$376,000 for Informer in Ashley Madison hacking case

Avid Life Media (ALM), parent company of Ashely Madison,  is offering a $500,000 (Canadian dollars) as a prize money for any information related to the “identification, arrest and prosecution” of those hackers,who all were responsible in recent hack of the website.

Avid Life Media confirmed that the data Impact Life stole is legit.

The legal investigation has been started. With the help of Toronto police department and “white hat “hackers, they are hoping to find the perpetrators.

During press conference, acting superintendent Bryce Evans said that hackers have "certain techniques to help us and assist us.” He also said that they would lean on its “good working relationship” with the US Security agency FBI and Homeland Security.

The Toronto police and AML motivated to find the hackers responsible for data breach, Evans  referred to  two suicides that appears to be reason related to the Ashley Madison breach, "spin-off crimes and further victimization" from people accessing the hacked data.

$500,000 canadian dollar accounts for $376,000 US dollars.

"Cyber of Emotion" hacks saudi websites

(PC- google images)
Many Saudi websites were hacked by a group that gave warnings that they would be making the attacks.The group known as “Cyber of Emotion” hacked more than 24 government websites over a period of two hours.

As reported by Al-Riyadh newspaper, the visitors to the website were directed to a page that read- “We do not want to harm the site. Had it been hacked by enemies, your personal information, emails and registration data would have been compromised."

The hackers said that their team had already warned their administrators that the websites are not properly secured and they should do something about it, but, the warnings were ignored, they claim.

The newspaper reported that the websites hacked included that of government hospitals, municipalities, education departments, social development offices and health departments.

The websites, however, started working properly a few hours after the attack.

Last year, the twitter account of Ministry of Justice was hacked by the same group.

Karnataka State Higher Education Council’s website hacked

The  Karnataka State Higher Education Council’s (http://kshec.ac.in/) website was hacked by Clinkz4, a group of hackers, on 20 August.

From late Thursday till Friday afternoon the website was non-functional. In the middle of the homepage it  displayed a caricature of a laughing man holding wine and the words “CYBER TEAM ROCKS” and “Hacked by Clinkz48”, and in the end it reads “Your data belongs to me. F*** Your System India, :P Noob!!"

According to the data released by the  National Crime Records Bureau (NCRB), Bangaluru has the highest number of cyber crimes among 53 cities.

The statistic showed that 657 cases were reported in Bengaluru, while 386 in Hyderabad, 317 in Jaipur, and 205 in Lucknow, under the IT Act 2000.

"We will register a police complaint. The National Informatics Centre has fixed the website. We will take safety measures to prevent hacking of our website (in future) and also suggest the same to other departments," said Bharath Lal Meena, principal secretary, higher education department.

‘City of Henderson hacked, no personal data compromised’

A report published in Review Journal has confirmed that the city of Henderson has spent $40,000 to make sure that hackers, who had gained access to its Web server for nine days, hadn’t got access to the government systems. Along with it, the city has decided to launch a law-enforcement investigation.

However, the city has yet to make any public announcement about the data breach.

The city has confirmed with the Review Journal that the hackers were not being able to steal any personal or sensitive information. They only got to see the raw versions of public data that are already searchable through Web forms.

All the Henderson employees were told to change their passwords.

"This is the first time since I've been here, and the first time I'm aware of, that we actually have somebody who got this far," said Laura Fucci, the city's chief information officer, who has been with Henderson since late 2012, told Review Journal.

According to the report, the city had detected the hack on June 29 when a system administrator noticed errors in a "tool" that monitors anonymous activity. Realizing there had been an intrusion, the administrator disabled the server, and the city started trying to determine how far the hacker had gotten.

Fucci declined to discuss how the attacker gained access beyond saying "hacking tools" were used. She said the city quickly decided to hire an outside company to investigate the breach and make sure it had been contained.

The city detention center is offline for more than six weeks. It goes online once the city gets it confirmed   that it is safe.

Today, the website reads, "Inmate Information is temporarily unavailable at this time. We apologize for any inconvenience and appreciate your patience. Please call 702-267-JAIL (5245) for more information."

Carphone Warehouse hacked, personal details of 2.4 million customers stolen

Carphone Warehouse, a British mobile phone retailer, with over 2,400 stores across Europe, has confirmed that its systems had been attacked by hackers during which personal details, which include  bank details, addresses, names and dates of birth, of its 2.4 million customers had been compromised.  

