Digital Constitution hacked, to promote online gambling

Digital Constitution, the Microsoft web site which protects online privacy in a digital world, was hacked to promote online casinos.

According to ZDNet, which first reported about the hacking, the Digital Constitution was running an older version of WordPress when the spammy links were discovered.

Though the links were removed from the front page in the hours following the ZDNet report, a variety of other pages continued link to the gambling sites.

The news reports says that it is unknown how long ago the site was hacked to promote online gambling, whether other Microsoft websites were hacked or not. It is still not clear who was behind the attack.

Ars Technica noted that it was not unusual for hack-by-numbers exploit kits to automatically inject malicious links into vulnerable pages that when viewed by vulnerable computers, perform drive by download attacks.

However, when the company was asked, the Microsoft answered not more than "it's fixed."

According to the news report, the attacker had injected text with keywords like "online casino," "poker, "craps," "roulette," and "blackjack." New pages were added to inject to show content that embeds content from other casino-related websites. 

Hackers steal $24k from Mahwah businessman’s bank account

After big corporations and the government agencies, hackers are now targeting individuals. The hackers stole $240,000 from a local businessman’s bank account in Mahwah by hijacking his phone number.  

According to a report published on CSB New York, at first, the hackers followed and observed the local businessman and gained enough his personal information to convince his bank to wire $240,000 overseas.

Chief of Police James Batelli said that the phone number of the businessman had been hijacked so when the bank called to verify the hackers answered. However, the bank did not get a clue that it was talking to the hackers overseas.

“That is call forwarded to Brussels and the person on that end answers all the proper security questions, which was social security numbers, mother’s maiden name, hospital they were born in; and the bank thinks they’re talking to the person authorized to allow that transfer to go through,” said Batelli.

Batelli said that in order to protect personal information, people should regularly change their security questions.

Kreditech Suspects Insider In Data Breach

Kreditech, a Germany-based  micro-loan startup is investigating a data breach of personal and financial records of thousands of its online applicants, according to Brian Krebs report.

A Web site accessible via Tor, a software that transfers  Internet traffic  to a global network of relays, included links to countless documents, drivers licenses, national Ids, scanned passports, and credit agreements taken from Kreditech’s servers.

A group of  hackers 'A4' professes to have posted the screen shots of the hundreds of gigabytes documents of Kreditech.

Kreditech head of communications Anna Friedrich said, “There is no access to any customer data. This incident stemmed from a form on our website that was stored data in a caching system that deleted data every few days. What happened was that a subset of application data was affected. We are collaborating with the police, but unfortunately there is no more further information that I have to share.”

Further adding Friedrich said that Kreditech believes the data was leaked by an insider, can be former or current employee.

Kreditech, has raised $63 million from investors since 2012. The company grant credit to applicants using traditional data scoring and social media, and provide loans  in Spain, the Czech Republic, Poland, Mexico, Australia, Russia,  Peru, the Dominican Republic and Kazakhstan.

Twitch advises users to change passwords after potential hack

Gaming video broadcaster Twitch recently announced that the site could have potentially been hacked and all users should set new passwords for their accounts on the website.

The company has given out an official statement on the matter saying that hackers could have gained access to personal account information of its users. The website has not given out any information as to how hackers accessed the user information.

Not taking any chances, Twitch has expires the passwords of all its user accounts and also accounts linked from Youtube and Twitter. The company has gone a step further and also asked users to change their similar passwords on other websites.

Twitch is also contacting users personally via email, who they think might have been directly impacted because of the potential breach. In the email (obtained from Twitter user Chris Seymour) Twitch has further stated the information of the affected users at risk.

The email read, 'We are writing to let you know that there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password, the last IP address you logged in from, limited credit card information (card type, truncated card number and expiration date), and any of the following if you provided it to us: first and last name, phone number, address, and date of birth.'

Twitch has declined to comment publicly what personal information of its users might be at risk.

LAX Police investigating credit card breach at Tom Bradley International Airport

Police have begun investigating what appears to be a credit card fraud at one of the shopping vendors at the Tom Bradley International Airport.

The police are being reclusive on the matter and haven failed to comment what led them to finding out about the credit card breach. They have also refused to tell the press about which shopping vendor might have been compromised for card payments. No suspects have been identified as of yet by the police.

The Tom Bradley International Airport is the sixth busiest airport in the world, and the third in United States. The terminal has three levels and 18 gates and 39 airlines operate out of their. There are dozens of vendors present throughout the airport.

LAX Police have asked anyone who finds unauthorized charges on their card statements at the airport terminal after March 4 to call  (424) 646-6100 immediately.

Yahoo says ShellShock vulnerability is NOT the cause of the servers hack

Researcher Jonathan Hall says he found evidence that Romanian hackers used the recent "ShellShock" vulnerability to hack a number of high profile websites including Yahoo, WinZip.

Hall said he informed Yahoo, WinZip and FBI about the issue.

Yahoo earlier today said their servers were compromised by the ShellShock vulnerability.  But, Yahoo's Chief Information Security Officer Alex Stamos published a statement in Hacker News that the breach is not a result of 'Shell Shock'.

"Three of our Sports API servers had malicious code executed on them this weekend by attackers looking for vulnerable Shellshock servers." Stamos wrote.

"These attackers had mutated their exploit, [and] this mutation happened to exactly fit a command injection bug in a monitoring script our Sports team was using at that moment to parse and debug their web logs."

The company claimed hackers did not gain access to any user data and the affected servers are used to provide live streaming for its sports service that don't store user data.

In response, Hall said in his blog "The Yahoo! infiltration WAS from the 'Shellshock' vulnerability, and it did NOT originate on the sports servers / API’s".