Wired website blocked by Google Chrome

Official website of popular American magazine Wired has been blocked by Google and Chrome.  Users who tries to access few urls of wired are getting a warning message saying "This site may harm your computer".

We tried to access wired.com from Google search result, there was no warning message for home page.  However, when i tried to access the 'wired.com/business/', i was presented with Malware warning page.

"Hey folks, we had a brief technical issue this morning, but it's fixed. Thanks to those of you who brought it to our attention." Wired tweeted regarding the issue.

It is unclear what they mean by 'technical issue' and how come Google has blocked the website.  At the time of the writing, visitors are still presented with the malware warning message.  Wired says it is waiting for Google chrome to remove the warning.

Fake Google apps found in Windows Phone store


Both android iOS have official apps from Google,  but Windows phone users are not blessed with the Google Apps.  But, they have one official Google search app for windows phone.

Recently some of Google apps including Google Hangouts, Google voice, Google + , Google maps and Gmail were placed in the Windows phone store with the price tag of $1.99.

While the legitimate Google search app for Windows has been published with developer name as 'Google Inc', all of these apps were published by "Google, Inc".

The clear intention here is to fool the windows phone users into believe these are official apps from Google.  These fake apps were first spotted by WinBeta.

Microsoft has removed these apps from its store, after The Next Web contacted the Microsoft about the issue.

“We removed a series of apps for violating our policies concerning the use of misleading information,” a Microsoft spokesperson told TNW. "The apps attempted to misrepresent the identity of the publisher."

Bug in Twitter could allow anyone to read tweets from protected accounts

Twitter has fixed a bug in their website that could allow non-approved followers to read the tweets made by protected twitter accounts.

Normally, Tweets from protected accounts can't be seen by public user;  One should get approval from the account holder to view the protected tweets.

This bug could allow anyone to view hidden tweets by getting SMS or push notification from the accounts.  

The microblogging firm said a member of white hat security community helped them to discover and diagnose the bug.  According to its blog post, the bug is there since November 2013.

"As part of the bug fix, we’ve removed all of these unapproved follows, and taken steps to protect against this kind of bug in the future."

The bug affects around 93,788 protected accounts.  Twitter has sent mail to all affected users to inform about the bug and apologize.

Thousands of websites using MadAdsMedia ads blocked by Google Safe Browsing

Thousands of websites' owners using MadAdsMedia ads service became mad after Google Safe Browsing blocked their websites.

A number of users have reported in Google forums and Digital Point forums that their website is blocked by GSB and showing the following warning message "This web page at [site] has been reported as an attack page and has been blocked based on your security preferences."

Even after removing the MadAdsMedia script from their website, it is still showing the Malware warning.

"In my webmaster tools it lists the suspicious snippets as the links to madads. As I said before I removed them, then I tried to request a review in my webmaster tools but when I submit it I get: 'Your request can't be processed at this time because your site isn't currently flagged for malware. If you see a malware warning in your browser, it is likely a cross-site warning.' " One of the user posted in DigitalPoint forums.

It is still unknown whether Google mistakenly blocked those websites or the MadAdsWebsite is hacked to serve malicious ads.  We are not sure how many number of websites have been affected.

*Update:
According to fz6-forum, one of the MadAdsMedia advertising vendors' server was hacked and few ads have been injected with malicious code.

"This message is regarding the recent malware notifications that some of our publishers may have experienced. Just before noon today, our engineers discovered that one of our ad serving locations had been hacked."
 
"Since this attack was discovered, our engineering team worked diligently until 3:45pm EST to ensure that the appropriate action was taken to secure our ad server. Unfortunately during that time, this attack effected 7.8% of our publishers' domains. " Mail from MadMAdsMedia reads.

Target's network hacked using stolen credentials from a HVAC company

Stolen Credentials from Fazio Mechanical Services, a Pennsylvania based provider of heating, ventilation and air-conditioning(HVAC) systems, allowed attackers to breach the Target's network which resulted in massive breach involving more than 40 million credit card data.

Cyber security blogger Brain Krebs has learned that US secret services visited the companies offices, but Faizo Vice president has refused to provide further details about the visit.

You may ask why Target gave a ventilation contractor access to its network?  A CyberSecurity expert told Krebs that a HVAC service providers usually get access to retailers' computer systems in order to remotely monitor energy consumption and temperatures in stores.

CyberCriminals first tested their card-stealing malware, by infecting only a small number of cash registers within Target stores.  They conducted the test between November 15 and Nov. 28.

By the end of the November, hackers distributed their malware to a majority of Target's POS Systems.

It appears the stolen financial data stored not only in Russian server but it has also been uploaded to servers located in various countries including Miami and Brazil.

In an official statement, Faizo Mechanical Services said "Fazio Mechanical does not perform remote monitoring of or control of heating, cooling and refrigeration systems for Target"

"Our data connection with Target was exclusively for electronic billing, contract submission and project management, and Target is the only customer for whom we manage these processes on a remote basis."

Chinese Huawei allegedly hacked into Indian state-owned Telecoms company BSNL

Parliament of India was informed on Wednesday that the State-owned Telecoms Company Bharat Sanchar Nigam Limited(BSNL)'s network was allegedly hacked by a Chinese Telecom equipment maker Huawei.

"The government has constituted an inter-ministerial team to investigate the matter."Killi Kruparani, Minister of State for Communications and IT, told the Lok Sabha.

According to reports,  the engineers of Huawei allegedly hacked a BSNL's mobile tower in Coastal area of Andhra Pradesh in October 2013.

India has launched an investigation, the investigation team is comprise of top officials from National Security council Secretariat, Intelligence Bureau, Union home ministry and BSNL.

It is worth to note that BSNL has offered a major part of its network expansion tender to another Chinese company ZTE in 2012.  The goverment suspects it might be the "inter-corporate rivalry" between these two chinese companies.

Huawei India denies allegations of hacking BSNL's network, said it will continue to work with Indian customers and Government and ready to help in addressing any network security issues.