Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Hackers Arrested
Cyber Crime Hackers Arrested

Two men, who developed Photobucket hacking software, charged with conspiracy and fraud

Two men were arrested on April 8 in the charge of conspiracy and fraud after breaching computer services of Colorado-based Photobucket, a company that runs an image and video hosting website, according to a statement by U.S Department of Justice (DoJ).

Brandon Bourret (39), from Colorado Springs, and Athanasios Andrianakis (26), from Sunnyvale, California, were arrested at their homes for hacking the system and sold passwords and access to private information on a photo-sharing website.

U.S. Attorney John Walsh for the District of Colorado (DoC) and Thomas Ravenelle, special agent in-charge for the Denver Division of the Federal Bureau of Investigations (FBI) announced that the two persons developed and sold a software application that allowed users to get through the privacy settings on Photobucket, which has more than 100 million registered users.

According to the statement, application users could secretly access and copy password-protected information and images without any permission from Photobucket's users.

“It is not safe to hide behind your computer, breach corporate servers and line your own pockets by victimizing those who have a right to protect privacy on the internet,” said U.S. Attorney Walsh in the statement.  The U.S. Attorney’s Office is keenly focused on prosecuting those people for their theft -- and for the wanton harm they do to innocent internet users.”      

“Unauthorized access into a secure computer system is a serious federal crime,” said Ravenelle in the statement.  The arrest of Brandon Bourret and his co-conspirator reflects the FBI’s commitment to investigate those who undertake activities such as this with the intent to harm a company and its customers.”

According to the statement, Bourret and Andrianakis both face one count of conspiracy, which carries a penalty of up to five years in federal prison and a fine of up to $250,000. They also face one count of computer fraud, which carries the same maximum penalty and less than five years in federal prison.

Similarly, they face two counts of access device fraud, which carries a fine of up to $250,000 and not more than ten years in federal prison, per count.

In addition, the U.S. Attorney’s Office and the FBI appreciated Photobucket for its cooperation from the inception of the investigation and thanked for its continued assistance as both the investigation and prosecution moves forward.


This case is being prosecuted by Assistant U.S. Attorney David Tonini. 
Read more »

US beauty products chain Sally Beauty investigates a possible data breach

US-based cosmetics and beauty retailer ‘Sally Beauty Holdings Inc.’ confirmed a possible data breach for the second time in a year, as it investigates reports of “unusual activity involving payment cards” in some of its stores.

After the reports, the Denton-based company said in a statement that it has been working with law enforcement and its credit card processor to ensure that the customers are protected from a possible data breach. It has also launched a comprehensive inquiry along with a forensic expert to gather data about this incident.

“Until this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers,” the statement reads.

The company reported its first violation of data in March when about 25,000 customers were affected. It was found that hackers had broken into Sally Beauty’s network and stolen at least 282,000 cards from the retailer.
The advertisement run by thieves who stole the Sally Beauty card data. (pic courtesy- Google images)

Three different banks contacted by KrebsOnSecurity made targeted purchases from this store, buying back cards they had previously issued to customers. The banks then wanted to find out whether all of the cards they bought had been used at the same merchant over the same time period. Each bank reported that all the cards had been used at Sally Beauty locations across the United States.
(picture courtesy- Google images)


Meanwhile, Edelman is aiding the beauty products chain as David Chamberlin, executive VP for Edelman in Dallas heading its data security and privacy group, leads the SBH account.


With revenues of $3.8 Billion annually, Sally Beauty distributes beauty products through 4,900 stores in more than a dozen countries including the United States, The United Kingdom, Brazil, Peru, Chile, Colombia, Belgium, France and Canada.
Read more »
IT Security News
IT Security IT Security News

Cisco fixes remote code flaw in its UCS Central software

Cisco System Inc, an American multinational corporation,  has released an advisory to address remote code execution vulnerability in its Unified Computing System (UCS) Central software, a networking giant which integrates processing, networking and storage into one system.


