Trending this month

Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts

December 14, 2016

new details of 1 billion yahoo accounts compromised by hackers ,emerges

"the cost of fighting cyber crime security"

"new details of  1 billion  yahoo accounts compromised by hackers ,emerges"

Shocking details of Yahoo Hacking revealed: It seemed Yahoo  has lost count over how many " of its user accounts were compromised  as hackers managed to get details of more than than 1 billion user accounts. That's double the number affected by a hack revealed by the company in September 2016. According to Yahoo" Stolen data included" users' names, email addresses, telephone numbers, dates of birth, and encrypted passwords. Those passwords are scrambled up with an encryption tool called MD5, which experts say is possible to crack with some patience. The data also included some security questions and answers, some of which weren't encrypted.The stolen data is believed to include information for over 150,000 US government and military employees according to Bloomberg . These include former White House staff, congressmen and their aides, FBI agents, officials at the National Security Agency, the Central Intelligence Agency, the Office of the Director of National Intelligence, and each branch of the US military.

This enormous data hacked apparently happened in 2013. Earlier Yahoo announced a separate data breach in September this year, in which hackers in 2014 swiped user information from half a billion accounts, it was said to be the biggest cybersecurity breach ever.
Meanwhile a security researcher Jouko Pynnönen had reported a vulnerability in Yahoo! Mail via bug-bounty organizers HackerOne and bagged $10k after discovering and reporting a serious flaw in Yahoo! Mail that could have been exploited by crooks to read victims' messages.The flaw – fixed in production late last month– could be exploited simply by tricking your target into opening a booby-trapped mail. The same vulnerability could also be abuse to spread malware, as a blog post by Pynnönen explains: The flaw allowed an attacker to read a victim's email or create a virus infecting Yahoo Mail accounts, among other things. The attack required the victim to view an email sent by the attacker. No further interaction (such as clicking on a link or opening an attachment) was required

 Andrew Komarov  who was working with InfoArmor saw a  Eastern European hacker group sell the  Yahoo database three times - and he intercepted the database  and notified to to the Government reports dailymail
In the meanwhile Yahoo's chief information security officer Bob Lord says that the company hasn’t been able to determine how the data from the one billion accounts was stolen. 'Yahoo badly screwed up,' Bruce Schneier, a cryptologist and one of the world's most respected security experts, said after the internet company's latest disclosure.

April 29, 2014

The Biggest Challenger to Internet Economy" is not Government but" Data Vulnerability

Online Giant Target   announced that credit and debit card information for 40 million of its customers had been compromised.  In January, Nieman Marcus reported the theft of 1.1 million credit and debit cards by hackers who had invaded its systems with malware 

The latest findings from the Pew Research Center suggest that Americans are concerned about online security and a quite a few believe that they had important personal information stolen and many have had an account compromised. 

Findings from a January 2014 survey show that 18% of online adults have had important personal information stolen such as their Social Security Number, credit card, or bank account information. 

That’s an increase from the 11% who reported personal information theft in July 2013. 21% of online adults said they had an email or social networking account compromised or taken over without their permission.The same number reported this experience in a July 2013 survey. 

 The recently discovered Heartbleed security flaw is the latest in a long string  data vulnerability and breach of " online users privacy"

The Heartbleed  bug starts  affecting a widely-used encryption technology ,intended to protect online transactions and accounts, went undetected for more than two years. Security researchers are unsure whether or not hackers have been exploiting the problem, but the scope of the problem is estimated to affect up to 66% of active sites on the Internet.

The extent  to which " the online economy"  is being targeted , specially those  dealing in   online shopping  transaction and ecommerce gateways   has seen a rapid increases

Online Giant Target   announced that credit and debit card information for 40 million of its customers had been compromised.  In January, Nieman Marcus reported the theft of 1.1 million credit and debit cards by hackers who had invaded its systems with malware

August 12, 2011

State of Mobile Malware: 5 Ways To Deal with it

Malware specific to Android devices in particular has been making headlines as of late. In March, Google removed 21 apps from the Android Market after the blog Android Police alerted the company that the apps contained malware and were being used to collect user data. Google also invoked a kill switch, which automatically deleted the malicious apps from users’ phones, without any action necessary from the users.

  Source Bullguard
According to InformationWeek  A new Trojan horse app has emerged to target Android devices, and this one's particularly creepy. The app records a user's phone calls and then uploads them to a remote server. The app was revealed on the Security Advisor Research Blog, published by CA Technologies, now known as Total Defense.

Android users are now 2 1/2 times more likely to encounter malware than a mere six months ago and that Web-based threats affect 30% of them each year. Furthermore, the survey shows the number of malware-infected apps increasing fivefold, to 400, in the first half of this year.

Some of the of the social engineering and obfuscation techniques used to distribute mobile malware is even more sobering. Since iOS has a strictly curated distribution model, i.e. unless you jailbreak the device you can't install an app on the iPhone or iPad without going through the App Store, Apple devices aren't susceptible to malware-infected apps (although, as the JailbreakMe exploit proved, hackers can still do a lot via the Safari browser). Thus, the scary stuff is happening in the Android ecosystem, where the freewheeling, community-policed Android Market is easily booby trapped.

Notable mobile viruses

  • Cabir: Infects mobile phones running on Symbian OS. When a phone is infected, the message 'Caribe' is displayed on the phone's display and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals.

  • Duts: A parasitic file infector virus and is the first known virus for the PocketPC platform. It attempts to infect all EXE files in the current directory (infects files that are bigger than 4096 bytes).

  • Skulls: A trojan horse piece of code. Once downloaded, the virus, called Skulls, replaces all phone desktop icons with images of a skull. It also will render all phone applications, including SMSes and MMSes useless.

  • Commwarrior: First worm to use MMS messages in order to spread to other devices. Can spread through Bluetooth as well. It infects devices running under OS Symbian Series 60. The executable worm file, once launched, hunts for accessible Bluetooth devices and sends the infected files under a random name to various devices.