"An IT expert sacked for lying on his CV hacked into his company's computer system to spy on his former colleagues - and deleted vital information which led to the loss of jobs. Julius Oladiran, 46, was dismissed from after his employers discovered his boasts of a master's degree, and top...
"A teenage hacker, known in the digital underground as GMZ, claims he obtained access to the micro-blogging site’s admin controls using a brute force dictionary attack. After guessing the login identity of an administrator, in part based on the large number of people she followed, GMZ ran an automated password guessing...
"Tolley wouldn't say what banks were affected by the hack, but the majority of these five million customers were CheckFree's own users, she said. In total, about 42 million customers access CheckFree's bill payment site, she said. Customers who went to CheckFree's Web sites between 12:35 a.m. and 10:10 a.m. on...
"MacRumors, one of the many sites which cover Apple's annual Macworld product launches, has had its live coverage infiltrated, with someone adding the false news of Steve Jobs's death to the blow-by-blow reports."Here's the very amusing screenshot of the incident.http://cache.gawker.com/assets/images/gawker/2009/01/macrumorshacked.jpgRead more: http://valleywag.gawker.com/5124580/hackers-post-faked-report-of-steve-jobss-death
"After the Mumbai terror strikes, anti-India elements in Pakistan are now planning an attack on Indian computer networks, intelligence agencies have warned. Already Pakistani hackers are trying out a dry run against Indian networks through popular websites registered there after the Mumbai terror strikes, Home Ministry sources told PTI here today....
"Israeli military forces have reportedly hacked into a Hamas-run TV station to broadcast propaganda. The hijack of the Al-Aqsa television station last weekend represents the latest phase in a war in cyberspace that has accompanied the ongoing conflict in Gaza. Al-Aqsa is known for featuring allegedly antisemitic childrens' cartoons as part...
From Twitter's blog"The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend. These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their...
The Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people’s personal computers without a warrant. The move, which follows a decision by the European Union’s council of ministers in Brussels, has angered civil liberties groups and opposition MPs. They described it as...
"It didn't take long after Israel's bombing of Gaza began for cyberwarfare to erupt as well: over 300 Israeli Websites over the past few days have been hacked and defaced with anti-Israeli and anti-US messages in an online propaganda campaign, a security expert says. Gary Warner, director of research in computer...
UPDATE: I've added a link to the presentation slides and some other sites providing coverage of this.The following paper was published today at the CCC conference by Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger. "We have identified a vulnerability in the...
"Data breaches continued to make their very public mark on cybersecurity news in 2008. And this time it wasn't TJX making headlines. Despite being PCI compliant, Hannaford Brothers supermarkets announced that 4.2 million credit and debit card numbers were pilfered from its servers. We also learned in 2008 that attackers aren't...
"The State Bank of India, the country’s largest bank, has had to shut down its corporate website after overseas hackers tried to break in.While the bank said that transactions took place through www.onlinesbi.com, a senior SBI source said that the transactions were slow as the entire system was under watch. The...
"The heat in Max Butler's safe house was nearly unbearable. It was the equipment's fault. Butler had crammed several servers and laptops into the studio apartment high above San Francisco's Tenderloin neighborhood, and the mass of processors and displays produced a swelter that pulsed through the room. Butler brought in some...
"German researchers have discovered more than 300 cybercrime servers full of stolen credentials on more than 170,000 people -- and it is only the tip of the iceberg, they say. Researchers at the University of Mannheim's Laboratory for Dependable Distributed Systems were able to access nearly 100 so-called "dropzone" machines, and...
"A glaring vulnerability on the American Express website has unnecessarily put visitors at risk for more than two weeks and violates industry regulations governing credit card companies, a security researcher says. Among other things, the cross-site scripting (XSS) error on americanexpress.com allows attackers to steal users' authentication cookies, which are used...
