Cape May-Lewes Ferry Confirms Credit Card Data Breach


The Cape May – Lewes Ferry has confirmed its payment data systems were infiltrated by hackers who took payment card data on certain systems at the Cape May-Lewes Ferry’s terminals and vessels.

Delaware River and Bay Authority(DRBA) that operates the Cape May – Lewes Ferry learned of a possible data breach on July 30 - The same day Jimmy John's learned of the data breach.

The organization with the help of third-party cyber forensic experts has determined that its card processing systems relating to food, beverage , and retail sales only were compromised.

Credit and Debit card data of individuals who have made purchases from September 20, 2013 through August 7, 2014 at the Cape May – Lewes Ferry ’s terminals and vessels at risk.

The malware planted by the cyber criminals has been eliminated.  The card data accessed by the malware includes card numbers, cardholder's names and/or card expiration dates.

DRBA is offering free identity protection services, including credit monitoring to affected customers.

Kmart is the latest security breach victim

Kmart is the latest largest U.S. retailer to experience a data breach, confirmed that hackers had accessed certain debit and credit card numbers.

IT Security firm hired by the Kmart found the store payment data systems "were infected with a malware that was undetectable by current antivirus systems".

The company says no personal information, no debit card PIN numbers, no email addresses and no social security numbers were accessed in the security beach.

According to the investigation, the cyber criminals got into their systems in early September.  The company said it immediately removed the malware. 


Yahoo says ShellShock vulnerability is NOT the cause of the servers hack

Researcher Jonathan Hall says he found evidence that Romanian hackers used the recent "ShellShock" vulnerability to hack a number of high profile websites including Yahoo, WinZip.

Hall said he informed Yahoo, WinZip and FBI about the issue.

Yahoo earlier today said their servers were compromised by the ShellShock vulnerability.  But, Yahoo's Chief Information Security Officer Alex Stamos published a statement in Hacker News that the breach is not a result of 'Shell Shock'.

"Three of our Sports API servers had malicious code executed on them this weekend by attackers looking for vulnerable Shellshock servers." Stamos wrote.

"These attackers had mutated their exploit, [and] this mutation happened to exactly fit a command injection bug in a monitoring script our Sports team was using at that moment to parse and debug their web logs."

The company claimed hackers did not gain access to any user data and the affected servers are used to provide live streaming for its sports service that don't store user data.

In response, Hall said in his blog "The Yahoo! infiltration WAS from the 'Shellshock' vulnerability, and it did NOT originate on the sports servers / API’s".

About 5 million Gmail IDs and passwords leaked

Around 5 million Gmail user names and related passwords have been leaked in Russian Bitcoin security forum.

Is Google got hacked?
No, the leak was not the result of a security breach of Google systems.  The dump is said to have been obtained from other websites.

So, if you have used the same password used anywhere else, your gmail account could be compromised.

Google's response
"We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords." Google wrote.

What You should do?
  • There are few websites available online to check whether your gmail ID have been compromised or not.  My suggestion is don't use them.  I suggest everyone to change the password.(I believe most of the people keep the same password for years, so it's better to change now).
  • If you have not enabled 2-step-factor feature, it is good to enable it.
  • Never use the gmail password in any other websites.

A Test server of HealthCare.gov infected with malware



Hackers managed to breach a server which is part of HealthCare.gov and managed to upload a malicious software.

The server in question is a test server that was not meant to be connected to the Internet, it reportedly doesn't contain consumer personal information. 

The incident was originally reported by the Wall Street Journal.  The attackers broke into the server in july but the security breach was only detected on August 25 during routine review of security logs.

Department of Health and Human Services said the website was not specifically targeted.  The malware used in this attack was likely to perform denial of service attacks on the other websites.

The malware has been removed from the server.

Security breach at Bartell Hotels affects over 40,000 individuals


Bartell Hotels announced that it had detected potential unauthorized access by a third-party attacker to its customer's financial data.

The payment card processing systems used at five Bartell Hotels were compromised.

The five impacted hotels are Best Western Plus Island Palms Hotel & Marina, The Dana on Mission Bay, Humphreys Half Moon Inn & Suites, Pacific Terrace Hotel and the Days Hotel–Hotel Circle

The official statement says the security breach occurred between February 16,2014 and May 13,2014.  The breach involves theft of certain credit card data including names of customers and credit card numbers.

