Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Data Breach
Breaking News Data Breach

Do Organizations Fail to Care about your Medical data? UCLA Hacked



Hospital network of the University of California, Los Angeles was broke out by a team of hackers resulting in access of sensitive records of 4.5 million people.

According to the university, the data stolen includes names, Medical information, Medicare numbers, health plan IDs, Social Security numbers, birthdays and physical addresses.

This breach could have affected  people’s who has visited, or worked at the university's medical network, UCLA Health, that includes its four hospitals and 150 offices across Southern California.

The first attempt to hack the network was done in September 2014.  UCLA Health  announced on Friday - two months after it discovered the data breach. The university network alarm "detected suspicious activity," and UCLA Health called in the FBI for help.

"At that time, it did not appear that the attackers had gained access to the parts of the network that contain personal and medical information," UCLA Health said in a statement.

The hospital group is now notifying staff and patients, and offering them one year of identity theft recovery services.

Dr. James Atkinson, UCLA Hospital System's president, apologized to the public in a statement. And noted that hospital group is under constant attack from all over the world.

Organizations handling such kind of sensitive information should not only have physical security but also have a proper Cyber security protection. Organizations should understand importance of Cyber security before they fall victim to cyber attacks.
Read more »
Hackers Arrested
Cyber Crime hacker news Hackers Arrested

Vietnamese Hacker who stole identities of 200 million American, sentenced to 13 years

After breaking into the computers of several business entities and stealing the personal identification information of over 200 million Americans, a Vietnamese hacker has finally been sentenced for 13 years in prison.

The Department of Justice on Tuesday, released a report announcing that Hieu Minh Ngo, 25, bagged $2 mn from hacking and stealing the personal identification and selling it to other cyber criminals.

A District Court in New Hampshire finally sentenced Ngo on Tuesday for various fradulent charges, as reported by the Financial Times. Ngo was arrested in february 2013, soon as he entered America.

Back in his home in Vietnam, Ngo was active from 2007 till 2013, for breaking into computer systems and stealing identifiable information like Social security numbers, credit card details, bank account, phone numbers, and advertising about the data on his websites, from where the fellow hackers used to buy the information.

A press release by the Justice Department specified that 'Ngo admitted that he offered access to PII (personally identifiable information) for 200 million U.S. citizens, and that more than 1,300 customers from around the world conducted more than three million "queries" through the third-party databases maintained on his websites'.

The Internal Revenue Service stated that the information sold on Ngo's website to other hackers was used to file income tax returns for more than 13000 people, who saw $65 million returned on their behalf.

'Criminals buy and sell stolen identity information because they see it as a low-risk, high-reward proposition,' Assistant Attorney General Leslie Caldwell said a statement.
'Identifying and prosecuting cyber criminals like Ngo is one of the ways we're working to change that cost-benefit analysis.'

The US Office of Personnel Management revealed that the hackers have stolen more than 21.5 mn social security numbers till now, and out of them 1.1 mn include fingerprints.

Sentencing Ngo has finally taken an initiative for stopping cyber crimes that are breaching the personal identity of civilians.
Read more »
Cyber Crime
Breaking News Cyber Crime

FBI takedown biggest malware marketplace 'Darkode'

Federal Bureau of Investigation  announced the takedown of ‘Darkode’, an international malware marketplace, on Wednesday.

Darkode was a secretive, password protected society of elite hackers, and this forum was used as a meeting place, and place to purchase and trade of hacking tools since 2008.

FBI arrested people from  20 countries and indictments for 70 individuals, including 12 in the U.S., from Wisconsin to Louisiana.

U.S. Attorney David J. Hickton said, “The FBI has effectively smashed the hornets' nest and we are in the process of rounding up and charging the hornets."

Adding to this Hickton explained how Darkode was one of the greatest threats to online security, mentioning one forum member who put up software (for a price of $65,000) that can take over cellphones. He said that how a user offered the ability to steal and sell lists of friends on Facebook.

According to the FBI’s Special Agent in Charge Scott S. Smith the arrests came after a two-year of undercover operation that infiltrated the forum.

The Pittsburgh Post-Gazette explains how the investigation started: "Following a lead generated in Pittsburgh around 18 months ago, the FBI cybersquad here launched Operation Shrouded Horizon. The bureau's local office assembled a coalition that started domestically with the bureau's offices in Washington, D.C., San Diego, New Orleans and San Francisco, and extended to online enforcement teams in 20 countries, including numerous European countries, Israel, Australia, Colombia, Brazil and Nigeria."

