UPS store at 51 locations hit with Malware, Customers' Card data at risk

UPS Store, a subsidiary of UPS, said that 51 US Stores in 24 States were hit with a malware which was not detected by current Antivirus software.

The breach puts customers who used a credit or debit card at one of the affected locations between January 20,2014 and August 11 at risk.

Customer information that may have been exposed in this breach includes names, postal addresses, email addresses and payment information.

The company hired an IT Security firm to conduct forensic investigation after receiving a notification about a "broad-based malware intrusion" from US Government.

The UPS Store said it eliminated the malware as of August 11.  The company is offering identity protection and credit card monitoring services to impacted customers.


Hackers exploit HeartBleed vulnerability to compromise CHS


Community Health Systems (CHS) recently revealed that hackers have compromised their computer network and stolen personal information of around 4.5 million patients.


The report says the attackers have breached the CHS network in between April and July.  Mandiant, the company that did the forensic investigation found that the group responsible for the "Advanced Persistent Threat" attack is originated from China.

The compromised information includes patients names, phone numbers, Social Security Numbers and other details.

The company claims that no patient credit card, medical or clinical information has been taken.

According to TrustedSec, hackers have exploited the infamous OpenSSL "heart bleed" vulnerability to compromise the CHS network.

"Attackers were able to glean user credentials from memory on a CHS Juniper device via the heartbleed vulnerability (which was vulnerable at the time) and use them to login via a VPN." TrustedSec explained.



New Zealand Super Computer FitzRoy Hacked


FitzRoy, one of the fastest supercomputer weighing 18 tonnes, equivalent to 7000 laptops working simultaneously, supplying information on future severe weather, as well as greater world issues such as climate change, has been targeted by a computer hacker assumed to hail from China.

FitzRoy is owned by Niwa and is housed in a specially constructed room at the National Institute for Water and Atmospheric Research base at Greta Point, Wellington.

John Morgan chief executive of Niwa confirmed the news on May 23rd that supercomputer's security has been compromised by "an unauthorized person" overnight on Thursday.

He further said- "We immediately isolated the supercomputer, and switched functionality to back-up facilities in Hamilton"

"We are . . . confident the intruder did not get beyond the supercomputer."

FitzRoy provides a Capability Class supercomputer for use by New Zealand scientists working at the forefront of some of the largest scientific challenges faced by the nation. It is the fastest machine of it's kind in the southern hemisphere and comfortably in the world's top 500 supercomputers. It has a peak speed of 34 Tflops which a low latency, high bandwidth interconnect allowing the machine to act as a unified tool to solve the largest scientific problems.

Though it has been confirmed that the attacking IP address is from China still it cannot be confirmed that the attack originated from China, Prime Minister John Key said.“I would be very wary of attributing it to any country,” he says.

Meanwhile Niwa assures that the attack was in vain and FitzRoy has resumed its work normally."After taking a number of mitigation steps, the supercomputer was back online on Saturday evening with all normal services resumed," Niwa says.

Furthermore security expert Dr Paul Buchanan — a former policy analyst for the US Secretary of Defense advising the Pentagon — told NBR the attack followed the Chinese pattern of cyber trawling.He suggests the attack was to look for a back door or weak link, if Fitzroy is connected to other government computers.

But Daniel Ayers, a one-time Ernst & Young computer forensic expert and fraud investigator now private company Special Tactics, has different interpretation.He says-the attack could be used to mount a brute force attack on encryption of the supercomputer."The culprit in this case might have been seeking to establish a ‘botnet’ of super computers to solve a particularly difficult problem — possibly cryptographic. Or they might have suspected that the machine had covert classified uses, and it may do.”-he adds.

On the way we can now be sure that the day is not far when the security of super computer can be interrogated heavily.

Avast community forum hacked, user names and passwords stolen

Antivirus firm Avast said it took its community forum offline following a hacking attack compromised its database.

User names, email addresses,nick names and passwords were compromised in this attack.  The breach did not involve any financial data, license or any other data.

While the passwords are hashed(SMF forum software uses SHA-1 with a salt to store passwords) , it will not take much time for a hacker to crack the hashes. The longer the password, the harder it is to crack.

According to Avast blog post, the security breach affects less than 0.2% (about 400,000) of Avast's 200 million users.

People who uses the same password on other websites are advised to change those passwords immediately. 

