an incoming call. The malware then gathers some identifying information from the phone, including its IMEI number, IMSI number, packages installed and other data, and then sends it off to a pre-configured remote server.
Lockheed Martin: They got nothing... all our systems remain secure
In a statement addressing reports of attacks on its systems, Lockheed Martin, the largest military contractor in the world, has stated that it did in fact detect attempts to breach the network, but noted that they were unsuccessful. Located in Bethesda, Md., Lockheed employs more than 126,000 people the world over, and generated nearly $45.8 billion USD in sales last year. Most of this money came from the Pentagon, where Lockheed is the leading supplier of technology and hardware.
Lockheed Martin investigates possible link between cyber attack and RSA data breach
US-based global defence firm Lockheed Martin says it has beefed up security around remote access to its IT network after a “significant and tenacious attack” on 21 May, which could be linked to an earlier breach at security firm RSA. Lockheed maintains that its systems remain secure and that no customer, project or employee personal data was compromised in the attack, reported a week after the event. “The company’s information security team detected the attack almost immediately, and took aggressive actions to protect all systems and data,” Lockheed said in a statement.
Seven security incidents in two months - Sony’s nightmare grows - Security
It seems that Sony has had to deal with one embarrassing incident after another recently. Like piranha swarming someone injured in a river, it looks like everyone is testing Sony’s security defenses. What does this mean for Sony? Assuming it’s hurt at all by these incidents, can their reputation be salvaged?
Hackers hit Sony sites raising more security issues [5 times a charm?]
Sony Corp has been hacked again, exposing more security issues for the company less than a month after intruders stole personal information from more than 100 million online user accounts. A hacked page on a Sony website in Thailand directed users to a fake site posing as an Italian credit card company. The site was designed to steal information from customers, Internet security firm F-Secure disclosed on Friday.
Report: PSN password resets exploited, accounts compromised again
Just two days after the PlayStation Network was restored after a near month-long outage, the PSN password page has apparently been exploited. According to reports, the exploit allows other users to reset your account password using only your e-mail address and date of birth. This personal data was made available to hackers during the initial PSN attack.
Catching authTokens in the wild
In a recent blog post Dan Wallach outlined some of the risks of using Android smartphones in open Wifi networks. He found that some Android applications transmit data in the clear, allowing an attacker to eavesdrop any transmitted information. Besides third-party apps, such as Twitter or Facebook, also the Google Calendar app transmitted unencrypted information. Wallach stated that “an eavesdropper can definitely see your calendar transactions and can likely impersonate you to Google Calendar”. A fact that also applies to Google Contacts as another blog post revealed.