According to a news report published in The Independent, as per a statement from the firm the IT network of one of the firm’s online divisions, was the victim of a “sophisticated cyber-attack” within the last two weeks.

The company also said that 90,000 customers’ credit card details may have been accessed by the hackers.

After the attack, the company sent emails to the customers who may be affected by the cyber-attack asking them to their bank and check for any suspicious activity on their account.

"We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems," Sebastian James, group chief executive of Dixons Carphone, said in a statement.

He added, “We are, of course, informing anyone that may have been affected, and have put in place additional security measures"

The news report said that the Carphone Warehouse, which is owned by Dixons Carphone following a £3.7bn merger, also incorporated Currys and PC World, but the parent firm said that majority of Carphone Warehouse data and that of Currys and PC World is held on separate systems and was not compromised during the attack.

ICANN hacked again, users need to reset their password

Internet Corporation for Assigned Names and Numbers (ICANN), has confirmed that an unauthorized person obtained its account holders’ usernames, email addresses and encrypted passwords for profile accounts created on its public website (ICANN.org) last week.

This is not the first time that the company's website got hacked.

According to a news report published in ZeeSome ten months ago, the company’s website had been hacked by hackers, who accessed its internal system following a spear phishing attack in November, 2014.

The company posted in its website on August 5 that these profile accounts contained user preferences for the website, public bios, interests, newsletter subscriptions, etc.

It is said that the encrypted passwords (hashes) are not easy to reverse however, for the users safety the company has urged all its users to reset their passwords.

“When you next visit our site, please go to the login page and click the forgot password link: https://www.icann.org/users/password/new to create your new password,” the company explained.

“There is no evidence that any profile accounts were accessed or that any internal ICANN systems were accessed without authorization,” the post read. While investigations are ongoing, the encrypted passwords appear to have been obtained as a result of unauthorized access to an external service provider.”

Antivirus software maker Bitdefender hacked, customers data leaked

It has been proved that no one is safe here from hackers. Even the security firms, which are supposed to protect us, get hacked.

Recently, an award-winning antivirus software maker and security software company has been hacked.

As per news reports, Bitdefender customers’ usernames and passwords leaked during the attack. It has confirmed that its system was breached following rumors that someone was holding the Romanian firm to ransom. The company has failed to encrypt its customers’ login details.

After getting into the company’s information, the crooks demanded $15,000 in order to keep its customers’ details safe.

They threatened the company that they would reveal the swiped customer records. However, it is said that they have put some information online.

The company has informed that the issue has been solved and additional security measures have been taken to prevent its customers from hacking.

A password reset notice was sent to all potentially affected customers, representing less than 1 per cent of our SMB customers.

“This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted. Bitdefender takes security of its customers very seriously and any issue that might involve the security of our customers or the security of our servers is treated with the utmost urgency and seriousness,” the company explained.

Moonpig hacked, Emial IDs, passwords compromised

The online personalized card company, Moonpig, has blocked an unspecified number of accounts of customers after users’ details were published online.

According to the company’s website, customers’ email addresses, passwords and account balance had been made public. However, they stress that the source of passwords was not their site, but from other online sites where users use similar passwords.

“As a precautionary measure, we promptly closed our Moonpig site and apps to help us investigate and contain this issue. Following these investigations, we now have strong evidence that the customer email addresses and passwords we identified were taken previously from other third party websites, and not directly from Moonpig.com."

"This data was then used to access the account balances of some of our Moonpig.com customers. As a reminder, we do not store full credit card information ourselves so this data was not accessible in any event.”

Moonpig  has contacted affected customers, and advised  them to  reset their passwords and ensure that they are not reusing the same passwords anywhere else on the net

United States Census Bureau hacked by Anonymous hacktivists

A group of cyber activists who refer to themselves as 'Anonymous' have taken full credit for a cyber attack on a US Government website, which has led to a leak of several employee data.

Anonymous has taken credit for hacking the United States Census Bureau website and have published the data which includes names, telephone numbers, email addresses, addresses and the ranks of employees within the US Government. The breached and published data also consists of the much difficult but yet not impossible to crack password hashes.

Anonymous claims that the reason behind the hack is the Trans-Pacific Partnership and the Transatlantic Trade and Investment Partnership which stands Numero Uno in the list of priorities for the American administration and claim a progressive reform in the politico-economic platform of the nation, by creating an alliance with the major Atlantic and Pacific nations. Despite of the numerous opposition the twin pact has gathered in this short period of time, Anonymous is the only group that has raised its opposition vocally.