Federal officials say the investigation into Darkode is continuing.
Read more »
Vulnerability
Vulnerability

United Airlines awards hackers millions of miles for reporting bugs

United Airlines  has awarded “millions of frequent flier miles” to hackers who have found out gaps in the carrier's web security, in a first for the U.S. airline industry, according to a report published on Reuters.

However, some tweets from those hackers have said that they have got small awards than the company had announced.  

“Well that answers that question. Found out which of my two bugs was worth a million because the other is apparently worth 250k,” one of the tweets posted by Jordan Wiens @psifertex.

It is also said that some terms of the agreement does not allow Wiens from disclosing the bug he had discovered.

On the other hand, the company concerned confirmed with Reuters that it has paid out two awards worth 1 million miles each, worth dozens of free domestic flights on the airline.

 "We believe that this program will further bolster our security and allow us to continue to provide excellent service," the United said on its website.

“It has hoped to trailblaze in the area of airline web security by offering "bug bounties" for uncovering cyber risks. Through the program, researchers flag problems before malicious hackers can exploit them. The cost can be less than hiring outside consultancies,” the news report read.

The Trade group Airlines for America said in a statement that all the United State carriers should conduct tests to make sure, if their systems are secure.

Beyond the Bug bounty program, the company also has tested systems internally and engaged cyber security firms to keep its websites secure.


Read more »
Security data breach
Data Breach Featured Security data breach

Credit card data breach at Online Photo service, customers of CVS, Walmart Canada and others affected


Consumer Value Stores (CVS), which is the second largest pharmacy chain after Walgreens in the United States with more than 7,600 stores, has temporarily taken down its online photo center CVSphoto.com after a hacking attack.


 “We have been made aware that customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised,” the company posted in its website’s homepage content.


Brain Krbes pointed out in his blog that other companies already reporting similar data breach and took down their webpages related to the online photo service.

Those online photo services have been maintained by a company called PNI Digital Media.

Companies including Costco, Walmart Canada, Rite Aid displayed a message in their photo site informing about the security breach.

In a noticed displayed on the Rite Ad's photo site, it is said that information including name, address, phone number, email IDs, photo account password and Credit Card data affected

However, Rite Ad said "PNI does not process credit card information on Rite Aid’s behalf and PNI has limited access to this information."

The Consumer Value Stores said Financial transactions done on their main website CVS.com and in-store are not affected.
Read more »
Hackers Arrested
Cyber Crime Hackers Arrested

Hacker who sold Madonna song sentenced to 14 months in prison

Adi Lederman has been sentenced to 14 months in prison in Israel after being found guilty of selling and stealing singer Madonna's unreleased songs.

He was also fined 5,000 shekels, which comprehends to about $3900. The court has sad that an appropriate punishment will deter this kind of incidents in the future.

Madonna's latest album Rebel Heart was leaked on the internet last year. At the time she said' “I have been violated as a human and an artist.”

Later she later six songs, calling it an “early Christmas gift” for her fans.

Lederman was arrested earlier this year and agreed to a plea deal after confessing the crime.
Read more »
Hacking News
Breaking News Hacking News

Epic Games shut down its website after a hack



Epic Games,  an American video game development company based in Cary, North Carolina, now associate of Chinese Tencent Holdings, has taken down its website after they had discovered it's forums (forums.epicgames.com) were “compromised by a hacker”.

The company is now sending emails to its Epic Games Forum members informing them about that of their forums have been taken offline. 

“We are sorry to report that the incident may have resulted in unauthorized access to your username, email address, password, and the date of birth you provided at registration,” the email reads.

The company has said that there is a possibility of any information stored or sent by its users’ using the forums may have been accessed.

However, the company has not collected or maintained any financial information. It has advised its user to be alert for suspicious email such as phishing attempts.

It has said that when the site reopens, the forum member’s password will be reset.

“If you use the same password on this site which you use on other sites, we recommend immediately changing your password on those sites as well,” the email explained.

It is said that the affected forum site covers UDK, Infinity Blade, Gears of War, Bulletstorm, and prior Unreal Tournament games but the separate forum sites covering Unreal Engine 4, Fortnite, and the new Unreal Tournament were not affected.

“To further understand what’s happened and prevent it in the future, we’re working with a computer security firm to identify the nature of the compromise. We will report further information on the forums when they reopen,” the company explained in the mail.
Read more »
Vulnerability
Vulnerability

Software bug affects cars, opens doors without warning

A software bug has been discovered by Land Rover in two of its cars. The issue is about a bug in the system that can unlock the doors of the car without warning to the driver.