The company said that it could exploit by remote attackers to execute arbitrary commands on affected systems.

“Successful exploitation of the vulnerability may permit unauthenticated access to sensitive information, allow arbitrary command execution on the Cisco UCS Central operating system or impact the availability of the affected device,” Cisco wrote in its advisory on May 6.

“An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device," said the advisory. An exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.”

According to the advisory, the vulnerability was caused by the improper input validation (CVE-2015-0701) which allows an unauthenticated remote attacker to execute arbitrary commands on the underlying operating system with root privileges.

However, the company has failed to validate user input via its web framework, exposing the platform to remote attack in versions 1.2.

The company added that it is not aware of any public exploits as it hasn’t found any evidence to prove it.

The advisory said that the users can fix the vulnerability by updating the software which is provided by Cisco.

The company has urged its users to update to UCS Central software version 1.3. It has assigned the vulnerability its highest severity score of 10.

Earlier, Cisco released security updates for several of its products. Like Cisco Adaptive Security Appliance (ASA), Cisco Small Business SPA300 and SPA500 series IP phones, and IOS software.
Read more »
Data Breach
Data Breach

Data breach in casino's point of sale system


Possible data security breach in the FireKeepers Casino Hotel’s casino point of sale system, reports Battle Creek Enquirer.

The casino got to know about the security breach, after they received ‘a couples of calls’ from guests showing concern about their bank or credit card statements. Reacting immediately to the incidence, they started investigating into the matter.
There is no confirmation on exactly when the calls started and the number of people affected by this data breach.

Independent forensic team has been called to analyze the casino’s systems.
Vice President of Marketing Jim Wise, said that “FireKeepers has proactively replaced its point of sale equipment with equipment that is not tied to the casino’s systems. We've made the system safe by going to a new system. There’s not yet a timetable for the completion of the investigation.”

Read more »
Wordpress Security
Vulnerability Wordpress Security

Update your Wordpress, Prevent Your website from Being Hacked

WordPress has come up with its 4.2.2 version in order to increase its users security. It has also urged people to update their sites immediately.

Samuel Sidler, researcher at WordPress.org, wrote that the new version is aimed to address two security issues.

The first one is the Genericons icon font package, used in themes and plugins, which contained an HTML file vulnerable to a cross-site scripting attack. 

On May 7 all affected themes and plugins including twenty fifteen default theme have been updated by the WordPress security team after a DOM-based Cross-Site Scripting (XSS) vulnerability was discovered.

Security researchers from Sucuri warned that the vulnerability is being exploited in the wild days before disclosure.

Robert Abela of Netsparker reported that in a bid to protect other Genericons usage, WordPress 4.2.2 scans the wp-content directory for this HTML file and removes it.

Secondly, WordPress versions 4.2 and previous versions are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. So, WordPress 4.2.2 includes a comprehensive fix for this issue according to a separate report by Rice Adu and Tong Shi.

WordPress 4.2.2 also contains fixes for 13 bugs from 4.2.

People just have to download WordPress 4.2.2 or venture over to Dashboard. Then click “Update Now” button. 

Sites that support automatic background updates have begun to update to WordPress 4.2.2.
Read more »
Vulnerability
Featured Vulnerability

Major vulnerability in medical equipment poses security risk


The Internet enabled PCA3 drug infusion pump manufactured by Hospira suffers from authorization vulnerabilities that can allow unauthenticated users to remotely access and modify pump configurations, drug libraries and software updates.

The Hospira Life care infusion pump, version 5.0 and prior runs "SW ver 412". It does not require authentication for Telnet sessions, which allows remote attackers to gain root privileges via TCP port 23. By attaching any device to the pump via Ethernet, one can easily extract the wireless encryption keys stored in plain text on the device and thus gain access to the keys Life critical network.

The attacker can then impact the pump configurations or medical libraries by conducting firmware updates, command execution, and drug library updates.  However, Hospira maintained that the Operation of the Life Care PCA Infusion pump required the physical presence of a clinician to manually program the dosage into the pump for administration.

