Hacking, Security & Privacy News - Page 97

All the latest Hacking, Security & Privacy news with plenty of coverage on new data breaches and leaks, new hacks, ways to protect yourself online & plenty more - Page 97.

Follow TweakTown on Google News

Another new Mac OS X backdoor found, further proves OS X not as secure as previously thought

Trace Hagan | Jul 4, 2012 2:02 PM CDT

Once again, Apple's OS X is being confronted with a security risk. The latest backdoor has been discovered by Russian security firm Kaspersky Labs and is being used as part of a Advanced Persistent Threat campaign. This is just the latest in a series of security risks present in the Mac OS X operating system.

Kaspersky researchers found that Uyghur activists in China were being targeted by hackers. These hackers sent e-mails with a compromised attachment that was in the form of a JPEG. The code hidden inside the JPEG was a new form of the MaControl backdoor and is compatible with both the PowerPC and i386 Mac variants.

Costin Raiu, Director of Global Research & Analysis at Kaspersky Lab:

Continue reading: Another new Mac OS X backdoor found, further proves OS X not as secure as previously thought (full post)

Espionage virus sent blueprints to China

Trace Hagan | Jun 21, 2012 3:28 PM CDT

In case you needed more examples of why the United States needs to focus on cyber security, take a look at a virus discovered in Peru. "ACAD/Medre.A" is a virus that is committing espionage by sending blueprints to China from companies in Peru. It has already stolen tens of thousands of blueprints, according to ESET.

The virus targeted the software AutoCAD which is a primary tool used by industrial designers and architects. It is believed the virus was first distributed to Peruvian companies through the use of an AutoCAD template given to public bodies. The virus was detected several months ago but has just seen a spike in usage.

The virus sends back blueprints to e-mail accounts provided by two Chinese internet firms, 163.com and qq.com. However, this doesn't prove China or the Chinese were behind the virus. What it does prove is that companies and governments alike need to strengthen their cyber security measures to prevent things like this from happening.

Continue reading: Espionage virus sent blueprints to China (full post)

Iran is the target of the U.S. and Israel-made Flame virus, according to sources

Anthony Garreffa | Jun 21, 2012 5:24 AM CDT

Flame, a highly sophisticated virus that was first discovered in Iranian oil refineries, and is supposedly the result of a U.S. and Israel joint effort to slow down Iran's nuclear program, reports The Washington Post. The information comes from multiple Western officials who purportedly have knowledge of the project, but of course want to remain anonymous.

This shouldn't come as a surprise considering the U.S. were unveiled as using the volatile Stuxnet virus, where The New York Times reported about Operation: Olympic Games, which is a project that used Stuxnet and Duqu, both sophisticated viruses. These viruses targeted Iranian SCADA systems, that allowed the creators of this virus to gather intelligence and even control aspects of Iran's nuclear and oil refining facilities.

Stuxnet code has been found within the Flame virus, according to security researchers, which is an unofficial confirmation that the creators of the Stuxnet virus (the U.S. government) are also behind this new nasty virus. Once this was discovered, in Get Smart fashion, the virus began to self-destruct, hastily removing itself from infected computers... not suss, huh?

Continue reading: Iran is the target of the U.S. and Israel-made Flame virus, according to sources (full post)

LulzSec hacks again, claims responsibility for leaking 10,000 Twitter accounts on Pastebin

Trace Hagan | Jun 12, 2012 2:33 PM CDT

LulzSec, a hacking group responsible for many hacks last year, has been fairly quiet this year after their leader allegedly worked with law enforcement to bring charges against its members. Now, however, LulzSec Reborn has taken over and started hacking, mainly compromising user accounts and leaking the details.

LulzSec Reborn has had two major hacks this year and otherwise has been quiet. The first was a leaking of 170,000 MilitarySingles accounts on Pastebin and now they are taking responsibility for the leaking of 10,000 Twitter accounts on Pastebin. The latter, today's leak, features much more information than a traditional password hack.

The leak comes in the form of an SQL dump which features usernames, passwords, real names, bios, locations, avatars, security tokens used by the service for authentication with Twitter and the user's most recent Tweet. The hack comes from compromising a third-party site that required the login information to work.

Continue reading: LulzSec hacks again, claims responsibility for leaking 10,000 Twitter accounts on Pastebin (full post)

US military chip made in China has security backdoor, massive national security concerns

Trace Hagan | May 30, 2012 2:29 PM CDT

A new discovery has been made by a Cambridge University researcher that a chip used by the US military features a security backdoor which could have massive implications on on national security. The chip, which was built in China, cannot simply be reprogrammed as the security backdoor is physically present on the silicon.

Sergei Skorobogatov of Quo Vadis Labs at Cambridge University said:

Our aim was to perform advanced code breaking and to see if there were any unexpected features on the (US Military) chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.