However, the data breach is not one the most feared activities that the government could with at the moment, such as a massive data breach in the Office of Personnel Management; it is nonetheless embarrassing.

The US Census Bureau, in an emailed statement has confirmed the data breach and that a investigation has been initiated by the IT forensics team. The bureau spokesperson has launched a statement that none of the stolen data 'confidential'.

Now a more lucid investigation can only tell if the data that is being published online is a federal threat or not.

British man arrested for allegedly hacking US government networks

Lauri Love, a 30 year old resident of Suffolk has been arrested for allegedly hacking classified networks of the US government.

Mr. Love is accused of hacking Department of Energy, the Federal Reserve, Nasa, the Environmental Protection Agency, the US Army and the US Missile Defense Agency.

The US government has put in an extradition request for Love, who has currently been released on bail. He will undergo an extradition hearing in September.

This is the second time Love has been arrested, his first being in October 2013. The Us government had not sought an extradition request at that time.

The need of infidelity takes a twist on the privacy front

The very popular website among infidels, AshleyMadison.com has faced a huge data breach of user data, that has created a chaos amongst the users as well as the service provider who are being threatened by the hackers to release the information.

The breach was first reported by a blogger, Brian Krebs, who wrote that the main objective of the hackers was to break into the servers to get hold of the customer information, which could be used to threaten the web site to shut down.

The 'Impact Team' as the hackers are referring themselves, have got hold of information that contains profiles of the customers', secret sexual fantasies, credit card transactions, real names and addresses, and employee documents and emails.

Ashley Madison boasts of having 37 million users, who have been attracted to their motto 'Life is Short, Have an Affair'. Now, all the data is threatened to be exposed and the customers are not sure if their decision of having an online extramarital affair was foolproof enough.

Impact team has taken this step after geting upset about the web site's full delete service, that promises to remove every information of the customer on the server for a $19 one-time fee. This feature bagged up $1.7 million back in 2014, however the outcomes were not satisfactory. This was because the users who wanted access to the service were using their credit card to conduct the transaction, thus leaving behind the purchase information including the names and addresses.

The company finally spoke up about the breach and defended the full-delete service by announcing the service to turn free, on Monday afternoon. They have also hired the world's top IT security firm to investigate the breach.

A similar event took place in March, when the dating site adultfriendfinder.com was hacked and vital information was stolen.

So, is it actually viable to provide your personal information that includes sexual priorities and fetishes to dating sites, when the risk of data breach is so legitimate?

NIS official, alleged of operating a hacking software, killed himself

A 45-year-old official of National Intelligence Service (NIS), who was in the charge of implementing and operating a hacking software developed by Hacking team dubbed Remote Control System (RCS), killed himself on July 18, according to a report on ABC.

As per the news report, the man was found dead in his car on a mountain road in Yongin, about 40 kilometres south of Seoul.

According to his suicide note, which was released by the police, the agent, identified only by his surname Lim, deleted relevant records on the NIS computer network before committing suicide

According to police, the man committed suicide after writing a handwritten note in his car giving details of how the NIS had used a controversial hacking software.

Lim wrote in the suicide note that he had insisted the NIS had not spied on South Koreans and apologized for deleting files relating to the software.

"There was no monitoring of people at home. I deleted information that created misunderstandings about our counter-terrorism and covert operations on North Korea ... It was a mistake on my part. But there is nothing to be worried about over any of my actions," he said.

Although, the government and NIS officials have admitted purchasing the software from the Hacking Team, they claimed that it was only used to boost Seoul's cyber warfare capabilities against Pyongyang and not for any domestic monitoring.

“Lee Chul-woo, a ruling party legislator who heads a parliamentary intelligence committee, said Mr Lim had purchased and run the hacking software, which allows users to track smartphones and computers by installing spyware,” the news report read.

Epic Games shut down its website after a hack

Epic Games,  an American video game development company based in Cary, North Carolina, now associate of Chinese Tencent Holdings, has taken down its website after they had discovered it's forums (forums.epicgames.com) were “compromised by a hacker”.

The company is now sending emails to its Epic Games Forum members informing them about that of their forums have been taken offline. 

“We are sorry to report that the incident may have resulted in unauthorized access to your username, email address, password, and the date of birth you provided at registration,” the email reads.

The company has said that there is a possibility of any information stored or sent by its users’ using the forums may have been accessed.