Even if credentials are implemented on the Telnet port there are still web services which allow a remote attacker to carry out the remote modifications. Even if that was made secure there are additional services like FTP that are open with hard coded accounts. 

Billy Rios, the independent researcher who discovered these vulnerabilities has been co-ordinating with Hospira since May 2014. A new version has been developed by Hospira which mitigates these vulnerabilities and is under U.S. Food and Drug Administration (FDA) review.

In defense, ICS-CERT  has advised organizations to ensure closure of unused ports, use of VPN, detaching of the pump from insecure networks and use of good design practices with network segmentation.

Impact of the vulnerability varies depending on each organization, so individual organizations need to evaluate and secure themselves based on their operational environment.
Read more »
Botnets
Botnets

27 year old Female hacker Arrested by ITCU

Recently, a 27 year old Female hacker was arrested by the Integrated Techological Crime Unit (ITCU) from her residence in Saint-Alphonse-de-Rodriguez. The ITCU believes that this individual is the origin of a botnet.

The female was using a Remote Administration Tool that would remotely takeover the computers infected with the botnet virus and spy on their using the webcam. She also communicated with some of her victims through their speakers.

The hacker also posted a video on youtube of herself hacking into others computers and trying to scare them.

Users have been requested by many to take necessary precautions so that they don't become victim of such attacks.
Read more »
Hacking News
Breaking News Hacking News

EllisLab urges its users to change their password after hack

EllisLab, a software development company, has urged all its users to change their password after hackers managed to gain unauthorized access to its servers on March 24 this year.

According to the company’s statement, in a bid to be safe from the hackers who might have stolen its members’, who are registered at EllisLab, personal information, it has asked people to change their EllisLab.com password.

The company said that the new users can also remove their account from the site. It is must, if anyone has sent his/her password via plaintext email instead of using the company’s secure form.

As the company form encrypts the passwords and removes them after 30 days, it is believed that those encrypted passwords would only be available to the hackers if anyone submitted it after February 24, 2015.

Similarly, if people have used their EllisLab.com’s password on other sites, they should change those too.

The company asked people to change the passwords periodically, and enable two-factor authentication whenever available. It also recommends tools which simplify the creation and use of unique passwords.

It is said that the hackers used a Super Admin’s stolen password to log in to the company’s site. The hacker then uploaded a common PHP backdoor script (a WSO Web Shell variant) that allowed them to control the company’s server. 

The company wrote that the Nexcess hosting prevented the "privilege escalation" attempt.  After getting alerts about the malicious activity, the unauthorized access had been shut down at the firewall level.

The company also thanks the Nexcess for their alertness and speed on their blog post.
Then the officials started dissecting the server logs to retrace hacker’s steps and learn how they got the access. They wrote that they had gone through all their files to remove what they added. 

The attackers had access to the server for three hours. Although the evidence does not show any stealing the database, the company prefers to be cautious and assume the hackers had access to everything.
Read more »
Security Breach
Security Breach

Hard Rock Hotel & Casino reports possible card breach

Hard Rock Hotel Las Vegas has issued a statement on May 1 in which they disclosed a security incident which may have affected the customer’s credit card information.

It said that the incident allowed hackers to access to information about credit or debit cards used at certain Hard Rock Hotel & Casino Las Vegas retail and service locations. 

The information affected the names, card numbers, and CVV codes. However, it does not have access to the PIN numbers or other sensitive customer information.

According to the statement, the incident was happened to credit or debit card transactions between September 3rd, 2014 and April 2nd, 2015 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant.

The attack did not affect transactions at the hotel, casino, Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tattoo or Reliquary Spa & Salon.

The hotel urged its customer to review their credit and debit card statements and report, if they notice any suspicious activity at their bank accounts.

It also informed that the customers are not responsible for unauthorised charges that are reported in a timely manner.
They wrote that in order to protect their customer’s identity, they have now engaged Experian®, the largest credit bureau in the US, which will offer the customers complimentary Fraud Resolution and identity protection for one year.