Until now, their forum used an open source community software called "Simple Machines Forum(SMF)".  It appears the Avast is using an outdated version of SMF.


Avast said it is now "We are now rebuilding the forum and moving it to a different software platform" which will be secure one.

Security Breach at TradeMotion affects customers of AutoNation

AutoNation, Inc, said to be one of the largest largest automotive retailer in the United States, is notifying its customers that hackers may have gained access to their personal and financial information.

AutoNation said one of their third party vendors 'TradeMotion' has experienced a cyber attack.

Websites of AutoNation including 'parts.autonationfordwhitebearlake.com', 'parts.championtoyotaofaustin.com' and 'www.discounttoyotaparts.com' which is maintained by TradeMotion affected by this breach.

The information accessed by hackers includes customers' names, street addresses, email addresses, telephone numbers and credit card numbers entered between March 5,2014 and May 2, 2014.

TradeMotion has contacted the FBI regarding the icident.

AutoNation advises customers to monitor their financial accounts closely and offers one year free identity theft protection to affected customers.

eBay hacked, Encrypted passwords and non-financial data stolen


If you have an account in eBay, it is time to change your password!

E-commerce company eBay Inc urges users to change their passwords following a security breach impacting a database containing encrypted passwords and non-financial data.

The database accessed by hackers includes customers' information such as names, encrypted passwords, email IDs, birth dates and phone number.

eBay said it had found no evidence that any financial or credit card information, which is said to be stored in separate database server in encrypted format. 

The company also said a small number of employee login credentials have been stolen in the breach, which allowed intruders to gain access to its corporate network.

The company said the breach happened between late February and early March.

eBay can sent out all the "Offer" mails to users immediately...but why it is taking long to send a security warning?! Once they know the attack has happened and details have been compromised, why wait?!

Doge Vault hacked, 121 Million Dogecoin appears to be stolen


A Popular Dogecoin online wallet service DogeVault has reportedly been infiltrated by cyber criminals, millions of Dogecoins missing from user's wallet.

A note on the front page of the website(www.dogevault.com) says DogeVault service compromised by attackers on May 11, resulting in a service disruption and tampering with wallet funds.

The website has not provide much information about how much they lost in the heist.  However,  Some users at reddit reported that coins have been transferred to a newly created mega wallet.

According to Dogechain records, this wallet (DHKM6NDUUv9kaHAGi1QU7MRBNKfQiAdP3F) has more than 121 million Dogecoins that is about $56,000 dollars.

"We are currently in the process of identifying the extent of the attack and potential impact on user's funds" The statement on the website reads.

DogeVault suggests users not to transfer any funds to Doge Vault addresses until they finish the investigation.

Bitly website hacked, accounts credentials compromised


Bitly(bit.ly), the Popular URL shortening service, has issued an urgent security warning about a security breach that exposed account's credentials.

The company says they found no evidence suggesting that any accounts have been accessed by the intruders.  However, as a precaution, the company has disconnected users' facebook and twitter accounts.

"We invalidated all credentials within Facebook and Twitter" the blog post reads.

Although the social media accounts appear to be connected with bitly account,  users won't be able to publish anything until they reconnect the accounts. 

Users are advised to take the following steps to reset their OAuth tokens and API Keys:

1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.

2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’

3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.

4) Go to the ‘Profile’ tab and reset your password.

5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’
Bitly says "they have already taken proactive measures to secure all paths that led to the compromise". 

Orange warns users of phishing attacks following 2nd security breach



France based Telecoms company Orange has been hacked second time this year, more than 1.3 Million customers are affected by this security breach.

In the mid of April, hackers gained access to the a platform used by Orange to send email and SMS to its subscribers, according to Connexion report

The company sent an email to affected customers which contains a link to "click to call back" button.  Users who clicks the link will receive call from Orange.

The personal data accessed by hackers includes names, email addresses, mobile and landline numbers, date of birth as well as names of mobile and internet operators.

No payment information or credit card numbers and no passwords have been compromised in this breach.

However, the main risk in this case is that the compromised data can be used by attackers to launch phishing attacks.  Such attacks are claimed to be from the legitimate organizations and tricks users into provide their passwords and financial data.

Back in February 2014, Orange sent letters to 800,000 customers that hackers accessed personal data including email ids, phone numbers, names, mailing addresses.

Eircom recommends customers to change password after detecting Intrusion

Eircom, an Ireland Based Telecommunications company, has apologized to its users after it was forced to shut down its email service on Wednesday, after detecting an unauthorized access to the email system.