However, the company has not collected or maintained any financial information. It has advised its user to be alert for suspicious email such as phishing attempts.

It has said that when the site reopens, the forum member’s password will be reset.

“If you use the same password on this site which you use on other sites, we recommend immediately changing your password on those sites as well,” the email explained.

It is said that the affected forum site covers UDK, Infinity Blade, Gears of War, Bulletstorm, and prior Unreal Tournament games but the separate forum sites covering Unreal Engine 4, Fortnite, and the new Unreal Tournament were not affected.

“To further understand what’s happened and prevent it in the future, we’re working with a computer security firm to identify the nature of the compromise. We will report further information on the forums when they reopen,” the company explained in the mail.

Edinburgh Council cyber attack, details of more than 13,000 stolen

For the second time in five years, Edinburgh City Council has been hacked again. More than 13,000 email addresses were stolen from the counsel’s database after a “malicious cyber attack” on 26 June.

A spokesman of the council said, “This was a malicious cyber attack on the council’s website which is hosted in a UK data centre. It was dealt with swiftly and at no point were any council services affected.”

“We want to reassure the public the ongoing security of our website is critically important,” he added.

According to a news report published on Edinburgh Evening News, cyber security experts have warned local authorities “don’t stand a chance” against hackers.

“The attack is believed to have taken place on Friday, June 26, with council officials alerted by its data centre provider. No details have been released regarding the source of the attack, which targeted 
the council’s website service provider,” the report read.

The Information Commissioner has been informed of the incident, as has the UK government’s computer emergency response team, which monitors incidents of hacking against the public sector.

The council is now contacting 13,134 individuals who have had their details stolen. Similarly, the city’s director of corporate governance, Alastair Maclean, has been asking them to change any passwords used to access the council’s website.

Napier University cyber security expert Professor Bill Buchanan warned that hackers would be likely to try to use the data in “phishing” scams, which attempt to con victims out of sensitive information like bank details and passwords using bogus e-mails.

“Data like this is worth a lot. It is really quite sloppy to lose that information. Without a doubt, in this case, the intruders could link e-mails to the council in some way. A targeted phishing e-mail could say, in regards to a parking ticket, ‘You contacted us in May, please could you click on this link and give your details. G-mail addresses in particular are quite sensitive because they tend to be the core of your online identity. If an intruder can get into that address, they can access every single account,” Buchanan added.

In December 2011, the personal information of people who had contacted the council’s debt advice service was taken, with potential victims advised to check bank and credit card statements.

Detroit Zoo victim of a data breach

Service Systems Associates,  third-party operator of the  Detroit Zoo was recently the victim of a data security breach.

The credit and debit card information’s were used for purchases at the zoo’s gift shops over a three-month period.

Patricia Janeway, zoo spokeswoman said that “In addition to credit and debit card numbers, the cyber hackers reportedly gained access to card holders’ names, card expiration dates and three-digit CVV security codes.”

After SSA learned of the data breach, they  installed a separate credit card processing system at its retail outlets.

In preliminary forensic  investigation it was revealed that there was a malicious software,  in SSA’s software.

“We are obviously concerned that the vendor’s system was compromised,” said Gerry VanAcker, chief operating officer of the zoo. “Transactions made since June 26 are not affected by the previous break and it is safe to use a credit or debit card at SSA’s retail locations.”

“The zoo’s IT systems -- including those used for ticket and membership sales -- were not affected by the data breach and are secure,” Janeway said.

Up-to-date information has been provided by the vendor at www.detroitzoo.org/Plan/shopping-in-the-zoo.

For additional information visit www.kmssa.com/creditcardbreach/

Hackers behind Canadian security intelligence service

In less than two weeks the Canadian Security Intelligence Service (CSIS) website was temporarily down for the second  time on 29 June.

According to the CTV News reports the latest hit was a denial of service attack. Jean-Christophe de Le Rue, a spokesman for the ministry of public safety and emergency preparedness, said, that the website was temporarily offline and that "no information has been breached. We are taking cyber security very seriously."

The report said, citing sources, several attacks on many Canadian municipal and police websites has been conducted by the person behind the latest attack. A local news website reported that the responsibility for the attack was claimed by a person using the Twitter account @TWITRis4tards. However, authorities have not confirmed the identity of the hacker.

The main motive behind the attack is unknown but it is suspected that hacker tried to  drive the attention of the authorities toward Bill C-51, which gave the Canadian government power to intervene and stop "violent Islamic jihadi terrorists" supporting the Islamic State group.

