PagerDuty hacked, update your password by Monday

After almost a month, PagerDuty, which provides alerting, on-call scheduling, escalation policies and incident tracking to increase uptime of your apps, servers, websites and databases, has confirmed that it detected an unauthorized intrusion on July 9 by an attacker who gained access to some information about their customers.

The PagerDuty has asked its users to set new strong passwords at this time. The users that do not reset their password by Monday, August 3rd at 12:00pm Pacific Time will be automatically logged out of the website and will receive an email prompting them to reset their password. At no time will alert delivery be affected by this process.

It posted on July 30 that within a few hours of the intrusion, its team stopped the attack. A leading cyber security forensics firm has been hired to investigate the attack.

“We immediately took steps to mitigate the issue, including enhancing our monitoring and detection capabilities, and further hardening our environment,” the blog read.

According to the company concerned, it has not found any evidence that corporate, technical, financial, or sensitive end user information, including phone numbers, was exposed by this incident.

“We do not collect customers’ social security numbers and we do not store or have access to customer credit card numbers. This incident also had no impact on our ability to provide services to our customers. We also notified law enforcement and are cooperating fully with their investigation into this matter,” the company added.

The company said that as per its investigation, the attacker bypassed multiple layers of authentication and gained unauthorized access to an administrative panel provided by one of our infrastructure providers. With this access, they were able to log into a replica of one of PagerDuty’s databases. The evidence indicates that the attacker gained access to users’ names, email addresses, hashed passwords and public calendar feed URLs.

The company has recommend that its customers to reset calendar feed URLs and revoke and re-add access to any mobile devices linked to their PagerDuty account.

“PagerDuty will never ask for your password or other sensitive information via email,” the company said.

Moonpig hacked, Emial IDs, passwords compromised


The online personalized card company, Moonpig, has blocked an unspecified number of accounts of customers after users’ details were published online.

According to the company’s website, customers’ email addresses, passwords and account balance had been made public. However, they stress that the source of passwords was not their site, but from other online sites where users use similar passwords.

“As a precautionary measure, we promptly closed our Moonpig site and apps to help us investigate and contain this issue. Following these investigations, we now have strong evidence that the customer email addresses and passwords we identified were taken previously from other third party websites, and not directly from Moonpig.com."

"This data was then used to access the account balances of some of our Moonpig.com customers. As a reminder, we do not store full credit card information ourselves so this data was not accessible in any event.”

Moonpig  has contacted affected customers, and advised  them to  reset their passwords and ensure that they are not reusing the same passwords anywhere else on the net

Attackers can crash Your Android Device, says Trend Micro

 
Researchers from TrendLabs Security Intelligence have discovered a vulnerability in Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop) that could help an attacker to turn a phone “dead silent, unable to make calls, with a lifeless screen”.

Researchers have said that the flaw would cause phones to have no ring, text or notification sounds and be unable to make calls.

According to a post in its blog, “This vulnerability can be exploited in two ways: either via a malicious app installed on the device, or through a specially-crafted web site. The first technique can cause long-term effects to the device: an app with an embedded MKV file that registers itself to auto-start whenever the device boots would case the OS to crash every time it is turned on.”

The researchers said that the vulnerability was similar to the recently discovered Stagefright vulnerability. Both vulnerabilities were triggered when Android handles media files, although the way these files reached the user differs.

Researchers from Zimperium Mobile Security, a security firm, had discovered Stagefright in Android mobile operating system which they said to be the “worst Android vulnerabilities” to the date.

Though, the Google had patched the problem, millions of devices need to be updated. The flaw has affected nearly a billion devices.

 “The vulnerability lies in the mediaserver service, which is used by Android to index media files that are located on the Android device,” said the company. “The vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data,” the blog post read.

Although, the flaw was reported to the Google in May, the company concerned has been able to fix the issue.

Apple fixes a vulnerability in its App store and iTunes store


Apple Inc  has fixed a serious remote vulnerability in its App Store and iTunes Store web app that posed a significant risk to buyers, sellers or Apple website managers/developers.

The flaw, which was first uncovered by a security researcher from Vulnerability Lab, Benjamin Kunz Merjri on June 8, could allow an attacker to inject malicious script into invoices that come from Apple and that lead  to session hijacking, phishing, and redirect.