"At Drexel University and a handful of other colleges, students created computer scripts to sway the contest—an online vote to nominate a university to receive its own clothing line—in their campuses’ favor. Tim Plunkett, a junior at Drexel, created a script that could cast 1,500 votes per second, according to The...
"Kaspersky reports that the crackers are adding a JavaScript tag to the html of hacked sites. This causes surfers visiting the site to pull content from one of six gateway sites, which redirect to a server hosting malware located in China. A range of exploits are hosted on this site designed...
Both the Redhat and Fedora servers have been hacked by an attacker who has not only gained access to these systems, but may have also deployed rogue packages and signed them with Redhat's private key. Redhat has provided a script for users to check to see if the compromised packages have...
"The latest high trafficked web site to fall victim into the continuing waves of massive SQL injection attacks courtesy of Sony PlayStation's site SQL injected copycats and the ASProx botnet, is Sony's PlayStation U.S site according to a recent post at SophosLabs's blog" - ZDNet Article Link: http://blogs.zdnet.com/security/?p=1394
Normally I don't post news about specific website issues however this was a great example of why you need to protect your webserver from local networks threats as well as remote. "Monday morning, Metasploit.com was temporarily hijacked using an attack on the local area network of Metasploit's hosting provider. Using what...
"A California man has been indicted for an inventive scheme that allegedly siphoned $50,000 from online brokerage houses E-trade and Schwab.com in six months -- a few pennies at a time. Michael Largent, of Plumas Lake, California, allegedly exploited a loophole in a common procedure both companies follow when a customer...
UPDATED Link to Steve's interview with CrYpTiC_MauleR added below. At first I wasn't going to post about this but since it doesn't seem to be dying I will. Long story short 1. A Low level techie finds weaknesses/vulnerabilities at the company he works for (TJX) 2. ?He reports these issues to...
"The Asprox botnet, a relatively small botnet known mainly for sending phishing emails, has been spotted in the last few days installing an SQL injection attack tool on its bots. The bots then Google for .asp pages with specific terms -- and then hit the sites found in the search return...
As reported by thereg Peter Gabriel's website was attacked this morning, this time at layer 1. From www.petergabriel.com "Real World, Peter Gabriel and WOMAD web services are currently off-line. Our servers were stolen from our ISP's data centre on Sunday night - Monday morning. We are working on restoring normal service...
"There’s been a lot of noise and violent thrashing over the last couple days regarding a flaw that was originally believed to be a flaw in Microsoft’s IIS (Internet Information Server), but has since been pointed out as simply a well thought out SQL Injection attack. For those of you who...
"Large numbers of legitimate Web sites, including government sites in the U.K. and some operated by the United Nations, have been hacked and are serving up malware, a security researcher said today as massive JavaScript attacks last detected in March resume. "They're using the same techniques as last month, of an...
"HACKERS have turned a bitchy blog about the world of women's magazines into a porn site. The blog by a mystery woman who calls herself “MagHag” has become a must-read for industry insiders, due to its salacious gossip about the editors of Madison, Vogue, Harper's Bazaar, Cosmopolitan and Shop Til You...
"Yes Cross Site Scripting (XSS) errors are all over the place. And YES they can affect very prominent web sites. The discussion forum area on Barackobama.com is allegedly the victim of a XSS exploit that redirected comments from Obama's site to....HillaryClinton.com. A hacker going by the alias of 'Mox' has claimed...
"When users visit a website like Wired.com, the DNS system maps the domain name into an IP address such as 72.246.49.48. But if a particular site does not exist, the DNS server tells the browser that there's no such listing and a simple error message should be displayed. But starting in...
"A software developer in the US used his programming skills to propose to his girlfriend by altering a copy of the game she was playing. Bernie Peng spent a month hacking the code in Bejeweled so that when Tammy Li attained a particular score a ring appeared along with the marriage...