The company will recall vehicles and do the necessary repairs without any charge to the customers.

The bug affects two models of Land Rover, the Range Rover and Range Rover Sport. 65,000 vehicles have been recalled due to this.

The company has placed ads in newspapers and is contacting the owners to call them in for the recall.
Read more »
Flash Exploits
Breaking News Flash Exploits

Mozilla blocks vulnerable Adobe flash versions


A day after Facebook’s newly appointed Chief Security Officer Alex Stamos took to Twitter to call for more rapid moves to force Flash’s extinction as the plugin was reportedly being used to spread malware on users’ systems via security exploits, the head of Firefox Support has claimed to have blocked all the vulnerable versions of Adobe Flash in its Firefox browser.

On July 14, Mark Schmidt, head of Firefox Support posted on twitter, “BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now.”

According to a news report published on TheNextWeb, three major Flash vulnerabilities were discovered during security firm Hacking Team’s leaked 400GB worth of documents, which allow malicious files to execute code and install malware on victims’ computers and product source code leaked online.

“Mozilla has noted that Flash will remain blocked until Adobe releases a version that isn’t being actively exploited by publicly known vulnerabilities,” the report read.

It is also said that Mozilla is trialing Shumway, an HTML5-based efficient renderer for the SWF format that’s used with Flash files.
Read more »
Cyber Crime
Cyber Crime

Schoolboy hacker who 'launched DDOS attacks against worldwide organizations' walks free

In 2001, several global organisations including BBC, faced cyber attacks by a teenage geek named as 'Narko', who "almost broke the internet" just sitting in his bedroom and was walking free on the streets after such a felony.

Seth Nolan-Mcdonagh was introduced to the world of hacking at the age of 13, by a group of online hackers who were at that time breaking the integrity of websites using a technique called 'Distributed Denial of Service' or DDOS for short.

The scam bagged £70,000 for Narko, who then quit school and joined the hacking fraternity after losing contact with the 'real world'.

Narko came back into limelight in 2013, when he successfully attacked Spamhaus, a spammer database for email service providers. He then chose a bigger target; CloudFlare, a service that prevents online assaults, which was considered as the biggest DDOS attack of that time.

In 2015, Seth was finally produced in front of the Southwark Crown court for the sentencing of the young felon.

The young hacker has already been pleaded guilty to two counts of unauthorized modification of computer material and one count of possessing articles for use in fraud.

In addition to these charges, he has also admitted that he transferred criminal property and possessed 924 indecent photos of children.

Seth was sentenced guilty by Judge Jeffrey Pegden, who stated that he had committed serious crime and that too at the tender age of 13. And all the attacks caused by him were committed at the time when he hadn't been of age. Thus, his sentence was announced while taking him into consideration as a youth.

Judge Pegden also notified the fact that his age while committing the offenses as well as the evidences showing that he was suffering from a mental illness, played a significant role.

Though, it has been said that he has 'improved' a lot ever since he has been sent to rehab, a question still arises about the assurance of a hacker who has seen the lavishside of hacking.
Read more »
Zero Day exploit
Featured Java Exploits Vulnerability Vulnerability report Zero Day exploit

Disable Java in your browsers, if installed as researchers spotted new Java based Zero-day Exploit


Researchers from Trend Micro have found out suspicious URLs that hosted a newly discovered Zero-day exploit, which refers to a hole in software that is exploited by hackers before the vendor becomes aware of it, in Java.

Brooks Li, a threat analyst and Feike Hacquebord, a senior threat researcher, who spotted this exploit, said that this was the first time in nearly two years that a new Java zero-day vulnerability was reported.

The researchers came to know about this exploit after receiving a feedback in their  Smart Protection Network.

According to the report, this new zero-day Java Exploit is being used in spear-phishing attacks targeting a certain forces of NATO country and a US Defence Organization
This zero-day bug affects only the latest Java version 1.8.0.45 not the older versions, Java 1.6 and 1.7.
The vulnerability is still not patched by the company concerned.

According to the report, the URLs hosting the new Java zero-day exploit are similar to the URLs seen in the attack launched by the threat actors behind Pawn Storm that targeted North Atlantic Treaty Organization (NATO) members and White House last April 2015.

The researchers have asked the users to disable Java in browsers if installed due to an application.
Read more »
Subscribe to: Comments (Atom)