A Hacker group called "Hack The Planet(HTP)" hacked into one of the top name registrar and web hosting company Name.com. According to Hacker News report, the Name.com was not specifically targeted, they just want to trace another hacker group causing trouble to HTP.
The Story goes like this: HTP realized another group impersonating ac1db1tch3z tried to cause trouble for HTP's botnet. HTP found out the group used an IRC channel hosted on SwiftIRC. If they could break into SwiftIRC which is hosted in Linode, they could cause all sorts of trouble for the impersonators.
To gain access to SwiftIRC , HTP decided to breach the Lionde. To breach Linode, HTP breached their domain name registrar name.com.
The rest of the story can be found here.
Name.com confirmed the security breach and started to send password-reset emails to customers. Unfortunately, E Hacking News also received the password-reset mail :(
"Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals" The mail reads.
The Name.com claimed the have stored credit card info using strong encryption and "the private keys required to access that information are stored physically in a separate remote location that was not compromised".
Fortunately, i never use my real credit card details in Internet( i know it is insecure medium). I always generate a virtual credit card and use it , the feature provided by my Bank ;) And i never use the same password anywhere else.
*Security Tips*: Make sure to check the URL before clicking on the link provided in the email. There are plenty of Hyena out there to take advantage of this security breach to send phishing emails.
The Story goes like this: HTP realized another group impersonating ac1db1tch3z tried to cause trouble for HTP's botnet. HTP found out the group used an IRC channel hosted on SwiftIRC. If they could break into SwiftIRC which is hosted in Linode, they could cause all sorts of trouble for the impersonators.
To gain access to SwiftIRC , HTP decided to breach the Lionde. To breach Linode, HTP breached their domain name registrar name.com.
The rest of the story can be found here.
Name.com confirmed the security breach and started to send password-reset emails to customers. Unfortunately, E Hacking News also received the password-reset mail :(
"Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals" The mail reads.
The Name.com claimed the have stored credit card info using strong encryption and "the private keys required to access that information are stored physically in a separate remote location that was not compromised".
Fortunately, i never use my real credit card details in Internet( i know it is insecure medium). I always generate a virtual credit card and use it , the feature provided by my Bank ;) And i never use the same password anywhere else.
*Security Tips*: Make sure to check the URL before clicking on the link provided in the email. There are plenty of Hyena out there to take advantage of this security breach to send phishing emails.
A Software programmer who was employed at the High-voltage power manufacturer company arrested for hacking into the computer network of the company.
According to the FBI report, Michael Meneses, was employed at the victim company as a software programmer and system manager specializing in developing and customizing the software that the company used to run its business operations.
He was one of two employees who were primarily responsible for ensuring that the software that drove the company’s manufacturing business. His responsibilities gave him high-level access to the company’s computer network.
He had voiced displeasure at having been passed over for promotions, tendered his resignation in late December 2011. Then, he allegedly launched cyber attack against the company and steal employee's security credentials. He then used those credentials for accessing the network remotely via VPN. The complaint says the company suffered over $90,000 in damages as a result of Meneses’s intrusions.
If convicted, he will face a statutory maximum sentence of years’ imprisonment, a $250,000 fine, and restitution.
Reputation.com , an online reputation management website lost their own reputation when a hacker invade their website and accessed the personal data of users.
Reputation.com on Tuesday sent an email to customers disclosing the security breach. Reputation.com said in the mail that intruders had accessed the personal information including names, email , physical address, phone numbers, date of birth and occupational info.
On top of that, hackers had accessed the encrypted passwords of a small number of users. Reputation.com claimed that the passwords are highly encrypted(Hash+Salt) and "it was highly unlikely that these passwords could ever be decrypted".
One of the EHN's user commented on the issue "You fail at cryptology. The salt is stored with the hash. It doesn't add any strength to the individual hash's resistance to brute-force attacking, it only strengthens hashes from being attacked by pre-built rainbow tables. Even if you used bcrypt with a cost of 16 and 128-bit /dev/random salts, all an attacker has to do is iterate the10,000 most common passwords and they'll hit 98% of internet users. "
However the company immediately reset the password to prevent unauthorized access.