"The apple itunes and appstore is taking the device cell name of the buying users. Remote attackers can manipulate the name value by an exchange with script code (special chars). After that the attacker buys any article in the appstore or itunes-store." The security advisory reads.

"During that procedure the internal appstore service takes the device value and does encode it with wrong conditions. The seller account context runs since the error with the injected script code occurs and gets this way re-implemented to the invoice. Thus results in an application-side script code execution in the invoice of apple.

Researchers said the vulnerability can be exploited by remote attackers with low privilege web-application user account with low or medium user interaction.

Following the disclosure of the vulnerability, the company fixed the flaw.

Your Android phones can be hacked with a single MMS message

Image Credits : Zimperium
 Researchers from Zimperium Mobile Security, a security firm, have discovered a bug dubbed Stagefright in Android mobile operating system which they said to be the “worst Android vulnerabilities” to the date.

Though, the Google had patched the problem, millions of devices need to be updated. The flaw has affected nearly a billion devices.

“These issues in Stagefright code critically expose 95% of Android devices, an estimated 950 million devices. Drake’s research, to be presented at Black Hat USA on August 5 and DEF CON 23 on August 7 found multiple remote code execution vulnerabilities that can be exploited using various methods, the worst of which requires no user-interaction,” a report posted in its blog.

The flaw can be exploited by sending a photo or video message to a person's smartphone, without any action by the receiver.

“Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited,” the researchers wrote.

After Stagefright had been invoked, which required no action from the victim, other data and apps on the handset could be accessed by the malicious code.

Once the researchers had discovered the flaw, they reported it to the Google, which produced a patch to fix the problem.

According to a report published in BBC, the Google said in statement that the vulnerability was identified in a laboratory setting on older Android devices, and as far as they know, no-one has been affected.

"As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week. And, we'll be releasing it in open source when the details are made public by the researcher at Black Hat," the report read.

United States Census Bureau hacked by Anonymous hacktivists


A group of cyber activists who refer to themselves as 'Anonymous' have taken full credit for a cyber attack on a US Government website, which has led to a leak of several employee data.

Anonymous has taken credit for hacking the United States Census Bureau website and have published the data which includes names, telephone numbers, email addresses, addresses and the ranks of employees within the US Government. The breached and published data also consists of the much difficult but yet not impossible to crack password hashes.

Anonymous claims that the reason behind the hack is the Trans-Pacific Partnership and the Transatlantic Trade and Investment Partnership which stands Numero Uno in the list of priorities for the American administration and claim a progressive reform in the politico-economic platform of the nation, by creating an alliance with the major Atlantic and Pacific nations. Despite of the numerous opposition the twin pact has gathered in this short period of time, Anonymous is the only group that has raised its opposition vocally.

However, the data breach is not one the most feared activities that the government could with at the moment, such as a massive data breach in the Office of Personnel Management; it is nonetheless embarrassing.

The US Census Bureau, in an emailed statement has confirmed the data breach and that a investigation has been initiated by the IT forensics team. The bureau spokesperson has launched a statement that none of the stolen data 'confidential'.

Now a more lucid investigation can only tell if the data that is being published online is a federal threat or not.

Hacked documents: Headache of U.S. officials

United States officials are now worried about the hacked data may put their spies at risk. The hacked documents by the Chinese hackers has become a headache for the U.S. officials as they believe  Chinese government could use the stolen records of millions of federal workers and contractors to piece together the identities of intelligence officers secretly posted in China over the years.

However, some officials in the President Obama administration said that the theft was not as damaging as it might have been because the Chinese hackers did not gain access to the identities of American undercover spies.

Similarly, it is still unclear that how Chinese officials were using or might use the stolen files, which include personal information gathered during background checks of government workers.

According to a news report published in NYTimes, it would be a significant setback for intelligence agencies already concerned that a recent data breach at the Office of Personnel Management is a major windfall for Chinese espionage efforts.

In the days after the breach of records of millions of federal workers and contractors became public last month.

The C.I.A. officials said intelligence agencies were taking steps to try to mitigate the damage however, it is not clear what are they doing.

