Hacking, Security & Privacy News - Page 96

All the latest Hacking, Security & Privacy news with plenty of coverage on new data breaches and leaks, new hacks, ways to protect yourself online & plenty more - Page 96.

Follow TweakTown on Google News

Android malware level has tripled in Q2 2012

Trace Hagan | Aug 16, 2012 3:31 PM CDT

Malware is bad. It's created by people who want to cause you trouble or steal your information. It's a fact of life that Windows will always be a target of malware, but how about Android? It seems as more hackers and scammers are now targeting the mobile operating system with varying degrees of success.

In the second quarter of 2012, Kaspersky Labs found that the number of malware out there targeting Android has tripled. Likely this is the result of an increased number of Android phones giving malicious programmers a wider base to attack. This is the same reason so many different malwares are written for Windows.

During the three months that make up the second quarter, the number of new malware increased to nearly 15,000. 49 percent of the malware were multi-functional Trojans designed to steal data such as contact names, phone numbers, and e-mails. 25 percent were SMS Trojans which send texts to premium numbers to gain money for the programmer.

Continue reading: Android malware level has tripled in Q2 2012 (full post)

WikiLeaks unveils TrapWire, a very scary surveillance system, gets taken down by DDoS attack, coincidence?

Anthony Garreffa | Aug 14, 2012 3:31 AM CDT

This is something that I've read with great interest, and to anyone who has seen the TV show "Person of Interest", you'll understand that these types of systems are not just fiction, but they can be used for wrong-doing, too.

Last week, WikiLeaks talked of, and released internal documents and e-mails by hackers regarding TrapWire. TrapWire is a privately-owned surveillance technology that is used by various private and public agencies. TrapWire seems to work by collecting surveillance data from 'participating' private and public sources, such as CCTV cameras.

The data is then poured into the system, where TrapWire can analyze the data, detecting changes in patterns such as noticing a certain vehicle is not on its usual morning commute to work, which can then be looked at as 'suspicious behavior'. The technology is owned by Abraxas, who were eventually acquired by Cubic. In 2005, Abraxas Corp. CEO Richard Hollis talked about TrapWire:

Continue reading: WikiLeaks unveils TrapWire, a very scary surveillance system, gets taken down by DDoS attack, coincidence? (full post)

Blizzard gets hacked, emails, answers to security questions and more gets taken

Anthony Garreffa | Aug 9, 2012 8:32 PM CDT

The developer behind successful titles such as the recently released Diablo III, and World of Warcraft, oh I suppose we can't leave out StarCraft, has posted an "important security update" to its official website. Blizzard have announced that their security team found an "unauthorized and illegal access into our internal network here at Blizzard".

The developer quickly took appropriate steps to close off access, and started working with law enforcement and security experts to investigate into the matter. At the moment, Blizzard have found no evidence that financial information (such as credit card details) or billing details and real names were compromised. Blizzard's investigation is ongoing, but there's nothing suggesting that these pieces of information were accessed.

What was accessed, were lists of email addresses for global Battle.net users, outside of China. This mens that players on North American-based servers, such as North America, Latin America, Australia, New Zealand, and Southeast Asia had their personal security question, and information regarding to Mobile and Dial-In Authenticators were accessed. Blizzard have noted that based on what they currently know, this information is not enough for anyone to access Battle.net accounts.

Continue reading: Blizzard gets hacked, emails, answers to security questions and more gets taken (full post)

Apple slap 24-hour suspension on phone-based resets of Apple ID passwords in a bid to stem more hacks

Anthony Garreffa | Aug 7, 2012 9:31 PM CDT

And so they should. After having the joy of a daisy-changed hack, Mat Honan has been keeping the tech world up-to-date on the going ons of the recent hack over at Apple, and what companies are doing to make sure that it doesn't happen to anyone else.

Apple have improved their services, issuing a 24-hour ban on calling Apple support to change your Apple ID password. Honan's hack involved some social engineering, meaning that a hacker actually made a voice call, setting up accounts pretending to be him. Wired reported on the ban, saying:

Apple on Tuesday ordered its support staff to immediately stop processing AppleID password changes requested over the phone, following the identity hacking of Wired Reporter Mat Honan over the weekend, according to Apple employees.

Continue reading: Apple slap 24-hour suspension on phone-based resets of Apple ID passwords in a bid to stem more hacks (full post)

Three Windows 8 exploits found before official release

Trace Hagan | Jul 31, 2012 12:31 PM CDT

It's a sad reality that there's always someone trying to break into Windows. This is due to the wide use that Windows has over other operating systems. Even before the official release, people are doing their best to break into Microsoft's upcoming Windows 8, and sadly, they've found three exploits to do just that.

With three months left before the actual release of Windows 8, Microsoft has time to take care of these exploits that have been found. Sung-Ting Tsai of Trend Micro is the person who found the exploits, so he's helping Microsoft patch them rather than working on exploiting them for nefarious reasons.

