Hack

The Intel Security Advanced Threat Research Team has discovered a critical signature forgery vulnerability in the Mozilla Network Security Services (NSS) crypto library that could allow malicious parties to set up fraudulent sites masquerading as legitimate businesses and other organizations. The Mozilla NSS library, commonly utilized in the Firefox web browser, can also be found in Thunderbird, Seamonkey, and other Mozilla products. Dubbed “BERserk”, this vulnerability allows for attackers to forge RSA signatures, thereby allowing for the bypass of authentication to websites utilizing SSL/TLS. Given that certificates can be forged for any domain, this issue raises serious concerns around integrity and confidentiality as we traverse what we perceive to be secure websites. ...

The Hacker News reported: For all the talk about China and the Syrian Electronic Army, it seems there’s another threat to U.S. cyber interests i.e. Iran. Series of potentially destructive computer attacks that have been targeting American oil, gas and electricity companies tracked back to Iran. Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. Malware have been found in the power grid that could be used to deliver malicious software to damage plants. The targets have included several American oil, gas and electricity companies, which government officials have refused to identify. ...

A former LulzSec hacker has been jailed for a year for ransacking Sony Pictures Entertainment’s computer systems. Cody Kretsinger, 25, from Decatur, Illinois – better known to his fellow LulzSec cohorts as “Recursion” – was also ordered to carry out 1,000 hours of community service, and a year of home detention, following his release from prison. He was sentenced by a Los Angeles court on Thursday, Reuters reports. Kretsinger had pleaded guilty to a single count of conspiracy and unauthorized impairment of a protected computer (i.e. computer hacking) in a plea-bargaining agreement. Kretsinger admitting breaking into the Sony Pictures website and extracting information which he passed on to other members of LulzSec, who leaked the data in order to embarrass Sony, a hated enemy of the hacktivist group. ...

An anti-Israel hacking collective affiliated with Anonymous says it has initiated a widespread cyber attack against the Jewish state, penetrating websites affiliated with the Mossad security service and a slew of related entities. The hackers claimed late Friday that they have obtained and released personal information relating to 35,000 Israeli government officials, including politicians, military leaders, and police officers, according to a Twitter feed associated with the hackers. ...

3/22/2013: Emma Stone revealed that she was not behind the ambiguous tweets concerning boyfriend Andrew Garfield and co-star Shailene Woodley that sparked cheating rumors. Speculation surrounded Stone’s mysterious “tweet and delete” spree over the past few months. Emma addressed the rumors on an On Air with Ryan Seacrest radio interview. One tweet in particular on her Twitter appeared to be an anagram that solved to read, “Andrew and Shailene sitting in a tree.” ...

Cross-posted from Evernote blog: Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service. As a precaution to protect your data, we have decided to implement a password reset. Please read below for details and instructions. In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed. ...

Cross-posted from Gizmodo: Facebook just announced that it was hacked last month in a short statement on its website. Apparently, an unknown number employees visited a compromised developer site and were infected with malware. Facebook’s being very cagey about all this, but we’ve been able to scrounge up some details. According to the statement, the company reacted swiftly with an investigation and remediation following the “sophisticated attack.” The company won’t say which law enforcement agencies it’s working with. It claims no user data was compromised. ...

According to the AntiSec hacker group, they claim to hold more than 12 million Apple iOS Unique Device IDs, in addition to other personal information from device owners. As a move to back up such a claim, the AntiSec hacker group is said to have released slightly more than a million Apple Device IDs to the masses. This particular expose was unveiled on Pastebin, which is said to hold a detailed description of the method that the hacking group were said to have obtained the IDs from the FBI. ...

TheHackerNews: A team of Hackers called, “r00tBeer Security Team” today hack into official blog of Advanced Micro Devices (AMD) which is a American multinational semiconductor company. AMD is the second-largest global supplier of microprocessors based on the x86 architecture and also one of the largest suppliers of graphics processing units. Hacker deface the blog page (http://blogs.amd.com/wp-content/r00tbeer.html) [Dead Link – Screenshot blow] and also leak the complete user database of blog on his twitter account. Leaked database SQL file uploaded on Mediafire by Hackers which include 200 AMD user’s Emails, WordPress Blog Usernames and Passwords. ...

h-online: Syrian activists, journalists and opposition group members are reportedly under attack by malware claiming to be a security tool that will help protect them against hackers. The fake “AntiHacker” tool is being spread through targeted phishing emails and via sites such as Facebook, and claims to provide “Auto-Protect & Auto-Detect & Security & Quick scan and analyzing” functionality. ...