They said that Fraud Resolution assistance is available anytime however, customers are requested to activate the fraud detection tools, which is available through ProtectMyID® Elite. It provides superior identity protection and resolution of identity theft.


In order to activate ProtectMyID® , the customers have to request for an activation code through an email to hardrockhotel@protectmyid.com. Once they receive the code, they have to activate ProtectMyID® Elite at www.protectmyid.com/protect.
Read more »

Ryanair confirms a hacking scam in its bank account

Ryanair, a Dublin-based airline which is run by Michael O’Leary, confirmed about a hacking scam in which about $5 million (€4.6 million) was transferred via a Chinese bank from one of its bank accounts.

However, the airline is not ready to comment on anything as the issue has now gone in to legal proceedings.

According to a report published on The Irish Times the amount was stolen from the account last week through electronic transfer.

Only when the airline asked Criminal Assets Bureau (CAB) in Dublin, to help in its recovery via counterpart agencies in Asia, the incident came into light.

“The airline confirms that it has investigated a fraudulent electronic transfer via a Chinese bank last week,” wrote in a statement by the airline.

It said that the airline has been working with its banks and other stake holders to understand that the funds less than $5 million have now been frozen.

It is expected that the funds will be repaid soon. However, the airline has taken steps to ensure that this type of incident won’t happen again in the future.

As the airline uses dollars to buy fuel for its 400-plus Boeing 737-800 aircraft, it is believed that these funds have been tapped in this illegal transfer.

But there is still no clue about how the hacking scam was operated and the hacker.

The CAB has used its connections with similar agencies in Asia to trace the money.
Read more »
Security Breach
Breaking News Point of Sale Breach Security Breach

Harbortouch discloses a breach caused by malicious software


Harbortouch, which supplies point-of-sale (POS) systems to thousands of businesses across United States, disclosed a breach in which some of its restaurant and bar customers were impacted by a malware. The malware allowed hackers to get customer card data from the affected merchants.

A card issuer recently reported to KrebsOnSecurity about the concerned authority is ignoring the dangerousness of the breach. And the ignorance of the company would affect more than 4,200 Harbortouch customers nationwide.

Before the Harbortouch had revealed, many sources involved in financial industry suspected that there was a possibility of a breach at a credit card processing company.

According to an article published on  KrebsOnSecurity, the suspicion increased whenever banks realized card fraud that they could not easily trace back to one specific merchant.

Some banks wanted to know about the unrevealed fraud as stolen cards were used to buy goods at big box stores. They made some changes in the way they processed debit card transactions.  

United Bank recently issued a notice saying that in a bid to protect its customers after learning of a spike in fraudulent transactions in grocery stores and similar stores such as WalMart and Target, it has started a block in which customers will now be required to select ‘Debit’ and enter their ‘PIN’ for transactions at these stores while using their United Bank debit card.

Harbortouch issued a statement last week, in which the company said it has identified and contained an incident that affected a small percentage of its merchants. It also confirmed the involvement of malware installation on the POS systems. The advanced malware was designed in such a way that the antivirus program running on the POS System could not detect.

The Harbortouch however, removed the malware from affected systems shortly when the problem was detected.

Mandiant, a forensic investigator, helped the company in its investigation.

The company explained in the statement that it does not directly process or store card holder data and only a small percentage of their merchants got affected for a short period of time. 

Currently, the company’s officials are working with the parties concerned to notify the card issuing banks that were impacted. After that the banks can conduct heightened monitoring of transactions to detect and prevent unauthorized charges.

However, the sources at a top 10 card-issuing bank in the United States that shared voluminous fraud data with an author of KrebsOnSecurity on condition of anonymity, the breach extended to at least 4,200 stores that run Harbortouch’s the POS software.

Nate Hirshberg, marketing director at Harbortouch, said the statements are not true.
Read more »
Subscribe to: Comments (Atom)