Though the company claimed that hacker didn't access the financial information such as credit card numbers which they don't store, they are offering free credit monitoring for one year.
Cyber space poses an important role in the national security. A country should also remember to provide security in cyber space. But the government fails to concentrate on cyber security that lefts most of the government sites vulnerable to hack.
The security breach of Royal Thai Navy website(www.navy.mi.th) is best example for this - the navy of Thailand and part of the Royal Thai Armed Forces.
A hacker with twitter handle @WilyXem has discovered a SQL Injection vulnerability in the Thailand navy website. He managed to exploit the vulnerability and compromised the target database.
Earlier today, the hacker posted a link to the dump in twitter(sprunge.us/YHHf). The dump contains database details including database name, version, table details. He also provided a Proof-of-Concept of the SQL injection vulnerability.
The hacker also leaked 3 tables namely membern, personalacc, personalacc1 that contains username and passwords in plain-text format.
It is really sad to know that the passwords are being stored in plain-text format. But it won't take much time for a hacker to crack, even if there is an encryption. Because they use very weak password.
Kirkwood community college on Monday announced that cyber criminals has breached the college website(kirkwood.edu) and accessed personal data of students who applied to take credit classes in the last 8 years.
The college said sophisticated hackers originated from an international IP address accessed the website on March 13,2013 and gained access to archived application information from Feb 2005 until March 13,2013.
The accessed information includes applicant names, birthdates, race, contact information and social security numbers.
The college says it has contacted affected individuals to offer free services that will include personal assistance from identity theft and restoration experts who will listen, answer questions and offer expertise regarding concerns from those affected.
Two major search engines of Japan, Goo and Yahoo japan is reportedly suffered security breach earlier this week.
Goo which is owned by network operator NTT confirmed that hackers accessed the users' account which has financial details such as credit card, bank information, email id and personal info. Goo has locked 100k user accounts to prevent unauthorized logins.
According to Pc Advisor report, The company detected a series of brute-force attacks from certain IP addresses , with some accounts hit by over 30 login attempts per second.
Yahoo Japan on the other hand discovered a malicious programs on company servers that harvested data of 1.27 million users. However, the company managed to stop the program before it leak any of the information.
Salem State University(SSU) found one of the college's computer servers is infected by a malware. The university sent notification to 25,000 current and former employees whose information stored on the affected server.
The security breach affects people who have received a paycheck from the university - from full-time staff to students who were employed on campus, according to The Salem News report.
Tom Torello, vice president of marketing and communications at Salem Stated "we don’t know if anyone’s information has been used in any type of illegal way, so we don’t know if anyone’s information is out there."
The University has offered one year of ID protection services through Experian for those affected employees.
Al-Qaeda Electronic Army and Tunisian Army recently attacked several U.S. Government websites as part of their operation called "#opBlackSummer" - an operation against America.
Now the hackers took their operation to next level by launching cyber attack against Petroleum and Gas companies. Yesterday, EHN got notification that the Team breached the two U.S. Petroleum websites.
They identified the SQL Injection vulnerability in the websites belong to "Chevron Corporation(chevron.com) -an American multinational energy corporation " and "Oceaneering International, Inc(oceaneering.com)- a subsea engineering and applied technology company based in Houston, Texas, U.S.A.". We have verified the existence of the vulnerability.
The hackers claim they will send these IP address details to their Chinese hackers team to do some malicious work.
TCA said this operation will continue till September. The hackers said they are planning to "give a great surprise for the USA" on 11th Septemebr (9/11), the date on which al-Qaeda hijacked four airliners and carried out suicide attacks against targets in the United States.
An Indian Hacker with online handle "Godzilla" has claimed to have breached the Pakistan Army(pakistanarmy.gov.pk) and the main Government websites(pakistan.gov.pk).
In a screenshot given to EHN, the hacker showed that he gained access to admin panel of HILAL MAGZINE page maintained by Pakistan Army as Administrator.
 |
| Admin panel of Pakistan Army |
The hacker also claimed to have crashed a proxy used by Pakistan Government websites for encrypting the URL.
At the time of writing, the main page shows the following error message: "Error 404: Initialization of one or more services failed. ".