According to SC Magazine, the data breach affects between 40,000 and 45,000 individuals.  About 16,000 individuals who provided their email ids to the Bartell are currently informed of the breach.

The company is offering free credit monitoring and identity protection to the affected individuals.

Goodwill confirms Credit card breach

Goodwill Industries confirmed that a third party vendor's system hit with malware attack, resulting in its customers credit card data being compromised.

The data security issue was intially announced in July,  the organization said it is working with federal authorities to investigate the issue.

Following the investigation , the organization determined that malware had been installed on third party vendor's system used by 20 Goodwill customers(about 10% of all stores) to process credit card payments.

The affected systems contained names, payment card numbers, and expiration date.  The company says it has found no evidence that customer's personal information affected by this breach.

UPS store at 51 locations hit with Malware, Customers' Card data at risk

UPS Store, a subsidiary of UPS, said that 51 US Stores in 24 States were hit with a malware which was not detected by current Antivirus software.

The breach puts customers who used a credit or debit card at one of the affected locations between January 20,2014 and August 11 at risk.

Customer information that may have been exposed in this breach includes names, postal addresses, email addresses and payment information.

The company hired an IT Security firm to conduct forensic investigation after receiving a notification about a "broad-based malware intrusion" from US Government.

The UPS Store said it eliminated the malware as of August 11.  The company is offering identity protection and credit card monitoring services to impacted customers.


Hackers exploit HeartBleed vulnerability to compromise CHS


Community Health Systems (CHS) recently revealed that hackers have compromised their computer network and stolen personal information of around 4.5 million patients.


The report says the attackers have breached the CHS network in between April and July.  Mandiant, the company that did the forensic investigation found that the group responsible for the "Advanced Persistent Threat" attack is originated from China.

The compromised information includes patients names, phone numbers, Social Security Numbers and other details.

The company claims that no patient credit card, medical or clinical information has been taken.

According to TrustedSec, hackers have exploited the infamous OpenSSL "heart bleed" vulnerability to compromise the CHS network.

"Attackers were able to glean user credentials from memory on a CHS Juniper device via the heartbleed vulnerability (which was vulnerable at the time) and use them to login via a VPN." TrustedSec explained.



New Zealand Super Computer FitzRoy Hacked


FitzRoy, one of the fastest supercomputer weighing 18 tonnes, equivalent to 7000 laptops working simultaneously, supplying information on future severe weather, as well as greater world issues such as climate change, has been targeted by a computer hacker assumed to hail from China.

FitzRoy is owned by Niwa and is housed in a specially constructed room at the National Institute for Water and Atmospheric Research base at Greta Point, Wellington.

John Morgan chief executive of Niwa confirmed the news on May 23rd that supercomputer's security has been compromised by "an unauthorized person" overnight on Thursday.

He further said- "We immediately isolated the supercomputer, and switched functionality to back-up facilities in Hamilton"

"We are . . . confident the intruder did not get beyond the supercomputer."

FitzRoy provides a Capability Class supercomputer for use by New Zealand scientists working at the forefront of some of the largest scientific challenges faced by the nation. It is the fastest machine of it's kind in the southern hemisphere and comfortably in the world's top 500 supercomputers. It has a peak speed of 34 Tflops which a low latency, high bandwidth interconnect allowing the machine to act as a unified tool to solve the largest scientific problems.

Though it has been confirmed that the attacking IP address is from China still it cannot be confirmed that the attack originated from China, Prime Minister John Key said.“I would be very wary of attributing it to any country,” he says.

Meanwhile Niwa assures that the attack was in vain and FitzRoy has resumed its work normally."After taking a number of mitigation steps, the supercomputer was back online on Saturday evening with all normal services resumed," Niwa says.

Furthermore security expert Dr Paul Buchanan — a former policy analyst for the US Secretary of Defense advising the Pentagon — told NBR the attack followed the Chinese pattern of cyber trawling.He suggests the attack was to look for a back door or weak link, if Fitzroy is connected to other government computers.

But Daniel Ayers, a one-time Ernst & Young computer forensic expert and fraud investigator now private company Special Tactics, has different interpretation.He says-the attack could be used to mount a brute force attack on encryption of the supercomputer."The culprit in this case might have been seeking to establish a ‘botnet’ of super computers to solve a particularly difficult problem — possibly cryptographic. Or they might have suspected that the machine had covert classified uses, and it may do.”-he adds.