Continue reading: US military chip made in China has security backdoor, massive national security concerns (full post)

Exploit allows administrator command prompt to launch at login screen

Trace Hagan | May 29, 2012 11:29 AM CDT

Microsoft has left an unpatched exploit in Windows 8 Consumer Preview. The exploit works on Windows 7, Windows Server 2008 R2 and Windows 8 Consumer Preview and has been documented and known for a while. The details of the exploit are pretty simple and can be done in under a minute if one is a fast typist.

The general idea behind the exploit is to be able to run an elevated command prompt without even being logged in. It works by making a simple change in the registry so that when sticky keys is activated it launches the command prompt instead. The hack is virtually undetectable as all it is is a simple change in registry value.

To do the exploit one only needs to open command prompt once on the target PC and enter the code below. Once done, the hacker can return to the workstation at any point later in time and launch an administrator level command prompt just by pressing shift 5 times in a row. This could be of a serious nature for many different people, especially a business.

Continue reading: Exploit allows administrator command prompt to launch at login screen (full post)

Anonymous release 1.7GB belonging to the US Department of Justice

Anthony Garreffa | May 22, 2012 4:20 AM CDT

Anonymous have dumped 1.7GB of data belonging to the US Department of Justice, and on the flip side, the DoJ have downplayed the sensitivity of the data siphoned from their website. Anonymous says that the information they have includes "internal e-mails", and "the entire database dump" from the website.

Anonymous' leak was announced alongside a torrent with the 1.7GB of data inside, as well as a statement:

Today we are releaseing [sic] 1.7GB of data that used to belong to the United States Bureau of Justice, until now. Within the booty you may find lots of shiny things such as internal emails, and the entire database dump. We Lulzed as they took the website down after being owned, clearly showing they were scared of what inevitably happened.

Continue reading: Anonymous release 1.7GB belonging to the US Department of Justice (full post)

The Netherlands becomes the first country to pass net neutrality law

Anthony Garreffa | May 10, 2012 1:18 AM CDT

Well, the government of the Netherlands have become the first European country to pass a net neutrality law. What this does is prevents internet service providers (ISPs) from traffic management except in the cases of congestion and network security, it also includes restrictions on ISPs performing deep packet inspection and other similar wiretapping techniques.

June 2011 was when the law was formed, where the Netherland's parliament passed a motion to stop mobile operators from blocking VoiP calls over their networks, with the bill only re cently passing the Dutch senate. The provisions in the law extend to anyone providing Internet access services, forbidding the use of traffic-shaping based on application usage, unless they hinder access for other users by causing congestion.

This means that equal types of traffic will be treated equally, with an example like video streaming services owned by a provider cannot have unrestricted access, where Hulu may be restricted. If a user chews up too much bandwidth, before the ISP can take any action, the user must be alerted so that they have the time to remedy the situation.

Continue reading: The Netherlands becomes the first country to pass net neutrality law (full post)

New type of malware, "ransomware," locks up computers unless ransom is paid

Trace Hagan | May 7, 2012 2:33 PM CDT

Once again, I get to be the bearer of bad news in order to keep you, our reader, safe. This time I bring news of a new malware that is going around dubbed "ransomware" due to the fact it locks up your computer until you pay the ransom amount demanded. This isn't a completely new idea, but this is a new strain and variation.

This latest campaign is mainly targeting the UK and a few other European countries and claims that illegally downloaded music has been found on the computer. Due to this illegal material, the malware claims that "to unlock your computer and to avoid other legal consequences, your are obligated to pay a release fee of 50 pounds."

The malware was spotted by security watch blog abuse.ch. According to them, the malware is delivered through an exploit known as "Blackhole." The ransomware also carries a payload of Aldi Bot which steals banking information. The message to take away here is to keep all your browsers and their add-ons up to date, as this is how Blackhole functions. Anti-virus isn't a bad idea either.

Continue reading: New type of malware, "ransomware," locks up computers unless ransom is paid (full post)

Another Mac security issue exposes Lion login passwords in plaintext

Trace Hagan | May 7, 2012 10:29 AM CDT

This year, so far, has not exactly been a stunning display for Macs. Between the Flashback malware and now this, it really shows just how weak the security of Mac OSX is. The latest blunder by Apple and its security team is that they turned on a debug log file which stores the user's password outside of the encrypted area.

If you were using FileVault prior to upgrading to Lion, it may be time to think about changing your passwords as this would affect you. FileValut 2 users (whole drive encryption) are not affected by this accident. Additionally, if you have Time Machine backups, the plaintext log file has stored your password for the long term.

Security researcher David Emery explains:

Continue reading: Another Mac security issue exposes Lion login passwords in plaintext (full post)