" U thought that the proxy would stop us. Dont play with proxy if u dont know how to configure it." The hacker said.
This is not the first time the Pakistan Army site is being hacked. The hacker claims to have hacked the Pakistan army before itself. Earlier this year, one of the Tunisian hackers "Human Mind Cracker" also hacked the Pakistan Army site by exploiting the SQL Injection vulnreability.
Tunisian Cyber Army claimed to have breached CBN and AT&T websites by exploiting the SQL Injection vulnerabilities.
In an email sent to EHN, the hacker provided the screenshots along with the vulnerable link . Hacker recommended EHN not to publish the vulnerable links.
He claimed to have compromised 19,800 user details from the CBN website(CBN.com) - The Christian Broadcasting Network.
The hacker claimed that this is part of operation called "#opblucksummer", a hacking-operation against United States.
So far, the hackers hacked into American Express, Nasa and few other websites.
Evernote , a suite of software and services designed for notetaking and archiving - announced that Evernote network has been breached by hackers and urged users to reset their passwords.
The company claimed they found no evidence that any of the content stored in Evernote was accessed, changed or lost. They also said they have no evidence that payment details of Evernote Premium or Evernote Business customers was accessed.
But the hackers gained access to Evernote user details including email addresses, usernames, encrypted passwords with salt. The company didn't mention which encryption algorithm was used to encrypt the password.
"While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure." wrote in the official blog post. " This means that, in an abundance of caution, we are requiring all users to reset their Evernote account passwords."
cPanel announced that one of the cPanel proxy servers which is used by their Technical analysts for accessing customer servers has been compromised by hackers.
According to their forum post, the hacker compromised proxy machine by compromising a single workstation used by one of our Technical Analysts.
The company said "only a small group of our Technical Analysts uses this particular machine for logins".
The company also claimed that they found no evidence that any sensitive customer data was exposed and there is no evidence that the actual database was compromised.
cPanel restructured the process used to access customer server to "reduce the risk" of this type of security breach.
EDUCAUSE, a nonprofit association and the foremost community of IT leaders and professionals committed to advancing higher education - announced its server has been breached and urge users to immediately change the password.
According to the warning issued by Educause, hackers might have compromised information contained such as name, title, e-mail address, username, and hashed password.
As a precaution, all passwords have already been deactivated and has notified members and the community via e-mail and social media.
Fortunately, any sensitive personal or financial information are not accessed by the cyber criminals. Also, they reported that InCommon account holders are not affected by this security breach.
Apple has announced that they were targeted by hackers who infected small amount of employees' computers .
The security breach occurred when employees visited a developer website that exploited a vulnerability in the Java browser plug-in, installing malware on their Mac computers.
Few days back, we reported that Facebook employees'computers infected after they visit a malicious page that exploits the java vulnerability and serves malware.
Apple become the latest high-profile American entity to say it was the victim of a recent cyberattack, following similar admissions by Twitter, The New York Times, The Wall Street Journal, The Washington Post and the U.S. Department of Energy.
The security breach occurred when employees visited a developer website that exploited a vulnerability in the Java browser plug-in, installing malware on their Mac computers.
Few days back, we reported that Facebook employees'computers infected after they visit a malicious page that exploits the java vulnerability and serves malware.
Apple become the latest high-profile American entity to say it was the victim of a recent cyberattack, following similar admissions by Twitter, The New York Times, The Wall Street Journal, The Washington Post and the U.S. Department of Energy.
An unknown hacker breached the Twitter account of fast-food chain Burger King and announced the company had been “bought out” by McDonald’s.
The @BurgerKing account name was changed today to "McDonalds" and changed the logo with McDonalds Logo with a message "Just got sold to McDonalds because the whopper flopped =FreeDom is Failure""
“We just got sold to McDonalds! Look for McDonalds in a hood near you,” the hacker tweeted from the hacked account.
According to report, the account was suspended by Twitter after the hack. The hack was announced by the Infamous Anonymous Twitter account "@YourAnonNews". But we are not sure who hacked the account.
At the time of writing, the hacked account is back to online but the tweets are protected.