"we took immediate steps to lock down our email service and eliminate any threat to our 350,000 eircom.net email users" The company said.

The company said they found no evidence suggesting that the Inruders have gained access to any other systems or services including customer data.

They also recommend their customers to change their email accounts passwords and on a regular basis in the future.  If you have used the same password anywhere else, it is better to change their also.

After implementing a number of system modifications, access to eircom.net email had been fully restored.

The company said it is still trying to find out the cause of intrusion and had alerted relevant bodies including the Office of the Data Protection Commissioner.

Kali Linux website hacked by The GreaT Team

When it comes to Security, No ONE is 100% Secure.  Even the world most popular Security-related Linux provider Kali is no exception to this fact.

Earlier Today, a Libyan Hackers group "The GreaT Team(TGT)" have breached the mailing list subdomain of Kali website(lists.kali.org).

The hacker managed to change the descriptions of two lists which was being shown in the front page of the subdomain. One of the description is "Hacked By The GreaT TeAm -TGT ", other one is "Libyan Hackers".

After became aware of the breach, Kali Team immediately take down the entire sub-domain to offline.  The team said it is an inactive sub-domain.

"Looks like our inactive, 3rd party, 0 volume mailing list was hacked. DNS entry removed - back to sleep, problem solved." Kali Team's response to the breach.

It is worth to note that Kali Team has already have a bug bounty program- Researchers who report security bugs in their website will get reward.  But, Security researcher Rafay Baloch who discovered few security bugs in kali website highlighted the fact the "Bug Bounty" didn't help much.

The mirror of the defacement is here: http://www.zone-h.org/mirror/id/22278878

Popular Image Board 4chan hacked, moderator accounts targeted

The Popular Image Board 4chan has admitted to having suffered a security breach that allowed an intruder to access administrative functions and information from a 4chan database.

The breach which is said to have taken place last week was limited to moderation panels, their reports queue, and some tables in their backend database.

4Chan says the primary target of this security breach is their moderator account names and login credentials.  Hackers also managed to access pass credentials of three 4Chan pass users.

4Chan said it doesn't process any payment information, all of them are being processed by Stripe. So, there is no financial data involved in this breach.

The vulnerability responsible for the data breach has reportedly been patched, after 4chan became aware of it.

AOL security breach affects a significant number of users


Over the past few days, a large number of AOL users reported of being victim to Email Spoofing attacks -- Recipients received emails purportedly from their friend's email ID containing links to spam web pages. 

Today, AOL said it had launched an investigation into the security breach that allowed hackers to access its users' data including email IDs and encrypted passwords.

The company said it is working with cyber forensics experts and federal authorities to investigate the security breach.

AOL have determined that the following information have been accessed by intruders : Email IDs, postal addresses, address book contact info, encrypted passwords and encrypted answers to security questions and certain employee info.

AOL said it has no information indicating that the encryption on passwords or answers to security questions was broken.  Also they believe this breach doesn't involve any financial data.

AOL suggest users to change their password as well as security questions.

Hackers compromised University Servers to Mine Bitcoins

Social Security numbers of Nearly 30,000 students who enrolled between 1995 and 2012 are at risk following the breach of Iowa State University's network server. 

University says they found no evidence that any of the financial information of students or any others files were accessed by the intruders.

Officials at Iowa State University believe the attackers who breached the five departmental servers were trying to use the computing power of the servers to generate virtual currency Bitcoins.

Even though the personal information was not the intended target, the University urges affected students to monitor their financial reports.

Another 18,949 students whose University ID numbers were on compromised servers are being notified about the breach.  However, this data have no use beyond their campus.

The breach occurred on Feb 3rd. On Feb 28th, the University came to know two of their servers were infected. On March 28th, they came to know third server having the personal information were also compromised in the breach.

Law enforcement officials have been notified of the security breach.

Michaels confirms security breach affecting 2.6 Million cards

After over two months of investigation, Michaels stores has finally confirmed the payment card data breach affecting approximately 2.6 million cards.

The compromised data includes Payment card information such as numbers and expiration date for the payment cards.  However, there is no evidence that other data such as names, PINs,addresses have been accessed.

The data breach occurred between May 8, 2013 and January 27, 2014.  The company said only a small percentage of cards(7%) used at Michaels stores during this period were impacted by this breach.