The exploits are in the kernel level advanced local procedure call, the component object model (COM) application programming interface, and the Windows Runtime API. Tsai worked on several methods to attack the vulnerabilities, and while he wasn't completely successful, he says that someone with enough time could find a way to compromise the system.

Continue reading: Three Windows 8 exploits found before official release (full post)

Ubisoft accidentally installed a backdoor with its DRM

Trace Hagan | Jul 30, 2012 1:29 PM CDT

Earlier today, stories were hitting the web that Ubisoft's DRM installed a browser plug-in that contained a backdoor. Ubisoft acted quickly and has released a patch to fix the security hole as it turns out that the backdoor was an accident and was in no way meant to be there, or at least not exploitable as it was.

Tavis Ormandy, a Google security engineer, found the backdoor and wrote about it on the Seclists.org mailing list on Sunday. Mr. Ormandy went as far as to post a few lines of Javascript as an untested proof of concept. This morning, the story made it onto Hacker News along with a working proof of concept.

The list of games which come with Uplay, and the vulnerability, are as follows:

Continue reading: Ubisoft accidentally installed a backdoor with its DRM (full post)

Another OS X Trojan has been identified, this one bypasses user permissions

Anthony Garreffa | Jul 24, 2012 10:30 PM CDT

Apple have been hit again, with security firm Intego and their virus team identifying yet another Trojan horse that attacks Apple's Mac platform. The new Trojan called "Crisis", hasn't been seen in the wild yet, but Intego says that the Trojan is engineered to make analysis of the malware difficult for security experts.

Intego have stressed alertness regarding Crisis, as it appears to be quite smart, having the ability to bypass OS X security features and install itself, all without any user interaction.

Crisis has been tracked, back to the IP address of 176.58.100.37, which it then calls back to every five minutes for instructions. There's only two OS X versions that are said to be susceptible to Crisis, OS X 10.6 and 10.7. Crisis can install and run itself without the need for the user to enter in their password. It's also resistant to reboots, and will run until it is detected and removed.

Continue reading: Another OS X Trojan has been identified, this one bypasses user permissions (full post)

Your hotel keycard lock is vulnerable to hackers

Trace Hagan | Jul 24, 2012 3:33 PM CDT

A word of warning to our readers: next time you check into a hotel room, realize you're probably not the only one that can get in. Take a moment to run your fingers along the bottom of the keycard lock and check for a power port. If you find one, it means a hacker with a couple of cheap hardware parts could gain access to your room without leaving a trace.

24-year-old Mozilla software developer and self-described hacker Cody Brocious has issued this warning after he found the vulnerability while reverse engineering Onity-manufactured locks. By connecting $50 in hardware to the DC port, the door will supposedly unlock and provide access. However, in practice, it's not quite that reliable.

While demonstrating it to a Forbe's journalist, it only worked on one of the three doors they tried and only on the second try after Brocious tweaked his software. Still, with a bit of time, a hacker could perfect the software and technique and somewhere around 4 million doors would immediately be able to be opened.

Continue reading: Your hotel keycard lock is vulnerable to hackers (full post)

Yahoo! confirms server breach, had 400k accounts compromised as a "wake-up call"

Anthony Garreffa | Jul 16, 2012 3:40 AM CDT

We've seen some serious hacking over the last few years, with the last notable tech-related hack being Sony, but now Yahoo! have joined the ranks of victims being hit. Yahoo! confirmed that it had the usernames, and passwords of over 400,000 accounts stolen from its servers earlier this week, and that data from these accounts were posted online briefly.

The data has since been yanked offline, but it turns out that it wasn't just for Yahoo! accounts, as Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com login info was also taken on the day and placed online. Those who hacked the servers said that they did it simply to show Yahoo! the weaknesses in their security software, elaborating:

We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.

Continue reading: Yahoo! confirms server breach, had 400k accounts compromised as a "wake-up call" (full post)

Spam being sent from a botnet composed of Android devices

Trace Hagan | Jul 4, 2012 4:06 PM CDT

Spam e-mail is nothing new. Most users have figured out ways to combat it either through the use of spam boxes or spam blockers on the e-mail servers themselves. This spam is traditionally sent out via compromised computers that have been pulled together into a botnet. The botnet can be ordered to do whatever nefarious activities its commander wants.

With Windows becoming more secure, however, it has been harder for hackers to gain these computers for botnets. Terry Zink of Terry Zink's Cyber Security Blog on the MSDN noticed something interesting about the spam he has been receiving lately. At the bottom of the message it says "Sent from Yahoo! Mail on Android."

Furthermore, he examined the headers of the e-mail and found "Message-ID: 1341147286.19774.androidMobile(at)web140302.mail.bf1.yahoo.com" I'm sure you can see where this is going. A spammer somewhere has a botnet that lives on Android devices, much like the rumors we've all heard. What's even more interesting is where these devices are located.

Continue reading: Spam being sent from a botnet composed of Android devices (full post)