On the way we can now be sure that the day is not far when the security of super computer can be interrogated heavily.

Avast community forum hacked, user names and passwords stolen

Antivirus firm Avast said it took its community forum offline following a hacking attack compromised its database.

User names, email addresses,nick names and passwords were compromised in this attack.  The breach did not involve any financial data, license or any other data.

While the passwords are hashed(SMF forum software uses SHA-1 with a salt to store passwords) , it will not take much time for a hacker to crack the hashes. The longer the password, the harder it is to crack.

According to Avast blog post, the security breach affects less than 0.2% (about 400,000) of Avast's 200 million users.

People who uses the same password on other websites are advised to change those passwords immediately. 

Until now, their forum used an open source community software called "Simple Machines Forum(SMF)".  It appears the Avast is using an outdated version of SMF.


Avast said it is now "We are now rebuilding the forum and moving it to a different software platform" which will be secure one.

Security Breach at TradeMotion affects customers of AutoNation

AutoNation, Inc, said to be one of the largest largest automotive retailer in the United States, is notifying its customers that hackers may have gained access to their personal and financial information.

AutoNation said one of their third party vendors 'TradeMotion' has experienced a cyber attack.

Websites of AutoNation including 'parts.autonationfordwhitebearlake.com', 'parts.championtoyotaofaustin.com' and 'www.discounttoyotaparts.com' which is maintained by TradeMotion affected by this breach.

The information accessed by hackers includes customers' names, street addresses, email addresses, telephone numbers and credit card numbers entered between March 5,2014 and May 2, 2014.

TradeMotion has contacted the FBI regarding the icident.

AutoNation advises customers to monitor their financial accounts closely and offers one year free identity theft protection to affected customers.

eBay hacked, Encrypted passwords and non-financial data stolen


If you have an account in eBay, it is time to change your password!

E-commerce company eBay Inc urges users to change their passwords following a security breach impacting a database containing encrypted passwords and non-financial data.

The database accessed by hackers includes customers' information such as names, encrypted passwords, email IDs, birth dates and phone number.

eBay said it had found no evidence that any financial or credit card information, which is said to be stored in separate database server in encrypted format. 

The company also said a small number of employee login credentials have been stolen in the breach, which allowed intruders to gain access to its corporate network.

The company said the breach happened between late February and early March.

eBay can sent out all the "Offer" mails to users immediately...but why it is taking long to send a security warning?! Once they know the attack has happened and details have been compromised, why wait?!

Doge Vault hacked, 121 Million Dogecoin appears to be stolen


A Popular Dogecoin online wallet service DogeVault has reportedly been infiltrated by cyber criminals, millions of Dogecoins missing from user's wallet.

A note on the front page of the website(www.dogevault.com) says DogeVault service compromised by attackers on May 11, resulting in a service disruption and tampering with wallet funds.

The website has not provide much information about how much they lost in the heist.  However,  Some users at reddit reported that coins have been transferred to a newly created mega wallet.

According to Dogechain records, this wallet (DHKM6NDUUv9kaHAGi1QU7MRBNKfQiAdP3F) has more than 121 million Dogecoins that is about $56,000 dollars.

"We are currently in the process of identifying the extent of the attack and potential impact on user's funds" The statement on the website reads.

DogeVault suggests users not to transfer any funds to Doge Vault addresses until they finish the investigation.

Bitly website hacked, accounts credentials compromised


Bitly(bit.ly), the Popular URL shortening service, has issued an urgent security warning about a security breach that exposed account's credentials.

The company says they found no evidence suggesting that any accounts have been accessed by the intruders.  However, as a precaution, the company has disconnected users' facebook and twitter accounts.

"We invalidated all credentials within Facebook and Twitter" the blog post reads.

Although the social media accounts appear to be connected with bitly account,  users won't be able to publish anything until they reconnect the accounts. 

Users are advised to take the following steps to reset their OAuth tokens and API Keys:

1) Log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.

2) At the bottom of the ‘Advanced’ tab, select ‘Reset’ next to ‘Legacy API key.’

3) Copy down your new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.

