Hack

Sunbelt: Twilight fans who normally frequent the official website of Stephenie Meyer, infamous writer of the said book and saga, may have found their systems captured by a “being” that is neither a blood-sucker or a giant, feral dog. It might be something supernatural, but not in the security world: zombies. Our friends at avast! have unearthed a recent attack on the author’s website not so long ago:www.stepheniemeyer.com had been hosting Crimepack, an exploit kit that takes advantage of known vulnerabilities of various Web browsers and the Windows OS to install malware. Brian Krebs of_KrebsOnSecurity.com_ took a closer look at this particular exploit pack back in 2010, and it is indeed a nasty one. Not only is it capable of targeting holes of software installed on your system, it also “lets customers [buyers of this Crimepack exploit kit] test various Web reputation services to discover whether any include their exploit sites.” Computers successfully exploited by the Crimepack exploit kit are eventually turned into zombies, which online criminals use to do malicious tasks, such as spamming and launching denial of service (DoS) attacks. ...

SophosLabs: Want a free password for one of the world’s most popular adult websites? YouPorn, one of the world’s most popular porn video websites and one of the top 100 websites of any kind in the world, appears to have been caught with its pants down – after a list of many of its users’ email addresses, passwords and dates of birth were left exposed on a public-facing server. ...

The H-Online: According to a report, hackers, allegedly from China, had access to telecoms equipment manufacturer Nortel‘s IT systems over a period of several years – access that they took full advantage of. Citing an internal investigation, the Wall Street Journal reported on Tuesday that, using seven passwords stolen from senior managers, intruders had access to almost all confidential information within Nortel from 2000 onwards. Brian Shields, the manager who led the Nortel investigation, is quoted as saying that the hackers “had access to everything”. Huge volumes of technical documents, research and development (R&D) reports, business plans and emails were downloaded over the course of several years. “They had plenty of time,” said Shields, “All they had to do was figure out what they wanted.” The seven stolen passwords included the password belonging to the company’s then CEO. The attackers have not been identified, but the WSJ notes that they appear to have been working from China. ...

SophosLabs: A hacker, identified as a 17-year-old based in Morocco, claims to have stolen the personal information of 350,000 users from hardcore porn mavens Brazzers. The point, claims the hacker, was to highlight a security vulnerability on the adult site. According to reports, the teen uploaded a small small of the stolen data to the internet, displaying customer emails, usernames and passwords. Presumably to offer up proof that he was behind the breach. ...

The Hacker News: Hackers from Team r00tw0rm again hit NASA. According to Latest tweet by Hackers, They claim to hack the one of the Sudomain of Nasa (Link is not exposed by hackers and claimed to be reported for Fix). Hackers claim to hack GB’s of database and they Leaked sample of database include Users names, emails and Passwords , Contact as shown: ...

The Hacker News: Today, Hackers from group EvilShadow successfully hack and deface the website of Microsoft Store India (http://www.microsoftstore.co.in) . But Hacker upload his deface page at location http://www.microsoftstore.co.in/evil.html . Hacker revealed that user passwords were saved in plain text as shown below:

The Inquirer: A Hacker using the pseudonyms ‘Weedgrower’ or ‘X-pOSed’ claims that he has compromised Intel and obtained sensitive data. The solo hacker claims to have found a flaw in the subscriber segment of Intel’s web site, according to The Hacker News. He said that he has access to sensitive data that includes credit card numbers, email addresses and passwords. Weedgrower said, “I’ve got to give some applause to all these pseudo-security technicians out there. I cut Intel a break, I have access to a database and another vulnerability which enables the right to read user data. I’ll be gracious here and NOT spill the data, but I will provide screenshots to prove that I have access to Credit Card data and such.” ...

SophosLabs: The CIA’s website was brought down for some hours last night by what appears to have been an internet distributed denial-of-service (DDoS) attack. A post made from an Anonymous-affiliated Twitter account announced that the site was doing using the phrase “CIA Tango Down”, although a later tweet left ambiguity as to whether the hacktivists were claiming responsibility for the attack. Of course, this is one of the challenges when trying to get a sense of what actions can be attributed to Anonymous or not. ...

SophosLabs: One of the largest ISPs in The Netherlands has shut down its email services after hackers posted usernames, passwords, phone numbers, addresses and more of more than 500 customers on the internet. KPN discovered the attackers on its network January 27th, but decided not to disclose the information immediately after consulting with the Dutch government and law enforcement agencies. Presumably this was intended to allow them to monitor the attacker and gather evidence that might be used to apprehend and prosecute them. ...

The H-Online: Hackers operating under the name Swagg Security have said they were responsible for breaching the security of Chinese electronics manufacturer Foxconn. In a posting on Pastebin, the group took credit for penetrating the systems, noting that “Foxconn did have an appropriate firewall, but fortunately to our intent, we were able to bypass it almost flawlessly”. The posting pointed to a 6.5 MB torrent on The Pirate Bay which contained what appears to be CSV file dumps of database tables and other text files. The files included lists of what look like customer names, accounts and plain text passwords though many of those passwords are “foxconn” or “foxconn2”. ...