According to the news report, “The information that was exfiltrated was valuable in its own right,” said Representative Adam B. Schiff of California, the top Democrat on the House Intelligence Committee. “It’s even more compromising when it is used in combination with other information they may hold. It may take years before we’re aware of the full extent of the damage.”

“The C.I.A. and other agencies typically post their spies in American embassies, where the officers pose as diplomats working on political affairs, agricultural policy or other issues,” the report read.

It is said that even if the identities of the agency officers were not in the personnel office’s database, Chinese intelligence operatives could run searches through the database on everyone granted visas to work at American diplomatic outposts in China.

During an interview, the director of the National Security Agency, Adm. Michael S. Rogers, “From an intelligence perspective, it gives you great insight potentially used for counterintelligence purposes,”


 “If I’m interested in trying to identify U.S. persons who may be in my country — and I am trying to figure out why they are there: Are they just tourists? Are they there for some other alternative purpose?  There are interesting insights from the data you take from O.P.M,” he added.

Microsoft provides urgent security fix for Windows

Microsoft has recently provided a security fix for its Windows operating systems to plug a lapse in security that allowed hackers access to a victims computer.

Microsoft has said that the vulnerability present in their operating system would have allowed a hacker to gain complete access to an affected computer.

The vulnerability is present in Windows Vista, Windows 7, Windows 8 and 8.1 and Windows RT. These operating systems represent two out of three computers in the world that run a Microsoft operating system.

The company had previously provided an update like this in November 2014 also.

The flaw is said to exist in the final version of Windows 10 also that will be available to users from July 29.

The security fix will be done through Windows Update

Valve fixes a bug which allowed hackers to access its users account

Valve’s Steam, an American video game development and digital distribution company headquartered in Bellevue, Washington, United States which has millions of accounts all over the world, has fixed a loophole which could allow an attacker easily take over an arbitrary account by using account's username.

According to a report published in Master Herald, a flaw in the Steam’s password recovery feature was the reason behind the exploitation. As per a demonstration in a video posted on YouTube, the feature sends a recovery code to the registered e-mail address linked with the account. The code needs to be entered on a form through the Steam website.

However, the attacker could skip that code entry step, leaving the recovery code area blank, and have full access to the password change dialog. Although, the company has fixed the loophole, the vulnerability had done a lot of damages many users’ account.

“Now, the users, who actively trade on the Steam Market, are worried as they think their accounts have been compromised.

However, it is said that the Valve hasn’t commented on the situation yet.

The company has urged its users to keep an eye on their e-mail accounts. If an e-mail related to password recovery is received, the user should definitely not ignore it, and proceed to verify that their account is still accessible.

It is important to note that the information contained in the e-mail itself is not necessary to carry out the attack.


“Receiving this e-mail is simply a sign that the user is being targeted with the attack. However, some have reported that even changing their password has been ineffective, as the hackers are able to simply keep resetting it over and over again, and there was no good way to stop them,” the report added.

Creepy Voice that you heard from Your Baby Monitor is not of a Ghost


Beware of the cameras connected to the Internet or the security cameras and monitoring as these systems can be easily hacked by the hackers. It camera hacking has become a serious issue now as of the potential for unauthorized people to make video recordings.

Ontario Provincial Police (OPP) issued a warning on Wednesday reminding people that these systems can be susceptible to hackers because many have an option to be used remotely enabled by default after a family from southwestern Ontario witnessed on July 7 a baby monitor watching their young child when it suddenly began playing music and a voice said they were being watched.

According to Liz Melvin, the OPP Const, the child was about to sleep in the nursery when the camera was remotely activated.  


“The camera played some eerie music and a voice could be heard indicating the parent and child were being watched,” Melvin told National Post. “Obviously it’s going to be disturbing.”

She said the family’s Internet service provider confirmed the router had been hacked and the source of the hack could be from anywhere in the world.

Although, such kid monitor hacking cases have been reported every month, Melvin said no other incidences have been reported and she wasn’t aware of any past investigations into this type of camera hacking in the area.

She said there are no suspects in the case and the investigation is ongoing.

In a bid to protect, people should use passwords to protect access to the Internet connection and access to monitoring systems. Similarly, buy cameras from trusted sources and cover them cameras when not in use.