"Unknown miscreants had a good time two weekends ago when they posted hundreds of flashing animated images onto discussion boards hosted by the Landover, Md.-based Epilepsy Foundation. Flashing lights or bold moving patterns can trigger often violent seizures among 3 percent of the estimated 50 million epileptics worldwide. "I was on...
"A security lapse on Facebook has allowed its users to gain access to vast libraries of private photographs, including one of Paris Hilton drinking beer with her friends. A Canadian hacker exploited a recent upgrade to the networking site's privacy settings to view pictures that were intended to be private, including...
"Hot on the heels of a recent hack in which 10,000 sites were compromised, researchers have disclosed a new large-scale attack.. Researchers at McAfee estimated that the attack has been active for roughly one week, and in that time frame has managed to place itself on roughly 200,000 web pages. Most...
TrendMicro had its website sql injected and malware uploaded. A simple google search for 'fuckjp.js' shows trendmicro listed. "A Trend Micro spokesman confirmed that the company's site had been hacked Thursday, saying that the attack took place earlier in the week. "A portion of our site -- some pages were attacked,"...
"A buffer overflow enabled hackers to exploit the Aurigma ActiveX image uploading software used by Facebook, MySpace and other social networking sites, " said Rachwald. "The bad news is that this exploit is being used in a hacker toolkit currently being offered for download on several Chinese language sites, meaning that...
"The Scrapkut worm uses active code injection to spread between victims and their friends on Orkut. The malicious code appears on a victim’s scrapbook, containing a link to a supposed YouTube video. People who click on the link are redirected to an external site hosting malware that's disguised as a Flash...
"Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) challenge-response systems, which are used to prevent accounts being created until a user correctly identifies letters in an image, are designed to ensure requests are made by a human rather than an automated program. The technique has been used...
"Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc. The paper estimates roughly 68,000 servers on the Internet are...
"Dmitri Galushkevich, 20, of Tallinn, was fined 17,500 Estonian Krooni ($1,641) on Wednesday after he was found guilty of launching an assault on the website of the Reform Party of Prime Minister Andrus Ansip and Estonian government systems. The fine is the equivalent of 350 days' salary, based on the minimum...
"The would be bank robbers had placed "advanced technical equipment" under the employee's desk that allowed them to take control of his computer remotely, prosecutor Thomas Balter Nordenman said in a statement. The employee discovered the device shortly after he realized his computer had started an operation to transfer "millions" from...
"If last November you googled one of thousands of innocuous and common search terms, such as "Microsoft excel to access" or "how to teach your dogs to fetch," you were in line for an Internet attack that infects PCs with spam senders, password stealers, and other kinds of nasty malware. Beginning...
The RIAA website was apparently vulnerable to a SQL Injection vulnerability and had it's website deleted. "It’s a weekend, and a holiday weekend to boot, so the site might stay this way for some time. Someone apparently used SQL injection to wipe, and we do mean wipe, the website of the...
"Five days ago, we wrote about the infection of several hundred websites that was unlike anything seasoned researchers had seen before. Mary Landesman, a cyber gumshoe who first brought it to public attention, asked for help from other security pros in figuring out how the unusual new technique worked. And help...
"An extremely convincing phishing attack is using a cross-site scripting vulnerability on an Italian Bank's own website to attempt to steal customers' bank account details. Fraudsters are currently sending phishing mails which use a specially-crafted URL to inject a modified login form onto the bank's login page. The vulnerable page is...
Jeremiah Grossman, Rsnakez0r, and myself put together a top web hacks of 2006 last year and this year we're soliciting public participation to submit what you think made the list for 2007. From Jeremiah's blog "As RSnake, Robert Auger, and I released in 2006, we’ll be putting together a Top 10...
"Six Czechs were charged Wednesday over an incident in June 2007 when a TV channel was hacked into, transforming scenes of a mountain beauty spot into a nuclear mushroom cloud, Czech TV reported. The six, all from the capital Prague, were charged with propagating false information and scaremongering after the stunt...
