Photos not obtained by iCloud breach, but by password hacking
Apple CEO Tim Cook has formally addressed the recent celebrity selfies scandal, where some of the images obtained by hackers came from the victims' iCloud accounts (alongside other services, those responsible for the collection of the images have recently admitted). In an interview with the Wall Street Journal, Cook not only acknowledged that some celebrities' accounts were specifically targeted using conventional data-stealing techniques, but promised both educational and engineering improvements.
Nearly 4.5 billion records in total collected, 542 million unique emails addresses
The New York Times reported earlier this week that a hacker group has collected 1.2 billion unique username and password credentials from 420,000 websites. The records, which were verified by a security firm, is thought to be one of the largest collections of Internet identity information reported. The publication had the data analyzed by another expert, who verified the authenticity of the collection but has not commented on the validity of the data.
Proposed Serious Crime Bill in Queens Speech includes harsher cyberattack sentences
Hackers in the United Kingdom could face tougher penalties in the future, as a part of government plans announced in the Queen's Speech yesterday. The proposed Serious Crime Bill, part of which updates the 1990 Computer Misuse Act, would see penalties up to and including life sentences for cyberattacks that cause death or serious injury, or is deemed a threat to national security.
Denying visas to possible attendees considered over Chinese hacking indictment
Members of the US government are considering issuing visa restrictions on Chinese nationals seeking to attend DefCon and Black Hat. The effort would be aimed at computer hackers coming to the Las Vegas conferences from China in order to keep them from attending. These efforts would be "part of a broader effort to curb Chinese cyber espionage," an official told Reuters.
Vulnerability shut down, but fooled visitors into providing info
Late Wednesday afternoon, Electronic Arts reported that it had finally closed a serious vulnerability on its web servers that allowed hackers to host a fake "Apple ID" page -- part of a phishing scam that attempted to trick users into visiting the fake page and supplying personal information and credit card details that Electronista reported on earlier today. Netcraft, which originally spotted the compromised pages, reported the problem to EA on Tuesday night.
Denial of Service attacks employed against hacking groups by UK intelligence agency
A spy unit under the control of the United Kingdom's intelligence services was used to attack the Anonymous and LulzSec hacking groups, according to GCHQ documents leaked by Edward Snowden. The Government Communications Headquarters (GCHQ) used the unit to deploy distributed denial of service (DDOS) attacks against the groups, a similar strategy employed by the hackers themselves.
Already in iOS 7 beta; hack demonstrated earlier today
Apple says it has already fixed an obscure security flaw that could have allowed hackers to access data on an iOS device through the use of a specially-designed custom USB device that looks like a charger but in fact contains a tiny Linux-powered computer designed to insert malware. The fix is already present in the most recent iOS 7 beta and will be incorporated into the OS when it is released to the public this fall, the company says, and involves notifying users whenever they connect to another computer, even through the power adapter.
Botnet operators face three-year sentences, five for infrastructure attacks
The European Parliament has issued a draft directive that will give harsher punishments to hackers in the future. The directive will ask the 28 member states of the European Union to update their national maximum sentences to at least two years in prison for the illegal infiltration of computer systems, with higher sentences for more serious computer crimes.
Game publisher advises no payment details compromised
Servers belonging to video game publisher Ubisoft have been compromised in a recent attack. Hackers are said by the company to have gained access to sensitive data, including usernames, e-mails, and encrypted passwords, and has started to e-mail Uplay account holders to warn about the intrusion and the data loss.
North attacked by Anonymous, South by unknown sources
Government websites in South and North Korea have been attacked by hackers, on the anniversary of the start of the Korean War. Websites, including a number of media servers and one for the presidential Blue House, were taken down in South Korea earlier today, but it is not clear what entity performed the attacks in the first place.
Attack said not to be 'the work of amateurs'
Social networking site Twitter has been hacked, with approximately 250,000 user accounts affected. Hackers managed to gain access to the usernames, e-mail addresses, session tokens, and encrypted and salted password hashes belonging to users of the service, something that the company is quickly trying to rectify.
Credentials stolen from company, bank failed to prevent theft
A financial institution in Maine has agreed to reimburse a construction company $345,000 that was stolen by hackers following a ruling that the bank had "commercially unreasonable" security precautions. People's United Bank has agreed to pay Patco Construction Company every cent it lost in 2009, plus $45,000 in interest after miscreants stole the Patco banking credentials and withdrew money from the account.
Hackers change domain details to infect ransomware
Hackers have altered DNS records of websites hosted by Go Daddy, with the aim of infecting visitors with ransomware. The attackers are adding subdomains to the DNS records, pointing to a malicious IP address under their control, allowing victims to believe they are going to the right website, and for the pages to avoid various security protection mechanisms. This attack comes two months after an alleged attack on the Go Daddy network.