Many government websites, including ServiceCanada.gc.ca and Parl.gc.ca, were attacked, for which the Anonymous group claimed responsibility. However,  sources told CTV News that this time the person was working alone, unlike previous attacks.

Penn State University Becomes Victim To Yet Another Cyberattack

Penn State announced that it has detected another cyber attack.  The recent attack has been confirmed by the university on its’s College of Liberal Arts server. 
Penn State has stated that several systems have been compromised by cyberattacks; which have been accounted as two in number by anonymous threats.

FireEye cyber forensic unit, Mandiant has taken over the case and has been trying to investigate and analyse the attacks, that took place on the 4th of May; Seven weeks since then, the university now states that no harm has occurred in regards to the personally identifiable information(PII) or any other research data, since the it had introduced advances cybersecurity measures after the attacks on the College of Engineering servers.

Mandiant’s spokesperson, Nick Pelletier revealed that the attacks took place for the first time in 2014 within a 24-hour time period, while the latter breach was taken into action during March to May in 2015. Mandiant is not sure if the attackers are the same chinese group that attacked engineering.

Nick Jones, vice-president of Penn State in an official statement said that advanced monitoring systems have been introduced into the entire university network with constant support of Mandiant and the the attackers will be soon tracked down.

The attacks in the state university systems have created a threat for federal systems. Where any PII or research data was not compromised, some college-issued usernames and passwords were stolen and accessed. As a result, all the compromised accounts are being renewed and more information can be gathered from http://securepennstate.psu.edu.

LastPass network hacked, is your Password safe?

LastPass, a password manager that saves its users passwords and gives them secure access to them from every computer and mobile devices, has detected an intrusion on its network.

According to the official statement, information including users' email addresses, password remainders, server per user salts, and authentication hashes were compromised.

“In our investigation, we have found no evidence that encrypted user vault data was taken, nor were that LastPass users’ accounts accessed. "  the statement reads.

He added, “We are confident that our encryption measures are sufficient to protect the vast majority of users. It strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.”

In order to secure its data, the company is taking additional measures. It has asked all the users who are logging in from a new device or IP address first verify their account by email, unless they have multifactor authentication enabled.

According to the notice, emails have been sent to all users regarding the security incident.

“We are working to notify users as fast as possible,” Siegrist said.

Moreover, the company will also be prompting users to update their master password.

“However, if you have reused your master password on any other website, you should replace the passwords on those other websites,” he said.

Though the passwords stored in the vault is not said to be compromised, it is better to change those passwords also- Don't give a chance to hackers.  

Algonquin College server hacked but no information stolen

The information of more than a thousand former students was put at risk when somebody hacked the servers of Algonquin College in Ottawa.

According to college authorities, 1,225 students in the Bachelor of Information Technology and Bachelor of Science in Nursing programs are affected by the data breach.

The college immediately shut down the servers as soon as it became aware about the hack and claims that no data was transferred or taken from the servers.

A cyber team is determining how the attack could have happened and has said that it has found many more intruders in the system.

The college is covering the expenses for credit monitoring services for all those whose information was put at risk due to the hack.

Lithuanian Military Website hacked to post false information

If we had to believe what we saw on Lithuanian Armed Forces website on Thursday morning, then the North Atlantic Treaty Organization (NATO), an alliance of countries from North America and Europe committed to fulfilling the goals of the North Atlantic Treaty signed in 1949, is preparing for the annexation of Kaliningrad, Russia’s seaport city which is sandwiched between Poland to the south and Lithuania to the north and east.

However, Victoria Cemenite, spokesperson at the Lithuanian Defense Ministry, confirmed that the website had been hacked and that the false information has since been removed by the security experts from the National Cyber Security Centre.

And an investigation has been launched.

The ministry said a private company, which provided server for the Army website, is responsible for its maintenance and security.

Baltic country's National Defence Minister Juozas Olekas says that the hacking attack was aimed to harm the reputation of Lithuania and the NATO. Similarly, security measures will be taken to avoid vulnerabilities.    

“We are carrying out an investigation to identify what measures are necessary to avoid such incidents in the future. The contents was provocative and aimed at discrediting Lithuania and NATO," Olekas told journalists on Thursday.

“It is undoubtedly an initiative of people or institutions unfriendly for Lithuania and NATO. Now, both the sides are improving, hackers and institutions in charge of cyber security. It will be a good lesson for future considerations of additional security measures.”