"Attackers have hacked the servers of Australian Web hosting provider MD Web Hosting (mdwebhosting.com.au), embedding malicious code to spawn "link farms" on its customers' sites, according to news site, Australian IT (australianit.news.com.au)." "The hackers gained access to about five servers which failed to have the correct security profiles. To make matters...
According to ISC orkut has been striken with a persistant XSS worm via the user profiles. Will be updating this as new information breaks so stay tuned! So far no news at the orkut blog UPDATE A few news articles have started to pop up regarding this. "Google's Orkut social networking...
Security vendor F-Secure was defaced a few days ago by a turkish defacement crew. "So how did this happen? The server itself is quite well hardened, but the web forum software had an unannounced security patch silently released by the vendor nine days ago. The defacement gang learned of the vulnerability...
"Most recently, Facebook has chased down three hackers who attempted to break into its site to access personal information back in June, according to InformationWeek. Although Facebook filed charges immediately following the attacks, up until now all the defendants have been John Does. The company managed to unmask three of them...
According to the Squirrelmail website some of the packages available for download on their site had been modified by an outside intruder. If you are running 1.4.11 or 1.4.12 you are urged to upgrade immediately. From their site "Due to the package compromise of 1.4.11, and 1.4.12, we are forced to...
"Facebook alleges that in June servers controlled by the defendants used automated scripts to make more than 200,000 requests for personal information stored on Facebook's site. The allegations are contained in an amended lawsuit filed earlier this month in U.S. District Court in San Jose, California. The company first filed suit...
"Introducing himself as Ólafur Ragnar Grímsson, the actual president of Iceland, Atlason found President George W. Bush's allegedly secret telephone number and phoned, requesting a private meeting with him. "I just wanted to talk to him, have a chat, invite him to Iceland and see what he'd say," Vífill told ABC...
"Hackers have succeeded in breaking into the computer systems of two of the U.S.' most important science labs, the Oak Ridge National Laboratory (ORNL) in Tennessee and Los Alamos National Laboratory in New Mexico. In what a spokesperson for the Oak Ridge facility described as a "sophisticated cyber attack," it appears...
" Britain's domestic intelligence agency is warning that cybercrime perpetrated by China is on the rise following hacking attacks against Rolls-Royce and Royal Dutch Shell. The agency, known as MI5, recently sent letters to some 300 banks, accounting and legal firms warning that "state organizations" of China were plying their networks...
"Italian authorities are holding the founder of WabiSabiLabi, an eBay-like online marketplace for buying and selling zero-day vulnerabilities. However, the arrest of Roberto Preatoni, reportedly on charges related to a well publicized Italian spying scandal, has not affected the organization's day-to-day operations, according to a statement released by the Switzerland-based group....
"It's the stuff of movies such as War Games but two California men accused of hacking into a University database system to change their grades face up to 20 years imprisonment. John Escalera, 29, and Gustavo Razo, 28, are charged (PDF) with conspiring together to increase their marks by manipulating California...
"SWAT officers expected to find a victim shot to death, drugs and a belligerent armed suspect when they surrounded the home of an unsuspecting couple, but found they were only a part of a false emergency call caused by a teenager who hacked into the county’s emergency response system, authorities said....
The Russian Business Network is an ISP in St. Petersburg allowing for hosting of 'anything'. "The Russian Business Network sells Web site hosting to people engaged in criminal activity, the security experts say. Groups operating through the company's computers are thought to be responsible for about half of last year's incidents...
Not that this is surprising but it appears rather then defacing sites outright attackers are now starting to target sites with adsense on them and replacing the codes in order to steal earnings. For those of you unfamiliar with adsense you stick a piece of javascript on your site with your...
"Instead of jamming radar signals, Suter uses a more sophisticated approach of "hacking" into enemy defences. "The technology allows users to invade communications networks, see what enemy sensors see, and even take over as systems administrator so sensors can be manipulated into positions so that approaching aircraft can't be seen," Aviation...
