31. December 2013 12:24 by CA
A BBC FTP server ftp.bbc.co.uk was compromised by a Russian hacker and access to it touted online, say computer security researchers.
The hacker behind the attack on the internet-facing file store tried to sell access to the infiltrated system to other criminals on Christmas Day. Hold Security spotted someone trying to sell access to ftp.bbc.co.uk, according to Reuters.
The hacked service was used by reporters to file material from the field, and by advertisers to upload video to BBC Worldwide channels. The invaded computer was cleaned up over the weekend. More...
24. September 2013 11:06 by CA
On September 10th Apple announced the new iPhone 5s. With many new upgrades, there was one new additional feature that particularly drew the interest of both the media and consumer. It was the announcement of the new fingerprint biometrics
Apple’s Touch ID® is an easier way for the consumer to activate the feature and secure the contents of the device. As with all security related software, it is just a matter of time before someone breaks the code and designs a work-around. Ten days after the launch, the hacking team known as Computer Chaos Club (CCC) designed a work-around for the new fingerprint security system. The interesting thing is that the process CCC used to compromise the Touch ID security is an update to a well-known technique known in security circles for years.
4. June 2013 14:45 by CA
in Hack, IT Security
Scientists Billy Lau, Yeongjin Jang and Chengyu Song have invented a dangerous new “malicious charger” called Mactans, capable of infecting iPhones with any malware they choose under one minute
The Team will debut their evil plug at the Black Hat USA conference, which starts at the end of July. Describing their discovery, the team said: "Apple iOS devices are considered by many to be more secure than other mobile offerings. In evaluating this belief, we investigated the extent to which security threats were considered when performing everyday activities such as charging a device. The results were alarming.
2. June 2013 17:47 by CA
in IT Security
EMET is a toolkit provided by Microsoft to configure security controls on Windows systems making it more difficult for attackers to successfully launch exploits.
EMET doesn't take the place of antivirus or patch management, but it does provide an important set of safeguards against not only existing exploits, but also against future 0-day exploits which have yet to be developed or released. Even the best signature-based antivirus programs don't do a good job at protecting from 0-days.
EMET allows administrators to exercise fine-grained control over Windows' built-in security features in Windows 7 and higher, including:
1. June 2013 17:30 by CA
in Hack, IT Security
In a recent update, the Metasploit framework added a very interesting tool called mimikatz to its massive tool repository. The tool enables you to steal Windows credentials - The key feature of this tool is that it steals the credentials in clear text instead of just the password hashes.
If you do any research on the Windows authentication process you will quickly find out that Windows does not store a clear text version of your password. Windows only stores a hashed version of your password. Mimikats collects the credentials from the WDigest dll. The HTTP digest authentication and Simple Authentication Security Layer (SASL) authentication modules use the WDigest dll. Both of these authentication modules require the user's plain text password. Mimikatz takes advantage of this and is able to extract the credentials in clear text.
1. June 2013 14:05 by CA
in IT Security
Hackers are believed to have compromised the accounts of millions of users operating or developing the Drupal open-source content management system (CMS).
The Drupal Association says an individual or group has gained unauthorised access to the accounts on its Drupal.org and groups.drupal.org sites. Information exposed includes user names, email addresses, country information and hashed passwords.
Websites running the Drupal CMS, however, are not believed to be affected, Drupal Association executive director Holly Ross said. More...