2. January 2014 10:28 by CA
in Hack, Privacy Leak, Vulnerability
Mid December 2013, Researchers at Gibson Security published Snapchat code allowing phone numbers matching after the exploit disclosures were ignored as theoretical by SnapChat. It lloks like Hackers took GibSec disclosure more serious than SnapChat
On January 1, 2014, an anonymous user announced the release of SnapchatDB and 4.6 million usernames and matched phone numbers in a Hacker News post.
The Snapchat accounts - even those marked 'private' - were exposed in a database hack that Snapchat knew about for four months, ignored, then told press last week was only "theoretical." More...
2. January 2014 06:13 by CA
On New Year’s Day the Facebook and Twitter accounts and blog for Microsoft's Skype were hacked by the SEA (Syrian Electronic Army). This isn't entirely surprising as the FBI had issued a warning on Christmas eve to media organizations about a new wave of phishing attacks associated with the infamous SEA.
31. December 2013 12:24 by CA
A BBC FTP server ftp.bbc.co.uk was compromised by a Russian hacker and access to it touted online, say computer security researchers.
The hacker behind the attack on the internet-facing file store tried to sell access to the infiltrated system to other criminals on Christmas Day. Hold Security spotted someone trying to sell access to ftp.bbc.co.uk, according to Reuters.
The hacked service was used by reporters to file material from the field, and by advertisers to upload video to BBC Worldwide channels. The invaded computer was cleaned up over the weekend. More...
23. December 2013 14:15 by CA
in Hack, Privacy Leak
Security researchers have confirmed that MacBook webcams can spy on their users without the warning light being activated.
Apple computers have a “hardware interlock” between the camera and the light that is supposed to ensure the camera can't be activated without alerting the user by lighting a tell-tale LED above the screen
However Stephen Checkoway, a computer science professor at Johns Hopkins University and graduate student Matthew Brocker were able to circumvent this security feature by reprogramming the micro-controller chip inside the camera.
24. September 2013 11:06 by CA
On September 10th Apple announced the new iPhone 5s. With many new upgrades, there was one new additional feature that particularly drew the interest of both the media and consumer. It was the announcement of the new fingerprint biometrics
Apple’s Touch ID® is an easier way for the consumer to activate the feature and secure the contents of the device. As with all security related software, it is just a matter of time before someone breaks the code and designs a work-around. Ten days after the launch, the hacking team known as Computer Chaos Club (CCC) designed a work-around for the new fingerprint security system. The interesting thing is that the process CCC used to compromise the Touch ID security is an update to a well-known technique known in security circles for years.
18. September 2013 11:45 by CA
in Hack, Vulnerability
Microsoft is reporting an unpatched vulnerability in all versions of Internet Explorer. All versions of IE, other than those running on Windows Server, are vulnerable. This includes Internet Explorer 11 on Windows 8.1 and RT.
The vulnerability comes from a memory corruption bug which could lead to remote code execution. Microsoft says that they are aware of targeted attacks exploiting this vulnerability on Internet Explorer 8 and 9. Exploits such as these are often version-specific, even if the vulnerability affects multiple versions.
The Fix It solution is available from this link. To apply it, click the Fix It icon above the Fix This Problem link. Applying this solution may limit some functionalities of IE, so if you run into problems after applying this interim patch, you can click the Fix It icon to the right of that “enable” button to reverse the update.
26. July 2013 15:34 by CA
in Hack, Malware, Trojan
KINS, a new professional-grade Trojan toolkit is certain to pose plenty of problems for banks and their customers in the months and years ahead.
KINS infects Windows PCs at a very low level and snoops on victims' online banking to drain their accounts. KINS promises the ease of use of nasty ZeuS combined with the technical support offered by the team behind Citadel.
KINS is designed to spread using popular exploit packs such as Neutrino. KINS is capable of easily infecting machines running Windows 8 and other x64 operating systems, and features technology to embed itself in computers so that it's activated almost as soon as the machines are powered on - this makes infections both more stealthy and harder to eradicate.
According to a study done by security software firm Bit9, Most enterprise networks are riddled with vulnerable Java installations and only less than one per cent of organisations are running the latest version of Java. The most frequently encountered version of Java running on endpoints is version 6 update 20, found on 9 per cent of systems and subject to 96 high-severity vulnerabilities.
The average enterprise has more than 50 versions of Java installed across its PCs and servers, while five per cent of those enterprises have more than 100 versions of Java installed.
2. July 2013 11:23 by CA
in Hack, IT Security
Barracuda SSL VPN 680Vx version 188.8.131.52 suffers from multiple stored cross site scripting vulnerabilities when parsing user input to several parameters via POST method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session
1. July 2013 17:14 by CA
Several domains from Malaysia including Dell.com.my, Google.com.my, microsoft.com.my, skype.com.my, kaspersky.com.my, msn.com.my, bing.com.my, and many more have been DNS Hijacked by TiGER-M@TE, a hacker from Bangladesh.
MYNIC has confirmed the incident through an official announcement on their website
MyNic is an ISO 27001 Certified Organization and hope all those people who advocate ISO 27001 as the only way to have Secure Informations Systems understand that by just complying to ISO 27001 standard is not enough to be Secure