Twitter researchers detected unusual access patterns that led to them identifying unauthorized access attempts to Twitter user data.
The team revealed that anonymous hackers may have had access to approximately 250,000 user credentials that includes usernames, email addresses, session tokens and encrypted/salted versions of passwords
As a precautionary security measure, Twitter has reset passwords and revoked session tokens for these accounts.
The affected accounts will have recently received an email regarding the issue and ask you to create a new password.
RubyGems website(RubyGems.org) hacked via an YAML parsing vulnerability. RubyGems is a package manager for the Ruby programming language that provides a standard format for distributing Ruby programs and libraries
According to Heroku status, at least one malicious gem was uploaded which potentially had access to sensitive data, including credentials necessary to tamper with gems.
RubyGems team is verifiying all gems since it’s unknown which have been tampered with. The verification process will start with the latest version of all gems, then most popular version, then the rest of the versions.
The team have disabled deploys of ruby applications until they gain confidence that no gems have been compromised. Users wishing to work around this can deploy at their own risk by setting a custom BUILDPACK_URL as shown in the instructions on GitHub. However, they strongly discourage its use until they have determined the authenticity of all gems.
"While the RubyGems team is continuing to investigate audit logs and compare all gems against external known-good copies, there has been no evidence yet that any gems have been malicious modified. As a precaution, Ruby deploys that require external gem servers continue to be disabled." Heroku status reads.
The recent status update from Heroku says that RubyGems team verified that 80% of all gems stored in the rubygems.org are unmodified.
The Pakistani hacker called as H4$N4!N H4XOR from P4K!$T4N H4XOR$ CR3W has breached few Indian Educational and other websites.
The hacker defaced the affected sites with their group logo. There is no defacement in the Main page, hacker defaced 'contact us' and 'about us' pages.
Some affected Educational websites from Tamil Nadu are Meenakshi Ammal Teacher Training Institute (matti.edu.in/about_us.php), Arulmigu Meenakshi Ammal Public School(amaps.in/contact_us.php), Meenakshi Ammal Matriculation Higher Secondary School(mamhss.edu.in/about-us.php).
The hacker also hacked few other sites andboxes.shsdemo.in, bhardwajindustries.in , joboncall.in and techskills.net.in
At the time of publishing, I am still able to see the defacement page. It seems like the admin is not aware of this security breach.
Hackers breached the Army database and gained accessed to personal data of more than 36,000 people connected to Army commands formerly based at Fort Monmouth, according to Asbury Park Press report.
An Army spokesperson said the information includes names, birth dates, Social Security numbers, addresses and salaries ,
The security breach was discovered on December 6th , and the affected databases were taken offline immediately and have not been put back online.
The officials declined to identify the affected database because of ongoing investigation. The Army is offering free credit monitoring services for a year to those affected by the breach.
The security breach may have affectedCommunications-Electronics Command (CECOM), C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance) and nongovernmental personnel as well as persons who may have visited Fort Monmouth.
Hackers once again breached the Point-of-Sale(POS) network of Restaurant Depot, New York based wholesale supplier. The hackers managed to steal credit and debit card details from the card processing system they use in some of their stores.
The company discovered the security breach on December 4th 2012 when thier customers had experienced credit card fraud after they used their cards at some of our stores.
They hired Trustwave on December 6th to investigate the intrusion. After the investigation, researchers determined that the intrusion first started on Nov 7th 2012. Researchers are still in the process of identifying all the details and are continuing their investigation.
The company notified all the major card brands and provided information about potentially compromised accounts.
"To protect yourself from possible fraudulent charges, you should contact officials at your card issuer immediately by calling the toll-free number on the back of your card or on your monthly statement, tell them you have received this letter, and ask them to cancel and reissue the card. " The official notification reads.
"You should also closely review your credit /debit card statements if you used your cards at one of our stores between November 7th and December 5, 2012. You should immediately notify the bankor financial institution that maintains the card account of any unauthorized charges. "
This is not the first time the company experiencing the security breach , in the 2011, Russian hackers hacked into Restaurant Depot database and accessed the credit and debit card details of more than 200,000 customers.