4) Go to the ‘Profile’ tab and reset your password.

5) Disconnect and reconnect any applications that use Bitly. You can check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’
Bitly says "they have already taken proactive measures to secure all paths that led to the compromise". 

Orange warns users of phishing attacks following 2nd security breach



France based Telecoms company Orange has been hacked second time this year, more than 1.3 Million customers are affected by this security breach.

In the mid of April, hackers gained access to the a platform used by Orange to send email and SMS to its subscribers, according to Connexion report

The company sent an email to affected customers which contains a link to "click to call back" button.  Users who clicks the link will receive call from Orange.

The personal data accessed by hackers includes names, email addresses, mobile and landline numbers, date of birth as well as names of mobile and internet operators.

No payment information or credit card numbers and no passwords have been compromised in this breach.

However, the main risk in this case is that the compromised data can be used by attackers to launch phishing attacks.  Such attacks are claimed to be from the legitimate organizations and tricks users into provide their passwords and financial data.

Back in February 2014, Orange sent letters to 800,000 customers that hackers accessed personal data including email ids, phone numbers, names, mailing addresses.

Eircom recommends customers to change password after detecting Intrusion

Eircom, an Ireland Based Telecommunications company, has apologized to its users after it was forced to shut down its email service on Wednesday, after detecting an unauthorized access to the email system.

"we took immediate steps to lock down our email service and eliminate any threat to our 350,000 eircom.net email users" The company said.

The company said they found no evidence suggesting that the Inruders have gained access to any other systems or services including customer data.

They also recommend their customers to change their email accounts passwords and on a regular basis in the future.  If you have used the same password anywhere else, it is better to change their also.

After implementing a number of system modifications, access to eircom.net email had been fully restored.

The company said it is still trying to find out the cause of intrusion and had alerted relevant bodies including the Office of the Data Protection Commissioner.

Kali Linux website hacked by The GreaT Team

When it comes to Security, No ONE is 100% Secure.  Even the world most popular Security-related Linux provider Kali is no exception to this fact.

Earlier Today, a Libyan Hackers group "The GreaT Team(TGT)" have breached the mailing list subdomain of Kali website(lists.kali.org).

The hacker managed to change the descriptions of two lists which was being shown in the front page of the subdomain. One of the description is "Hacked By The GreaT TeAm -TGT ", other one is "Libyan Hackers".

After became aware of the breach, Kali Team immediately take down the entire sub-domain to offline.  The team said it is an inactive sub-domain.

"Looks like our inactive, 3rd party, 0 volume mailing list was hacked. DNS entry removed - back to sleep, problem solved." Kali Team's response to the breach.

It is worth to note that Kali Team has already have a bug bounty program- Researchers who report security bugs in their website will get reward.  But, Security researcher Rafay Baloch who discovered few security bugs in kali website highlighted the fact the "Bug Bounty" didn't help much.

The mirror of the defacement is here: http://www.zone-h.org/mirror/id/22278878

Popular Image Board 4chan hacked, moderator accounts targeted

The Popular Image Board 4chan has admitted to having suffered a security breach that allowed an intruder to access administrative functions and information from a 4chan database.

The breach which is said to have taken place last week was limited to moderation panels, their reports queue, and some tables in their backend database.

4Chan says the primary target of this security breach is their moderator account names and login credentials.  Hackers also managed to access pass credentials of three 4Chan pass users.

4Chan said it doesn't process any payment information, all of them are being processed by Stripe. So, there is no financial data involved in this breach.

The vulnerability responsible for the data breach has reportedly been patched, after 4chan became aware of it.

AOL security breach affects a significant number of users


Over the past few days, a large number of AOL users reported of being victim to Email Spoofing attacks -- Recipients received emails purportedly from their friend's email ID containing links to spam web pages. 

Today, AOL said it had launched an investigation into the security breach that allowed hackers to access its users' data including email IDs and encrypted passwords.

The company said it is working with cyber forensics experts and federal authorities to investigate the security breach.

AOL have determined that the following information have been accessed by intruders : Email IDs, postal addresses, address book contact info, encrypted passwords and encrypted answers to security questions and certain employee info.

AOL said it has no information indicating that the encryption on passwords or answers to security questions was broken.  Also they believe this breach doesn't involve any financial data.

AOL suggest users to change their password as well as security questions.