Security Simplified ! - A Kaapagam Technologies IT Security Blog

Snapchat : 4.6 Million Usernames & Phone numbers Exposed

2. January 2014 10:28 by CA in Hack, Privacy Leak, Vulnerability

Mid December 2013, Researchers at Gibson Security published Snapchat code allowing phone numbers matching after the exploit disclosures were ignored as theoretical by SnapChat. It lloks like Hackers took GibSec disclosure more serious than SnapChat

 

On January 1, 2014, an anonymous user announced the release of SnapchatDB and 4.6 million usernames and matched phone numbers in a Hacker News post.

 

The Snapchat accounts - even those marked 'private' - were exposed in a database hack that Snapchat knew about for four months, ignored, then told press last week was only "theoretical."  More...

BBC FTP Server Hacked by a Russian Hacker

31. December 2013 12:24 by CA in Hack

A BBC FTP server ftp.bbc.co.uk was compromised by a Russian hacker and access to it touted online, say computer security researchers.

The hacker behind the attack on the internet-facing file store tried to sell access to the infiltrated system to other criminals on Christmas Day. Hold Security spotted someone trying to sell access to ftp.bbc.co.uk, according to Reuters.

 

The hacked service was used by reporters to file material from the field, and by advertisers to upload video to BBC Worldwide channels. The invaded computer was cleaned up over the weekend. More...

iSeeYou : Macbook webcams CAN SPY on you WITHOUT LED twinkling

23. December 2013 14:15 by CA in Hack, Privacy Leak

Security researchers have confirmed that MacBook webcams can spy on their users without the warning light being activated.

 

Apple computers have a “hardware interlock” between the camera and the light that is supposed to ensure the camera can't be activated without alerting the user by lighting a tell-tale LED above the screen

 

However Stephen Checkoway, a computer science professor at Johns Hopkins University and graduate student Matthew Brocker were able to circumvent this security feature by reprogramming the micro-controller chip inside the camera.

More...

iPhone 5s Fingerprint Reader Hack

24. September 2013 11:06 by CA in Hack

On September 10th Apple announced the new iPhone 5s. With many new upgrades, there was one new additional feature that particularly drew the interest of both the media and consumer. It was the announcement of the new fingerprint biometrics

 

Apple’s Touch ID® is an easier way for the consumer to activate the feature and secure the contents of the device. As with all security related software, it is just a matter of time before someone breaks the code and designs a work-around. Ten days after the launch, the hacking team known as Computer Chaos Club (CCC) designed a work-around for the new fingerprint security system. The interesting thing is that the process CCC used to compromise the Touch ID security is an update to a well-known technique known in security circles for years.

More...

Microsoft IE Zero Day Flaw Affects All Versions

18. September 2013 11:45 by CA in Hack, Vulnerability

Microsoft is reporting an unpatched vulnerability in all versions of Internet Explorer. All versions of IE, other than those running on Windows Server, are vulnerable. This includes Internet Explorer 11 on Windows 8.1 and RT.

 

The vulnerability comes from a memory corruption bug which could lead to remote code execution. Microsoft says that they are aware of targeted attacks exploiting this vulnerability on Internet Explorer 8 and 9. Exploits such as these are often version-specific, even if the vulnerability affects multiple versions.

 

The Fix It solution is available from this link. To apply it, click the Fix It icon above the Fix This Problem link. Applying this solution may limit some functionalities of IE, so if you run into problems after applying this interim patch, you can click the Fix It icon to the right of that “enable” button to reverse the update.

More...

KINS – A New bank-account-raiding Trojan Toolkit

26. July 2013 15:34 by CA in Hack, Malware, Trojan

KINS, a new professional-grade Trojan toolkit is certain to pose plenty of problems for banks and their customers in the months and years ahead.

 

KINS infects Windows PCs at a very low level and snoops on victims' online banking to drain their accounts. KINS promises the ease of use of nasty ZeuS combined with the technical support offered by the team behind Citadel.

 

KINS is designed to spread using popular exploit packs such as Neutrino. KINS is capable of easily infecting machines running Windows 8 and other x64 operating systems, and features technology to embed itself in computers so that it's activated almost as soon as the machines are powered on - this makes infections both more stealthy and harder to eradicate.

More...

JAVA – Write Once, Pwn Anywhere

23. July 2013 15:42 by CA in Hack, IT Security, Software Updates & Patches

According to a study done by security software firm Bit9, Most enterprise networks are riddled with vulnerable Java installations and only less than one per cent of organisations are running the latest version of Java. The most frequently encountered version of Java running on endpoints is version 6 update 20, found on 9 per cent of systems and subject to 96 high-severity vulnerabilities.

 

The average enterprise has more than 50 versions of Java installed across its PCs and servers, while five per cent of those enterprises have more than 100 versions of Java installed.

More...

MYNiC DNS Hijacked

1. July 2013 17:14 by CA in Hack

Several domains from Malaysia including Dell.com.my, Google.com.my, microsoft.com.my, skype.com.my, kaspersky.com.my, msn.com.my, bing.com.my, and many more have been DNS Hijacked by TiGER-M@TE, a hacker from Bangladesh. 

 

MYNIC has confirmed the incident through an official announcement on their website

 

MyNic is an ISO 27001 Certified Organization and hope all those people who advocate ISO 27001 as the only way to have Secure Informations Systems understand that by just complying to ISO 27001 standard is not enough to be Secure