Unclassified servers penetrated, isolated from rest of network
The US Government is attempting to cool down rumors that hackers linked to the Chinese government penetrated the White House Military Office's (WHMO) network. The WHMO is responsible for presidential travel arrangements, and all communications with military units from the White House. A White House source denies the allegation, claiming that the spear phishing attack hit an unclassified network associated with the military office, and there is no evidence any classified information was stolen.
Millions of passwords exposed, hacked on Russian forum
Music purveyor Last.fm and online dating matching service eHarmony have both recently announced that they are the victims of an assault by hackers. Both Last.fm and eHarmony have published brief statements about the break-ins, with little data about previous or new security precautions implemented as a result of the leak. The news comes days after the high-profile breach on LinkedIn.
AntiSec reveals 10GB of US police private data
AntiSec hackers said they have made their biggest hack and revealed it to the world by posting 10GB of confidential US law enforcement information, the group revealed in a statement. This move, the group said, is in response to the arrests of Anonymous and LulzSec hackers. The so-called Shooting Sheriffs Saturday dump is said to include private e-mail, passwords, addresses, social security, credit card numbers, informants, training files, and more.
LulzSec strikes again, hacks site, steals data
LulzSec, the group of hackers that recently embarrassed Sony again, has now switched its attention an FBI affiliate’s site and hacked it. In doing so, it also exposed the user data of around 180 of the sites users. Among them, was the data of Unveillance CEO Karim Hijazi. Hijazi claims that LulzSec not only stole his data, including access to his company emails and Gmail account, but the group also tried extort more data and money from him.
Sony not slow, no guarantee of 100% security
Sir Howard Stringer has defended Sony’s response to the massive data breach that exposed user information to hackers. Numerous critics have lambasted Sony for waiting up to a week before notifying customers of the nature of the attack on its servers after first shutting them down without notice. In an interview with the New York Times, Stringer claimed that “[Sony] reported quickly.”
Amazon EC2 cloud-based server used in PSN hacks
Amazon’s EC2 cloud-based rental server service is reported to have been utilized as a proxy in the Sony PlayStation Network hacks. According to Bloomberg, a person with knowledge of the matter has revealed that the hackers used an alias to rent an Amazon EC2 server and used it as the staging point for the attack. The person said that Amazon has closed the account used for the hack.
Eric Schneiderman issues subpoena to Sony
The New York Attorney General has demanded that Sony divulge information to his department regarding how it protects customers’ personal information. While Sony has refused to testify to Congress about the massive data breach it suffered at the hands of hackers, Eric Schneiderman has taken a legal tack, issuing the company a subpoena.
Android hackers find Google Music sync feature
A new Android hack currently being installed by some users on the XDA Developers forum is shedding some light on the upcoming Google Music service. As originally expected, the service will be cloud-based, as one user who installed a CyanogenMod 7 hack with Android 2.3.3 and the Google Music app for Android 3.0 then supposedly synchronized his music collection from his phone's memory card. The process was left to run overnight, but removing the card still allowed the user to listen to his songs as they streamed from Google's servers.
Motorola says Droid X won't brick if hacked
Motorola has responded to reports that the Droid X has a hardware security protocol that would reportedly brick it rather than let hackers install different types of software. The hardware maker says Droid X handsets will not be permanently rendered useless by unsuccessful hacking attempts, but instead be prevented from booting if unapproved software is detected on the device. It will go into recovery mode, and can be re-booted once properly approved software is re-installed.
Part of criminal profit-making scheme
Macs are being deliberately targeted by a Russian hacking group, says Sophos security researcher Dmitry Samosseiko. The group is a subset of a larger criminal network known as the Partnerka, which normally turns a profit through spam promoting fake online drug vendors, and malware in the form of "scareware" anti-virus protection. The Partnerka have generally concentrated malware efforts on Windows users, who together represent the largest possible target.
Mac OS X a growing target
Apple's Mac OS X operating system -- which the company advertises as more secure than Microsoft Windows -- is coming under increased scrutiny by security specialists and underground crackers as the platform increases in market share. After repeatedly posting record quarters and announcing a growth rate well ahead of the personal computer industry in general, Apple is fast appearing on the radar of more and more hackers across the globe. Infoworld reports that "The days when you can assume that Apple's products are exempt from harm are over."
Symantec on Mac security
Apple's operating system has a reputation for being secure and free from malicious users causing headaches, but with Apple's popularity on the uprise, users should learn basic maintenance and security procedures for their favored operating system. Tech news site CIO recently spoke with Ollie Whitehouse, architect for Symantec's Advanced Threat Research Team, about OS security, especially in regards to large corporations. Whitehouse says that Macs are safe mainly due to a smaller marketshare, but as Apple's popularity increases, so will the threats against the company's operating system.