The company is offering one year free credit card monitoring.  After receiving limited reports of fraud,  the company is also offering one year free identity protection and fraud assistance services.

The location of affected stores and dates of exposure are listed here.

Aaron Brothers, one of the subsidiaries of Michaels stores, was also attacked by criminals.  The breach which took place between june 26,2013 and Feb 27,2014 have affected approximately 400,000 cards.

"We have now identified and fully contained the incident, and the malware no longer presents a threat while shopping at Michaels or Aaron Brothers" The retailer said they have removed the malware in question. 

Details of Over 480,000 people stolen from The Harley Medical Group


Hackers breached the server of an UK Plastic & Cosmetic Surgery company The Harley Medical Group and compromised personal details of over 480,000 people.

The individuals who have submitted their data via an initial inquiry form on the company's website were affected by this breach.

The information accessed by attackers include the names, email IDs ,date of birth, addresses and phone numbers , according to Hot For Security.  No clinical or Financial information has been accessed by attackers.

The company said it believed the attack was an attempt to extort money from the company.

"We have informed the police and will continue to provide whatever assistance they may require to track down the perpetrator of this illegal act" Harley chairman Peter Boddy said in the letter.

LaCie Security Breach went unnoticed for a Year


If you used a credit or debit card to purchase electronic items at LaCie's website last year, you may want to eagle-eye your card statements.

LaCie, French Computer Hardware company specializing in external hard drives, announced that it fell victim to a security breach that put customers' personal information and financial information at risk.

The company says cybercriminals used malware to infiltrate their website.  After getting notification from FBI on March regarding the breach, LaCie hired cyber forensic investigation firm.

Customers who made transactions between March 27,2013 and March 10,2014 were affected by this data breach.

According to an incident notification, customers' usernames, passwords, names, addresses, email IDs, credit and debit card information are all at risk.

Customers' passwords have been reset. e-commerce portion of the site has temporarily been disabled while the company "transition to a provider that specializes in secure payment processing services".

55,000 Social Security Numbers exposed in VFW.org security breach

The Veterans of Foreign Wars(VFW.org) of the United States recently began notifying affected users that hackers were able to their personal information.

In February 2014 , attackers compromised the VFW's website and planted malicious code that infects users' system with malware who visits vfw.org from vulnerable Internet Explorer versions.  The attack was believed to be originated from China.

An investigation into the incident shows that names, addresses and social security numbers of approximately 55,000 VFW members were compromised in the breach.

The letter dated April 4 said back in March VFW became aware of the security breach.

"VFW has been informed that the purpose of the attack wasn't identity theft, but rather to gain access to information regarding military plans or contracts" The letter reads.

VFW said they are offering one free year of identity theft protection services from AllClear ID to the affected members.

GovWin IQ website hacked, credit card information of 25,000 at risk

GovWin IQ System run by an enterprise software and information solutions provider Deltek suffers a security breach that puts information of around 80,000 employees of federal contractors at risk.

GovWin  are designed specifically for Government Contractors aiming to grow their business.

The breach occurred sometime between July 3,2013 and November 2,2013.  However, the company came to know about the breach only on March 13,2014.  

The hacker exploited a security vulnerability in the GovWin IQ System and managed to access customers' data.  The information accessed by hackers includes Names, billing addresses, phone numbe,s. and business email IDs.

According to Federal News radio report, the hackers also had access to credit card information of about 25,000 of those affected customers. Those who had card information compromised are being offered free credit monitoring services.

The company says it is cooperating with law enforcement on this case.  They have also hired a cyber security forensic firm. They also claimed to have arrested the hacker believed to behind the breach.

Germany's biggest data theft, 18 million emails and passwords stolen


18 Million email addresses and passwords have been stolen in what is being called the biggest data theft in Germany's history.

The compromised accounts are reportedly being misused for criminal purposes such as spreading spam emails.

The authorities have determined that at least three million of compromised accounts belong to German citizens(accounts ending with '.de').  The rest had international domain extensions such as '.com'.

It is still unknown exactly how many German and people from other countries have been affected by this massive data theft. 

A spokesperson for the states prosecutor's office in Verden, Lower Saxony, Germany, told The Local that they are currently in the process of determining how hackers accessed 18 million accounts.

It is second major data theft in Germany this year.  In January, German authorities announced that hackers accessed 16 million email addresses and passwords.